Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 #1448

Merged
merged 4 commits into from
Sep 18, 2023
Merged

chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 #1448

merged 4 commits into from
Sep 18, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 21, 2023
edited
Loading

Bumps gorm.io/gorm from 1.23.10 to 1.25.4.

Commits
  • 7e44f73 fix schema GetIdentityFieldValuesMap interface or ptr (#6417)
  • 2c20897 add float32 test case (#6530)
  • fef4294 feat: rm GetDBConnWithContext method (#6535)
  • bae684b fix(clause): when the value of clause.Eq is an empty array, the SQL should be...
  • 15162af Support GetDBConnWithContext PreparedStmtDB
  • 3c34bc2 refactor: Regex description (#6507)
  • f473761 fix: added SkipHooks in db getInstance() (#6484)
  • 193c454 keep float precision in ExplainSQL (#6495)
  • 1fb26ac test: coverage for tabletype added (#6496)
  • a7f01bd Test Pluck with customized type
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
gorm.io/gorm [>= 1.24.a, < 1.25]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies go Pull requests that update Go code labels Aug 21, 2023
@dependabot dependabot bot mentioned this pull request Aug 21, 2023
Closed
@dependabot dependabot bot force-pushed the dependabot/go_modules/gorm.io/gorm-1.25.4 branch from 0ebdf03 to 0bd2e77 Compare August 29, 2023 15:53
@dependabot dependabot bot force-pushed the dependabot/go_modules/gorm.io/gorm-1.25.4 branch 6 times, most recently from b942d4c to 630925a Compare September 12, 2023 17:53
@dependabot
chore(deps): bump gorm.io/gorm from 1.23.10 to 1.25.4
c8494c0 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.10 to 1.25.4.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.23.10...v1.25.4)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/gorm.io/gorm-1.25.4 branch from 630925a to c8494c0 Compare September 13, 2023 19:27
@willmurphyscode
Copy link
Contributor

I think this is failing because we're depending on an outdated fork of sqlite for go: https://github.com/anchore/sqlite

Pulling in latest from https://github.com/go-gorm/sqlite fixes these dependency errors. We should investigate whether we still need this fork.

@willmurphyscode willmurphyscode self-assigned this Sep 16, 2023
@willmurphyscode
Remove dependency on sqlite fork
08c2c88 
The reason we needed to depend on the fork seems no longer to be true.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
appease linter
c3d2863 
Signed-off-by: Will Murphy <will.murphy@anchore.com>
@willmurphyscode
Let gorm import modernc sqlite
de2163f 
Otherwise the driver gets double-registered, which is not allowed.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
wagoodman
wagoodman reviewed Sep 18, 2023
View reviewed changes
grype/db/v5/store/store.go
@@ -4,14 +4,14 @@ import (
"fmt"
"sort"

_ "github.com/glebarez/sqlite" // provide the sqlite dialect to gorm via import
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not a comment for this PR: we should remove these statements and push these side-effect imports to the main package exclusively (as not to pollute the sql driver registration space for lib consumers).

@willmurphyscode willmurphyscode added this pull request to the merge queue Sep 18, 2023
@willmurphyscode willmurphyscode removed this pull request from the merge queue due to a manual request Sep 18, 2023
@willmurphyscode willmurphyscode changed the title chore(deps): bump gorm.io/gorm from 1.23.10 to 1.25.4 chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from 1.23.10 to 1.25.4 Sep 18, 2023
@willmurphyscode willmurphyscode merged commit 6c99b95 into main Sep 18, 2023
9 checks passed
@willmurphyscode willmurphyscode deleted the dependabot/go_modules/gorm.io/gorm-1.25.4 branch September 18, 2023 15:34
@willmurphyscode willmurphyscode mentioned this pull request Sep 18, 2023
Closed
robszumski pushed a commit to robszumski/grype that referenced this pull request Sep 18, 2023
@dependabot @willmurphyscode @robszumski
chore(deps): remove dependency on sqlite fork; bump gorm.io/gorm from…
095f46d 
… 1.23.10 to 1.25.4 (anchore#1448)

* chore: remove dependency on sqlite fork
* chore(deps): bump gorm.io/gorm from 1.23.10 to 1.25.4

Removed the dependency on github.com/anchore/sqlite because the diff
added to that fork was no longer needed. 

Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.10 to 1.25.4.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](go-gorm/gorm@v1.23.10...v1.25.4)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

@willmurphyscode willmurphyscode

Labels
dependencies go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@willmurphyscode @wagoodman