Update go modules (main) (minor)#3131
Conversation
ℹ️ Artifact update noticeFile name: acceptance/go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
File name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
File name: tools/go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
File name: tools/kubectl/go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
b7bbfdc to
02074a5
Compare
ae12a07 to
b6bcb99
Compare
eb3bd95 to
50d854b
Compare
| @@ -3,17 +3,17 @@ module github.com/conforma/cli/tools | |||
| go 1.25.8 | |||
There was a problem hiding this comment.
[low] version-skew
tools/go.mod keeps go 1.25.8 while the other three go.mod files are updated to go 1.26.0. While these are separate Go modules and unlikely to cause immediate issues, it is a hygiene concern.
|
🤖 Finished Review · ✅ Success · Started 11:01 PM UTC · Completed 11:10 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 2:41 AM UTC · Completed 2:49 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 12:53 PM UTC · Completed 1:03 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 5:14 PM UTC · Completed 5:25 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 6:17 AM UTC · Completed 6:28 AM UTC |
| k8s.io/client-go v0.35.4 | ||
| k8s.io/klog/v2 v2.130.1 | ||
| k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[critical] API contract violation
testcontainers-go updated from v0.34 to v0.43.0. WithConfigModifier and WithHostConfigModifier were removed in v0.37.0. benchmark/offliner/offliner.go (lines 87, 90) and benchmark/internal/registry/registry.go (lines 131, 154) use these functions, causing compilation failures.
Suggested fix: Either keep testcontainers-go at a version < v0.37.0, or update the benchmark code to use testcontainers.CustomizeRequest instead of the removed modifier functions.
| github.com/tektoncd/cli v0.45.0 | ||
| github.com/tektoncd/pipeline v1.12.0 | ||
| github.com/testcontainers/testcontainers-go v0.34.0 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 |
There was a problem hiding this comment.
[critical] API contract violation
testcontainers-go in acceptance module updated from v0.34.0 to v0.43.0. GenericContainer and GenericContainerRequest removed in v0.37.0. Used in acceptance/git/git.go:183, acceptance/registry/registry.go:112, acceptance/wiremock/wiremock.go:220.
Suggested fix: Either keep testcontainers-go at a version < v0.37.0, or update all acceptance test code to use testcontainers.Run() and the new request builder pattern.
| github.com/google/safearchive v0.0.0-20241025131057-f7ce9d7b6f9c | ||
| github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b | ||
| github.com/in-toto/in-toto-golang v0.10.0 | ||
| github.com/in-toto/in-toto-golang v0.11.0 |
There was a problem hiding this comment.
[medium] API contract violation
in-toto-golang updated from v0.10.0 to v0.11.0. For v0.x libraries, minor bumps can contain breaking changes. Codebase directly imports in_toto types across 17+ files including ProvenanceStatementSLSA02, ProvenanceStatementSLSA1, and Statement.
Suggested fix: Review in-toto-golang v0.11.0 changelog. Run go build ./... to confirm compilation succeeds.
|
🤖 Finished Review · ✅ Success · Started 9:59 AM UTC · Completed 10:09 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 8:58 AM UTC · Completed 9:07 AM UTC |
| golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f | ||
| golang.org/x/net v0.53.0 // indirect | ||
| golang.org/x/sync v0.20.0 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[medium] stale-reference
The comment on the testcontainers-go dependency says using unreleased version but v0.43.0 is a released version, making the comment misleading.
Suggested fix: Remove or update the comment to reflect that v0.43.0 is a released version that includes the fix from PR #2899.
|
|
||
| // Maybe less important in acceptance, but it seems sensible to use the fork here too | ||
| replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20250703195040-6f40a3734728 | ||
| replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20251103083939-3459088e4bae |
There was a problem hiding this comment.
[low] api-contract
The go-containerregistry fork replace directive is updated to a new digest. Verify the new digest still carries all patches.
Suggested fix: Verify that the new fork digest still includes all patches from hack/ec-patches.sh.
|
🤖 Finished Review · ✅ Success · Started 2:15 PM UTC · Completed 2:26 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 11:23 AM UTC · Completed 11:33 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 1:49 PM UTC · Completed 1:59 PM UTC |
| github.com/tektoncd/pipeline v1.12.0 | ||
| github.com/testcontainers/testcontainers-go v0.34.0 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 | ||
| github.com/transparency-dev/merkle v0.0.2 |
There was a problem hiding this comment.
