chore(deps): update module go.yaml.in/yaml/v2 to v3 #429

coderabbitai · 2026-05-02T13:30:55Z

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check the dependency graph to identify what pulls in each yaml version echo "=== Dependencies requiring gopkg.in/yaml.v3 ===" go mod graph | grep 'gopkg.in/yaml.v3' echo -e "\n=== Dependencies requiring go.yaml.in/yaml/v3 ===" go mod graph | grep 'go.yaml.in/yaml/v3' echo -e "\n=== Why gopkg.in/yaml.v3@v3.0.1 is needed ===" go mod why gopkg.in/yaml.v3 echo -e "\n=== Why go.yaml.in/yaml/v3@v3.0.4 is needed ===" go mod why go.yaml.in/yaml/v3 echo -e "\n=== Attempting to tidy and verify ===" go mod tidy echo "After tidy, checking for remaining duplicates:" grep -n "yaml.v3" go.mod || echo "No yaml.v3 found after tidy"

Repository: RedHatInsights/quickstarts

Length of output: 5267

Duplicate yaml.v3 dependency versions persisting in go.mod.

Lines 61 and 70 both declare yaml.v3 dependencies at different versions: go.yaml.in/yaml/v3 v3.0.4 and gopkg.in/yaml.v3 v3.0.1. While these import paths refer to the same upstream library, Go treats them as separate module paths. The presence of both versions persists even after go mod tidy, indicating that different dependencies in the tree explicitly require these versions—go.yaml.in/yaml/v3@v3.0.4 is pulled by github.com/onsi/gomega@v1.39.1, while gopkg.in/yaml.v3@v3.0.1 is pulled by github.com/oapi-codegen/oapi-codegen/v2 and others. This can cause subtle type incompatibilities if code from packages using different import paths interacts.

To resolve, consider:

Updating dependencies that pull gopkg.in/yaml.v3@v3.0.1 to versions that use go.yaml.in/yaml/v3 instead, or

Adding an explicit replace directive in go.mod to alias one import path to the other (e.g., replace gopkg.in/yaml.v3 => go.yaml.in/yaml/v3), or

Investigating whether all dependencies can be updated to standardize on the canonical go.yaml.in/yaml/v3 import path.

Also applies to: 70-70

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed. In `@go.mod` at line 61, The go.mod contains two distinct module paths for the same YAML library (go.yaml.in/yaml/v3 v3.0.4 and gopkg.in/yaml.v3 v3.0.1) causing duplicate versions and potential type incompatibilities; resolve by either updating dependent modules (e.g., bump github.com/oapi-codegen/oapi-codegen/v2 or others that pull gopkg.in/yaml.v3) to versions that depend on go.yaml.in/yaml/v3, or add an explicit replace directive to unify the paths (e.g., replace gopkg.in/yaml.v3 => go.yaml.in/yaml/v3) in go.mod so both import paths resolve to the same module version; ensure you run go mod tidy after the change and verify tests/builds to confirm no breakage.

-Original file line number
+Diff line change
@@ Expand Up / @@ -58,7 +58,7 @@ require ( @@
     	github.com/speakeasy-api/openapi-overlay v0.10.2 // indirect
     	github.com/vmware-labs/yaml-jsonpath v0.3.2 // indirect
     	github.com/woodsbury/decimal128 v1.4.0 // indirect
-    	go.yaml.in/yaml/v2 v2.4.4 // indirect
+    	go.yaml.in/yaml/v3 v3.0.4 // indirect
     	golang.org/x/crypto v0.50.0 // indirect
     	golang.org/x/mod v0.35.0 // indirect
     	golang.org/x/sync v0.20.0 // indirect
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update module go.yaml.in/yaml/v2 to v3 #429

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai Bot May 2, 2026

Uh oh!

Uh oh!

chore(deps): update module go.yaml.in/yaml/v2 to v3 #429

Are you sure you want to change the base?

Uh oh!

chore(deps): update module go.yaml.in/yaml/v2 to v3 #429

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

coderabbitai Bot May 2, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!