chore: Update go packages#10082
Conversation
There was a problem hiding this comment.
Code Review
This pull request performs an extensive update of vendored dependencies, including major version bumps for fsnotify, cbor, zap, and the opencontainers selinux library. A significant refactoring of the go-openapi runtime is introduced, modularizing content negotiation, UI middleware, and media type matching into a new server-middleware package. Feedback on these changes identifies a high-severity regression in the router logic where URL-encoding colons on the request path interferes with path parameter capture. Additionally, a misleading error message in the new internal request builder was flagged for correction.
| } | ||
| if router, ok := d.routers[mth]; ok { | ||
| if m, rp, ok := router.Lookup(fpath.Clean(path)); ok && m != nil { | ||
| if m, rp, ok := router.Lookup(fpath.Clean(escapeLiteralColons(path))); ok && m != nil { |
There was a problem hiding this comment.
The application of escapeLiteralColons to the request path in Lookup (and OtherMethods at line 402) is problematic. It URL-encodes colons within path segments, which means that if a colon is part of a path parameter value, the captured value will be encoded (e.g., bob:smith becomes bob%3Asmith). This is a regression in behavior. Escaping should only be applied to the literal parts of the path pattern during route registration to avoid misinterpretation by the denco router, but the request path itself should remain unescaped for matching to preserve parameter values.
| // underlying pipe/stream. Caller treats body as ignorable when | ||
| // err != nil per Go convention; the defer reads it via closure. | ||
| if copyErr != nil { | ||
| return body, fmt.Errorf("error retrieving the response body: %v", copyErr) |
There was a problem hiding this comment.
The error message incorrectly refers to the "response body" instead of the "request body". This is misleading as this code is part of the request building process.
| return body, fmt.Errorf("error retrieving the response body: %v", copyErr) | |
| return body, fmt.Errorf("error retrieving the request body: %v", copyErr) |
Description
Updating go packages for skaffold release