Skip to content

Commit 31a0be1

Browse files
leodidoona-agent
leodido
and
ona-agent
committed
build: upgrade anchore dependencies to fix mapstructure compatibility
- Upgrade github.com/anchore/clio to v0.0.0-20250926015255-f418e0b4892c - This brings github.com/anchore/fangs to v0.0.0-20250924221602-895877cb39ec - Fixes compatibility issue between mitchellh/mapstructure and go-viper/mapstructure/v2 - Resolves build failures in cmd package tests due to type mismatch - Updates related dependencies (fsnotify, gookit/color, cobra, etc.) The root cause was that older fangs used mitchellh/mapstructure while newer viper uses go-viper/mapstructure/v2, causing DecoderConfigOption function signature mismatches. The newer fangs version is compatible with the newer mapstructure API. Fixes: cmd package tests now pass, binary builds successfully Co-authored-by: Ona <no-reply@ona.com>
1 parent b1619d3 commit 31a0be1

File tree

2 files changed

+60
-57
lines changed

2 files changed

+60
-57
lines changed

go.mod

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ module github.com/gitpod-io/leeway
33
go 1.24.1
44

55
require (
6-
github.com/anchore/clio v0.0.0-20241115144204-29e89f9fa837
6+
github.com/anchore/clio v0.0.0-20250926015255-f418e0b4892c
77
github.com/anchore/grype v0.90.0
88
github.com/anchore/syft v1.21.0
99
github.com/aws/aws-sdk-go-v2 v1.38.1
@@ -14,11 +14,11 @@ require (
1414
github.com/creack/pty v1.1.23
1515
github.com/disiqueira/gotree v1.0.0
1616
github.com/dop251/goja v0.0.0-20241024094426-79f3a7efcdbd
17-
github.com/fsnotify/fsnotify v1.8.0
17+
github.com/fsnotify/fsnotify v1.9.0
1818
github.com/google/go-cmp v0.7.0
1919
github.com/google/go-containerregistry v0.20.6
2020
github.com/google/uuid v1.6.0
21-
github.com/gookit/color v1.5.4
21+
github.com/gookit/color v1.6.0
2222
github.com/imdario/mergo v0.3.16
2323
github.com/in-toto/in-toto-golang v0.9.0
2424
github.com/karrick/godirwalk v1.17.0
@@ -30,10 +30,10 @@ require (
3030
github.com/sigstore/sigstore-go v1.1.2
3131
github.com/sirupsen/logrus v1.9.3
3232
github.com/slsa-framework/slsa-verifier/v2 v2.6.0
33-
github.com/spf13/cobra v1.9.1
33+
github.com/spf13/cobra v1.10.1
3434
github.com/stretchr/testify v1.11.1
3535
golang.org/x/mod v0.28.0
36-
golang.org/x/sync v0.16.0
36+
golang.org/x/sync v0.17.0
3737
golang.org/x/time v0.13.0
3838
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da
3939
gopkg.in/yaml.v3 v3.0.1
@@ -52,7 +52,7 @@ require (
5252
cloud.google.com/go/monitoring v1.24.2 // indirect
5353
cloud.google.com/go/spanner v1.84.1 // indirect
5454
cloud.google.com/go/storage v1.56.1 // indirect
55-
dario.cat/mergo v1.0.1 // indirect
55+
dario.cat/mergo v1.0.2 // indirect
5656
filippo.io/edwards25519 v1.1.0 // indirect
5757
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
5858
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
@@ -81,9 +81,10 @@ require (
8181
github.com/adrg/xdg v0.5.3 // indirect
8282
github.com/agext/levenshtein v1.2.1 // indirect
8383
github.com/anchore/archiver/v3 v3.5.3-0.20241210171143-5b1d8d1c7c51 // indirect
84-
github.com/anchore/fangs v0.0.0-20241014225144-4e1713cafd77 // indirect
84+
github.com/anchore/fangs v0.0.0-20250924221602-895877cb39ec // indirect
8585
github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect
86-
github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
86+
github.com/anchore/go-homedir v0.0.0-20250319154043-c29668562e4d // indirect
87+
github.com/anchore/go-logger v0.0.0-20250813181427-74728f89a619 // indirect
8788
github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
8889
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
8990
github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
@@ -210,7 +211,7 @@ require (
210211
github.com/golang/snappy v0.0.4 // indirect
211212
github.com/google/certificate-transparency-go v1.3.2 // indirect
212213
github.com/google/licensecheck v0.3.1 // indirect
213-
github.com/google/pprof v0.0.0-20250602020802-c6617b811d0e // indirect
214+
github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 // indirect
214215
github.com/google/s2a-go v0.1.9 // indirect
215216
github.com/google/trillian v1.7.2 // indirect
216217
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
@@ -292,7 +293,7 @@ require (
292293
github.com/pandatix/go-cvss v0.6.2 // indirect
293294
github.com/pborman/indent v1.2.1 // indirect
294295
github.com/pelletier/go-toml v1.9.5 // indirect
295-
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
296+
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
296297
github.com/pierrec/lz4/v4 v4.1.22 // indirect
297298
github.com/pjbgf/sha1cd v0.3.2 // indirect
298299
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -305,7 +306,7 @@ require (
305306
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c // indirect
306307
github.com/ryanuber/go-glob v1.0.0 // indirect
307308
github.com/saferwall/pe v1.5.6 // indirect
308-
github.com/sagikazarmark/locafero v0.7.0 // indirect
309+
github.com/sagikazarmark/locafero v0.12.0 // indirect
309310
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
310311
github.com/sassoftware/go-rpmutils v0.4.0 // indirect
311312
github.com/sassoftware/relic v7.2.1+incompatible // indirect
@@ -332,13 +333,12 @@ require (
332333
github.com/skeema/knownhosts v1.3.1 // indirect
333334
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
334335
github.com/slsa-framework/slsa-github-generator v1.9.0 // indirect
335-
github.com/sourcegraph/conc v0.3.0 // indirect
336336
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
337337
github.com/spdx/tools-golang v0.5.5 // indirect
338-
github.com/spf13/afero v1.14.0 // indirect
339-
github.com/spf13/cast v1.7.1 // indirect
340-
github.com/spf13/pflag v1.0.9 // indirect
341-
github.com/spf13/viper v1.20.1 // indirect
338+
github.com/spf13/afero v1.15.0 // indirect
339+
github.com/spf13/cast v1.10.0 // indirect
340+
github.com/spf13/pflag v1.0.10 // indirect
341+
github.com/spf13/viper v1.21.0 // indirect
342342
github.com/spiffe/go-spiffe/v2 v2.5.0 // indirect
343343
github.com/subosito/gotenv v1.6.0 // indirect
344344
github.com/sylabs/sif/v2 v2.20.2 // indirect
@@ -380,13 +380,14 @@ require (
380380
go.uber.org/multierr v1.11.0 // indirect
381381
go.uber.org/zap v1.27.0 // indirect
382382
go.yaml.in/yaml/v2 v2.4.2 // indirect
383+
go.yaml.in/yaml/v3 v3.0.4 // indirect
383384
golang.org/x/crypto v0.41.0 // indirect
384385
golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
385386
golang.org/x/net v0.43.0 // indirect
386387
golang.org/x/oauth2 v0.30.0 // indirect
387-
golang.org/x/sys v0.35.0 // indirect
388-
golang.org/x/term v0.34.0 // indirect
389-
golang.org/x/text v0.28.0 // indirect
388+
golang.org/x/sys v0.36.0 // indirect
389+
golang.org/x/term v0.35.0 // indirect
390+
golang.org/x/text v0.29.0 // indirect
390391
golang.org/x/tools v0.36.0 // indirect
391392
google.golang.org/api v0.248.0 // indirect
392393
google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect

0 commit comments

Comments
 (0)