Skip to content

chore(deps): update dependency cue to v0.16.1 (main)#5295

Merged
elastic-renovate-prod[bot] merged 1 commit intomainfrom
renovate/main-cue-0.x
Apr 24, 2026
Merged

chore(deps): update dependency cue to v0.16.1 (main)#5295
elastic-renovate-prod[bot] merged 1 commit intomainfrom
renovate/main-cue-0.x

Conversation

@elastic-renovate-prod
Copy link
Copy Markdown
Contributor

@elastic-renovate-prod elastic-renovate-prod Bot commented Apr 24, 2026

This PR contains the following updates:

Package Update Change
cue minor 0.15.4 -> 0.16.1

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cue-lang/cue (cue)

v0.16.1

Language

The fallback keyword in the aliasv2 experiment is replaced by otherwise, which is clearer. cue fmt or cue fix can be used to rewrite existing code.

Evaluator

Fix a regression where the compiler could add comments to the input AST value, which could lead to increased memory usage.

Fix a bug where exporting certain schemas could result in "cannot have both alias and field in same scope" errors.

cmd/cue

Fix a panic which could occur when using non-label expressions in the --path flag.

Teach cue login to give helpful errors when used with OCI registries which don't support the OAuth2 device flow.

Go API

Fix a regression where cue.Context.Encode could panic on custom marshaler types with pointer receivers.

Full list of changes since v0.16.0

v0.16.0

Changes which may break some users are marked below with: ⚠️

Language

As a reminder, we have two ongoing language experiments since v0.15; a replacement for struct embedding and a rework of aliases. Please give these a try and report any issues or feedback!

⚠️ The cmdreferencepkg global experiment is now stable, meaning that CUE_EXPERIMENT=cmdreferencepkg is always enabled.

#"""# is now accepted as a string literal quoting a double quote, ".

Multiline string literals now require a trailing newline, matching the language spec.

The new try experiment

This release introduces the try experiment, which adds a try clause in comprehensions as well as the use of ? in field selectors. This addition to the language is intended to provide a more concise syntax for handling optional fields without the risk of unintentionally swallowing errors.

This experiment also introduces the else clause for if and try comprehensions, and the fallback clause for for comprehensions, which trigger when a comprehension produces zero values.

You can try this experiment by following our how-to guides on the try clause and the else clause. For more information, see the proposal on GitHub and the spec change patch.

Evaluator

Performance

Further improve the use of caching in the typochecker algorithm; this provides speed-ups of up to 80% on some large projects.

Very large structs (tested with 20,000 fields) are up to 80% faster now, as we were repeating some work unnecessarily.

A great deal of effort has gone into reducing the allocations and memory usage across a number of projects. For some of these, memory usage is down by as much as 60%.

These improvements were possible thanks to our Unity service, letting us analyze CUE's performance and test for regressions on third party projects. Contact @​mvdan on Discord, Slack, or via the Unity page to ensure that your project is included or you are running into slowness.

A number of changes were made to improve support for using cue.Values concurrently; see Issue #​2733 for more details and ongoing progress.

Other changes

Fix a regression introduced in v0.13 where the or built-in with literal arguments could stop behaving like a disjunction.

A number of panics and other bugs in the evaluator which were reported since v0.15.0 have been fixed; thank you to all who reported these.

cmd/cue

Add support for $DOCKER_AUTH_CONFIG to directly provide the contents of $DOCKER_CONFIG/config.json to authenticate with module registries, matching Docker's current behavior.

The --outfile flag now works when given non-regular files such as named pipes or sockets.

⚠️ cue mod publish no longer ignores sub-directories containing a go.mod file.

⚠️ Using cue inside the cue.mod directory now fails consistently with a clear error message to not place CUE code there. Previously, some commands worked while others failed with confusing errors.

⚠️ The global --verbose and --trace flags have been moved to the cue get go and cue trim commands respectively, as they were the only ones actually using those flags, and this could be confusing to users.

Fix a bug where loading ./...:pkgname could lead to loading directories without CUE files as instances, which could cause poor performance for CUE packages with multiple parent directories.

cue exp writefs gains an encoding optional field for regular files, to specify an encoding rather than infer it from the filename extension.

