chore(deps): update dependency oasdiff/oasdiff to v1.22.0#137
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update dependency oasdiff/oasdiff to v1.22.0#137renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Upstream OpenAPI specNo API changes detected. |
No breaking changes from 09a88e1No API changes detected after overlay. |
|
No API changes detected after overlay. |
1b6733c to
09a88e1
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.20.0→1.22.0v1.23.0Release Notes
oasdiff/oasdiff (oasdiff/oasdiff)
v1.22.0Compare Source
Exact source locations, an OpenAPI 3.1 allOf fix, and a published output schema
Every change reported by
breakingandchangelognow carries a precise source location, down to the exact field or value that changed. OpenAPI 3.1 multi-type arrays no longer fail--flatten-allof, and a newoasdiff schemacommand publishes a JSON Schema for the machine-readable output so CI tooling can validate against it.CLI changes
--flatten-allof(#1079). Any multi-type array such astype: [integer, "null"](the idiomatic 3.1 way to express nullable) inside a schema touched by allOf merging used to fail withunable to resolve Type conflict: all Type values must be identical, even when there was no conflict at all. The merge now keeps each schema's type array intact and intersects across allOf branches: a multi-type array in a single branch passes through unchanged, identical arrays across branches merge, andintegerstill resolves as a subset ofnumber. A genuinely empty intersection (e.g.[string, "null"]with[integer]) reports the same conflict error as before. Fixes #1078 (thanks @katepol for the report) and #535.oasdiff schemacommand (#1075, thanks @fuleinist for the request in #1074). Prints a JSON Schema describing the--format json/yamloutput ofbreakingandchangelog, reflected directly from the output type so it cannot drift. Non-Go CI tooling can pin the schema to an oasdiff version to validate or type results. ThediffJSON is intentionally not covered yet, since itsfrom/tovalues are too loosely typed for a useful reflected schema.Exact source locations
api-global-security-*,api-security-*,api-security-component-oauth-*) previously appeared with nobaseSource/revisionSource. They now anchor to the relevantsecurityfield or scheme. Known limitation: the two scope-added cases point at their container rather than the exact scope line, pending an upstream parser origin enhancement.api-stability-*,api-invalid-stability-level, and property stability changes anchor to the exactx-stability-levelfield, andrequest-parameter-sunset-parseis located consistently from both checks that emit it. With this, every checker emits a location.x-extensible-enumchanges point at the exact field or value (#1073).api-sunset-*andrequest-parameter-sunset-*now point at thex-sunsetfield instead of the containing operation or parameter, and thex-extensible-enum-value-removedchecks point at the exact removed value, matching how theenumchecks already behave.tags:field (#1076).api-tag-removed/api-tag-addednow source the specific tag entry (so removing tagsecuritypoints at the- securityline) and set only the side the tag exists on.Changelog verdicts
stringtoobjectunder a loosely typed media type likeapplication/xmlis backward compatible only because everything on the wire is a string, not a genuine narrowing, yet it was reported asresponse-body-type-specialized("was narrowed from string to object"). Such swaps are now rerouted to four new INFO verdicts,request-body-type-compatible,request-property-type-compatible,response-body-type-compatible, andresponse-property-type-compatible, worded "changed from X to Y (backward compatible)". Genuine narrowing or widening, and adding or removing the type constraint entirely, keep their existing verdicts.Misc
numbertointeger" becomes "was narrowed fromnumbertointeger", matching the phrasing the list-of-types messages already use, in all four locales. Message text only: the rule ids and their descriptions keep the generalize/specialize terms.changelog - -builds both sides from a single stdin read (#1082). When base and revision are both-, the revision was previously loaded from the already-exhausted stdin and patched afterwards, leaving its spec version internally inconsistent and relying on the parser accepting empty input. Both sides are now constructed from one read; output is unchanged (no changes reported, exit 0).Go package changes
checkerhelpers are unexported (#1072).OperationFieldSources,ParameterFieldSources,SchemaMapItemSource,IsDecreasedValue, andIsIncreasedValueare now package-private. They were source and value-comparison internals with no known external callers; the public entry points (CheckBackwardCompatibility,NewConfig,GetAllRules, and the individual check functions) are unchanged.v1.21.0Compare Source
Sharper response-side detection, a crash fix for schema-less media types, and clearer change messages
This release fixes a panic in
oasdiff breakingwhen a media type gains or loses a schema, fills in the response-side mirrors of several breaking-change checks (response type widening/narrowing, added response headers, media-type schema add/remove), refines when a scalar-to-array query parameter counts as breaking, and rewrites the type/format change messages to read in plain English.CLI changes
Crash fix
content: { application/json: {} }in the base that addsschema: { type: string }in the revision (or the reverse) used to nil-panic deep inside the per-schema checks. The schema walkers now skip a media type whose schema is present on only one side, so none of the ~70 checks built on them can dereference a missingBase/Revision. The add/remove is still reported (see below).Response-side detection (filling in the contravariant mirrors)
numbertointeger) produced no finding at all, and a widening was reported with the genericresponse-*-type-changed. The verdict is now split three ways, the mirror of the request side: a narrowed return type isresponse-*-type-specialized(INFO), a widened one isresponse-*-type-generalized(ERR), and a genuinely incompatible change staysresponse-*-type-changed(ERR).request-body-media-type-schema-added(ERR, input that accepted anything now requires a shape) andresponse-body-media-type-schema-removed(WARN, a typed response is no longer guaranteed) are the breaking directions, withrequest-body-media-type-schema-removedandresponse-body-media-type-schema-addedas their INFO duals.response-header-addednow fires at INFO as a non-breaking changelog entry.Query parameter widening
["string"]to["array","null"]) and weakly-typed multi-type bases ([string,integer]toarray<string>) are now correctly reported as generalizations, while an item that narrows the value contract (stringtoarray<string>with an addedpatternthat would reject?token=5) is now correctly reported as breaking. The generalization verdict carries a comment explaining the form/explode reasoning, since a scalar-to-array change reads like a breaking one. Deliberate trade-off: widening to an array while simultaneously loosening the item is genuinely safe but now reported as breaking, the correct side to err on.oneOf wrapping
oneOfnow emits a single finding (#1060, #1038, follow-up to #702). Wrapping a concrete object body into aoneOfof alternatives used to produce overlapping findings:*-body-wrapped-in-one-ofplus*-body-one-of-addedplus a top-level*-body-type-changed/-generalized(the wrapper has notype, so it read asany). On the response side, contravariance made all three ERR, so a single wrapping produced three breaking findings. The redundantone-of-addedand body type change are now suppressed when anOneOfWrappingDiffis present, so each wrapped body emits exactly one accurate finding on each side.Misc
the type/format was generalized fromstring/`` toarray, null/``` is replaced bythetypewas generalized fromstringtoarray<string>, null``: an empty format is folded away, arrays show their item type, an unset type renders asany, and the message names the dimension that actually changed (type,format, ortype/format`). Check ids and levels are unchanged; only the human-facing text and its arguments change. The RU translations for these messages were also rewritten for consistency.numbertointeger", matching the wording thelist-of-typesmessages already use, across all four locales. The rule ids keep the generalize/specialize terms.Go package changes
Breaking: structured security requirement diff
Added/Deletedgo from[]stringtoSecurityAlternatives([]SecurityAlternative, each{ Index, Schemes map[string][]string }), andModifiedgoes frommap[string]SecurityScopesDifftoModifiedSecurityRequirements([]*ModifiedSecurityRequirement). This models asecurity:list as the unordered set of OR-alternatives it is, so a removed alternative that shares a scheme with others is now unambiguous in both the structured diff output and the changelog message (the endpoint scheme securitypetstore_auth: [admin:pets]was removed). Consumers of the structuredoasdiff diffoutput for security requirements need to update.Misc
checker.CheckModifiedPropertiesDiff/CheckAddedPropertiesDiff/CheckDeletedPropertiesDiffhad zero external callers (verified across this repo and oasdiff-service) and were internal primitives consumed by the media-type walker. They are now unexported. No CLI or output impact; a library-only API-surface reduction.v1.20.1Compare Source
What's changed
Security diff
the report and a working reference fix): an OR of scopes written by repeating
a scheme (
- petstore_auth: [read]/- petstore_auth: [write]) no longerreports a spurious scope add/remove, even diffing a spec against itself.
-f json/-f yaml,securityRequirements.added/deletedare now objects withindexandschemes(were strings), andmodifiedis now a list (was a map), so achanged alternative is unambiguous when several share a scheme.
Heads-up: this changes the machine-readable diff shape for security and
the exported Go type
diff.SecurityRequirementsDiff(a breaking change if youimport the library). The human-readable text report is unchanged in meaning.
Checker
no longer reported as removed.
Formatters
validateand the diff formatters emita valid empty document for a clean spec / no changes, in every format.
Internal
github-actionsDependabot ecosystem (#1039) + actions group bump (#1040);checker rule-symmetry test guard (#1035).
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.