Unsafe package removal by pelletier · Pull Request #1021 · pelletier/go-toml

pelletier · 2026-01-04T13:29:13Z

Summary

This PR removes the unsafe package from go-toml, making the codebase fully safe Go code. The internal/danger package that contained unsafe operations has been deleted.

Motivation

Using unsafe creates maintenance burden and potential portability issues. Modern Go compilers are efficient enough that the performance cost of safe alternatives is acceptable.

Changes

Replaced pointer-based node navigation with index-based navigation
Node.next and Node.child now store absolute indices into the backing nodes slice instead of relative offsets
Added nodes pointer to Node and Iterator for safe navigation
Replaced danger.TypeID with reflect.Type for cache keys
Deleted internal/danger package entirely

Performance Impact

All benchmarks are under 10% slower than the baseline, which is acceptable for the safety and maintainability benefits.

Full benchstat output

goos: darwin
goarch: arm64
pkg: github.com/pelletier/go-toml/v2/benchmark
cpu: Apple M4
                                 │ baseline.txt │            final.txt             │
                                 │    sec/op    │   sec/op     vs base             │
UnmarshalDataset/canada-10          31.89m ± 6%   33.07m ± 6%  +3.71% (p=0.019 n=10)
UnmarshalDataset/citm_catalog-10    9.573m ± 6%  10.368m ± 5%  +8.31% (p=0.000 n=10)
UnmarshalDataset/twitter-10         4.105m ± 2%   4.474m ± 2%  +9.00% (p=0.000 n=10)
geomean                             10.78m        11.53m       +6.98%

                                 │ baseline.txt │            final.txt             │
                                 │     B/s      │     B/s      vs base             │
UnmarshalDataset/canada-10         65.85Mi ± 5%  63.48Mi ± 5%  -3.59% (p=0.018 n=10)
UnmarshalDataset/citm_catalog-10   55.59Mi ± 5%  51.33Mi ± 5%  -7.68% (p=0.000 n=10)
UnmarshalDataset/twitter-10       102.67Mi ± 2%  94.19Mi ± 2%  -8.25% (p=0.000 n=10)
geomean                            72.17Mi       67.45Mi       -6.53%

                                 │ baseline.txt │            final.txt             │
                                 │    B/op      │    B/op      vs base             │
UnmarshalDataset/canada-10         76.24Mi ± 0%  76.24Mi ± 0%       ~ (p=0.491 n=10)
UnmarshalDataset/citm_catalog-10   32.87Mi ± 0%  32.87Mi ± 0%  +0.00% (p=0.034 n=10)
UnmarshalDataset/twitter-10        11.95Mi ± 0%  11.95Mi ± 0%  +0.00% (p=0.019 n=10)
geomean                            31.06Mi       31.06Mi       +0.00%

                                 │ baseline.txt │            final.txt              │
                                 │  allocs/op   │  allocs/op   vs base              │
UnmarshalDataset/canada-10          670.4k ± 0%   670.4k ± 0%       ~ (p=1.000 n=10)
UnmarshalDataset/citm_catalog-10    178.0k ± 0%   178.0k ± 0%       ~ (p=1.000 n=10)
UnmarshalDataset/twitter-10         55.65k ± 0%   55.65k ± 0%       ~ (p=0.370 n=10)
geomean                             188.0k        188.0k       -0.00%

Testing

All existing tests pass
Race detector tests pass
Lint passes (0 issues)
Code coverage unchanged at 97.4%

cursor · 2026-01-04T13:29:15Z

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

Removes all unsafe operations from go-toml, making the codebase fully safe Go code. The internal/danger package that contained unsafe operations has been deleted. Changes: - Replace pointer-based node navigation with index-based navigation - Node.next and Node.child now store absolute indices into the backing nodes slice instead of relative offsets - Add nodes pointer to Node and Iterator for safe navigation - Replace danger.TypeID with reflect.Type for cache keys - Delete internal/danger package entirely Performance overhead is under 10% compared to the unsafe version, which is acceptable for the safety and maintainability benefits. [Cursor][claude-sonnet-4-20250514]

