search

xmidt-org / caduceus

The Xmidt server for delivering events written in Go.
Apache License 2.0
16 stars 19 forks source link

feat(deps): bump github.com/spf13/viper from 1.17.0 to 1.18.2 #454

Closed dependabot[bot] closed 6 months ago

dependabot[bot] commented 6 months ago

Bumps github.com/spf13/viper from 1.17.0 to 1.18.2.

Release notes

Sourced from github.com/spf13/viper's releases.

v1.18.2

tl;dr Skip 1.18.0 and 1.18.1 and upgrade to this version instead.

This release fixes a regression that appears in rare circumstances when using Unmarshal or UnmarshalExact to decode values onto pointers with multiple indirection (eg. pointer to a pointer, etc). The change was introduced in 1.18.0 as a means to resolve a long-standing bug when decoding environment variables to structs.

The feature is now disabled by default and can be enabled using the viper_bind_struct build tag. It's also considered experimental at this point, so breaking changes may be introduced in the future.

What's Changed

Bug Fixes 🐛

Full Changelog: https://github.com/spf13/viper/compare/v1.18.1...v1.18.2

v1.18.1

What's Changed

Bug Fixes 🐛

Full Changelog: https://github.com/spf13/viper/compare/v1.18.0...v1.18.1

v1.18.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

AutomaticEnv works with Unmarshal

Previously, environment variables that weren't bound manually or had no defaults could not be mapped by Unmarshal. (The problem is explained in details in this issue: #761)

#1429 introduced a solution that solves that issue.

What's Changed

Enhancements 🚀

Bug Fixes 🐛

Dependency Updates ⬆️

... (truncated)

Commits
  • ab3a50c fix!: hide struct binding behind a feature flag
  • 9154b90 build(deps): bump actions/setup-go from 4.1.0 to 5.0.0
  • 08e4a00 build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
  • fb6eb1e fix: merge missing struct keys inside UnmarshalExact
  • f5fcb4a chore: update crypt
  • f736363 fix isPathShadowedInFlatMap type cast bug (#1585)
  • 36a3868 Review changes
  • f0c4ccd fix: gocritic lint issues
  • 3a23b80 ci: enable test shuffle; fix tests
  • 73dfb94 feat: make Unmarshal work with AutomaticEnv
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (e2ba9cf) 66.27% compared to head (fa8454f) 66.27%. Report is 5 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #454 +/- ## ======================================= Coverage 66.27% 66.27% ======================================= Files 10 10 Lines 1293 1293 ======================================= Hits 857 857 Misses 406 406 Partials 30 30 ``` | [Flag](https://app.codecov.io/gh/xmidt-org/caduceus/pull/454/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/xmidt-org/caduceus/pull/454/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org) | `66.27% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=xmidt-org#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

guardrails[bot] commented 6 months ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity | Details :-: | :-- N/A | [pkg:golang/github.com/spf13/viper@v1.16.0](https://github.com/xmidt-org/caduceus/blob/fa8454f820a2bd4ce0cf812142e9e68d6c2f4f5f/go.mod#L14) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.