[medium] API contract violation
The PR updates testcontainers-go from v0.34.0 to v0.43.0 (9-minor-version jump). Acceptance test code uses GenericContainer and Binds field in ContainerRequest, both deprecated in intermediate versions. While Go libraries typically retain deprecated APIs, compatibility should be verified.
Suggested fix: Verify testcontainers-go v0.43.0 still includes GenericContainer and the Binds field. Consider migrating from deprecated APIs in a follow-up.
| @@ -63,22 +63,22 @@ require ( | |||
| replace github.com/google/go-containerregistry => github.com/conforma/go-containerregistry v0.20.7-0.20251103083939-3459088e4bae | |||
There was a problem hiding this comment.
[medium] Version consistency
The replace directive for go-containerregistry points to a fork based on v0.20.7, but the required module version is v0.21.6. If the fork lacks APIs added between v0.20.7 and v0.21.6, compile or runtime errors could occur.
Suggested fix: Verify the updated fork commit is compatible with go-containerregistry v0.21.6 APIs used by the codebase.
| sigs.k8s.io/kind v0.26.0 | ||
| sigs.k8s.io/kustomize/api v0.20.1 | ||
| sigs.k8s.io/kustomize/kyaml v0.20.1 | ||
| sigs.k8s.io/kind v0.32.0 |
There was a problem hiding this comment.
[low] Version consistency
sigs.k8s.io/kind updated from v0.26.0 to v0.32.0 -- a large jump. The acceptance tests use versioned v1alpha4 API which is typically stable, but the jump warrants verification.
|
🤖 Finished Review · ✅ Success · Started 5:50 AM UTC · Completed 6:01 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 6:20 AM UTC · Completed 6:30 AM UTC |
| github.com/tektoncd/pipeline v1.12.0 | ||
| github.com/testcontainers/testcontainers-go v0.34.0 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 | ||
| github.com/transparency-dev/merkle v0.0.2 |
There was a problem hiding this comment.
[critical] API contract violation
The PR updates testcontainers-go from v0.34.0 to v0.43.0 in the acceptance module, a 9-minor-version jump. The acceptance module uses testcontainers.GenericContainer in three files: acceptance/git/git.go:183, acceptance/registry/registry.go:112, and acceptance/wiremock/wiremock.go:220. If GenericContainer was removed between v0.35.0 and v0.43.0, these call sites will fail to compile.
Suggested fix: Either (a) pin testcontainers-go to the last version supporting GenericContainer, or (b) migrate all three call sites to use the replacement API (e.g., testcontainers.Run) before merging.
| k8s.io/klog/v2 v2.130.1 | ||
| k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 | ||
| github.com/testcontainers/testcontainers-go/modules/registry v0.43.0 |
There was a problem hiding this comment.
[high] version skew
The main module depends on testcontainers-go/modules/registry at v0.34.0 (line 48), but the PR updates the parent testcontainers-go to v0.43.0. The modules/registry sub-module is versioned in lockstep with the parent module. A v0.34.0 sub-module paired with a v0.43.0 parent will likely cause type incompatibilities at compile time.
Suggested fix: Update github.com/testcontainers/testcontainers-go/modules/registry to v0.43.0 (or the corresponding version that matches the parent module) in go.mod.
| k8s.io/client-go v0.35.4 | ||
| k8s.io/klog/v2 v2.130.1 | ||
| k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[medium] API contract violation
The main module uses a pinned pseudo-version of testcontainers-go with a comment referencing an unreleased fix (PR #2899). The PR updates this to v0.43.0. The stale comment needs cleanup and the fix inclusion should be verified.
Suggested fix: Verify that the fix from PR #2899 is included in v0.43.0, and remove the stale comment about the unreleased version.
|
🤖 Finished Review · ✅ Success · Started 1:13 PM UTC · Completed 1:20 PM UTC |
|
🤖 Finished Review · ❌ Failure · Started 9:14 PM UTC · Completed 9:26 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 5:24 PM UTC · Completed 5:34 PM UTC |
| k8s.io/klog/v2 v2.130.1 | ||
| k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 | ||
| oras.land/oras-go/v2 v2.6.0 | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[low] stale comment
The PR bumps testcontainers-go from a pre-release pseudo-version (v0.34.1-0.20241204123437-72be13940122) to v0.43.0, a proper release. The inline comment '// using unreleased version that contains the fix in testcontainers/testcontainers-go#2899' becomes factually incorrect and should be removed.
| @@ -3,17 +3,17 @@ module github.com/conforma/cli/tools | |||
| go 1.25.8 | |||
There was a problem hiding this comment.
[low] version inconsistency
The Go toolchain version is bumped from 1.25.8 to 1.26.0 in acceptance/go.mod, go.mod, and tools/kubectl/go.mod, but NOT in tools/go.mod which stays at 1.25.8. This may be intentional (separate module with independent constraints), but could lead to inconsistencies.
Suggested fix: Either bump tools/go.mod to go 1.26.0 for consistency, or confirm this divergence is intentional.
|
🤖 Finished Review · ✅ Success · Started 8:34 PM UTC · Completed 8:43 PM UTC |
| golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42 | ||
| golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f | ||
| golang.org/x/net v0.55.0 // indirect | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[low] stale comment
The comment on the testcontainers-go dependency line reads "// using unreleased version that contains the fix in testcontainers/testcontainers-go#2899" but the version is being changed from a pseudo-version (v0.34.1-0.20241204123437-72be13940122) to a proper release (v0.43.0). The comment is now factually incorrect -- v0.43.0 is not an unreleased version.
Suggested fix: Remove or update the comment. If the fix from PR #2899 is confirmed to be in v0.43.0, the comment should be removed entirely.
|
🤖 Finished Review · ✅ Success · Started 11:02 AM UTC · Completed 11:15 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 11:18 AM UTC · Completed 11:30 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 3:42 PM UTC · Completed 3:54 PM UTC |
| golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42 | ||
| golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f | ||
| golang.org/x/net v0.55.0 // indirect | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[critical] API compatibility / compilation failure
testcontainers-go is being updated from v0.34.1 (unreleased pre-v0.35 commit) to v0.43.0. The codebase uses testcontainers.GenericContainer() with testcontainers.GenericContainerRequest in multiple files (acceptance/git/git.go:183, acceptance/registry/registry.go:112, acceptance/wiremock/wiremock.go:220). ContainerRequest.Binds is used in acceptance/git/git.go:174 and acceptance/wiremock/wiremock.go:212. ContainerRequest.AutoRemove is used in acceptance/testenv/testenv.go:252 and extensively tested in acceptance/testenv/testenv_test.go:234,250,264. These APIs were deprecated in testcontainers-go v0.35.0 and removed by v0.43.0, which will cause compilation failures across both the main and acceptance modules.
Suggested fix: Either pin testcontainers-go to a compatible version (e.g., keep v0.34.x), or update all call sites to use the new testcontainers.Run() API, replace Binds with testcontainers.WithHostConfigModifier, and replace AutoRemove with the equivalent new API before merging this version bump.
| golang.org/x/benchmarks v0.0.0-20241115175113-a2b48b605b42 | ||
| golang.org/x/exp v0.0.0-20260410095643-746e56fc9e2f | ||
| golang.org/x/net v0.55.0 // indirect | ||
| github.com/testcontainers/testcontainers-go v0.43.0 // using unreleased version that contains the fix in https://github.com/testcontainers/testcontainers-go/pull/2899 |
There was a problem hiding this comment.
[medium] stale-reference
The comment on the testcontainers-go dependency reads: // using unreleased version that contains the fix in testcontainers/testcontainers-go#2899. Since v0.43.0 is a proper release, this comment is now misleading.
Suggested fix: Remove the comment or update it to note that the fix from PR #2899 is included in the released v0.43.0.
| cuelang.org/go v0.16.0 | ||
| github.com/CycloneDX/cyclonedx-go v0.10.0 | ||
| cuelang.org/go v0.17.0 | ||
| github.com/CycloneDX/cyclonedx-go v0.11.0 |
There was a problem hiding this comment.
[medium] API compatibility
CycloneDX/cyclonedx-go is being updated from v0.10.0 to v0.11.0 (pre-1.0 library where minor bumps can contain breaking changes). The codebase uses cyclonedx.NewBOMDecoder, cyclonedx.BOM, cyclonedx.BOMFileFormatJSON, cyclonedx.ComponentTypeContainer, bom.Formulation, formulation.Components, and component.Properties in benchmark/offliner/base_images.go:53-73.
Suggested fix: Verify API compatibility by checking the v0.11.0 changelog or running go build ./benchmark/...
| github.com/mitchellh/go-wordwrap v1.0.1 | ||
| github.com/open-policy-agent/conftest v0.68.2 | ||
| github.com/open-policy-agent/opa v1.15.2 | ||
| github.com/open-policy-agent/opa v1.18.1 |
There was a problem hiding this comment.
[low] API compatibility
OPA is being updated from v1.15.2 to v1.18.1. The codebase imports opa/cmd in cmd/opa/opa.go:19 and uses cmd.RootCommand. Within the v1.x line backward compatibility is maintained, but opa/cmd is an internal-facing package.
Suggested fix: Run go build ./... to verify compilation succeeds with OPA v1.18.1.
| sigs.k8s.io/kind v0.26.0 | ||
| sigs.k8s.io/kustomize/api v0.20.1 | ||
| sigs.k8s.io/kustomize/kyaml v0.20.1 | ||
| sigs.k8s.io/kind v0.32.0 |
There was a problem hiding this comment.
[low] API compatibility
sigs.k8s.io/kind is being updated from v0.26.0 to v0.32.0 (6 minor versions). The codebase uses v1alpha4.Cluster, v1alpha4.Node, v1alpha4.PortMapping, cluster.NewProvider, and related APIs in acceptance/kubernetes/kind/kind.go.
Suggested fix: Run go build ./acceptance/... to verify compilation succeeds with kind v0.32.0.
This PR contains the following updates:
v0.16.0→v0.17.0v0.10.0→v0.11.0ae5f0ae→8acb20av0.13.7→v0.14.0v0.29.2→v0.32.4v2.11.4→v2.12.2e7eb2ec→dd8c9b1v1.15.2→v1.18.120ebb0f→4e6772av0.10.0→v0.11.0v3.0.4→v3.1.1v1.1.4→v1.2.1v0.26.2→v0.27.1v0.44.1→v0.45.0v0.34.0→v0.43.0v0.34.0→v0.43.0v1.11.0→v1.16.0a2b48b6→3558132746e56f→c48552fv1.12.1→v1.13.05883c5e→8f3fa49v1.34.2→v1.36.2v0.26.0→v0.32.0v0.20.1→v0.21.1v0.20.1→v0.21.1Release Notes
cue-lang/cue (cuelang.org/go)
v0.17.0Compare Source
Changes which may break some users are marked below with:⚠️
Language
The active
tryexperiment renames the newfallbackkeyword, used withforcomprehensions, tootherwise.fallbackcontinues to be accepted for now, but is rewritten to the new form.The active
aliasv2experiment now allows~(X)as an alternative to~Xfor the single postfix alias form.~Xis also rewritten as~(X)for the sake of consistency and clarity.Language versions
v0.17.0and later allow omitting commas in multi-line lists. Just like a newline after a struct field implies a comma, a newline after a list element now implies a comma as well.Language versions
v0.17.0and later allow a newline or a comma before the closing bracket of an index expression, matching how lists and func arguments allow omitting trailing commas.The language spec is tweaked to make
$a valid identifier, which was already allowed by the parser and evaluator.div,mod,quo, andremoperators has been removed. Since late 2020, these infix forms have been undocumented and rewritten bycue fixto the new function calls.The new
shortcircuitexperimentThis release introduces the
shortcircuitexperiment, which changes the&&and||operators to not evaluate the right operand if the left operand alone determines the result.This matches the behavior already documented in the CUE spec and is consistent with most mainstream languages, but for the sake of a smooth transition for end users, we are rolling out this change via an experiment.
You can try this experiment via the
@experiment(shortcircuit)file attribute. To mimic the old behavior with the experiment, you can use a hidden field:Evaluator
Comprehensions
The comprehension algorithm now waits to run a comprehension's body until the fields it reads have a concrete value, rather than trying to produce its fields up front. This resolves a number of long-standing bugs, most notably the last known regressions from
evalv2, where a comprehension that should have resolved instead failed as an incomplete value or a cycle.This design also greatly simplifies upcoming evaluator work, such as introducing new builtins to replace comparing values to bottom, as well as the design of
evalv4.Other changes
The evaluator no longer deduplicates errors just by position, which was causing some useful errors from disjunctions or standard library calls to be dropped incorrectly.
Several long-standing cycle-detection bugs have been fixed, such as self-referential uses of
matchNandmatchIf, self-feeding disjunctions, and comprehensions that read aletbinding which refers back to the comprehension's own fields.Fixed a bug where the same package imported via different qualified import paths (e.g.
foo.com/bar@v0orfoo.com/bar:baz) did not share the same hidden field namespace.Resolving an unversioned import from a dependency module now respects that module's own default major version, instead of always using the main module's default.
Fix a number of issues where
cue defcould produce invalid CUE output, such as due to name conflicts.Fix an evaluator regression where embedded disjunctions across packages may not correctly apply closedness.
Fix an evaluator bug where
cue.Context.BuildExprofclose({})did not actually result in a closed struct.Fix a bug where some calls to standard library functions or validators did not include the "error in call to pkg.Func" error context, or included it twice.
A few changes to the evaluator should reduce allocated objects by up to 16%, reducing GC overhead and memory usage.
To ease the transition into the new formatter we plan to release with v0.18,
CUE_EXPERIMENT=formatv2=0is now allowed as a no-op.A number of other bugs, panics, and hangs have been resolved as well.
cmd/cueModule replaces
CUE now supports substituting a module dependency with a local directory or a different remote module during development - for example while testing a fix to a dependency before it is published, or to replace a dependency with a fork including improvements.
This configuration lives in
cue.mod/local-module.cue, which is excluded when publishing to registries.cue mod editandcue mod tidygain support for maintaining this file.We have also published a how-to guide on replacing a dependency with a local module.
Read the full design doc in the proposal, or read the
cue.mod/local-module.cuereference docs.Other changes
The new global
-Cor--chdirflag runscuefrom the given working directory.Command input parsing is improved so that CUE packages can come after data files, such as
cue vet -c data.yaml ./schema.cue import --with-contextnow ensures thatdatarepresents the original raw input data, and not its interpretation like JSON Schema.cue import --pathnow skips over null values in an input stream, such as empty documents in a YAML file.Fix a bug where the flag
cue export --pathwas ignored when the inputs were pure CUE.The new
cue exp gengotypes --outfileflag controls the output file path when generating a single package.cue vet -d/--schemanow supports hidden fields, and correctly reports an error when the command inputs are CUE only.cue fixandcue trimno longer change file modification times when no changes are necessary.A
$CUE_CACHE_DIRdirectory is no longer required when loading CUE without external dependencies.The "filetypes" lookup tables now use a more compact encoding, saving about 150KiB in binary size for
cmd/cueas well as Go API users.LSP server
Add an initial version of organize-imports, which sorts the existing imports and removes unneeded imports. It is not yet capable of suggesting missing imports.
Wait for a short period of inactivity before sending diagnostics to the editor. This "debounce" means that a user typing incomplete CUE syntax will not be distracted with syntax errors as much.
The
aliasv2experiment is now fully supported.The
renamefunction is fixed to distinguish between field names and aliases.Improve field name analysis in general so that fields with multiple aliases (e.g.
v=[k=string]: _) are properly supported.Improve attribute handling for file-level embedded attributes, and to attach attributes within expressions to the correct struct.
Treat conjunctions (
&) and disjunctions (|) the same way for goto-definition. With the cursor on a path, it returns all results that the path MAY resolve to. With the cursor on a field declaration name, it returns all results that the path constructed from the field's name, and its field's name (and so on) MAY resolve to.Special-case
closefunction calls so that paths can resolve through fields within the argument toclose.Encodings
#character, shortening names and ensuring compatibility with the wider JSON Schema ecosystem. This required deprecatingencoding/jsonschema.GenerateConfig.NameFuncin favor ofNamesFunc.The JSON Schema encoder is improved to support
list.UniqueItemsand standalone validators, to usemaxItemsandminItemsinstead ofmaxLengthandminLengthfor lists with prefix elements, and to generatedescriptionkeywords for doc comments.Several closedness bugs in the JSON Schema encoder have been fixed, ensuring that the generated JSON Schema behaves the same way as the original CUE definition.
