Skip to content

chore: Update go packages#10082

Merged
Darien-Lin merged 1 commit into
GoogleContainerTools:mainfrom
ruhi-chaddha:main
May 14, 2026
Merged

chore: Update go packages#10082
Darien-Lin merged 1 commit into
GoogleContainerTools:mainfrom
ruhi-chaddha:main

Conversation

@ruhi-chaddha

Copy link
Copy Markdown
Contributor

Description
Updating go packages for skaffold release

@ruhi-chaddha ruhi-chaddha requested a review from a team as a code owner May 14, 2026 17:30

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request performs an extensive update of vendored dependencies, including major version bumps for fsnotify, cbor, zap, and the opencontainers selinux library. A significant refactoring of the go-openapi runtime is introduced, modularizing content negotiation, UI middleware, and media type matching into a new server-middleware package. Feedback on these changes identifies a high-severity regression in the router logic where URL-encoding colons on the request path interferes with path parameter capture. Additionally, a misleading error message in the new internal request builder was flagged for correction.

}
if router, ok := d.routers[mth]; ok {
if m, rp, ok := router.Lookup(fpath.Clean(path)); ok && m != nil {
if m, rp, ok := router.Lookup(fpath.Clean(escapeLiteralColons(path))); ok && m != nil {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The application of escapeLiteralColons to the request path in Lookup (and OtherMethods at line 402) is problematic. It URL-encodes colons within path segments, which means that if a colon is part of a path parameter value, the captured value will be encoded (e.g., bob:smith becomes bob%3Asmith). This is a regression in behavior. Escaping should only be applied to the literal parts of the path pattern during route registration to avoid misinterpretation by the denco router, but the request path itself should remain unescaped for matching to preserve parameter values.

// underlying pipe/stream. Caller treats body as ignorable when
// err != nil per Go convention; the defer reads it via closure.
if copyErr != nil {
return body, fmt.Errorf("error retrieving the response body: %v", copyErr)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message incorrectly refers to the "response body" instead of the "request body". This is misleading as this code is part of the request building process.

Suggested change
return body, fmt.Errorf("error retrieving the response body: %v", copyErr)
return body, fmt.Errorf("error retrieving the request body: %v", copyErr)
@Darien-Lin Darien-Lin enabled auto-merge (squash) May 14, 2026 18:01
@Darien-Lin Darien-Lin merged commit 38b5203 into GoogleContainerTools:main May 14, 2026
11 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

2 participants