search

TykTechnologies / tyk

Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols
Other
9.76k stars 1.09k forks source link

[TT-13098] exp/modcheck: Update go.mod dependencies #6521

Closed buger closed 2 months ago

buger commented 2 months ago

User description

Triggered by: titpetric

IMPORT VERSION LATEST WARNINGS CVES
Masterminds/sprig/v3 v3.2.3 v3.3.0
getkin/kin-openapi v0.115.0 v0.127.0 Held back from upgrade
hashicorp/consul/api v1.29.1 v1.29.4
hashicorp/vault/api v1.14.0 v1.15.0
miekg/dns v1.1.61 v1.1.62 0 of 3
oschwald/maxminddb-golang v1.13.0 v1.13.1
rs/cors v1.11.0 v1.11.1 0 of 2
golang.org/x/crypto v0.24.0 v0.27.0 0 of 10
golang.org/x/net v0.26.0 v0.29.0 0 of 16
golang.org/x/sync v0.7.0 v0.8.0
google.golang.org/grpc v1.64.0 v1.66.2 0 of 2
go-redsync/redsync/v4 v4.11.0 v4.13.0 Held back from upgrade
redis/go-redis/v9 v9.5.3 v9.6.1
newrelic/go-agent v2.13.0 +incompatible v3.34.0+incompatible Held back from upgrade
go.opentelemetry.io/otel v1.19.0 v1.30.0 Held back from upgrade
go.opentelemetry.io/otel/trace v1.19.0 v1.30.0 Held back from upgrade
Steps performed ~~~ + go get github.com/Masterminds/sprig/v3@v3.3.0 go: downloading github.com/Masterminds/sprig/v3 v3.3.0 go: downloading dario.cat/mergo v1.0.1 go: downloading github.com/Masterminds/semver/v3 v3.3.0 go: downloading github.com/huandu/xstrings v1.5.0 go: downloading github.com/shopspring/decimal v1.4.0 go: downloading github.com/spf13/cast v1.7.0 go: downloading golang.org/x/crypto v0.26.0 go: downloading golang.org/x/sys v0.23.0 go: downloading golang.org/x/text v0.17.0 go: added dario.cat/mergo v1.0.1 go: upgraded github.com/Masterminds/semver/v3 v3.2.0 => v3.3.0 go: upgraded github.com/Masterminds/sprig/v3 v3.2.3 => v3.3.0 go: upgraded github.com/huandu/xstrings v1.3.3 => v1.5.0 go: upgraded github.com/shopspring/decimal v1.2.0 => v1.4.0 go: upgraded github.com/spf13/cast v1.6.0 => v1.7.0 go: upgraded golang.org/x/crypto v0.24.0 => v0.26.0 go: upgraded golang.org/x/sync v0.7.0 => v0.8.0 go: upgraded golang.org/x/sys v0.21.0 => v0.23.0 go: upgraded golang.org/x/text v0.16.0 => v0.17.0 + go get github.com/hashicorp/consul/api@v1.29.4 go: downloading github.com/hashicorp/consul/api v1.29.4 go: downloading github.com/hashicorp/consul/proto-public v0.6.2 go: upgraded github.com/hashicorp/consul/api v1.29.1 => v1.29.4 + go get github.com/hashicorp/vault/api@v1.15.0 go: downloading github.com/hashicorp/vault/api v1.15.0 go: downloading github.com/hashicorp/vault v1.15.0 go: downloading github.com/hashicorp/go-retryablehttp v0.7.7 go: upgraded github.com/hashicorp/go-retryablehttp v0.7.6 => v0.7.7 go: upgraded github.com/hashicorp/vault/api v1.14.0 => v1.15.0 + go get github.com/miekg/dns@v1.1.62 go: downloading github.com/miekg/dns v1.1.62 go: downloading golang.org/x/net v0.27.0 go: upgraded github.com/miekg/dns v1.1.61 => v1.1.62 go: upgraded golang.org/x/net v0.26.0 => v0.27.0 + go get github.com/oschwald/maxminddb-golang@v1.13.1 go: downloading github.com/oschwald/maxminddb-golang v1.13.1 go: upgraded github.com/oschwald/maxminddb-golang v1.13.0 => v1.13.1 + go get github.com/rs/cors@v1.11.1 go: downloading github.com/rs/cors v1.11.1 go: upgraded github.com/rs/cors v1.11.0 => v1.11.1 + go get golang.org/x/crypto@v0.27.0 go: downloading golang.org/x/crypto v0.27.0 go: downloading golang.org/x/text v0.18.0 go: upgraded golang.org/x/crypto v0.26.0 => v0.27.0 go: upgraded golang.org/x/sys v0.23.0 => v0.25.0 go: upgraded golang.org/x/text v0.17.0 => v0.18.0 + go get golang.org/x/net@v0.29.0 go: downloading golang.org/x/net v0.29.0 go: upgraded golang.org/x/net v0.27.0 => v0.29.0 + go get golang.org/x/sync@v0.8.0 + go get google.golang.org/grpc@v1.66.2 go: downloading google.golang.org/grpc v1.66.2 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 go: downloading github.com/cespare/xxhash/v2 v2.3.0 go: downloading github.com/golang/glog v1.2.1 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 go: upgraded github.com/cespare/xxhash/v2 v2.2.0 => v2.3.0 go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 => v0.0.0-20240604185151-ef581f913117 go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be => v0.0.0-20240604185151-ef581f913117 go: upgraded google.golang.org/grpc v1.64.0 => v1.66.2 + go get github.com/redis/go-redis/v9@v9.6.1 go: downloading github.com/redis/go-redis/v9 v9.6.1 go: upgraded github.com/redis/go-redis/v9 v9.5.3 => v9.6.1 ~~~
go mod tidy output ``` go: go.mod requires go >= 1.22.6 (running go 1.21.13; GOTOOLCHAIN=local) ```

