-
Notifications
You must be signed in to change notification settings - Fork 61
fix(deps): update module github.com/santhosh-tekuri/jsonschema/v5 to v6 #1481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,7 +43,7 @@ require ( | |
| github.com/google/go-containerregistry v0.20.7 | ||
| github.com/google/go-github/v45 v45.2.0 | ||
| github.com/prometheus/client_golang v1.23.2 | ||
| github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 | ||
| github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] api-contract The PR changes go.mod to declare a dependency on github.com/santhosh-tekuri/jsonschema/v6, but three Go source files still import github.com/santhosh-tekuri/jsonschema/v5: helpers/integration.go:35, gitops/snapshot.go:38, and pkg/integrationteststatus/integration_test_status.go:26. In Go modules, a major version bump (v5 to v6) changes the import path. Declaring v6 in go.mod while code imports v5 means the build will fail. Suggested fix: Either (a) update all import paths from jsonschema/v5 to jsonschema/v6 in all three files and adapt call sites to the v6 API (CompileString was removed in v6), then run go mod tidy and go mod vendor; or (b) revert the go.mod change and stay on v5. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] incomplete-change The PR modifies only go.mod but does not update go.sum or the vendor/ directory. The vendor directory still contains only vendor/github.com/santhosh-tekuri/jsonschema/v5/ with no v6 directory. go.sum still only references v5.3.1. Suggested fix: Run go mod tidy followed by go mod vendor after updating all import paths and call sites, then commit the resulting go.sum and vendor/ changes. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [info] scope-authorization No linked issue found for this dependency update. Authorization is inferred from the mechanical nature of the bot-generated change (Renovate/mintmaker), but major version upgrades require explicit review of breaking changes. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] api-contract The PR updates go.mod from jsonschema/v5 to jsonschema/v6, but none of the three source files that import and use the library have been updated. In Go modules, v5 and v6 are distinct module paths. After this change, go.mod declares v6 but the code still imports v5, so the build will fail. Affected files: helpers/integration.go:35, gitops/snapshot.go:38, pkg/integrationteststatus/integration_test_status.go:26. Additionally, vendor/modules.txt and the vendored source under vendor/github.com/santhosh-tekuri/jsonschema/v5/ still reference v5, meaning go mod vendor was not re-run. Suggested fix: Update all three import paths from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6. Then review the v6 migration guide for API changes. After updating imports, run go mod tidy and go mod vendor. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] logic-error The PR bumps github.com/santhosh-tekuri/jsonschema from v5 to v6 in go.mod only. In Go modules, a major version change requires updating the import path from jsonschema/v5 to jsonschema/v6 in every importing file. Three source files still import the v5 path: helpers/integration.go:35, gitops/snapshot.go:38, and pkg/integrationteststatus/integration_test_status.go:26. The build will fail because the v5 import path no longer resolves to a declared dependency. Suggested fix: Update the import path in all three files from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6. Then run go mod tidy and go mod vendor to update go.sum and the vendor directory. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] logic-error The vendor directory still contains vendor/github.com/santhosh-tekuri/jsonschema/v5/ and vendor/modules.txt still references v5. The go.sum file still only has v5 checksums. The v6 vendored sources are completely absent. This repo uses vendoring, so the build will fail in CI. Suggested fix: After updating imports and API calls, run go mod tidy && go mod vendor to populate the vendor directory with v6 sources and update go.sum and vendor/modules.txt. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] api-contract The go.mod change replaces github.com/santhosh-tekuri/jsonschema/v5 with v6, but all three consuming source files (gitops/snapshot.go:38, helpers/integration.go:35, pkg/integrationteststatus/integration_test_status.go:27) still import v5. In Go modules, v5 and v6 are distinct module paths, so removing v5 from go.mod while keeping v5 imports will cause a compilation failure. Additionally, all three files use jsonschema.CompileString(), which is a v5 top-level convenience function; the v6 API restructures compilation. The vendor directory and go.sum are also not updated. Suggested fix: Update import paths in all three Go source files from v5 to v6, adapt all CompileString call sites to the v6 API, run 'go mod tidy' to update go.sum, and run 'go mod vendor' to update the vendor directory. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [medium] architectural-coherence Major dependency version upgrade lacks corresponding code changes. The jsonschema library is used in 3 files for JSON schema validation of component snapshot info and integration test statuses. A major version jump (v5 to v6) includes breaking API changes, yet this PR contains only the go.mod change with no adapter code, no vendor updates, and no go.sum updates. Suggested fix: Review the v6 release notes and migration guide, update all usages to the v6 API, run the full test suite, and include all required code and vendor changes in this PR. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [low] scope-authorization-mismatch Major version dependency upgrade (v5 to v6) submitted without a linked issue. This is a Renovate-generated PR, and major version bumps typically warrant a tracking issue to document breaking change review. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] api-contract The go.mod is updated to require jsonschema/v6, but all three consuming source files (gitops/snapshot.go:38, helpers/integration.go:35, pkg/integrationteststatus/integration_test_status.go:27) still import jsonschema/v5. In Go semantic import versioning, v5 and v6 are entirely different module paths. The PR only modifies go.mod and does not update any source files, so the build will break: the v5 import path will no longer resolve to the declared v6 module. Additionally, all three call sites use jsonschema.CompileString() (snapshot.go:1518, integration.go:171, integration_test_status.go:364), which was removed in the v6 API. Suggested fix: Update all import paths from github.com/santhosh-tekuri/jsonschema/v5 to github.com/santhosh-tekuri/jsonschema/v6 in the three source files, then update each jsonschema.CompileString(...) call to use the v6 API. Run go mod tidy and go mod vendor to update go.sum, vendor/, and vendor/modules.txt. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [critical] api-contract The PR changes go.mod from jsonschema/v5 to jsonschema/v6, but this is the only file changed. Three source files (helpers/integration.go:35, gitops/snapshot.go:38, pkg/integrationteststatus/integration_test_status.go:27) still import v5. The go.sum file contains only v5 entries, and vendor/modules.txt also references v5. Since Go treats major versions as distinct module paths, go.mod will declare a dependency (v6) that no code imports, while the actually-imported v5 path is no longer declared. The build will fail. Additionally, v5-to-v6 is a breaking API change requiring call-site updates beyond just import path changes. Suggested fix: Update all three source files to import github.com/santhosh-tekuri/jsonschema/v6, update API call sites to match v6 signatures (consult the v6 migration guide), run go mod tidy to regenerate go.sum, and re-vendor dependencies. Alternatively, if the API migration is not yet ready, close this Renovate PR and pin the dependency to v5. |
||
| github.com/tektoncd/pipeline v1.7.0 | ||
| github.com/tonglil/buflogr v1.1.1 | ||
| gitlab.com/gitlab-org/api/client-go/v2 v2.36.0 | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[critical] correctness
Major version bump from jsonschema/v5 to v6 in go.mod, but source files (gitops/snapshot.go, helpers/integration.go, pkg/integrationteststatus/integration_test_status.go) still import v5. Go treats v5 and v6 as distinct module paths — this PR will not compile. Additionally, go.sum and vendor/ are not updated, and the v6 API has breaking changes that may affect CompileString call sites.
Suggested fix: Update all import paths from jsonschema/v5 to jsonschema/v6, run go mod tidy and go mod vendor, and verify CompileString call sites against the v6 API.