chore(deps): update go-modules major (major)#904
Conversation
AI Dependency Impact AnalysisPrevious analysisPrevious analysisRisk Level: HIGHSummary of Dependency ChangesThis PR updates several Go modules, including major version bumps for Affected Code
Breaking Change AssessmentGiven that this is a major version bump for several dependencies, breaking changes are highly likely. Without specific code snippets, it is impossible to assess the specific impact. The Security AssessmentNo specific security advisories are mentioned in the provided context. Recommended ActionNeeds careful review: High risk, breaking changes may affect our usage Risk Level: HIGHSummary of Dependency ChangesThis PR updates multiple Go modules, including major version bumps for Affected CodeSince source code snippets are not provided, it's impossible to assess the precise impact on specific files. However, given the major version bumps and the lack of direct import information, the entire codebase should be considered potentially affected, especially components interacting with ULIDs, MongoDB, JSON Patching, YAML, and Kubernetes Structured Merge Diff. Breaking Change AssessmentDue to the major version increments across multiple dependencies, breaking changes are highly likely.
Without specific code context, a detailed breaking change assessment is not possible. Security AssessmentNo specific security advisories are mentioned in the provided context, however, the note indicating that some dependencies could not be looked up implies that security advisory data might be missing and cannot be reliably assessed. Recommended ActionNeeds careful review: The major version bumps across multiple dependencies necessitate a comprehensive review of all code that utilizes these libraries. Thorough testing is crucial to ensure continued functionality and identify any breaking changes introduced by the updates. Particular attention should be given to components interacting with MongoDB, ULIDs, JSON Patching, YAML, and Kubernetes Structured Merge Diff. Risk Level: HIGHSummary of Dependency ChangesThis PR updates several major versions of Go modules. Key updates include Affected Code
Breaking Change AssessmentThe updates to Security AssessmentThere are no security advisories or govulncheck data provided in the context. Recommended ActionNeeds careful review |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Risk Level: HIGH
Summary of Dependency Changes
This PR updates several Go modules, including major version bumps for github.com/oklog/ulid, go.mongodb.org/mongo-driver, gomodules.xyz/jsonpatch/v2, gopkg.in/evanphx/json-patch.v4, gopkg.in/yaml.v2, and sigs.k8s.io/structured-merge-diff/v4. These major version bumps introduce potential breaking changes, requiring careful review of the impact on the codebase. The updates include bug fixes, new features, and performance improvements.
Affected Code
- No direct imports exist, per the provided context.
Breaking Change Assessment
Given that this is a major version bump for several dependencies, breaking changes are highly likely. Without specific code snippets, it is impossible to assess the specific impact. The go.mongodb.org/mongo-driver update from v1.17.6 to v2.6.0 includes new features related to Intelligent Workload Management and connection rate limiting, which could change the driver's behavior. Similarly, the update to sigs.k8s.io/structured-merge-diff/v4 to v6.4.0 signifies a significant change in the structured merge diff library, potentially leading to incompatibility. The other major version bumps also pose a similar risk.
Security Assessment
No specific security advisories are mentioned in the provided context.
Recommended Action
Needs careful review: High risk, breaking changes may affect our usage
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/major-go-modules-major
branch
from
20cbe67 to
61bc91d
Compare
github-actions
Bot
added
risk/high
There was a problem hiding this comment.
Risk Level: HIGH
Summary of Dependency Changes
This PR updates multiple Go modules, including major version bumps for github.com/oklog/ulid, go.mongodb.org/mongo-driver, gomodules.xyz/jsonpatch/v2, gopkg.in/yaml.v2, and sigs.k8s.io/structured-merge-diff/v4. Major version bumps indicate potential breaking changes that require careful review and may necessitate code modifications to maintain compatibility. The go.mongodb.org/mongo-driver update introduces Intelligent Workload Management support and requires a minimum MongoDB version of 4.2 (dropping support for MongoDB 4.0).
Affected Code
Since source code snippets are not provided, it's impossible to assess the precise impact on specific files. However, given the major version bumps and the lack of direct import information, the entire codebase should be considered potentially affected, especially components interacting with ULIDs, MongoDB, JSON Patching, YAML, and Kubernetes Structured Merge Diff.
Breaking Change Assessment
Due to the major version increments across multiple dependencies, breaking changes are highly likely.
- github.com/oklog/ulid: v1 to v2 introduces Go module support which may affect import paths or internal API usage.
- go.mongodb.org/mongo-driver: v1 to v2 has several significant changes. The minimum Go version required for the MongoDB Go Driver v2.3 is Go 1.19 and Go Driver v2.4 requires MongoDB 4.2 or newer. This version bump includes numerous new features and bug fixes over many minor versions that can include potential breaking changes.
- gomodules.xyz/jsonpatch/v2: v2 to v3 may change how json patch operations are defined or applied.
- gopkg.in/yaml.v2: v2 to v3 is very likely to have breaking changes due to the change in the import path.
- sigs.k8s.io/structured-merge-diff/v4: v4 to v6 introduces API changes.
Without specific code context, a detailed breaking change assessment is not possible.
Security Assessment
No specific security advisories are mentioned in the provided context, however, the note indicating that some dependencies could not be looked up implies that security advisory data might be missing and cannot be reliably assessed.
Recommended Action
Needs careful review: The major version bumps across multiple dependencies necessitate a comprehensive review of all code that utilizes these libraries. Thorough testing is crucial to ensure continued functionality and identify any breaking changes introduced by the updates. Particular attention should be given to components interacting with MongoDB, ULIDs, JSON Patching, YAML, and Kubernetes Structured Merge Diff.
Codecov Report✅ All modified and coverable lines are covered by tests.
Additional details and impacted files@@ Coverage Diff @@
## main #904 +/- ##
===========================================
- Coverage 76.92% 30.17% -46.76%
===========================================
Files 26 26
Lines 2817 2817
===========================================
- Hits 2167 850 -1317
- Misses 452 1802 +1350
+ Partials 198 165 -33
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
red-hat-konflux
Bot
force-pushed
the
konflux/mintmaker/main/major-go-modules-major
branch
from
61bc91d to
15a016c
Compare
github-actions
Bot
added
risk/high
There was a problem hiding this comment.
Risk Level: HIGH
Summary of Dependency Changes
This PR updates several major versions of Go modules. Key updates include go.mongodb.org/mongo-driver moving from v1.17.6 to v2.6.0 introducing new features like Intelligent Workload Management and changes to error handling and BSON unmarshaling. Also updates sigs.k8s.io/structured-merge-diff/v4 to v6.4.0, gopkg.in/yaml.v2 to v3.0.1, gopkg.in/evanphx/json-patch.v4 to v5.9.11 and gomodules.xyz/jsonpatch/v2 to v3.0.1, suggesting potential API and behavior modifications.
Affected Code
- No Direct Imports: The PR context states that some dependencies could not be looked up. Therefore, a review of all code within the repository is needed to assess how these dependency updates impact our codebase.
Breaking Change Assessment
The updates to go.mongodb.org/mongo-driver from v1 to v2 are major version bumps, indicating likely breaking changes. The release notes mention deprecation of MongoDB 3.6 support and other significant API changes. Without codebase context, assessing precise impacts is impossible but high potential for breakage exists. The jump from v4 to v6 for sigs.k8s.io/structured-merge-diff/v4 also indicates substantial changes. The update from v2 to v3 for gomodules.xyz/jsonpatch/v2 and gopkg.in/yaml.v2 and the jump to v5 for gopkg.in/evanphx/json-patch.v4 also suggest potential breaking changes.
Security Assessment
There are no security advisories or govulncheck data provided in the context.
Recommended Action
Needs careful review
1 participant
This PR contains the following updates:
v1.3.1→v2.1.1v1.17.6→v2.6.0v2.5.0→v3.0.1v4.12.0→v5.9.11v2.4.0→v3.0.1v4.6.0→v6.4.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
oklog/ulid (github.com/oklog/ulid)
v2.1.1Compare Source
What's Changed
ulid.Niland.IsZero()method by @tonyhb in #112New Contributors
Full Changelog: oklog/ulid@v2.1.0...v2.1.1
v2.1.0Compare Source
Full release of v2.1.0, thanks to our testers.
What's Changed
alizain/ulidby @kachick in #67New Contributors
Full Changelog: oklog/ulid@v2.0.2...v2.1.0
v2.0.2Compare Source
Identical to v2.0.1, except uses the proper /v2 suffix on the ulid import in ulid_test.go. Without this change, anyone who imported oklog/ulid at e.g. v2.0.1 into their project would also get oklog/ulid at v0-something due to the inadvertent transitive dependency.
v2.0.1Compare Source
Identical to v2.0.0, but fixes a bug in the go.mod module path.
v2.0.0Compare Source
A new major version to go with support for Go modules. Also, improved support for safe monotonic readers.
mongodb/mongo-go-driver (go.mongodb.org/mongo-driver)
v2.6.0: MongoDB Go Driver 2.6.0Compare Source
The MongoDB Go Driver Team is pleased to release version 2.6.0 of the official MongoDB Go Driver.
Release Highlights
This release adds support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability.
Two new methods of
ClientOptionsare available:SetMaxAdaptiveRetries- specifies the maximum number of times the driver should retry operations that fail with a server side overload error. If not invoked, the default is 2.MaxAdaptiveRetriescan also be set through the "maxAdaptiveRetries" URI option (e.g. "maxAdaptiveRetries=5").SetEnableOverloadRetargeting- specifies whether the driver should enable overload retargeting for operations that fail with a server side overload error. If not invoked, the default is false.EnableOverloadRetargetingcan also be set through the "enableOverloadRetargeting" URI option (e.g. "enableOverloadRetargeting=true").What's Changed
✨ New Features
maxAdaptiveRetriesandenableOverloadRetargetingoptions for backpressure. by @qingyang-hu in #2363Full Changelog: mongodb/mongo-go-driver@v2.5.1...v2.6.0
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.5.1: MongoDB Go Driver 2.5.1Compare Source
The MongoDB Go Driver Team is pleased to release version 2.5.1 of the official MongoDB Go Driver.
Release Highlights
This release fixes two BSON unmarshaling edge cases.
What's Changed
🐛 Fixed
Full Changelog: mongodb/mongo-go-driver@v2.5.0...v2.5.1
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.5.0: MongoDB Go Driver 2.5.0Compare Source
The MongoDB Go Driver Team is pleased to release version 2.5.0 of the official MongoDB Go Driver.
Release Highlights
This release adds a preview of CRUD support for prefix/suffix/substring indexes. Prefix, suffix and substring search are in preview and should be used for experimental workloads only. These features are unstable and their security is not guaranteed until released as Generally Available (GA). The GA version of these features may not be backwards compatible with the preview version.
Also, this release adds
AsFloat64(),AsFloat64OK()tobson.RawValue, andDefaultDocumentMap()tobson.Decoderin the BSON package.Additionally, this release adds
ErrorCodes()to parse server error codes from an arbitrary Go error, and exposesatClusterTimein snapshot sessions.Moreover, this release fixes several bugs, including potential heap out-of-bounds read in GSSAPI error handling.
What's Changed
✨ New Features
🐛 Fixed
📦 Dependency Updates
📝 Other Changes
New Contributors
Full Changelog: mongodb/mongo-go-driver@v2.4.2...v2.5.0
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.4.4: MongoDB Go Driver 2.4.4Compare Source
The MongoDB Go Driver Team is pleased to release version 2.4.4 of the official MongoDB Go Driver.
Release Highlights
This release fixes a resource leak in the RTT monitor and fixes logging for transaction operations.
What's Changed
🐛 Fixed
Full Changelog: mongodb/mongo-go-driver@v2.4.2...v2.4.4
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.4.3Compare Source
v2.4.2: MongoDB Go Driver 2.4.2Compare Source
The MongoDB Go Driver Team is pleased to release version 2.4.2 of the official MongoDB Go Driver.
Release Highlights
This release fixes buffer handling in GSSAPI error description and username functions.
What's Changed
🐛 Fixed
Full Changelog: mongodb/mongo-go-driver@v2.4.1...v2.4.2
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.4.1: MongoDB Go Driver 2.4.1Compare Source
The MongoDB Go Driver Team is pleased to release version 2.4.1 of the official MongoDB Go Driver.
What's Changed
🐛 Fixed
📝 Other Changes
Full Changelog: mongodb/mongo-go-driver@v2.4.0...v2.4.1
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.4.0: MongoDB Go Driver 2.4.0Compare Source
The MongoDB Go Driver Team is pleased to release version 2.4.0 of the official MongoDB Go Driver.
Release Highlights
This release adds a new method Client.AppendDriverInfo that adds information to the driver metadata sent on subsequent connection handshakes.
What's Changed
✨ New Features
📝 Other Changes
internal/decimal/decinal128.gotodecimal128.goby @ggyuchive in #2220New Contributors
Full Changelog: mongodb/mongo-go-driver@v2.3.1...v2.4.0
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.3.1: MongoDB Go Driver 2.3.1Compare Source
The MongoDB Go Driver Team is pleased to release version 2.3.1 of the official MongoDB Go Driver.
Release Highlights
This release applies client-level timeouts for tailable/awaitData cursors, and fixes a bug that causes a tight loop when there are no selectable servers.
What's Changed
🐛 Fixed
📝 Other Changes
Full Changelog: mongodb/mongo-go-driver@v2.3.0...v2.3.1
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. For issues with, questions about, or feedback for the Go Driver, please look into our support channels, including StackOverflow. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.3.0: MongoDB Go Driver 2.3.0Compare Source
The MongoDB Go Driver Team is pleased to release version 2.3.0 of the official MongoDB Go Driver.
Release Highlights
This release improves BSON unmarshal performance to fix the regression in v2.0 and fixes bugs in logging truncation and cursor timeouts.
What's Changed
🐛 Fixed
📦 Dependency Updates
📝 Other Changes
New Contributors
Full Changelog: mongodb/mongo-go-driver@v2.2.3...v2.3.0
For a full list of tickets included in this release, please see the list of fixed issues.
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.2.3: MongoDB Go Driver 2.2.3Compare Source
The MongoDB Go Driver Team is pleased to release version 2.2.3 of the official MongoDB Go Driver.
Release Notes
This release updates the
DefaultClientto use a non-default globalDefaultTransport. This way, the program will not panic if the user changes the globalhttp.DefaultTransportvariable. The client is created as needed.For a full list of tickets included in this release, please see the list of fixed issues.
Full Changelog: v2.2.2...v2.2.3
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.2.2: MongoDB Go Driver 2.2.2Compare Source
The MongoDB Go Driver Team is pleased to release version 2.2.2 of the official MongoDB Go Driver.
Release Notes
This release resolves three bugs in the Go Driver: it removes a buggy and unnecessary connection liveness check that could run unexpectedly or fail intermittently when maxIdleTimeMS was set, and it fixes an issue in decoding to overwrite prepopulated slice. Also, a unmarshaler for gridfs.File is added.
For a full list of tickets included in this release, please see the list of fixed issues.
Full Changelog: v2.2.1...v2.2.2
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
What's Changed
New Contributors
Full Changelog: mongodb/mongo-go-driver@v2.2.1...v2.2.2
v2.2.1: MongoDB Go Driver 2.2.1Compare Source
The MongoDB Go Driver Team is pleased to release version 2.2.1 of the official MongoDB Go Driver.
Release Notes
This release enhances BSON encoding performance by using
sync.Poolfor value writers and readers during encoding and decoding, leading to better memory allocation and improved efficiency. Note that further regressions from version 1 may be addressed in GODRIVER-3450, with this update focusing on reinstating optimizations removed in the version 2 implementation. Performance may not be 1-1 with v1 since v2 suggests using thebufiopackage for byte management rather than a raw byte slice.What's Changed
Full Changelog: mongodb/mongo-go-driver@v2.2.0...v2.2.1
JIRA Release Notes: https://jira.mongodb.org/projects/GODRIVER/versions/43096
Documentation for the Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the Go Driver is greatly appreciated!
v2.2.0: MongoDB Go Driver 2.2.0Compare Source
The MongoDB Go Driver team is pleased to release version 2.2.0 of the official MongoDB Go Driver.
Release Notes
This release includes support for a global
omitemptysetting to omit empty values when encoding BSON, instead of requiring tagging on individual struct fields. We have implemented support forerrors.Isanderrors.Asin all stable public APIs for improved error management. Also included is support to configure the lifetime of the Data Encryption Key (DEK) cache as well as Kubernetes Support for OIDC.Additionally MongoDB Server Version 3.6 has been marked as end-of-life (EOL) and is no longer supported by the driver. Users are advised to upgrade to a supported version.
For a full list of tickets included in this release, please see the links below:
Full Changelog: v2.1.0...v2.2.0
Note: The Go Driver team has implemented a workflow action to automatically merge up PRs between v1 and master. This has resulted in an over-extended changelog for this version, including v1 commits for PRs that have already been cherry-picked to master. Please see the associated tickets for commits directly associated with this release.
Documentation for the MongoDB Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the MongoDB Go Driver is greatly appreciated!
v2.1.0: MongoDB Go Driver 2.1.0Compare Source
The MongoDB Go Driver Team is pleased to release version 2.1.0 of the official MongoDB Go Driver.
Release Notes
This release adds support for the new bulk write API added in MongoDB 8.0 and the new BSON vector datatype used in Atlas Vector Search.
Additionally, support for MongoDB 3.6 and below was deprecated in v2.0.0 and will be dropped in the next minor version release (v2.2.0).
New BulkWrite API
The new Client.BulkWrite method can perform many insert, update, and delete operations on multiple databases and collections in one request. In contrast, the existing Collection.BulkWrite method can only modify a single collection.
BSON Vector Datatype
The new bson.Vector type makes inserting and querying vector data using Atlas Vector Search easier and more efficient.
For a full list of tickets included in this release, please see the links below:
Full Changelog: v2.0.1...v2.1.0
Documentation for the MongoDB Go Driver can be found on pkg.go.dev and the MongoDB documentation site. BSON library documentation is also available on pkg.go.dev. Questions and inquiries can be asked on the MongoDB Developer Community. Bugs can be reported in the Go Driver project in the MongoDB JIRA where a list of current issues can be found. Your feedback on the MongoDB Go Driver is greatly appreciated!
v2.0.1: MongoDB Go Driver 2.0.1Compare Source