Skip to content

fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6#1481

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x
Open

fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6#1481
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Feb 26, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1v6.0.2 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

santhosh-tekuri/jsonschema (github.com/santhosh-tekuri/jsonschema/v5)

v6.0.2

Compare Source

v6.0.1

Compare Source

Bug Fixes:

  • fix/schema: field RecursiveRef misspelled
  • fix/schema: missing Deprecated field

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6

v6.0.0

Compare Source

Improvements

  • mixed dialect support
  • custom $vocabulary support
  • sermver format
  • support for localisation for ValidationError
  • command jv
    • support stdin
    • --insecure and --cacert flag
    • --quiet flag

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: mod upgrade --mod-name=github.com/santhosh-tekuri/jsonschema/v5 -t=6
could not load package: err: exit status 1: stderr: go: inconsistent vendoring in /tmp/renovate/repos/github/konflux-ci/integration-service:
	github.com/santhosh-tekuri/jsonschema/v6@v6.0.2: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt

	To ignore the vendor directory, use -mod=readonly or -mod=mod.
	To sync the vendor directory, run:
		go mod vendor


@snyk-io

snyk-io Bot commented Feb 26, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed Feb 26, 2026
@red-hat-konflux red-hat-konflux Bot closed this Feb 26, 2026
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x branch February 26, 2026 14:08
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 Feb 26, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Feb 26, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x branch 3 times, most recently from dbe315d to fb0c9a9 Compare February 27, 2026 10:21
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed Mar 1, 2026
@red-hat-konflux red-hat-konflux Bot closed this Mar 1, 2026
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 Mar 1, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 1, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x branch 2 times, most recently from fb0c9a9 to b0b9234 Compare March 1, 2026 10:18
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed Mar 5, 2026
@red-hat-konflux red-hat-konflux Bot closed this Mar 5, 2026
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 Mar 6, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 6, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Mar 28, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-santhosh-tekuri-jsonschema-v5-6.x branch 2 times, most recently from 7bb9607 to e1256a5 Compare March 28, 2026 14:16
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed Apr 1, 2026
@red-hat-konflux red-hat-konflux Bot closed this Apr 1, 2026
@red-hat-konflux red-hat-konflux Bot changed the title fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 - autoclosed fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 Apr 2, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented May 30, 2026

Copy link
Copy Markdown

Review

Findings

Critical

  • [api-contract] go.mod:46 — The PR changes go.mod from jsonschema/v5 to jsonschema/v6, but this is the only file changed. In Go, major version bumps use distinct module paths, so this change alone breaks the build. Three source files still import v5: helpers/integration.go:35, gitops/snapshot.go:38, and pkg/integrationteststatus/integration_test_status.go:27. The go.sum file contains only v5 entries and the vendor/ directory has not been updated. Since go.mod will declare a dependency (v6) that no code imports while the actually-imported v5 path is no longer declared, the build will fail. Additionally, v5-to-v6 is a breaking API change requiring call-site updates beyond just import path changes.
    Remediation: Update all three source files to import github.com/santhosh-tekuri/jsonschema/v6, update API call sites to match v6 signatures (consult the v6 migration guide), run go mod tidy to regenerate go.sum, and re-vendor dependencies with go mod vendor. Alternatively, if the API migration is not yet ready, close this Renovate PR and pin the dependency to v5.
Previous run

Review

Findings

Critical

  • [api-contract] go.mod:46 — The go.mod is updated to require jsonschema/v6, but all three consuming source files (gitops/snapshot.go:38, helpers/integration.go:35, pkg/integrationteststatus/integration_test_status.go:27) still import jsonschema/v5. In Go's semantic import versioning, v5 and v6 are entirely different module paths. The PR only modifies go.mod and does not update any source files, so the build will break: the v5 import path will no longer resolve to the declared v6 module. Additionally, all three call sites use jsonschema.CompileString() (snapshot.go:1518, integration.go:171, integration_test_status.go:364), which was removed in the v6 API.
    Remediation: Update all import paths from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6 in the three source files, then update each jsonschema.CompileString(...) call to use the v6 API. Run go mod tidy and go mod vendor to update go.sum, vendor/, and vendor/modules.txt.
Previous run (2)

Review

Findings

Critical

  • [api-contract] go.mod:46 — The go.mod change replaces github.com/santhosh-tekuri/jsonschema/v5 with v6, but all three consuming source files (gitops/snapshot.go:38, helpers/integration.go:35, pkg/integrationteststatus/integration_test_status.go:27) still import v5. In Go modules, v5 and v6 are distinct module paths, so removing v5 from go.mod while keeping v5 imports will cause a compilation failure. Additionally, all three files use jsonschema.CompileString(), which is a v5 top-level convenience function; the v6 API restructures compilation. The vendor directory and go.sum are also not updated in this PR.
    Remediation: Update import paths in all three Go source files from v5 to v6, adapt all CompileString call sites to the v6 API, run go mod tidy to update go.sum, and run go mod vendor to update the vendor directory.

Medium

  • [architectural-coherence] go.mod:46 — Major dependency version upgrade lacks corresponding code changes. The jsonschema library is used in 3 files for JSON schema validation of component snapshot info and integration test statuses. A major version jump (v5 → v6) includes breaking API changes, yet this PR contains only the go.mod change with no adapter code, no vendor updates, and no go.sum updates.
    Remediation: Review the v6 release notes and migration guide, update all usages to the v6 API, run the full test suite, and include all required code and vendor changes in this PR.

Low

  • [scope-authorization-mismatch] go.mod:46 — Major version dependency upgrade (v5 → v6) submitted without a linked issue. This is a Renovate-generated PR, and major version bumps typically warrant a tracking issue to document breaking change review.

Labels: Go dependency update PR that modifies go.mod.

Previous run (3)

Review

Findings

Critical

  • [logic-error] go.mod:46 — The PR bumps github.com/santhosh-tekuri/jsonschema from v5 to v6 in go.mod only. In Go modules, a major version change requires updating the import path from jsonschema/v5 to jsonschema/v6 in every importing file. Three source files still import the v5 path: helpers/integration.go:35, gitops/snapshot.go:38, and pkg/integrationteststatus/integration_test_status.go:26. The build will fail because the v5 import path no longer resolves to a declared dependency.
    Remediation: Update the import path in all three files from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6. Then run go mod tidy and go mod vendor to update go.sum and the vendor directory.

  • [api-contract] helpers/integration.go:171 — All three consuming files call jsonschema.CompileString("schema.json", ...), which is the v5 API. In v6, the API was redesigned: there is no top-level CompileString function. The v6 library requires creating a Compiler via NewCompiler(), adding resources via AddResource(), and calling Compile(). Even after fixing the import paths, the code will not compile without rewriting the JSON schema validation calls. The same issue affects gitops/snapshot.go:1518 and pkg/integrationteststatus/integration_test_status.go:320.
    Remediation: Rewrite all three call sites to use the v6 API: create a compiler with jsonschema.NewCompiler(), add the schema string via compiler.AddResource(), and call compiler.Compile(). Alternatively, reconsider whether the v6 upgrade is needed at this time.

  • [logic-error] go.mod:46 — The vendor directory still contains vendor/github.com/santhosh-tekuri/jsonschema/v5/ and vendor/modules.txt still references v5. The go.sum file still only has v5 checksums. The v6 vendored sources are completely absent. This repo uses vendoring, so the build will fail in CI.
    Remediation: After updating imports and API calls, run go mod tidy && go mod vendor to populate the vendor directory with v6 sources and update go.sum and vendor/modules.txt.


Labels: Renovate bot dependency version bump PR.

Previous run (4)

Review

Findings

Critical

  • [api-contract] go.mod:46 — The PR updates go.mod from jsonschema/v5 to jsonschema/v6, but none of the three source files that import and use the library have been updated. In Go modules, v5 and v6 are distinct module paths. After this change, go.mod declares v6 but the code still imports v5, so the build will fail. Affected files: helpers/integration.go:35, gitops/snapshot.go:38, pkg/integrationteststatus/integration_test_status.go:26. Additionally, vendor/modules.txt and the vendored source under vendor/github.com/santhosh-tekuri/jsonschema/v5/ still reference v5, meaning go mod vendor was not re-run.
    Remediation: Update all three import paths from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6. Then review the v6 migration guide for API changes. After updating imports, run go mod tidy && go mod vendor.

  • [api-contract] helpers/integration.go:171 — All three call sites use jsonschema.CompileString("schema.json", schemaString) followed by sch.Validate(v) where v is interface{}. In jsonschema v6, the CompileString function has been removed and replaced with a different compilation API. Even after fixing the import path, this code will not compile without adapting to the v6 API. Affected call sites: helpers/integration.go:171, gitops/snapshot.go:1520, pkg/integrationteststatus/integration_test_status.go:320.
    Remediation: Consult the v6 migration guide and update all three call sites to use the new Compiler-based API.

Previous run (5)

Review

Findings

Critical

  • [api-contract] go.mod:46 — The PR changes go.mod to declare a dependency on github.com/santhosh-tekuri/jsonschema/v6, but three Go source files still import github.com/santhosh-tekuri/jsonschema/v5: helpers/integration.go:35, gitops/snapshot.go:38, and pkg/integrationteststatus/integration_test_status.go:26. In Go modules, a major version bump (v5 → v6) changes the import path. Declaring v6 in go.mod while code imports v5 means the build will fail.
    Remediation: Either (a) update all import paths from jsonschema/v5 to jsonschema/v6 in all three files and adapt call sites to the v6 API (CompileString was removed in v6 — see the migration guide), then run go mod tidy and go mod vendor; or (b) revert the go.mod change and stay on v5.

