v2.0.0: bug-fix & hardening release (/v2 path, Go 1.25, deps, lint v2)#4
Merged
Conversation
…ackage Address a set of bugs and problematic patterns found during code review, each covered by happy/bad/edge regression tests (bugfixes_test.go): - New: never terminate the host process; panic (recoverable) on invalid input instead of log.Fatalf/os.Exit. - NewHTTPError (method): stop mutating the receiver; operate on a copy so reused factory/catalog errors don't get a "sticky" status code. - MarshalJSON: prevent user fields from clobbering structural JSON keys (code, message, statusCode, tags, retryable, retried). - WithFields: merge into existing fields instead of wiping them. - Catalog.Get/MustGet: apply the provided options and return a copy so the shared catalog entry can't be mutated by callers. - ErrorCode/Language regexes: fully anchor them so validation actually rejects junk (spaces, punctuation, partial "default"). - From: return a modified copy instead of mutating the original (safe for shared sentinel errors). - Error/APIError/MarshalJSON: no dangling ". Tags:"/". Fields:" for empty (non-nil) sets/maps. - WithLanguage/WithTranslation/FormatError: don't panic on invalid input; degrade gracefully (documented behavior). - Chinese language code fixed to ISO 639-1 "zh" (was "ch"); Italian "failed to" template spelling fixed. - Remove dead LanguageErrorTypeMap field and dead nil checks. - Reuse a single validator instance instead of allocating one per call. - AddNewLanguage: allow updating an existing language (Store, not LoadOrStore). - Catalog name validation made consistent (gte=3). - Wrap: preserve the identity of every wrapped error via multi-error Unwrap() []error while keeping the message format (requires Go 1.20+; bump go.mod to 1.21). - prependOptions: allocate a fresh slice to avoid append aliasing. - Is: guard against panics when comparing non-comparable wrapped errors. - Factory methods: honor ignore options and avoid a nil type-assertion panic. https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
Resolve the Dependabot alerts by moving every dependency to the highest release that is still compatible with the CI's Go 1.23 (absolute-latest x/* and validator now require Go >= 1.24/1.25): - golang.org/x/crypto v0.28.0 -> v0.41.0 (fixes CVE-2024-45337, CVE-2025-22869) - golang.org/x/net dropped entirely (no longer in the build graph; the pruned graph resolves it to a patched v0.42.0) - golang.org/x/text v0.19.0 -> v0.28.0 - golang.org/x/sys v0.26.0 -> v0.35.0 - go-playground/validator/v10 v10.22.1 -> v10.27.0 - stretchr/testify v1.8.4 -> v1.11.1 - gabriel-vasile/mimetype v1.4.5 -> v1.4.13 - go.mod go directive 1.21 -> 1.23.0 (no toolchain directive) Convert the two C-style loops in bugfixes_test.go to integer range loops so the linter's intrange check (enabled at go >= 1.22) stays green. https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
Persist project context (layout, conventions, gotchas, the CI golangci-lint v1.61.0 / Go 1.23 setup, and the dependency-version policy) so future work doesn't need to re-derive it. https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
BREAKING CHANGE: the module path is now github.com/thalesfsp/customerror/v2 (import with the /v2 suffix; the package name remains `customerror`). - go.mod module path -> github.com/thalesfsp/customerror/v2 - go directive -> 1.25.0 (no toolchain directive) - dependencies bumped to latest: validator v10.30.3, testify v1.11.1, x/crypto v0.52.0, x/text v0.37.0, x/sys v0.45.0, mimetype v1.4.13 (x/net is no longer in the build graph) - README updated for the /v2 install/import path - CHANGELOG: add the 2.0.0 entry https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
…-lint v2.5.0 - .golangci.yml converted to the v2 schema (version: "2", default: all, linters.settings, linters.exclusions, formatters). Disables three linters that are new in v2 and clash with the repo's idioms so the migration preserves the prior baseline: noinlineerr, funcorder, wsl_v5; excludes gosmopolitan for i18n test fixtures. - workflow now uses actions/checkout@v4, actions/setup-go@v5 (Go 1.25), and golangci/golangci-lint-action@v8 (golangci-lint v2.5.0). - language.go: document the language-code const block (revive `exported`). `make ci` (lint + test + coverage) is green locally under golangci-lint v2.5.0. https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes ~21 correctness/safety/i18n bugs (each with happy/bad/edge tests in
bugfixes_test.go), migrates to the/v2module path, bumps Go to 1.25 + all deps to latest (resolving the Dependabot alerts), and migrates the lint config to golangci-lint v2. SeeCHANGELOG.md(2.0.0).Verified:
make cigreen (lint + test + coverage), race tests pass at 92.9%, golangci-lint v2.5.0 = 0 issues.https://claude.ai/code/session_01Jg4Wg3wZpUUzeRR6X9EYCt
Generated by Claude Code