JIRA: https://tyktech.atlassian.net/browse/TT-13098

PR Type

enhancement, dependencies

Description

Changes walkthrough 📝

Relevant files
Dependencies
go.mod
Update Go module dependencies to latest versions                 
go.mod
  • Updated github.com/Masterminds/sprig/v3 from v3.2.3 to v3.3.0.
  • Updated github.com/hashicorp/consul/api from v1.29.1 to v1.29.4.
  • Updated github.com/hashicorp/vault/api from v1.14.0 to v1.15.0.
  • Updated multiple other dependencies to their latest versions.
    		• +22/-21 
    go.sum
    Update go.sum with new dependency checksums                           
    go.sum
  • Added checksums for new versions of updated dependencies.
  • Ensured consistency with go.mod updates.
    		• +54/-0   

    💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

    github-actions[bot] commented 2 months ago

    API Changes

    no api changes detected
    github-actions[bot] commented 2 months ago

    PR Reviewer Guide 🔍

    ⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ Key issues to review

    Deprecated Field
    The field `PrePlugin` is marked as deprecated. Consider using `PrePlugins` for new implementations to ensure future compatibility. Deprecated Field
    The field `PostAuthenticationPlugin` is marked as deprecated. Consider using `PostAuthenticationPlugins` for new implementations to ensure future compatibility. Deprecated Field
    The field `PostPlugin` is marked as deprecated. Consider using `PostPlugins` for new implementations to ensure future compatibility. Deprecated Field
    The field `ResponsePlugin` is marked as deprecated. Consider using `ResponsePlugins` for new implementations to ensure future compatibility. Test Cleanup
    The use of `t.Cleanup(ts.Close)` replaces `defer ts.Close()` which is a more robust way to ensure resources are cleaned up after tests. This change should be applied consistently across all tests to maintain uniformity and reliability.
    github-actions[bot] commented 2 months ago

    PR Code Suggestions ✨

    CategorySuggestion                                                                                                                                    Score
    Best practice
    Implement table-driven tests for similar test setups ___ **Use a table-driven approach for tests that involve similar setup and assertions to
    enhance test organization and scalability.** [apidef/oas/default_test.go [51-57]](https://github.com/TykTechnologies/tyk/pull/6521/files#diff-ab6848f71731083885a9d7d7970faa68a6783a98477c78413ae3979cb5add7dbR51-R57) ```diff -Middleware: &Middleware{ - Global: &Global{ - ContextVariables: &ContextVariables{ - Enabled: true, +for _, tc := range []struct{ + name string + middleware *Middleware +}{ + {"TestCase1", &Middleware{ + Global: &Global{ + ContextVariables: &ContextVariables{ + Enabled: true, + }, }, - }, + }}, + // Add more test cases as needed +}{ + t.Run(tc.name, func(t *testing.T) { + // Test logic here + }) } ```
    Suggestion importance[1-10]: 9 Why: Using a table-driven approach for tests is a best practice that enhances test organization and scalability, making it easier to manage and extend tests in the future. This suggestion is highly beneficial for improving test structure.
    		9
    Maintainability
    Consolidate repeated struct initializations into a helper function ___ **Consider consolidating the repeated Middleware struct initialization into a helper
    function to reduce code duplication and improve maintainability.** [apidef/oas/default_test.go [51-57]](https://github.com/TykTechnologies/tyk/pull/6521/files#diff-ab6848f71731083885a9d7d7970faa68a6783a98477c78413ae3979cb5add7dbR51-R57) ```diff -Middleware: &Middleware{ - Global: &Global{ - ContextVariables: &ContextVariables{ - Enabled: true, - }, - }, -} +Middleware: createDefaultMiddleware() ```
    Suggestion importance[1-10]: 8 Why: This suggestion effectively reduces code duplication and improves maintainability by consolidating repeated struct initializations into a helper function, which is a good practice for cleaner and more maintainable code.
    		8
    Use a loop through test cases for assertions to reduce duplication ___ **Refactor the assertions to use a loop through a slice of test cases to avoid code
    duplication across multiple test functions.** [apidef/oas/default_test.go [60]](https://github.com/TykTechnologies/tyk/pull/6521/files#diff-ab6848f71731083885a9d7d7970faa68a6783a98477c78413ae3979cb5add7dbR60-R60) ```diff -assert.Equal(t, expectedTykExtension, *oasDef.GetTykExtension()) +testCases := []struct{ + name string + expected, actual interface{} +}{ + {"Test1", expectedTykExtension, *oasDef.GetTykExtension()}, + // Add other cases here +} +for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + assert.Equal(t, tc.expected, tc.actual) + }) +} ```
    Suggestion importance[1-10]: 6 Why: Refactoring assertions to use a loop through test cases is a good practice for reducing code duplication, but it requires careful implementation to ensure all test cases are covered correctly.
    		6
    Possible redundancy
    Verify necessity of repeated Middleware struct initialization in tests ___ **Ensure that the Middleware struct initialization is necessary for each test case, as
    it appears to be repeated multiple times which might not be needed if the state is
    unchanged.** [apidef/oas/default_test.go [51-57]](https://github.com/TykTechnologies/tyk/pull/6521/files#diff-ab6848f71731083885a9d7d7970faa68a6783a98477c78413ae3979cb5add7dbR51-R57) ```diff -Middleware: &Middleware{ - Global: &Global{ - ContextVariables: &ContextVariables{ - Enabled: true, - }, - }, -} +// If Middleware setup is unchanged, consider setting it up once and reusing. ```
    Suggestion importance[1-10]: 7 Why: The suggestion to verify the necessity of repeated struct initialization is valid and can help reduce redundancy, although it may not be as impactful as consolidating the code into a helper function.
    		7
    sonarcloud[bot] commented 2 months ago

    Quality Gate Passed Quality Gate passed

    Issues
    0 New issues
    0 Accepted issues

    Measures
    0 Security Hotspots
    0.0% Coverage on New Code
    0.0% Duplication on New Code

    See analysis details on SonarCloud