Bump Vendir to v0.45.3 & Update root directory imports from k14s/semver to carvel-dev/semver.#1815
Open
sameerforge wants to merge 2 commits intocarvel-dev:developfrom
Open
Bump Vendir to v0.45.3 & Update root directory imports from k14s/semver to carvel-dev/semver.#1815sameerforge wants to merge 2 commits intocarvel-dev:developfrom
sameerforge wants to merge 2 commits intocarvel-dev:developfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Bumps the root module’s carvel.dev/vendir dependency to v0.45.3 and refreshes the corresponding vendored dependency set, including an updated snapshot of github.com/carvel-dev/semver/v4 that changes version comparison behavior.
Changes:
- Update
carvel.dev/vendirfromv0.45.2→v0.45.3in the rootgo.mod/go.sum. - Refresh root
vendor/modules.txtto reflect updated vendored module versions. - Update vendored
github.com/carvel-dev/semver/v4implementation (notably comparison/sorting logic).
Reviewed changes
Copilot reviewed 1 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| go.mod | Bumps root module vendir + semver pseudo-version requirements. |
| go.sum | Updates root module checksums for the vendir + semver bumps. |
| vendor/modules.txt | Refreshes root vendoring metadata to reflect new module versions. |
| vendor/github.com/carvel-dev/semver/v4/semver.go | Pulls in updated semver implementation, including new “natural sort”/special-cased compare behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Sameer <sameer.khan@broadcom.com>
sameerforge
force-pushed
the
bump-vendir
branch
2 times, most recently
from
a0c6fda to
cf89244
Compare
There was a problem hiding this comment.
Pull request overview
Updates kapp-controller’s vendored dependencies by bumping carvel.dev/vendir to v0.45.3, which also refreshes the vendored github.com/carvel-dev/semver/v4 snapshot used by vendir for version parsing/selection.
Changes:
- Bump
carvel.dev/vendirfromv0.45.2→v0.45.3in both root andcli/Go modules. - Refresh corresponding
go.sumentries and vendored module metadata (vendor/modules.txt,cli/vendor/modules.txt). - Update vendored
github.com/carvel-dev/semver/v4implementation in both vendor trees.
Reviewed changes
Copilot reviewed 2 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vendor/modules.txt | Updates vendir + semver module versions recorded in vendoring metadata. |
| vendor/github.com/carvel-dev/semver/v4/semver.go | Pulls in updated semver comparison implementation used by vendir’s version sorting. |
| go.sum | Updates checksums for vendir and updated transitive deps. |
| go.mod | Bumps vendir and semver pseudo-version in the root module. |
| cli/vendor/modules.txt | Mirrors vendir + semver vendoring metadata update for the cli/ module. |
| cli/vendor/github.com/carvel-dev/semver/v4/semver.go | Mirrors updated semver implementation in cli/’s vendor tree. |
| cli/go.sum | Updates checksums for the cli/ module’s vendir dependency. |
| cli/go.mod | Bumps vendir and semver pseudo-version in the cli/ module. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
praveenrewar
approved these changes
Apr 17, 2026
Member
praveenrewar
left a comment
praveenrewar
left a comment
There was a problem hiding this comment.
PR looks good to me. If the intention is to bump vendir for fixing any CVEs, then I hope you will also bump kbld to 0.47.3 since kbld also uses vendir.
Contributor
Author
Yes, vendir is bumped in KBLD. And v0.47.3 release has been published https://github.com/carvel-dev/kbld/releases/tag/v0.47.3 |
There was a problem hiding this comment.
Pull request overview
Updates kapp-controller’s vendored Go dependencies to pick up carvel.dev/vendir v0.45.3, including the associated semver library snapshot and regenerated vendored module metadata for both the root module and the nested cli/ module.
Changes:
- Bump
carvel.dev/vendirfromv0.45.2tov0.45.3(root +cli/modules) and refreshgo.sum/ vendoring metadata. - Switch semver imports from
github.com/k14s/semver/v4togithub.com/carvel-dev/semver/v4and remove the vendoredk14s/semvertree. - Refresh vendored transitive dependencies (notably
github.com/stretchr/testifyandgolang.org/x/sys) undercli/vendor/.