LSP server

Initial LSP support for editing embedded JSON and YAML files. This feature provides completions and hover-docs when editing JSON or YAML files which are embedded into CUE via the @embed attribute. A teaser video is available on YouTube.

Code Actions: two code actions are now provided, Add surrounding struct braces and Remove surrounding struct braces, which convert between

a: b: c

and

a: {
	b: c
}

with the cursor on b.

A complete overhaul of how the LSP server suggests code completions. This solves the previous naïve implementation which would only make suggestions after a field name or path had been started. Now completions are available from within whitespace.

Embedded paths with mutual dependencies: embedded paths with multiple components (e.g. a.b.c) can in some cases only be fully resolved after the resolution of other embedded paths. The LSP server can now correctly handle these dependencies.

The LSP server now implements LSP Document Symbols functionality. This is often used by editors to provide light-weight breadcrumb navigation within a file.

Some preliminary diagnostics are now sent from the LSP server back to the editor. Initially this mainly indicates syntax errors in CUE files, but this can be extended in the future.

Many bug fixes, including better behaviour for files and directories with spaces; improvements for value aliases (foo: L=x); LSP rename now provides placeholder text; improved jump-to-definition behaviour for package-level fields; fixed issues around imports; path resolution; formatting of standalone CUE files; and others.

See our Getting Started wiki page for instructions on how to set it up with your editor.

Please report any bugs or missing features you encounter via the Issue tracker or via the #lsp channels on Discord or Slack.

Encodings

Add support for encoding YAML tags like key: !Custom value by using CUE attributes like key: "value" @​yaml(,tag="!Custom").

cue get go now detects which Go packages use Kubernetes type semantics via // +k8s:openapi-gen=true and obeys the field annotations // +optional and // +nullable.

cue get go gains a --codec flag to configure the use and priority of Go struct field tags like json or yaml.

Fix a bug where cue get go could skip over fields whose type implements one of the supported marshaling interfaces.

Fix a few bugs where cue get go could result in invalid or failing CUE code.

JSON Schema's Config.OpenOnlyWhenExplicit option is now exposed for the CLI via the filetype tag jsonschema+openOnlyWhenExplicit.

JSON Schema now properly encodes hash references for better compatibility with other tools.

Standard library

The strconv package adds ParseNumber, like ParseInt or ParseFloat but allowing other CUE number strings such as 1Ki.

The net package adds InCIDR to test whether an IP is contained by a CIDR string.

The net package adds ParseCIDR to extract useful information from a CIDR string.

The net package adds CompareIP to compare two IP addresses, which can be useful for computing with IP ranges.

The net/http package adds Serve as an experimental API to listen on a port and serve HTTP requests.

The tool/file package adds Symlink to create symbolic links.

Go API

cue.Value.Decode now supports the new cue.Unmarshaler interface, allowing Go types to implement their own CUE value decoding logic via an UnmarshalCUE(cue.Value) error method.

The new cue.IsIncomplete function reports whether the given value is a CUE incomplete error.

cue/ast gains the NewPredeclared and Ident.IsPredeclared to mark and detect identifiers referencing predeclared names like error or int rather than fields which may shadow those names in the current scope.

⚠️ cue.Value.Decode now uses cue.IsIncomplete to not treat incomplete errors as fatal, allowing the decoding to continue.

Fix a bug where cue.Value.Decode could behave incorrectly when decoding a CUE null or incomplete value.

⚠️ cue/token.Compare now sorts absolute paths before relative ones, to ensure consistent behavior between Unix-like systems and Windows.

⚠️ The long-deprecated cue/ast.Node.Comments and cue/ast.Node.AddComment interface methods are now removed; use cue/ast.Comments and cue/ast.AddComment respectively.

⚠️ The long-deprecated and unused cue/parser.FromVersion and cue/parser.DeprecationError APIs are now removed.

⚠️ The long-deprecated and hidden cue.Instance.Eval method is now removed.

Full list of changes since v0.15.0

Configuration

📅 Schedule: Branch creation - "* 1 * * 1-5" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@elastic-renovate-prod elastic-renovate-prod Bot added backport-skip dependencies Pull requests that update a dependency file renovate labels Apr 24, 2026
@elastic-renovate-prod elastic-renovate-prod Bot requested a review from a team as a code owner April 24, 2026 00:56
@elastic-renovate-prod elastic-renovate-prod Bot added renovate-auto-approve Team:Security-Cloud Services Security Data Experience - Cloud Services team. labels Apr 24, 2026
@elastic-renovate-prod elastic-renovate-prod Bot added this pull request to the merge queue Apr 24, 2026
@mergify mergify Bot added the queued label Apr 24, 2026
@mergify
Copy link
Copy Markdown
Contributor

mergify Bot commented Apr 24, 2026
edited
Loading

Merge Queue Status

This pull request spent 31 minutes 1 second in the queue, including 11 minutes 38 seconds running CI.

Waiting for:
  • check-success=Lint
  • check-success=Package Cloudbeat (docker)
  • check-success=Unit Test
  • any of:
    • check-neutral = Package Cloudbeat (docker)
    • check-skipped = Package Cloudbeat (docker)
    • check-success = Package Cloudbeat (docker)
  • any of:
    • check-neutral = Lint
    • check-skipped = Lint
    • check-success = Lint
  • any of:
    • check-neutral = Unit Test
    • check-skipped = Unit Test
    • check-success = Unit Test
All conditions
  • check-success=Lint
  • check-success=Package Cloudbeat (docker)
  • check-success=Unit Test
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Package Cloudbeat (docker)
    • check-skipped = Package Cloudbeat (docker)
    • check-success = Package Cloudbeat (docker)
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Lint
    • check-skipped = Lint
    • check-success = Lint
  • any of [🛡 GitHub branch protection]:
    • check-neutral = Unit Test
    • check-skipped = Unit Test
    • check-success = Unit Test
  • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule [org] Require a PR for Renovate]
  • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule [org] Require a PR]
  • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule [org] Require a PR for Renovate]
  • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule [org] Require a PR]
  • check-success=Manifest Tests
  • check-success=Package Cloudbeat (tar.gz)
  • check-success=Test Rego Policies
  • any of [🛡 GitHub branch protection]:
    • check-success = CLA
    • check-neutral = CLA
    • check-skipped = CLA
  • any of [🛡 GitHub branch protection]:
    • check-success = Package Cloudbeat (tar.gz)
    • check-neutral = Package Cloudbeat (tar.gz)
    • check-skipped = Package Cloudbeat (tar.gz)
  • any of [🛡 GitHub branch protection]:
    • check-success = Manifest Tests
    • check-neutral = Manifest Tests
    • check-skipped = Manifest Tests
  • any of [🛡 GitHub branch protection]:
    • check-success = Test Rego Policies
    • check-neutral = Test Rego Policies
    • check-skipped = Test Rego Policies

Reason

The merge conditions cannot be satisfied due to failing checks

Failing checks:

Hint

You may have to fix your CI before adding the pull request to the queue again.
If you update this pull request, to fix the CI, it will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue instead, you can requeue the pull request, without updating it, by posting a @mergifyio queue comment.

mergify Bot added a commit that referenced this pull request Apr 24, 2026
@mergify
Merge of #5295
f119898
@mergify mergify Bot mentioned this pull request Apr 24, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 24, 2026
@mergify
Merge of #5295
efe7677
mergify Bot added a commit that referenced this pull request Apr 24, 2026
@mergify
Merge of #5295
6e1e928
@mergify mergify Bot mentioned this pull request Apr 24, 2026
Closed
74 tasks
mergify Bot added a commit that referenced this pull request Apr 24, 2026
@mergify
Merge of #5295
4bb340a
mergify Bot added a commit that referenced this pull request Apr 24, 2026
@mergify
Merge of #5295
339d36f
This was referenced Apr 24, 2026
Merged
Closed
Merged
Closed
@mergify mergify Bot removed the queued label Apr 24, 2026
@mergify mergify Bot added the dequeued label Apr 24, 2026
Merged via the queue into main with commit c93275e Apr 24, 2026
24 of 26 checks passed
@elastic-renovate-prod elastic-renovate-prod Bot deleted the renovate/main-cue-0.x branch April 24, 2026 01:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

backport-skip dependencies Pull requests that update a dependency file dequeued renovate renovate-auto-approve Team:Security-Cloud Services Security Data Experience - Cloud Services team.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants