aquasecurity / fanal

Static Analysis Library for Containers
Apache License 2.0
199 stars 100 forks source link

chore(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 #376

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps github.com/BurntSushi/toml from 0.4.1 to 1.0.0.

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.0.0

This release adds much more detailed errors, support for the toml.Marshaler interface, and several fixes.

There is no special meaning in the jump to v1.0; the 0.x releases were always treated as if they're 1.x with regards to compatibility; the versioning scheme for this library predates the release of modules.

New features

  • Error reporting is much improved; the reported position of errors should now always be correct and the library can print more detailed errors (#299, #332)

    Decode always return a toml.ParseError, which has three methods:

    • Error() behaves as before and shows a single concise line with the error.

    • ErrorWithPosition() shows the same error, but also shows the line the error occurred at, similar to e.g. clang or the Rust compiler.

    • ErrorWithUsage() is the same as ErrorWithPosition(), but may also show a longer usage guidance message. This isn't always present (in which case it behaves identical to ErrorWithPosition()), but it should be present for most common mistakes and sources of confusion.

    Which error the correct one to use is depends on your application and preferences; in general I would recommend using at least ErrorWithPosition() for user-facing errors, as it's much more helpful for users of any skill level. If your users are likely to be non-technical then ErrorWithUsage() is probably a good idea; I did my best to avoid technical jargon such as "newline" and phrase things in a way that's understandable by most people not intimately familiar with these sort of things.

    Additionally, the TOML key that fialed should now always be reported in all errors.

  • Add toml.Marshaler interface. This can be used if you want full control over how something is marshalled as TOML, similar to json.Marshaler etc. This takes precedence over encoding.TextMarshaler. (#327)

  • Allow TOML integers to be decoded to a Go float (#325)

    Previously int = 42 could only be decoded to an int* type; now this can also be decoded in a float type as long as it can be represented without loss of data.

Fixes

  • Key.String() is now quoted when needed (#333)

  • Fix decoding of nested structs on 32bit platforms (#314)

  • Empty slices are now always []T{} rather than nil, which was the behaviour in v0.3.1 and before. While they are identical for most purposes, encoding/json encodes them different ([] vs. null), making it an (accidentally) incompatible change (#339)

Commits
  • 4272474 Reject control characters everywhere
  • 9bbaaec Update toml-test
  • 8a54f3e Merge TestDecodeInterfaceSlice in TestDecodeSlices
  • 9515b92 Decode S=[] into a non-nil []interface{}. (#339)
  • 7d0236f Make sure quoted keys with dots work well (#333)
  • ff0a3f8 Add back build tags for toml-test files
  • 7356d5f Few staticcheck fixes
  • b1471ff Don't allow "0_0"
  • 847ee8a Update toml-test
  • 4619257 Clearer errors when decoding to invalid types (#332)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)