chore(deps): bump github.com/dgraph-io/ristretto from v0.1.1 to v1.0.0 #830
Conversation
|
|
| @@ -71,7 +71,7 @@ func JKWKSFetcherWithDefaultTTL(ttl time.Duration) func(*DefaultJWKSFetcherStrat | |||
| } | |||
|
|
|||
| // JWKSFetcherWithCache sets the cache to use. | |||
| func JWKSFetcherWithCache(cache *ristretto.Cache) func(*DefaultJWKSFetcherStrategy) { | |||
| func JWKSFetcherWithCache(cache *ristretto.Cache[string, *jose.JSONWebKeySet]) func(*DefaultJWKSFetcherStrategy) { | |||
There was a problem hiding this comment.
I guess this is technically a breaking change since it will require changes on the user side of things. This is evident by the failing oidc-conformity test. Although that's more related to updating ristretto than the API of this function (I can provide a PR for that as well if necessary).
/go/pkg/mod/github.com/ory/[email protected]/configx/schema_cache.go:16:26: cannot use generic type ristretto.Config[K z.Key, V any] without instantiation
/go/pkg/mod/github.com/ory/[email protected]/configx/schema_path_cache.go:17:30: cannot use generic type ristretto.Config[K z.Key, V any] without instantiation
We could get around that by introducing an interface that implements the necessary methods (Get(), SetWithTTL() and Wait()). A downside is that now we cement what the cache can do without making a breaking change (e.g. introducing something like Del() would then be breaking). Something like:
type Cacher interface {
Get(key string) (any, bool)
SetWithTTL(key string, value any, cost int64, ttl time.Duration) bool
Wait()
}So I guess it's tradeoff between making a breaking change now, or potentially making a breaking change in the future.
There was a problem hiding this comment.
On the other hand, the usage of this function seems extremely limited. Not a single use in any public repository on GitHub. At least not with the search query I used:
https://github.com/search?q=JWKSFetcherWithCache+NOT+is%3Afork&type=code
There was a problem hiding this comment.
I agree that the "breakingness" of this is limited, fine by me.
lithammer
force-pushed
the
update-ristretto
branch
from
8c274c6
to
adc7916
Compare
lithammer
changed the title
There was a problem hiding this comment.
I think you will need to wait for ory/x#817 to be merged so you can create a PR in Hydra and get this one to pass.
As a workaround, you can probably bump ristretto in your own project by using this replace hack in your go.mod:
replace github.com/dgraph-io/ristretto1 => github.com/dgraph-io/ristretto v1.0.0
require github.com/dgraph-io/ristretto v0.1.1and then use it in your own codebase with the v1 alias.
| @@ -71,7 +71,7 @@ func JKWKSFetcherWithDefaultTTL(ttl time.Duration) func(*DefaultJWKSFetcherStrat | |||
| } | |||
|
|
|||
| // JWKSFetcherWithCache sets the cache to use. | |||
| func JWKSFetcherWithCache(cache *ristretto.Cache) func(*DefaultJWKSFetcherStrategy) { | |||
| func JWKSFetcherWithCache(cache *ristretto.Cache[string, *jose.JSONWebKeySet]) func(*DefaultJWKSFetcherStrategy) { | |||
There was a problem hiding this comment.
I agree that the "breakingness" of this is limited, fine by me.
Merged!
Hmm you mean to update |
|
Seems like v1.0.0 was retracted pending v2. Since they they adding an entirely new module, I guess both can live in harmony. |
https://github.com/dgraph-io/ristretto/releases/tag/v1.0.0
The background is mostly that we depend on this library, but want to use Ristretto v1.0.0 for its new generics API. But those two are in conflict right now.
Related Issue or Design Document
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
Further comments