…374) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) | require | minor | `v2.2.4` → `v2.3.0` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/pelletier/go-toml/badge)](https://securityscorecards.dev/viewer/?uri=github.com/pelletier/go-toml) | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/23) for more information. --- ### Release Notes <details> <summary>pelletier/go-toml (github.com/pelletier/go-toml/v2)</summary> ### [`v2.3.0`](https://github.com/pelletier/go-toml/releases/tag/v2.3.0) [Compare Source](pelletier/go-toml@v2.2.4...v2.3.0) This is the first release built largely with the help of AI coding agents. Highlights include the complete removal of the unsafe package. go-toml is now fully safe Go code, with a geomean overhead of only \~1.4% vs v2.2.4 and zero additional allocations on benchmarks. This release also adds omitzero struct tag support, improves UnmarshalText/Unmarshaler handling for tables and array tables, and fixes several bugs including nil pointer marshaling, leap second handling, and datetime unmarshaling panics.  #### What's Changed ##### What's new - marshal: don't escape quotes unnecessarily by [@virtuald](https://github.com/virtuald) in [#991](pelletier/go-toml#991) - Add `omitzero` tag support by [@NathanBaulch](https://github.com/NathanBaulch) in [#998](pelletier/go-toml#998) - Support custom IsZero() methods with omitzero tag by [@pelletier](https://github.com/pelletier) in [#1020](pelletier/go-toml#1020) - UnmarshalText fallbacks to struct unmarshaling for tables and arrays by [@pelletier](https://github.com/pelletier) in [#1026](pelletier/go-toml#1026) - \[unstable] Support Unmarshaler interface for tables and array tables by [@pelletier](https://github.com/pelletier) in [#1027](pelletier/go-toml#1027) ##### Fixed bugs - Add missing UnmarshalTOML call by [@pelletier](https://github.com/pelletier) in [#996](pelletier/go-toml#996) - Handle array table into an empty slice by [@pelletier](https://github.com/pelletier) in [#997](pelletier/go-toml#997) - Unwrap strict errors by [@bersace](https://github.com/bersace) in [#1012](pelletier/go-toml#1012) - Fix leap second handling found by fuzz by [@pelletier](https://github.com/pelletier) in [#1019](pelletier/go-toml#1019) - Fix nil pointer map values not being marshaled by [@pelletier](https://github.com/pelletier) in [#1025](pelletier/go-toml#1025) - Fix panic when unmarshaling datetime values to incompatible types ([#1028](pelletier/go-toml#1028)) by [@pelletier](https://github.com/pelletier) in [#1029](pelletier/go-toml#1029) - Fix parser error pointing to wrong line at EOF without trailing newline by [@pelletier](https://github.com/pelletier) in [#1041](pelletier/go-toml#1041) ##### Documentation - Improve Unmarshaling README by [@heckelson](https://github.com/heckelson) in [#1016](pelletier/go-toml#1016) - Create AGENTS.md guidelines file by [@pelletier](https://github.com/pelletier) in [#1017](pelletier/go-toml#1017) ##### Other changes - Unsafe package removal by [@pelletier](https://github.com/pelletier) in [#1021](pelletier/go-toml#1021) - Bump CI and test scripts to Go 1.26 by [@pelletier](https://github.com/pelletier) in [#1030](pelletier/go-toml#1030) #### New Contributors - [@virtuald](https://github.com/virtuald) made their first contribution in [#991](pelletier/go-toml#991) - [@NathanBaulch](https://github.com/NathanBaulch) made their first contribution in [#999](pelletier/go-toml#999) - [@bersace](https://github.com/bersace) made their first contribution in [#1012](pelletier/go-toml#1012) - [@flyn-org](https://github.com/flyn-org) made their first contribution in [#1013](pelletier/go-toml#1013) - [@heckelson](https://github.com/heckelson) made their first contribution in [#1016](pelletier/go-toml#1016) **Full Changelog**: <pelletier/go-toml@v2.2.4...v2.3.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday ( * 0-4,22-23 * * 1-5 ), Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://altlinux.space/stapler/stplr/pulls/374 Co-authored-by: Renovate Bot <stapler-helper-bot@noreply.altlinux.space> Co-committed-by: Renovate Bot <stapler-helper-bot@noreply.altlinux.space>

…rser.Range (#1047) The unsafe removal (#1021) replaced danger.SubsliceOffset (pointer arithmetic) with len(p.data)-len(b), which only works for suffix slices. Parser.Range is called with arbitrary interior subslices (e.g. ParserError.Highlight), so the offset was wrong whenever the error occurred after previously scanned content like comments. Fix by using reflect.ValueOf().Pointer() to recover the actual data pointer, matching the approach already used in errors.go. https://claude.ai/code/session_01EXYfFXc3DDGpQ27sWdXTKq

pelletier force-pushed the cursor/unsafe-package-removal-04e0 branch from 78f1c1b to efddfce Compare January 4, 2026 16:26

pelletier force-pushed the cursor/unsafe-package-removal-04e0 branch from efddfce to a515d45 Compare January 4, 2026 17:09

pelletier merged commit 3aaf147 into v2 Jan 4, 2026
12 checks passed

pelletier deleted the cursor/unsafe-package-removal-04e0 branch January 4, 2026 18:16

pelletier mentioned this pull request Jan 4, 2026

Remove unsafe #950

Closed

pelletier added the build Issues regarding go-toml's CI system. label Feb 11, 2026

pelletier removed the build Issues regarding go-toml's CI system. label Mar 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unsafe package removal#1021

Unsafe package removal#1021
pelletier merged 1 commit intov2from
cursor/unsafe-package-removal-04e0

pelletier commented Jan 4, 2026 •

edited

Loading

Uh oh!

cursor Bot commented Jan 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

pelletier commented Jan 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Motivation

Changes

Performance Impact

Testing

Uh oh!

cursor Bot commented Jan 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

pelletier commented Jan 4, 2026 •

edited

Loading