guardrails[bot]
commented
11 months ago :warning: We detected 1 security issue in this pull request:
Vulnerable Libraries (1)
Severity | Details :-: | :-- High | [pkg:golang/github.com/pelletier/go-toml/v2@v2.1.0](https://github.com/SpokeyWheeler/drawbridge/blob/e1f0894510bca075b1858949d7b446d1c4333119/cmd/pkg/mod/github.com/knadh/koanf@v1.4.4/go.mod#L23) upgrade to: *> v2.1.0* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
This PR contains the following updates:
v1.9.5->v2.1.1Release Notes
pelletier/go-toml (github.com/pelletier/go-toml)
### [`v2.1.1`](https://togithub.com/pelletier/go-toml/releases/tag/v2.1.1) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.1.0...v2.1.1) #### What's Changed ##### Fixed bugs - Fix unmarshaling of nested non-exported struct by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/917](https://togithub.com/pelletier/go-toml/pull/917) #### New Contributors - [@arp242](https://togithub.com/arp242) made their first contribution in [https://github.com/pelletier/go-toml/pull/907](https://togithub.com/pelletier/go-toml/pull/907) - [@mpldr](https://togithub.com/mpldr) made their first contribution in [https://github.com/pelletier/go-toml/pull/911](https://togithub.com/pelletier/go-toml/pull/911) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.1.0...v2.1.1 ### [`v2.1.0`](https://togithub.com/pelletier/go-toml/releases/tag/v2.1.0) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.9...v2.1.0) This new minor release brings back the `commented` struct field tag from go-toml v1. It makes it easier to generate default or example configuration files. For instance: ```go type TLS struct { Cipher string `toml:"cipher"` Version string `toml:"version"` } type Config struct { Host string `toml:"host" comment:"Host IP to connect to."` Port int `toml:"port" comment:"Port of the remote server."` Tls TLS `toml:"TLS,commented" comment:"Encryption parameters (optional)"` } example := Config{ Host: "127.0.0.1", Port: 4242, Tls: TLS{ Cipher: "AEAD-AES128-GCM-SHA256", Version: "TLS 1.3", }, } out, err := toml.Marshal(example) ``` generates this TOML document: ```toml ### Host IP to connect to. host = '127.0.0.1' ### Port of the remote server. port = 4242 ### Encryption parameters (optional) ### [TLS] ### cipher = 'AEAD-AES128-GCM-SHA256' ### version = 'TLS 1.3' ``` This feature was often mentioned as a blocker to upgrading from go-toml v1. Hopefully bringing it back in scope will help folks make the transition! An other noteworthy improvement is on type mismatch errors. They now include the human-readable context, and include the struct field name of the faulty value if applicable. Before: toml: cannot store TOML string into a Go int After: 1| [server] 2| path = "/my/path" 3| port = "bad" | ~~~~~ cannot decode TOML string into struct field toml_test.Server.Port of type int #### What's Changed ##### What's new - Encoder: add back the commented option by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/893](https://togithub.com/pelletier/go-toml/pull/893) ##### Fixed bugs - Decode: fix panic when parsing '0' as a float by [@ocean2811](https://togithub.com/ocean2811) in [https://github.com/pelletier/go-toml/pull/887](https://togithub.com/pelletier/go-toml/pull/887) - Encode: fix ignored indent of array tables by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/889](https://togithub.com/pelletier/go-toml/pull/889) - Unstable/parser: add raw to integers by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/890](https://togithub.com/pelletier/go-toml/pull/890) - Decode: improve errors on integers and strings by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/891](https://togithub.com/pelletier/go-toml/pull/891) - Decode: fix wrong indention for comments on tables by [@Felixoid](https://togithub.com/Felixoid) in [https://github.com/pelletier/go-toml/pull/892](https://togithub.com/pelletier/go-toml/pull/892) ##### Other changes - Add support for `Go 1.21` by [@michalbiesek](https://togithub.com/michalbiesek) in [https://github.com/pelletier/go-toml/pull/885](https://togithub.com/pelletier/go-toml/pull/885) #### New Contributors - [@michalbiesek](https://togithub.com/michalbiesek) made their first contribution in [https://github.com/pelletier/go-toml/pull/885](https://togithub.com/pelletier/go-toml/pull/885) - [@ocean2811](https://togithub.com/ocean2811) made their first contribution in [https://github.com/pelletier/go-toml/pull/887](https://togithub.com/pelletier/go-toml/pull/887) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.9...v2.1.0 ### [`v2.0.9`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.9) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.8...v2.0.9) #### What's Changed ##### Fixed bugs - Encode: fix support for arrays by [@MrJetBOX](https://togithub.com/MrJetBOX) in [https://github.com/pelletier/go-toml/pull/876](https://togithub.com/pelletier/go-toml/pull/876) - Decode: assign empty struct to empty defined sections by [@dbarrosop](https://togithub.com/dbarrosop) in [https://github.com/pelletier/go-toml/pull/879](https://togithub.com/pelletier/go-toml/pull/879) ##### Other changes - build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/pelletier/go-toml/pull/877](https://togithub.com/pelletier/go-toml/pull/877) #### New Contributors - [@MrJetBOX](https://togithub.com/MrJetBOX) made their first contribution in [https://github.com/pelletier/go-toml/pull/876](https://togithub.com/pelletier/go-toml/pull/876) - [@dbarrosop](https://togithub.com/dbarrosop) made their first contribution in [https://github.com/pelletier/go-toml/pull/879](https://togithub.com/pelletier/go-toml/pull/879) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.8...v2.0.9 ### [`v2.0.8`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.8) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.7...v2.0.8) #### What's Changed ##### What's new - Support MarshalText/UnmarshalText for map keys by [@gordon-klotho](https://togithub.com/gordon-klotho) in [https://github.com/pelletier/go-toml/pull/863](https://togithub.com/pelletier/go-toml/pull/863) - Experimental: comments support in unstable/Parser by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/860](https://togithub.com/pelletier/go-toml/pull/860) ##### Fixed bugs - Decode: fix decode into unsettable structs by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/868](https://togithub.com/pelletier/go-toml/pull/868) ##### Documentation - Add example on how to use TextUnmarshaler by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/867](https://togithub.com/pelletier/go-toml/pull/867) #### New Contributors - [@manunio](https://togithub.com/manunio) made their first contribution in [https://github.com/pelletier/go-toml/pull/861](https://togithub.com/pelletier/go-toml/pull/861) - [@gordon-klotho](https://togithub.com/gordon-klotho) made their first contribution in [https://github.com/pelletier/go-toml/pull/863](https://togithub.com/pelletier/go-toml/pull/863) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.7...v2.0.8 ### [`v2.0.7`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.7) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.6...v2.0.7) #### What's Changed ##### Fixed bugs - Encode: fix inline table first key value whitespace by [@cuonglm](https://togithub.com/cuonglm) in [https://github.com/pelletier/go-toml/pull/837](https://togithub.com/pelletier/go-toml/pull/837) - Decode: allow integers to be unmarshaled into floats by [@PotatoesFall](https://togithub.com/PotatoesFall) in [https://github.com/pelletier/go-toml/pull/841](https://togithub.com/pelletier/go-toml/pull/841) - Decode: fix error reporting of type mismatch on inline tables by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/853](https://togithub.com/pelletier/go-toml/pull/853) - Decode: fix panic when unmarshaling into a map twice by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/854](https://togithub.com/pelletier/go-toml/pull/854) ##### Documentation - Fix typos by [@deining](https://togithub.com/deining) in [https://github.com/pelletier/go-toml/pull/849](https://togithub.com/pelletier/go-toml/pull/849) #### New Contributors - [@DavidKorczynski](https://togithub.com/DavidKorczynski) made their first contribution in [https://github.com/pelletier/go-toml/pull/831](https://togithub.com/pelletier/go-toml/pull/831) - [@cuonglm](https://togithub.com/cuonglm) made their first contribution in [https://github.com/pelletier/go-toml/pull/837](https://togithub.com/pelletier/go-toml/pull/837) - [@PotatoesFall](https://togithub.com/PotatoesFall) made their first contribution in [https://github.com/pelletier/go-toml/pull/841](https://togithub.com/pelletier/go-toml/pull/841) - [@deining](https://togithub.com/deining) made their first contribution in [https://github.com/pelletier/go-toml/pull/849](https://togithub.com/pelletier/go-toml/pull/849) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.6...v2.0.7 ### [`v2.0.6`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.6) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.5...v2.0.6) #### What's