Skip to content

chore(deps): update ghcr.io/google/yamlfmt docker tag to v0.18.0 #228

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 14, 2025
Merged

chore(deps): update ghcr.io/google/yamlfmt docker tag to v0.18.0 #228

merged 1 commit into from
Oct 14, 2025
+1 −1

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 14, 2025

This PR contains the following updates:

Package Update Change
ghcr.io/google/yamlfmt minor 0.17.2 -> 0.18.0

Release Notes

google/yamlfmt (ghcr.io/google/yamlfmt)

v0.18.0

Compare Source

The primary reason for this release is a change to the pre-commit hook that might be breaking to some users.

Features

pre-commit hook no longer specifies filetypes

The expectation for yamlfmt is to be run in a working directory of many different filetypes, and to configure what you as a user want the tool to run on based on configuration (file extensions, doublestar patterns, etc). The hook no longer specifies types: [yaml] like it used to. You can restore this behaviour by overriding it in your pre-commit config like so:

- repo: https://github.com/google/yamlfmt
  rev: v0.18.0
  hooks:
    - id: yamlfmt
      types: [yaml]

However, you will likely have a better experience by reconfiguring yamlfmt to match the intended experience.

Default usage message on misuse of command

If you use the command yamlfmt with no arguments, and no config is discovered, the tool will now output a default usage message to indicate to the user how to properly use the command.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (squash) October 14, 2025 18:09
@claude
Copy link

claude bot commented Oct 14, 2025

Pull Request Review - PR #228

Summary

This PR updates the yamlfmt Docker image version from 0.17.2 to 0.18.0 in the Makefile. This is an automated dependency update by Renovate.

✅ Code Quality and Best Practices

APPROVED - The change follows the repository's established patterns:

  • Uses the Renovate comment marker (# renovate: depName=ghcr.io/google/yamlfmt) correctly
  • Maintains the version pinning format with both version and SHA256 digest
  • Consistent with other dependency version specifications in the Makefile
  • SHA256 digest ensures image integrity and reproducibility

✅ Potential Bugs or Issues

NONE IDENTIFIED - The change is minimal and low-risk:

  • Only updates the version string and corresponding SHA256 digest in Makefile:37
  • No functional code changes
  • The yamlfmt usage in the Makefile remains unchanged (targets check-yaml-formatting and fix-yaml-formatting are not modified)
  • Docker image pinning with SHA256 prevents unexpected changes

Note: According to the release notes, v0.18.0 introduces a potentially breaking change to the pre-commit hook (removes types: [yaml]). However, this repository uses yamlfmt via Docker in the Makefile, not via pre-commit hooks, so this breaking change does not affect this codebase.

✅ Performance Considerations

NO CONCERNS - Performance impact is expected to be neutral:

  • Minor version update unlikely to introduce significant performance changes
  • The tool performs the same YAML formatting operations
  • Docker image size differences, if any, would be minimal

✅ Security Concerns

EXCELLENT - Security practices are properly maintained:

  • SHA256 digest pinning prevents supply chain attacks via image tampering
  • Using official Google yamlfmt image from ghcr.io
  • The digest 00c2a5154b5a3c81f99ebd5d295de512c41633219c208aea69139ea36f27015d ensures the exact image content is verified
  • Automated updates via Renovate help keep dependencies current with security patches

✅ Test Coverage

ADEQUATE - The change maintains existing test coverage:

  • The update doesn't require new tests as it's a version bump
  • Existing CI checks should validate yamlfmt functionality:
    • check-yaml-formatting target in Makefile ensures YAML files are properly linted
    • CI workflows likely execute these checks automatically
  • Renovate's automerge is enabled, suggesting confidence in automated validation

Recommendation: Ensure CI passes all checks, particularly the check-yaml-formatting target, before merging.

📋 Final Recommendation

APPROVE - This is a straightforward, well-managed dependency update:

  • Minimal risk due to minor version bump
  • Proper security practices maintained
  • No code changes required
  • Breaking changes in v0.18.0 don't affect this repository's usage pattern

Suggested Action: Allow automerge to proceed once CI checks pass.

Review conducted by Claude Code - Focused on code quality, security, and best practices

@renovate renovate bot merged commit 73b09e5 into main Oct 14, 2025
11 checks passed
@renovate renovate bot deleted the renovate/ghcr.io-google-yamlfmt-0.x branch October 14, 2025 18:10
@DeveloperC286 DeveloperC286 mentioned this pull request Oct 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant