Skip to content

Modernize to remove abandoned dependencies#247

Open
erikgb wants to merge 1 commit intocert-manager:masterfrom
erikgb:modernize
Open

Modernize to remove abandoned dependencies#247
erikgb wants to merge 1 commit intocert-manager:masterfrom
erikgb:modernize

Conversation

@erikgb
Copy link
Member

@erikgb erikgb commented Feb 12, 2026
edited
Loading

I popped into the dependency dashboard (#209) and noticed a few old/abandoned dependencies. This removes a couple of them and also fixes some uses for deprecated APIs.

@cert-manager-prow cert-manager-prow bot added the dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. label Feb 12, 2026
@cert-manager-prow
Copy link
Contributor

cert-manager-prow bot commented Feb 12, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign erikgb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 12, 2026
@cert-manager-prow cert-manager-prow bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 12, 2026
@erikgb erikgb requested a review from Copilot February 12, 2026 20:43
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the codebase to remove/avoid abandoned dependencies and updates usages of deprecated APIs, primarily around Go error handling, YAML parsing, and Kubernetes utility types.

Changes:

  • Replace github.com/pkg/errors usage with standard library error wrapping and errors.Join.
  • Replace github.com/ghodss/yaml with sigs.k8s.io/yaml.
  • Migrate Kubernetes sets.String to generic sets.Set[string] and update call sites/tests accordingly.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 10 comments.

Show a summary per file
File Description
pkg/sign/internal/kmssigner/kmssigner.go Switch error wrapping from pkg/errors to fmt.Errorf with %w.
pkg/release/platforms.go Migrate platform parsing helpers from sets.String to sets.Set[string].
pkg/release/platforms_test.go Update tests to match the new sets.Set[string] API and list semantics.
cmd/cmrel/cmd/stage.go Update set listing/joining for CLI help text and Cloud Build substitutions.
cmd/cmrel/cmd/gcb_stage.go Update set iteration/listing for CLI help text and build loop ordering.
pkg/release/manifests/chart.go Replace YAML dependency import to sigs.k8s.io/yaml.
pkg/release/helm/helm.go Replace pkg/errors + k8s aggregate errors with stdlib errors.Join and k8s.io/utils/ptr.
go.mod Remove direct ghodss/yaml and pkg/errors; drop gopkg.in/yaml.v2 indirect; keep pkg/errors indirect.
go.sum Remove checksums for ghodss/yaml and gopkg.in/yaml.v2.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cert-manager-prow cert-manager-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 12, 2026
@erikgb erikgb requested a review from Copilot February 12, 2026 21:57
erikgb
erikgb commented Feb 12, 2026
View reviewed changes
pkg/release/helm/helm.go
if err != nil {
return errors.WithStack(err)
}

Copy link
Member Author

@erikgb erikgb Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No new error here, so this is just removing dead code.

Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

pkg/sign/internal/kmssigner/kmssigner.go
Comment on lines 58 to 61
block, _ := pem.Decode([]byte(res.Pem))
if block == nil || block.Type != "PUBLIC KEY" {
return nil, errors.WithMessage(err, "could not decode public key PEM")
return nil, fmt.Errorf("could not decode public key PEM")
}
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error loses useful context about why PEM decoding failed (no PEM block vs unexpected block.Type). Consider including those details in the message (and keep it non-wrapping since there isn't an underlying err here) to make KMS key misconfiguration/debugging easier.

Copilot uses AI. Check for mistakes.
@erikgb erikgb requested a review from Copilot February 12, 2026 22:10
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 5 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

go.mod
@@ -6,10 +6,8 @@ require (
cloud.google.com/go/storage v1.60.0
github.com/blang/semver v3.5.1+incompatible
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dependency github.com/blang/semver v3.5.1+incompatible is listed as abandoned (last updated 2017-07-27) according to the PR description. This dependency is still being used in pkg/release/platforms.go and pkg/release/validation/validate.go. Consider migrating to a maintained alternative such as golang.org/x/mod/semver or github.com/Masterminds/semver/v3.

Suggested change
github.com/blang/semver v3.5.1+incompatible
github.com/Masterminds/semver/v3 v3.2.1

Copilot uses AI. Check for mistakes.
@erikgb
Modernize to remove abandoned dependencies
4f271cf 
Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@erikgb
Copy link
Member Author

erikgb commented Feb 12, 2026

/cc @inteon

@cert-manager-prow cert-manager-prow bot requested a review from inteon February 12, 2026 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@inteon inteon Awaiting requested review from inteon

Assignees

No one assigned

Labels

dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@erikgb