Skip to content

build: upgrade anchore dependencies to fix mapstructure compatibility #246

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: feature/in-flight-checksums-env-var
Choose a base branch
from
Open

build: upgrade anchore dependencies to fix mapstructure compatibility #246

wants to merge 1 commit into from

Conversation

leodido
Copy link

@leodido leodido commented Sep 30, 2025
edited
Loading

Description

Upgrades anchore dependencies to resolve a critical compatibility issue between different mapstructure package versions that was preventing the cmd package tests from running.

Root Cause:

  • Older anchore/fangs (v0.0.0-20241014225144-4e1713cafd77) used mitchellh/mapstructure@v1.5.0
  • Newer viper (v1.20.1) uses go-viper/mapstructure/v2@v2.2.1
  • Function signature mismatch in DecoderConfigOption caused build failures

Solution:

  • Upgrade anchore/clio to v0.0.0-20250926015255-f418e0b4892c
  • This brings anchore/fangs to v0.0.0-20250924221602-895877cb39ec
  • Newer fangs is compatible with the newer mapstructure API

Key Changes:

  • Primary: github.com/anchore/clio upgraded
  • Secondary: github.com/anchore/fangs upgraded (transitive)
  • Additional: Various dependency updates (fsnotify, gookit/color, cobra, etc.)

Related Issue(s)

Fixes cmd package test execution failures with error cannot use func(dc *mapstructure.DecoderConfig) as viper.DecoderConfigOption.

Prerequisite to have tests running in #247.
Hence, it also fixes https://linear.app/ona-team/issue/CLC-1958/leeway-security-testing-suite

How to test

Verify Tests Pass

# These should now work (previously failed)
go test ./cmd/ -v
go test -run TestBuildCommandFlags ./cmd/
go test -run TestInFlightChecksumsEnvironmentVariable ./cmd/

###Verify Binary Builds

# This should work without errors
go build -o leeway .
./leeway --help

Verify No Regression

# Existing functionality should be unchanged
go test ./pkg/... -v

Documentation

This is a dependency upgrade that fixes build/test issues without changing user-facing functionality.

@leodido @ona-agent
build: upgrade anchore dependencies to fix mapstructure compatibility
31a0be1 
- Upgrade github.com/anchore/clio to v0.0.0-20250926015255-f418e0b4892c
- This brings github.com/anchore/fangs to v0.0.0-20250924221602-895877cb39ec
- Fixes compatibility issue between mitchellh/mapstructure and go-viper/mapstructure/v2
- Resolves build failures in cmd package tests due to type mismatch
- Updates related dependencies (fsnotify, gookit/color, cobra, etc.)

The root cause was that older fangs used mitchellh/mapstructure while
newer viper uses go-viper/mapstructure/v2, causing DecoderConfigOption
function signature mismatches. The newer fangs version is compatible
with the newer mapstructure API.

Fixes: cmd package tests now pass, binary builds successfully

Co-authored-by: Ona <no-reply@ona.com>
@leodido leodido self-assigned this Sep 30, 2025
@leodido leodido mentioned this pull request Sep 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aledbf aledbf aledbf approved these changes

@corneliusludmann corneliusludmann Awaiting requested review from corneliusludmann

Assignees

@leodido leodido

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leodido @aledbf