Reviewed changes
Copilot reviewed 13 out of 66 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| vendor/modules.txt | Updates vendored module list for root module (vendir + semver). |
| vendor/github.com/k14s/semver/v4/sql.go | Removes vendored legacy semver implementation. |
| vendor/github.com/k14s/semver/v4/sort.go | Removes vendored legacy semver implementation. |
| vendor/github.com/k14s/semver/v4/semver.go | Removes vendored legacy semver implementation. |
| vendor/github.com/k14s/semver/v4/range.go | Removes vendored legacy semver implementation. |
| vendor/github.com/k14s/semver/v4/json.go | Removes vendored legacy semver implementation. |
| vendor/github.com/k14s/semver/v4/LICENSE | Removes vendored legacy semver license (no longer vendored). |
| vendor/github.com/carvel-dev/semver/v4/semver.go | Updates vendored semver behavior and helpers. |
| pkg/packageinstall/packageinstall_test.go | Updates semver import path in tests. |
| pkg/packageinstall/packageinstall_downgrade_test.go | Updates semver import path in tests. |
| pkg/packageinstall/packageinstall_deletion_test.go | Updates semver import path in tests. |
| pkg/packageinstall/packageinstall.go | Updates semver import path in controller code. |
| pkg/componentinfo/component_info.go | Updates semver import path used for version parsing. |
| pkg/app/app_test.go | Updates semver import path in tests. |
| pkg/app/app_template_test.go | Updates semver import path in tests. |
| pkg/app/app_reconcile_test.go | Updates semver import path in tests. |
| pkg/app/app.go | Updates semver import path in app logic. |
| pkg/apiserver/apiserver.go | Updates semver import path in apiserver. |
| pkg/apiserver/apis/datapackaging/validation/validations.go | Updates semver import path in validations. |
| go.sum | Updates checksums for vendir + semver dependency bump. |
| go.mod | Bumps vendir and switches semver dependency to carvel-dev snapshot. |
| cli/vendor/modules.txt | Updates CLI vendored module list (vendir/semver/testify/xsys) and records replace. |
| cli/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go | Updates vendored x/sys NetBSD types. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux_386.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/zerrors_linux.go | Updates vendored x/sys Linux ioctl constants. |
| cli/vendor/golang.org/x/sys/unix/mkerrors.sh | Updates vendored x/sys generator inputs/filters (MEI ioctls). |
| cli/vendor/github.com/stretchr/testify/require/require_forward.go | Updates vendored testify require wrappers/docs. |
| cli/vendor/github.com/stretchr/testify/require/require.go | Updates vendored testify require implementation/docs. |
| cli/vendor/github.com/stretchr/testify/require/doc.go | Updates vendored testify require package docs. |
| cli/vendor/github.com/stretchr/testify/assert/yaml/yaml_fail.go | Updates vendored testify yaml build constraints. |
| cli/vendor/github.com/stretchr/testify/assert/yaml/yaml_default.go | Updates vendored testify yaml build constraints. |
| cli/vendor/github.com/stretchr/testify/assert/yaml/yaml_custom.go | Updates vendored testify yaml build constraints. |
| cli/vendor/github.com/stretchr/testify/assert/http_assertions.go | Updates vendored testify error formatting. |
| cli/vendor/github.com/stretchr/testify/assert/doc.go | Updates vendored testify assert docs. |
| cli/vendor/github.com/stretchr/testify/assert/assertions.go | Updates vendored testify core assertions (incl. ordering/empty/type helpers). |
| cli/vendor/github.com/stretchr/testify/assert/assertion_order.go | Updates vendored testify ordering error messages. |
| cli/vendor/github.com/stretchr/testify/assert/assertion_forward.go | Updates vendored testify assertion forwarders/docs. |
| cli/vendor/github.com/stretchr/testify/assert/assertion_format.go | Updates vendored testify formatted assertion wrappers/docs. |
| cli/vendor/github.com/stretchr/testify/assert/assertion_compare.go | Updates vendored testify compare assertion messages/logic. |
| cli/vendor/github.com/k14s/semver/v4/sql.go | Removes vendored legacy semver implementation from CLI vendor. |
| cli/vendor/github.com/k14s/semver/v4/sort.go | Removes vendored legacy semver implementation from CLI vendor. |
| cli/vendor/github.com/k14s/semver/v4/semver.go | Removes vendored legacy semver implementation from CLI vendor. |
| cli/vendor/github.com/k14s/semver/v4/range.go | Removes vendored legacy semver implementation from CLI vendor. |
| cli/vendor/github.com/k14s/semver/v4/json.go | Removes vendored legacy semver implementation from CLI vendor. |
| cli/vendor/github.com/k14s/semver/v4/LICENSE | Removes vendored legacy semver license from CLI vendor. |
| cli/vendor/github.com/carvel-dev/semver/v4/semver.go | Updates vendored semver in CLI vendor tree. |
| cli/vendor/carvel.dev/kapp-controller/pkg/packageinstall/packageinstall.go | Updates vendored kapp-controller code used by CLI to new semver import. |
| cli/vendor/carvel.dev/kapp-controller/pkg/config/config.go | Syncs vendored kapp-controller config code. |
| cli/vendor/carvel.dev/kapp-controller/pkg/componentinfo/component_info.go | Updates vendored kapp-controller componentinfo semver import. |
| cli/vendor/carvel.dev/kapp-controller/pkg/app/app.go | Updates vendored kapp-controller app semver import. |
| cli/go.sum | Updates CLI module checksums for dependency bump(s). |
| cli/go.mod | Bumps vendir + semver snapshot, updates testify/xsys, adds replace to local root module. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Sameer <sameer.khan@broadcom.com>
sameerforge
force-pushed
the
bump-vendir
branch
from
e656f6c to
15ca1f1
Compare
There was a problem hiding this comment.
Pull request overview
Updates kapp-controller’s vendored dependencies to pick up the latest vendir and move semver usage off the legacy github.com/k14s/semver module.
Changes:
- Bump
carvel.dev/vendirfromv0.45.2tov0.45.3(root +cli/module) and update vendored manifests. - Switch in-repo Go imports from
github.com/k14s/semver/v4togithub.com/carvel-dev/semver/v4. - Remove the legacy vendored
github.com/k14s/semver/v4directory from the rootvendor/.
Reviewed changes
Copilot reviewed 13 out of 25 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| vendor/modules.txt | Updates vendored module list for root module (vendir + semver changes reflected). |
| vendor/github.com/k14s/semver/v4/sql.go | Removes legacy vendored k14s/semver implementation from root vendor. |
| vendor/github.com/k14s/semver/v4/sort.go | Removes legacy vendored k14s/semver implementation from root vendor. |
| vendor/github.com/k14s/semver/v4/semver.go | Removes legacy vendored k14s/semver implementation from root vendor. |
| vendor/github.com/k14s/semver/v4/range.go | Removes legacy vendored k14s/semver implementation from root vendor. |
| vendor/github.com/k14s/semver/v4/json.go | Removes legacy vendored k14s/semver implementation from root vendor. |
| vendor/github.com/k14s/semver/v4/LICENSE | Removes legacy vendored k14s/semver license file from root vendor. |
| vendor/github.com/carvel-dev/semver/v4/semver.go | Updates vendored carvel-dev/semver implementation to the bumped version. |
| pkg/packageinstall/packageinstall_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/packageinstall/packageinstall_downgrade_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/packageinstall/packageinstall_deletion_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/packageinstall/packageinstall.go | Switches semver import to github.com/carvel-dev/semver/v4. |
| pkg/componentinfo/component_info.go | Switches semver import to github.com/carvel-dev/semver/v4. |
| pkg/app/app_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/app/app_template_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/app/app_reconcile_test.go | Updates tests to import github.com/carvel-dev/semver/v4. |
| pkg/app/app.go | Switches semver import to github.com/carvel-dev/semver/v4. |
| pkg/apiserver/apiserver.go | Switches semver import to github.com/carvel-dev/semver/v4. |
| pkg/apiserver/apis/datapackaging/validation/validations.go | Switches semver import alias to github.com/carvel-dev/semver/v4. |
| go.sum | Updates root checksums for vendir + semver and removes legacy k14s/semver sums. |
| go.mod | Bumps vendir + semver and removes k14s/semver requirement in the root module. |
| cli/vendor/modules.txt | Updates vendored module list for the cli/ module (vendir + semver versions). |
| cli/vendor/github.com/carvel-dev/semver/v4/semver.go | Updates vendored carvel-dev/semver implementation for the cli/ module. |
| cli/go.sum | Updates cli/ checksums for vendir + semver. |
| cli/go.mod | Bumps cli/ module vendir + semver versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sameerforge
changed the title
Contributor
Author
|
@joaopapereira Please review the PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Changes :
Which issue(s) this PR fixes:
Fixes #
Does this PR introduce a user-facing change?
Additional Notes for your reviewer:
Review Checklist:
a link to that PR
change
Additional documentation e.g., Proposal, usage docs, etc.: