Bump github.com/ory/jsonschema/v3 from 3.0.4 to 3.0.8 #522
Conversation
Bumps [github.com/ory/jsonschema/v3](https://github.com/ory/jsonschema) from 3.0.4 to 3.0.8. - [Release notes](https://github.com/ory/jsonschema/releases) - [Commits](ory/jsonschema@v3.0.4...v3.0.8) --- updated-dependencies: - dependency-name: github.com/ory/jsonschema/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
per1234
left a comment
per1234
left a comment
There was a problem hiding this comment.
A major breaking change was made to the API of this module and then released with only a patch version bump (v3.0.4 -> v3.0.5).
When I asked about this, I received this response:
Yes, we only use this fork internally though. I'd recommend using the upstream for anyone else
Since the current version of the dependency works fine, it doesn't seem worth the effort to port the code to accommodate the breaking change. It would be better to invest the development resources to replacing this dependency that is not being maintained in a reliable manner (or perhaps to abandoning the too limiting schema-based approach completely).
I thoroughly evaluated all the available Go modules for JSON schema validation during the initial development of Arduino Lint. Most were not at all suitable because they only provide human readable validation output. Arduino Lint requires machine consumable output which can then be interpreted according to the current tool settings and translated to user friendly error and warning messages.
The only module I found that met this requirement was:
https://github.com/santhosh-tekuri/jsonschema
However, I found even it did not provide sufficient machine consumable output under certain schema configurations. Another user had previously encountered this issue and created a fork when the main module's maintainer was not receptive to the proposal. So I used that fork.
It would be worth checking to see if it would now be possible to switch from using github.com/ory/jsonschema to the properly maintained upstream github.com/santhosh-tekuri/jsonschema. There has been quite a lot of development in that module since the time I evaluated it, so maybe the needed capability has been added.
An alternative solution would be to configure the schemas in such a manner as to avoid the limitation that caused me to reject github.com/santhosh-tekuri/jsonschema originally. I think that is possible, but it makes them much more difficult to develop, maintain, and contribute to. The main benefit to the JSON schema-based approach is standardization, so we lose some of that by not providing full compatibility.
1 participant
Bumps github.com/ory/jsonschema/v3 from 3.0.4 to 3.0.8.
Release notes
Sourced from github.com/ory/jsonschema/v3's releases.
Commits
d248f49Merge pull request #9 from ory/context9d5eb0dfix: error assertion19b089dfix: lintd4395d3chore: bump dependencies and Go version0ee262bfeat: use context in HTTP loaderb41762fci: fix tool paths00f509bchore: remove ory/x dependencyd2f6636feat: make context a dedicated typefa85aeadocs: clarify use case68e5cd2fix: contextualize everythingYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)