  • [api-contract] helpers/integration.go:171 — All three call sites use jsonschema.CompileString(url, schema) which is a v5 top-level convenience function. In jsonschema v6, the API is restructured: CompileString no longer exists as a package-level function. Even after fixing import paths, the existing code will not compile against v6 without rewriting these call sites (also affects gitops/snapshot.go:1487 and pkg/integrationteststatus/integration_test_status.go:320).
    Remediation: Consult the v6 migration guide at Some questions about migrating from v5 to v6 santhosh-tekuri/jsonschema#172 and rewrite all three call sites to use the v6 compiler API.

Medium

  • [incomplete-change] go.mod:46 — The PR modifies only go.mod but does not update go.sum or the vendor/ directory. The vendor directory still contains only vendor/github.com/santhosh-tekuri/jsonschema/v5/ with no v6 directory. go.sum still only references v5.3.1.
    Remediation: Run go mod tidy followed by go mod vendor after updating all import paths and call sites, then commit the resulting go.sum and vendor/ changes.

Info

  • [scope-authorization] go.mod:46 — No linked issue found for this dependency update. Authorization is inferred from the mechanical nature of the bot-generated change (Renovate/mintmaker), but major version upgrades require explicit review of breaking changes.
Previous run (6)

Review

Findings

Critical

  • [correctness] go.mod:46 — Major version bump updates module path in go.mod from jsonschema/v5 to jsonschema/v6, but three source files still import the v5 path (gitops/snapshot.go:38, helpers/integration.go:35, pkg/integrationteststatus/integration_test_status.go:26). In Go modules, v5 and v6 are distinct module paths — the build will fail because the v5 module is no longer declared as a dependency but is still imported. Additionally, go.sum has not been updated (still lists v5 checksums, missing v6), and the vendor/ directory still contains only the v5 package tree. The jsonschema v6 release also includes breaking API changes (e.g., CompileString signature changes per the v5-to-v6 migration guide), so simply updating import paths may not be sufficient — the call sites in gitops/snapshot.go:1472, helpers/integration.go:171, and pkg/integrationteststatus/integration_test_status.go:320 need to be verified against the v6 API.
    Remediation: Update all import paths from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6 in the three source files, run go mod tidy to update go.sum, run go mod vendor to update the vendor directory, and verify that the jsonschema.CompileString() call sites are compatible with the v6 API. If the v6 API has breaking changes at the call sites, adapt the usage accordingly.

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 21, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 2:46 PM UTC · Completed 2:50 PM UTC
Commit: 218f229 · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #1481 (autoclosed Renovate dependency bump)

Timeline: Renovate bot created this PR on 2026-02-26 to bump jsonschema/v5 to v6, but only updated go.mod — leaving import paths, go.sum, and vendor/ unchanged. Renovate itself posted an artifact-update warning on creation day. The review bot reviewed on 2026-05-30 (after the PR was rebased) and correctly flagged the critical compilation-breaking issue (imports still referencing v5). The PR was autoclosed without merge on 2026-06-21.

Review quality: Good. The review bot accurately identified that three source files still imported jsonschema/v5, that go.sum and vendor/ were stale, and that the v6 API has breaking changes affecting CompileString call sites. The finding was appropriately rated critical.

Wasted work identified:

  1. This retro run — dispatched on an autoclosed bot-authored PR with no merge and only one review-agent interaction. Already covered by #2461 ("Skip retro dispatch for autoclosed bot-authored PRs").
  2. Review on known-broken PR — Renovate's own artifact-update warning (posted at PR creation) already indicated the PR was broken. The review bot's analysis was correct but redundant. Covered by #1406 ("Review agent should weigh bot warning comments on dependency PRs") and #1358 ("Add lightweight review path for trivial bot dependency bumps").

No new proposals. All identified improvements are already tracked by existing open issues in fullsend-ai/fullsend.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 21, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 6:44 PM UTC · Completed 6:50 PM UTC
Commit: 218f229 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 22, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 10:49 PM UTC · Completed 10:53 PM UTC
Commit: 0d0162a · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

This is the second retro run on PR #1481, an autoclosed Renovate bot PR that bumped jsonschema/v5 to v6 by modifying only go.mod (leaving import paths, go.sum, and vendor/ unchanged). The PR was broken from creation, sat open for ~4 months, received two identical review-bot cycles requesting changes, and was autoclosed without merge.

A previous retro (run 27907808818, 2026-06-21) already analyzed this PR and concluded all improvements are tracked by existing issues. This second retro confirms that finding — no new proposals.

Existing issues already cover every identified waste pattern:

This retro run is itself an instance of the problem described in #2401 and #2461 — wasted compute on a PR that has already been retro'd and has no new information.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 23, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 5:44 AM UTC · Completed 5:51 AM UTC
Commit: 0d0162a · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:33 PM UTC · Completed 10:42 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 1:55 AM UTC · Completed 2:01 AM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #1481 — jsonschema v5→v6 bot dependency bump (autoclosed)

This is the third retro on this PR. The previous two retros (runs 27907808818 and 27989217810) already identified all waste patterns and linked them to existing open issues. No new proposals are warranted.

What happened

  1. 2026-02-26: Renovate bot created a PR bumping jsonschema/v5 to v6 in go.mod only. The bot itself immediately reported an artifact update failure — go.sum and vendor/ were inconsistent.
  2. 2026-03-15: Human triggered /retest.
  3. 2026-05-30 → 2026-06-25: Four separate review agent runs all correctly identified the same critical issue (import paths not updated, build would fail) and posted CHANGES_REQUESTED. No actor ever addressed the findings since this was a bot-authored PR with no human code owner.
  4. 2026-06-21 → 2026-07-01: Three retro runs (including this one) analyzed the same PR, each confirming the waste.

Total wasted compute: 4 redundant review runs + 3 retro runs on a bot PR that was broken from day one and never going to be fixed.

Why no new proposals

Every improvement opportunity identified here is already tracked by open issues in fullsend-ai/fullsend:

Issue Problem it addresses
#2461 Skip retro dispatch for autoclosed bot-authored PRs
#2401 Deduplicate retro runs on the same PR
#1870 Skip review/fix dispatch when PR action is 'closed'
#1439 Skip review dispatch when PR is already closed or merged
#963 Skip review when HEAD SHA was already reviewed
#1452 Deduplicate review dispatches for the same HEAD SHA
#1358 Add lightweight review path for trivial bot dependency bumps
#1406 Review agent should weigh bot warning comments on dependency PRs
#2587 Add hard cap on total review dispatches per PR

The review agent's detection quality was excellent — it correctly identified the critical compilation issue on every run. The problem is purely at the dispatch layer: guards to prevent running agents on closed, bot-authored, or already-reviewed PRs have not yet been implemented despite being well-documented.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 6:29 AM UTC · Completed 6:38 AM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Review · ❌ Terminated · Started 3:05 PM UTC · Ended 3:16 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 7:05 PM UTC · Completed 7:11 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #1481 — Renovate major version bump (jsonschema v5→v6)

Timeline: Renovate bot created this 1-line go.mod change on 2026-02-26, bumping jsonschema/v5 to v6 without updating import paths, go.sum, or vendor/. The PR sat open for ~4 months, received 6 identical review agent runs (all CHANGES_REQUESTED with the same critical finding: import paths still reference v5, CompileString() removed in v6), 3 identical retro agent runs, and was autoclosed on 2026-07-01 without merging. The only human interaction was a /retest command on 2026-03-15.

Review quality: The review agent correctly identified the critical compilation-breaking issue on every run — good detection, but massive redundancy.

Key waste: ~6x review cost and ~3x retro cost for zero incremental value after the first review. All known improvement vectors are already tracked upstream:

One gap remains: no existing issue proposes a time-based mechanism to detect and auto-close bot PRs that have been open with consistently failing CI and no human engagement for an extended period. Issue #1980 covers review-time closure but not periodic detection of stale broken bot PRs.

Proposals filed

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:34 AM UTC · Completed 1:39 AM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
github.com/google/go-github/v45 v45.2.0
github.com/prometheus/client_golang v1.23.2
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] api-contract

The PR changes go.mod from jsonschema/v5 to jsonschema/v6, but this is the only file changed. Three source files (helpers/integration.go:35, gitops/snapshot.go:38, pkg/integrationteststatus/integration_test_status.go:27) still import v5. The go.sum file contains only v5 entries, and vendor/modules.txt also references v5. Since Go treats major versions as distinct module paths, go.mod will declare a dependency (v6) that no code imports, while the actually-imported v5 path is no longer declared. The build will fail. Additionally, v5-to-v6 is a breaking API change requiring call-site updates beyond just import path changes.

Suggested fix: Update all three source files to import github.com/santhosh-tekuri/jsonschema/v6, update API call sites to match v6 signatures (consult the v6 migration guide), run go mod tidy to regenerate go.sum, and re-vendor dependencies. Alternatively, if the API migration is not yet ready, close this Renovate PR and pin the dependency to v5.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code size: XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant