feat(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0

dependabot[bot] commented 11 months ago

Bumps github.com/spf13/viper from 1.16.0 to 1.17.0.

Release notes

Sourced from github.com/spf13/viper's releases.

v1.17.0

Major changes

Highlighting some of the changes for better visibility.

Please share your feedback in the Discussion forum. Thanks! ❤️

Minimum Go version: 1.19

Viper now requires Go 1.19

This change ensures we can stay up to date with modern practices and dependencies.

log/slog support [BREAKING]

Viper v1.11.0 added an experimental Logger interface to allow custom implementations (besides jwalterweatherman).

In addition, it also exposed an experimental WithLogger function allowing to set a custom logger.

This release deprecates that interface in favor of log/slog released in Go 1.21.

[!WARNING] WithLogger accepts an *slog.Logger from now on.

To preserve backwards compatibility with older Go versions, prior to Go 1.21 Viper accepts a *golang.org/x/exp/slog.Logger.

The experimental flag is removed.

New finder implementation [BREAKING]

As of this release, Viper uses a new library to look for files, called locafero.

The new library is better covered by tests and has been built from scratch as a general purpose file finder library.

The implementation is experimental and is hidden behind a finder build tag.

[!WARNING] The io/fs based implementation (that used to be hidden behind a finder build tag) has been removed.

What's Changed

Exciting New Features 🎉

Add NATS support by @hooksie1 in spf13/viper#1590

Add slog support by @sagikazarmark in spf13/viper#1627

Enhancements 🚀

chore: add local development environment using nix by @sagikazarmark in spf13/viper#1572

feat: add func GetEnvPrefix by @baruchiro in spf13/viper#1565

Improve dev env by @sagikazarmark in spf13/viper#1575

fix: code optimization by @testwill in spf13/viper#1557

test: remove not needed testutil.Setenv by @alexandear in spf13/viper#1610

new finder library based on afero by @sagikazarmark in spf13/viper#1625

... (truncated)

Commits

f62f86a refactor: make use of strings.Cut
94632fa chore: Use pip3 explicitly to install yamllint
3f6cadc chore: Fix copy-paste error for yamllint target
287507c docs: add set subset KV example
f1cb226 chore(deps): update crypt
c292b55 test: refactor asserts
3d006fe refactor: replace interface{} with any
8a6dc5d build(deps): bump github/codeql-action from 2.21.8 to 2.21.9
96c5c00 chore: remove deprecated build tags
44911d2 build(deps): bump github/codeql-action from 2.21.7 to 2.21.8
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

guardrails[bot] commented 11 months ago

:warning: We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity | Details :-: | :-- High | [pkg:golang/github.com/spf13/viper@v1.17.0](https://github.com/xmidt-org/themis/blob/aca3e46ddaf9354d2b3f033318d4abf987f9ba99/go.mod#L15) upgrade to: *> v1.17.0* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

codecov[bot] commented 11 months ago

Codecov Report

Merging #185 (aca3e46) into main (c0ce7a9) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #185   +/-   ##
=======================================
  Coverage   78.55%   78.55%           
=======================================
  Files          35       35           
  Lines        1562     1562           
=======================================
  Hits         1227     1227           
  Misses        308      308           
  Partials       27       27

Flag	Coverage Δ
unittests	`78.55% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

dependabot[bot] commented 9 months ago

Superseded by #191.

xmidt-org / themis