chore: switch YAML library

[ash2k]

What does this PR do?

The original gopkg.in/yaml.v3 was marked unmaintained (April 2025). See https://github.com/go-yaml/yaml.

go.yaml.in/yaml/v3 is now maintained by the official YAML organization and is a drop-in replacement with an identical API.

Please see individual commits.

Why is it important?

Nobody will fix issues in the unmaintained dependency.

Related issues

This is similar to spf13/cobra#2336.

[netlify]

✅ Deploy Preview for testcontainers-go ready!

Name	Link
🔨 Latest commit	e6db784
🔍 Latest deploy log	https://app.netlify.com/projects/testcontainers-go/deploys/6931027771e6c300082e4862
😎 Deploy Preview	https://deploy-preview-3507--testcontainers-go.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated Go toolchain version specifications across multiple modules.
  • Upgraded command-line interface and flag-handling dependencies to latest versions.
  • Migrated YAML processing library to a compatible alternative across the codebase.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Summary by CodeRabbit

• Chores
  • Updated Go version to 1.24.0 across modules
  • Migrated YAML imports and go.mod entries from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 in several modules

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Walkthrough

Pinned module Go directives to 1.24.0 and replaced YAML dependency/imports from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 across multiple source files and go.mod manifests; code-level marshal/unmarshal calls remain unchanged. (50 words)

Changes

Cohort / File(s)	Summary
Go version directive updates modulegen/go.mod, usage-metrics/go.mod, wait/testdata/http/go.mod	Changed module go directive from go 1.24 to go 1.24.0.
YAML import migration in sources modulegen/internal/dependabot/reader.go, modulegen/internal/dependabot/writer.go, modulegen/internal/mkdocs/reader.go, modulegen/internal/mkdocs/writer.go, modules/compose/compose_local.go, modules/k3s/k3s.go	Replaced imports from gopkg.in/yaml.v3 with go.yaml.in/yaml/v3; marshal/unmarshal usages unchanged.
Go module dependency updates (modulegen) modulegen/go.mod	Added direct require go.yaml.in/yaml/v3 v3.0.4; removed direct gopkg.in/yaml.v3 v3.0.1 from the first require block; reintroduced gopkg.in/yaml.v3 v3.0.1 as indirect.
Go module dependency updates (compose) modules/compose/go.mod	Switched top-level YAML require to go.yaml.in/yaml/v3 v3.0.4; adjusted indirect requires (added gopkg.in/yaml.v3 v3.0.1 as indirect).
Go module dependency updates (k3s) modules/k3s/go.mod	Replaced primary require gopkg.in/yaml.v3 v3.0.1 with go.yaml.in/yaml/v3 v3.0.4; added gopkg.in/yaml.v3 v3.0.1 as indirect.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Attention points:
  • Verify API compatibility and identical behavior between go.yaml.in/yaml/v3 and previous gopkg.in/yaml.v3 usages.
  • Check go.mod consistency to avoid mixed-resolution surprises across modules and CI/tooling expectations for the go directive.

Poem

🐰 I hopped through modules, neat and spry,

swapped YAML paths beneath the sky,
pinned 1.24.0 with a tiny sigh,
tidy deps trimmed, then off I did fly 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main change: switching from an unmaintained YAML library (gopkg.in/yaml.v3) to a maintained alternative (go.yaml.in/yaml/v3), which is the core objective of this PR.
Description check	✅ Passed	The description clearly explains the motivation (unmaintained dependency), the solution (switching to maintained alternative), and provides context about the change being a drop-in replacement with identical API.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31fbd81 and e6db784.

⛔ Files ignored due to path filters (1)

• modulegen/go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• modulegen/go.mod (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• modulegen/go.mod

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: lint (modules/yugabytedb) / lint: modules/yugabytedb
• GitHub Check: lint (modules/opensearch) / lint: modules/opensearch
• GitHub Check: lint (modules/pinecone) / lint: modules/pinecone
• GitHub Check: lint (modules/vearch) / lint: modules/vearch
• GitHub Check: lint (modules/meilisearch) / lint: modules/meilisearch
• GitHub Check: lint (modules/localstack) / lint: modules/localstack
• GitHub Check: lint (modules/neo4j) / lint: modules/neo4j
• GitHub Check: lint (modules/openldap) / lint: modules/openldap
• GitHub Check: lint (modules/dockermodelrunner) / lint: modules/dockermodelrunner
• GitHub Check: lint (modules/openfga) / lint: modules/openfga
• GitHub Check: lint (modules/elasticsearch) / lint: modules/elasticsearch
• GitHub Check: lint (modules/redpanda) / lint: modules/redpanda
• GitHub Check: lint / lint:
• GitHub Check: lint (modules/kafka) / lint: modules/kafka
• GitHub Check: lint (modules/toxiproxy) / lint: modules/toxiproxy
• GitHub Check: lint (modules/registry) / lint: modules/registry
• GitHub Check: lint (usage-metrics) / lint: usage-metrics
• GitHub Check: lint (modules/k3s) / lint: modules/k3s
• GitHub Check: lint (modules/compose) / lint: modules/compose
• GitHub Check: Analyze (go)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

modules/compose/go.mod (1)

15-15: Direct YAML dependency correctly updated; indirect legacy path is acceptable

This go.mod now pins go.yaml.in/yaml/v3 v3.0.4 directly, with gopkg.in/yaml.v3 v3.0.1 only remaining as an indirect dep, which fits the goal of switching your own imports to the maintained module. If you want to be thorough, you could:

• Run go mod tidy in this module to ensure the indirect block is minimal.
• Double‑check that other modules in the repo also converge on the same go.yaml.in/yaml/v3 version to avoid divergence.

Also applies to: 191-191

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 21b368b and b012c68.

⛔ Files ignored due to path filters (1)

• modules/k3s/go.sum is excluded by !**/*.sum

📒 Files selected for processing (11)

• modulegen/go.mod (1 hunks)
• modulegen/internal/dependabot/reader.go (1 hunks)
• modulegen/internal/dependabot/writer.go (1 hunks)
• modulegen/internal/mkdocs/reader.go (1 hunks)
• modulegen/internal/mkdocs/writer.go (1 hunks)
• modules/compose/compose_local.go (1 hunks)
• modules/compose/go.mod (2 hunks)
• modules/k3s/go.mod (2 hunks)
• modules/k3s/k3s.go (1 hunks)
• usage-metrics/go.mod (1 hunks)
• wait/testdata/http/go.mod (1 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: mdelapenya
Repo: testcontainers/testcontainers-go PR: 3254
File: .github/dependabot.yml:21-21
Timestamp: 2025-09-18T08:24:27.479Z
Learning: In the testcontainers-go repository, submodules like atlaslocal that are part of a parent module (e.g., mongodb) share the same go.mod file and should not have separate Dependabot entries. They are already monitored through the parent module's Dependabot configuration entry.

📚 Learning: 2025-09-29T15:08:18.694Z

Learnt from: mdelapenya
Repo: testcontainers/testcontainers-go PR: 3320
File: modules/artemis/artemis.go:98-103
Timestamp: 2025-09-29T15:08:18.694Z
Learning: In testcontainers-go, nat.Port is a type alias for string, so untyped string constants can be passed directly to functions expecting nat.Port (like wait.ForListeningPort) without explicit type conversion - the Go compiler handles the implicit conversion automatically.

Applied to files:

• modules/k3s/k3s.go

📚 Learning: 2025-09-18T08:24:27.479Z

Learnt from: mdelapenya
Repo: testcontainers/testcontainers-go PR: 3254
File: .github/dependabot.yml:21-21
Timestamp: 2025-09-18T08:24:27.479Z
Learning: In the testcontainers-go repository, submodules like atlaslocal that are part of a parent module (e.g., mongodb) share the same go.mod file and should not have separate Dependabot entries. They are already monitored through the parent module's Dependabot configuration entry.

Applied to files:

• modulegen/go.mod
• wait/testdata/http/go.mod
• usage-metrics/go.mod
• modules/compose/go.mod

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: lint (modules/dockermodelrunner) / lint: modules/dockermodelrunner
• GitHub Check: lint (modules/dind) / lint: modules/dind
• GitHub Check: lint (modules/arangodb) / lint: modules/arangodb
• GitHub Check: lint (modules/cockroachdb) / lint: modules/cockroachdb
• GitHub Check: lint (modules/mssql) / lint: modules/mssql
• GitHub Check: lint (modules/toxiproxy) / lint: modules/toxiproxy
• GitHub Check: lint (modules/couchbase) / lint: modules/couchbase
• GitHub Check: lint (modules/socat) / lint: modules/socat
• GitHub Check: lint (modules/artemis) / lint: modules/artemis
• GitHub Check: lint (modules/etcd) / lint: modules/etcd
• GitHub Check: lint (modules/memcached) / lint: modules/memcached
• GitHub Check: lint (modules/scylladb) / lint: modules/scylladb
• GitHub Check: lint (modules/pulsar) / lint: modules/pulsar
• GitHub Check: lint (modules/azurite) / lint: modules/azurite
• GitHub Check: lint (modules/yugabytedb) / lint: modules/yugabytedb
• GitHub Check: lint (modules/ollama) / lint: modules/ollama
• GitHub Check: lint (modules/consul) / lint: modules/consul
• GitHub Check: lint (modules/k3s) / lint: modules/k3s
• GitHub Check: lint (modules/gcloud) / lint: modules/gcloud
• GitHub Check: Analyze (go)