The JSON Schema decoder is improved to better handle the
prefixItemskeyword.The ProtoBuf decoder now resolves relative references following the usual scoping rules, instead of always resolving them against the top-level scope.
Standard library
Add
time.ToUnixandtime.ToUnixNano, which convert anRFC3339Nanotime value into seconds or nanoseconds since the Unix epoch, complementing the existingUnixbuiltin.strconv.FormatFloatnow accepts a string format parameter, likeFormatFloat(3.14, "e", 4, 64).list.MatchNnow shows what expected value it's matching against when it fails.The
netIP APIs now consistently return an error on invalid input types.Go API
Using
cue.Values concurrently is now fully supported, which required deprecatingcue.Value.Context. If you encounter any races or bugs, please report them via the issue tracker.cue/loadnow supports loading from anio/fs.FS, as outlined in proposal #4285. Loading file embeds throughConfig.OverlayandConfig.FSis supported now as well.cue/ast/astutildeprecatesSanitizein favor of the newSanitizeFilesAPI, given thatSanitizeon a single file cannot know if another file in the same package shadows builtin names likeself.Add
Path.CompareandSelector.Compare, providing allocation-free total ordering suitable forslices.SortFunc.Clarify that
cue/formatindents with a tab width of 4 by default.A new fuzzer has been introduced in the
cuepackage, checking that the parser doesn't crash and that its results are consistent with the rest of the Go APIs likecue/literal. So far, it has already resulted in seventeen bug fixes.The
cue.Interpreteroption API has been deprecated in favor ofcue.WithInjection, which is a better name going forward.cue/ast.File.Imports, deprecated in mid 2025 in favor ofcue/ast.File.ImportSpecs, is now removed.cue.InstancemethodsLookup,LookupDef,LookupField, andFillare now removed.modconfig.Registryinterface is changed to report default major versions, which is required for resolving unversioned imports against each dependency module's own defaults. Clients that implement or wrap the interface will need to update. The new interface is future-proofed for upcoming modules changes.Full list of changes since v0.16.0
0fc639be73658dc3f08a160e1bb73f7aafee2eb7f50fa6c091e07f1671908428d2db9dac083b5bc31ef80f15eed4bec06b9916719376a328b32aca761bcbc901907a9906c3e97d77fe74d73286a4372d35a0f4f7772d1d3b7d162569bf7d7dd80111ed3622b489b24991a3f185b8ba6eeb8ac73092c281a361a5b9984dae5adf7f512ecd2774d78c1b159ed139d5c4e71c13d28507be6d5a3fb70abb86e14d7d4d40ad26fb24b39c7392c8e72ff12bb0a41258b9f8be9bb021f44f24f1445c76df33b9deb682521fa683ed32244d103748aaafa5272684e35486eb4f1230bbbb964c01232e6da5139794b8c8c47cf7a59daf6d7894c60ba8143d216fe7d512100df6ebec1313cd1a65400b61fdfa0353335cf0e587c6d8ae7935fe8c2a8155223cfa7ef3e0eed47493840961bb9a6d76d0adb8dd6aa4a115651def1a0c02c81f9d1b5310062ffb2fbde9f02ca774942d2ba0d46a753484e5e958e8fdf9d5f9b4c66b15022d8273d6f58f23564a67df9ffc0541orstructural cycle by @mvdan in803c837dede65af5183895a6110aaae3830297d254c37cf24697512f2735d5aa9f3f2a5f1067682d70cb40caafed34b9f5033671e268fe24489f4a928b3474e56df9efa44ce4abe46a141572629888e6f0c639f4b343757dd5b4c02fddd86bd45f3e](https://redirect.github.com/cue-lang/cue/commit/bd45f3e83c7Configuration
📅 Schedule: (UTC)
* 0-3 * * *)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.