Skip to content

build: upgrade anchore dependencies to fix mapstructure compatibility #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 23, 2025
Merged

build: upgrade anchore dependencies to fix mapstructure compatibility #246

merged 1 commit into from
Oct 23, 2025
+568 −435

Conversation

@leodido
Copy link
Contributor

@leodido leodido commented Sep 30, 2025
edited
Loading

Description

Upgrades anchore dependencies to resolve a critical compatibility issue between different mapstructure package versions that was preventing the cmd package tests from running.

Root Cause:

  • Older anchore/fangs (v0.0.0-20241014225144-4e1713cafd77) used mitchellh/mapstructure@v1.5.0
  • Newer viper (v1.20.1) uses go-viper/mapstructure/v2@v2.2.1
  • Function signature mismatch in DecoderConfigOption caused build failures

Solution:

  • Upgrade anchore/clio to v0.0.0-20250926015255-f418e0b4892c
  • This brings anchore/fangs to v0.0.0-20250924221602-895877cb39ec
  • Newer fangs is compatible with the newer mapstructure API

Key Changes:

  • Primary: github.com/anchore/clio upgraded
  • Secondary: github.com/anchore/fangs upgraded (transitive)
  • Additional: Various dependency updates (fsnotify, gookit/color, cobra, etc.)

Related Issue(s)

Fixes cmd package test execution failures with error cannot use func(dc *mapstructure.DecoderConfig) as viper.DecoderConfigOption.

Prerequisite to have tests running in #247.
Hence, it also fixes https://linear.app/ona-team/issue/CLC-1958/leeway-security-testing-suite

How to test

Verify Tests Pass

# These should now work (previously failed)
go test ./cmd/ -v
go test -run TestBuildCommandFlags ./cmd/
go test -run TestInFlightChecksumsEnvironmentVariable ./cmd/

###Verify Binary Builds

# This should work without errors
go build -o leeway .
./leeway --help

Verify No Regression

# Existing functionality should be unchanged
go test ./pkg/... -v

Documentation

This is a dependency upgrade that fixes build/test issues without changing user-facing functionality.

@leodido leodido self-assigned this Sep 30, 2025
@leodido leodido mentioned this pull request Sep 30, 2025
Merged
geropl
geropl approved these changes Oct 22, 2025
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✔️

@leodido leodido changed the base branch from feature/in-flight-checksums-env-var to main October 23, 2025 13:47
@leodido leodido force-pushed the fix/upgrade-anchore-deps-mapstructure branch from 31a0be1 to 19ab207 Compare October 23, 2025 13:54
@leodido @ona-agent
build: upgrade anchore dependencies to fix mapstructure compatibility
1813aa9 
- Upgrade github.com/anchore/clio to v0.0.0-20250926015255-f418e0b4892c
- This brings github.com/anchore/fangs to v0.0.0-20250924221602-895877cb39ec
- Fixes compatibility issue between mitchellh/mapstructure and go-viper/mapstructure/v2
- Resolves build failures in cmd package tests due to type mismatch
- Updates related dependencies (fsnotify, gookit/color, cobra, etc.)

The root cause was that older fangs used mitchellh/mapstructure while
newer viper uses go-viper/mapstructure/v2, causing DecoderConfigOption
function signature mismatches. The newer fangs version is compatible
with the newer mapstructure API.

Fixes: cmd package tests now pass, binary builds successfully

Co-authored-by: Ona <no-reply@ona.com>
@leodido leodido force-pushed the fix/upgrade-anchore-deps-mapstructure branch from 19ab207 to 1813aa9 Compare October 23, 2025 13:57
@leodido leodido merged commit 146cebe into main Oct 23, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aledbf aledbf aledbf approved these changes

@geropl geropl geropl approved these changes

@corneliusludmann corneliusludmann Awaiting requested review from corneliusludmann

Assignees

@leodido leodido

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leodido @aledbf @geropl