terraform icon indicating copy to clipboard operation
terraform copied to clipboard
verified publisher icon hashicorp

Bump github.com/bmatcuk/doublestar from 1.1.5 to 1.3.4

Open dependabot[bot] opened this issue 4 years ago • 2 comments

Bumps github.com/bmatcuk/doublestar from 1.1.5 to 1.3.4.

Release notes

Sourced from github.com/bmatcuk/doublestar's releases.

Fixed Minor Recursion Bug

Thanks @​pavelbazika!

Close Directories Immediately

A small change to close directories immediately, rather than deferring. Thanks @​luhring!

Fixed bug clobbering results if Readdir fails

If Readdir failed, doublestar was returning nil instead of the accumulated results. Thanks for the bug report @​InfiniteTF!

Fixed bug matching files that started with a multi-byte unicode char

Thanks @​bnkai for the bug report!

Added "OS" interface to improve testability

Thanks to @​twpayne, doublestar now has exported versions of PathMatch and Glob (PathMatchOS and GlobOS respectively) that take an OS interface which can be used to abstract the underlying filesystem calls. Using something like go-vfs, you can then write unit tests for code that uses doublestar without depending on an actual filesystem.

Existing PathMatch and Glob are unchanged.

Sort results from Glob()

No release notes provided.

Minor Bug Fix

Improves compatibility with path.Match by supporting something like Match("*/", "a/")

Windows Absolute Paths Without Volumes; Windows Tests Fixes

Thanks @​idoru!

Fixes Patterns that Start With Alternatives

Small bug fix release.

Support for path separators inside {alts}

This release adds support for {alt} groups that include path separators, for example: {/tmp/test/example1,/tmp/test/example2}. It also adds support for nested alt groups. This should close bug #25.

Commits
  • ec92414 :bug: fix small recursion error
  • eb4d9ac Add example executable entrypoint
  • fbc9ddc Close dir immediately after contents are read
  • 5cf9061 :bug: don't throw away results if Readdir fails
  • bcc22aa [fix #40] :bug: filename starting with unicode doesn't match *
  • 1a01b95 README adjustments
  • 6611e8e build on linux + windows
  • 23e080d test last three golang versions
  • 39df92f return any error from Close if no other error has occurred
  • 28ecce1 don't ignore errors from Readdir
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Aug 20 '21 13:08 dependabot[bot]

It looks like there's an intentional behavior change in the upstream library here which affects the behavior of our fileset function.

I think it might be bmatcuk/doublestar#28 that accounts for this behavior change, since it alters how doublestar deals with a pattern which starts with a path separator, and the faling test here is calling fileset(".", "\\").

This behavior change seems okay because it turns what was previously an error into a success, but we'll need to spend a little more time verifying it first and making sure that the new behavior does something reasonable within the extra requirements of our function, which is intended to always produce paths relative to the given base directory in order to allow use-cases like mirroring a static directory tree into S3.

apparentlymart avatar Oct 12 '21 17:10 apparentlymart

As it's probably not surprising, we're very far behind the latest version at this point (after a few years). It may take quite a bit of effort to investigate all the implications and effects of upgrading from 1.1.5 all the way to v4.6.1.

I'm not sure there is value in bumping to lower versions at this point, so if someone is investing time into it, they may as well look into upgrading to latest.

That said, what Martin said above in 2021 still remains true today - which is that our exposure to that dependency is limited to the one builtin function fileset, specifically here: https://github.com/hashicorp/terraform/blob/22d5f34d50f33b78e3d8c3172e09b94a37b63fd8/internal/lang/funcs/filesystem.go#L242

In the worst case scenario, if we deem the changes as potentially disrupting we could consider packing the update into the next minor (rather than patch) release. Some additional tests for that function should probably be written either way before updating.

^ cc @crw

radeksimko avatar Aug 01 '24 13:08 radeksimko

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Feb 18 '25 16:02 dependabot[bot]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Mar 21 '25 02:03 github-actions[bot]