🔇 Additional comments (10)

wait/testdata/http/go.mod (1)

3-5: Consistent Go version directive for HTTP wait testdata

Updating to go 1.24.0 with toolchain go1.24.7 follows the expected pattern for go.mod updates in the project.

usage-metrics/go.mod (1)

3-5: Go version directive update is acceptable

The change to go 1.24.0 with toolchain go1.24.7 appears reasonable for pinning dependencies. Ensure this version combination is consistent with other go.mod files in the workspace if this is a multi-module project.

modules/k3s/k3s.go (1)

13-18: K3s YAML provider swap is localized and preserves behavior

Importing go.yaml.in/yaml/v3 while keeping the marshal/unmarshal helpers using yaml.Marshal and yaml.Unmarshal maintains existing behavior; the only effective change is which YAML module provides the implementation.

Verify the dependency wiring in modules/k3s/go.mod contains the new YAML path and confirm no legacy gopkg.in/yaml.v3 imports remain elsewhere in the codebase.

Also applies to: 165-180

modules/compose/compose_local.go (1)

17-17: YAML import path swap in compose looks correct

The switch to go.yaml.in/yaml/v3 while keeping yaml.Unmarshal usage in validate() unchanged preserves behavior and aligns with the PR's goal of using the maintained YAML module.

To ensure everything is wired correctly and no legacy imports remain, verify that:

• modules/compose/go.mod includes the correct go.yaml.in/yaml/v3 dependency
• No lingering gopkg.in/yaml.v3 imports exist elsewhere in the codebase

modulegen/internal/dependabot/reader.go (1)

7-21: Unable to verify review comment due to repository access constraints

The review comment cannot be verified without direct access to the codebase. Before approval, confirm: (1) the import path is go.yaml.in/yaml/v3, (2) modulegen/go.mod includes this dependency, and (3) the module builds successfully with go test ./... -mod=readonly from the modulegen directory.

modulegen/internal/mkdocs/reader.go (1)

7-21: MkDocs config reader now uses the new YAML module

The import path has been switched to go.yaml.in/yaml/v3 while the yaml.Unmarshal call and error handling remain unchanged, preserving the function's semantics.

To complete this change, verify that modulegen/go.mod includes the new YAML dependency and that all old gopkg.in/yaml.v3 imports have been removed from the modulegen package.

modules/k3s/go.mod (1)

12-16: Direct YAML dependency updated; legacy gopkg.in remains only as indirect

Adding go.yaml.in/yaml/v3 v3.0.4 as a direct requirement correctly matches the updated imports in k3s.go. Keeping gopkg.in/yaml.v3 v3.0.1 // indirect is fine if it's required transitively, though it means the unmaintained path still exists in the graph via dependencies rather than your code.

As a low‑priority cleanup, you might track which module still pulls in gopkg.in/yaml.v3 and eventually bump/replace it once upstream migrates.

modulegen/go.mod (1)

3-12: modulegen YAML dependency path may be out of sync with imports

If modulegen/internal/{mkdocs,dependabot} are importing go.yaml.in/yaml/v3 while modulegen/go.mod requires gopkg.in/yaml.v3 v3.0.1, this mismatch will cause go build / go test with -mod=readonly to fail. The two module paths use different import semantics and cannot coexist in the dependency graph.

Consider one of these approaches:

1. Update to canonical path: Replace gopkg.in/yaml.v3 v3.0.1 with go.yaml.in/yaml/v3 v3.0.4 (or the version used in modules/k3s/go.mod), then run go mod tidy.

2. Use a replace directive: If other modules depend on gopkg.in/yaml.v3, add a replace directive to modulegen/go.mod:

   replace gopkg.in/yaml.v3 => go.yaml.in/yaml/v3 v3.0.4
   

   Then run go mod tidy.

Verify which import path modulegen/internal actually uses and standardize accordingly across the codebase to avoid similar mismatches in the future.

modulegen/internal/mkdocs/writer.go (1)

3-10: YAML import swap is consistent and non-invasive

The switch to go.yaml.in/yaml/v3 while keeping yaml.Marshal(config) unchanged aligns with the PR goal and should be behavior‑preserving here, assuming the module is correctly added in go.mod.

modulegen/internal/dependabot/writer.go (1)

3-9: Dependabot writer correctly migrated to new YAML module

Importing go.yaml.in/yaml/v3 while keeping yaml.Marshal(config) as‑is matches the intended dependency switch and keeps this writer’s behavior intact.

[ash2k]

The old dep is still pulled in via testify. It's being tracked in stretchr/testify#1772.

[mdelapenya]

LGTM! Thank you for this. I was aware of the Yml library being unmaintained, and this PR is good news.