Changed ##### What's new - Expose parser API as unstable by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/827](https://togithub.com/pelletier/go-toml/pull/827) ##### Performance - Reduce init time allocation when declaring types used for reflect by [@dolmen](https://togithub.com/dolmen) in [https://github.com/pelletier/go-toml/pull/821](https://togithub.com/pelletier/go-toml/pull/821) ##### Other changes - refactor: Use typeMismatchError rather than raw string error by [@jidicula](https://togithub.com/jidicula) in [https://github.com/pelletier/go-toml/pull/826](https://togithub.com/pelletier/go-toml/pull/826) - build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/pelletier/go-toml/pull/825](https://togithub.com/pelletier/go-toml/pull/825) - build(deps): bump actions/setup-go from 2 to 3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/pelletier/go-toml/pull/820](https://togithub.com/pelletier/go-toml/pull/820) #### New Contributors - [@dolmen](https://togithub.com/dolmen) made their first contribution in [https://github.com/pelletier/go-toml/pull/821](https://togithub.com/pelletier/go-toml/pull/821) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.5...v2.0.6 ### [`v2.0.5`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.5) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.4...v2.0.5) #### What's Changed ##### Fixed bugs - Fix reflect.Pointer backward compatibility by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/813](https://togithub.com/pelletier/go-toml/pull/813) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.4...v2.0.5 ### [`v2.0.4`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.4) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.3...v2.0.4) This version has compatibility issues with Go <= 1.17. Though go-toml doesn't officially support Go less than 2 versions old, a new version has been released with a backward-compatible fix: https://github.com/pelletier/go-toml/releases/tag/v2.0.5. #### What's Changed ##### Fixed bugs - Decode: don't crash on embedded nil pointers by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/808](https://togithub.com/pelletier/go-toml/pull/808) - Add back missing build tag needed for Go 1.16 and earlier by [@piotrbulinski](https://togithub.com/piotrbulinski) in [https://github.com/pelletier/go-toml/pull/809](https://togithub.com/pelletier/go-toml/pull/809) - Decode: don't break on non-struct embed field by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/810](https://togithub.com/pelletier/go-toml/pull/810) #### New Contributors - [@piotrbulinski](https://togithub.com/piotrbulinski) made their first contribution in [https://github.com/pelletier/go-toml/pull/809](https://togithub.com/pelletier/go-toml/pull/809) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.3...v2.0.4 ### [`v2.0.3`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.3) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.2...v2.0.3) #### What's Changed ##### Fixed bugs - Encode: define and fix newlines behavior when using omitempty by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/798](https://togithub.com/pelletier/go-toml/pull/798) - Encode: don't inherit omitempty by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/803](https://togithub.com/pelletier/go-toml/pull/803) - Decode: error on array table mismatched type by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/804](https://togithub.com/pelletier/go-toml/pull/804) ##### Other changes - build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.8.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/pelletier/go-toml/pull/793](https://togithub.com/pelletier/go-toml/pull/793) [https://github.com/pelletier/go-toml/pull/794](https://togithub.com/pelletier/go-toml/pull/794) [https://github.com/pelletier/go-toml/pull/795](https://togithub.com/pelletier/go-toml/pull/795) - Go 1.19 by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/802](https://togithub.com/pelletier/go-toml/pull/802) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.2...v2.0.3 ### [`v2.0.2`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.2) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.1...v2.0.2) #### What's Changed ##### Fixed bugs - Encode: add bound check for uint64 > math.Int64 by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/785](https://togithub.com/pelletier/go-toml/pull/785) ##### Other changes - Build arm + arm64 binaries for linux and windows by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/790](https://togithub.com/pelletier/go-toml/pull/790) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.1...v2.0.2 ### [`v2.0.1`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.1) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v2.0.0...v2.0.1) #### What's Changed ##### Fixed bugs - Encode: fix embedded struct with explicit field name by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/773](https://togithub.com/pelletier/go-toml/pull/773) - Encode: fix multiline comment by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/775](https://togithub.com/pelletier/go-toml/pull/775) - Encode: support comment on array tables by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/776](https://togithub.com/pelletier/go-toml/pull/776) - Decode: check max uint on 32 bit platforms by [@pelletier](https://togithub.com/pelletier) in [https://github.com/pelletier/go-toml/pull/778](https://togithub.com/pelletier/go-toml/pull/778) ##### Documentation - Typo in README.md fix by [@fnork](https://togithub.com/fnork) in [https://github.com/pelletier/go-toml/pull/770](https://togithub.com/pelletier/go-toml/pull/770) #### New Contributors - [@fnork](https://togithub.com/fnork) made their first contribution in [https://github.com/pelletier/go-toml/pull/770](https://togithub.com/pelletier/go-toml/pull/770) **Full Changelog**: https://github.com/pelletier/go-toml/compare/v2.0.0...v2.0.1 ### [`v2.0.0`](https://togithub.com/pelletier/go-toml/releases/tag/v2.0.0) [Compare Source](https://togithub.com/pelletier/go-toml/compare/v1.9.5...v2.0.0) It is finally here! go-toml v2 is now stable. :tada: Only just over one year after I started working on it. This version of go-toml has been rebuilt from the ground up. It respects the latest TOML specification. Countless bugs have been fixed. It behaves more like the standard library. And it is [*much* faster](https://togithub.com/pelletier/go-toml/tree/v2#benchmarks). Special attention was given to keeping the public API to a minimum. Continuing the strict policy of backward compatibility, the next breaking change will be in another 5 years! Thank you to everybody who contributed to this new version, as well as folks willing to try out the intermediate beta versions. Shout out to [@moorereason](https://togithub.com/moorereason) for reporting many issues during the development process using differential fuzzing, as well as [@bep](https://togithub.com/bep) for running a beta on the popular [Hugo](https://gohugo.io/) project! There is still some work that could be done to improve the performance of the library ([https://github.com/pelletier/go-toml/pull/758](https://togithub.com/pelletier/go-toml/pull/758) and [https://github.com/pelletier/go-toml/pull/669](https://togithub.com/pelletier/go-toml/pull/669) for instance). But I am confident that the library is in a good-enough place at the moment for folks to reap the benefits of the rewrite. The major feature removal is the sort-of-AST that v1 provided. It allowed manipulating an arbitrary document and writing it back out. This was done to cut down the scope of the project, removing a feature that had unclear use-cases. The v2 parser creates some [intermediate AST](https://togithub.com/pelletier/go-toml/blob/v2/internal/ast/ast.go) so that if somebody is up to design a Document API the tools should be available to do so. Please reach out if you are interested! The readme contains a [list of differences](https://togithub.com/pelletier/go-toml/tree/v2#migrating-from-v1) between v1 and v2 to be aware of when upgrading. Please report any issue you may have with the new version in the [bug tracker 🐞](https://togithub.com/pelletier/go-toml/issues), provide feedback, and ask questions in [Discussions 💬](https://togithub.com/pelletier/go-toml/discussions). With this release, go-toml **v1 will not be receiving any updates**. This is required to keep maintenance of the project to a minimum. Hopefully, this change doesn't break your thing! *** **Full commit log**: https://github.com/pelletier/go-toml/compare/c9a09d8695a83a55cd171d147b09fdf10270e503...v2 Thank you contributors: [@pelletier](https://togithub.com/pelletier) [@oschwald](https://togithub.com/oschwald) [@moorereason](https://togithub.com/moorereason) [@xwjdsh](https://togithub.com/xwjdsh) [@kkHAIKE](https://togithub.com/kkHAIKE) [@RiyaJohn](https://togithub.com/RiyaJohn) [@jidicula](https://togithub.com/jidicula) [@zostay](https://togithub.com/zostay) [@mmorel-35](https://togithub.com/mmorel-35).Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.