refactor: replace tidwall/jsonc with tailscale/hujson#679
refactor: replace tidwall/jsonc with tailscale/hujson#679
Conversation
Both packages strip JSON comments and trailing commas (JSONC format). hujson was already an indirect dep in the module tree; promote it to a direct dep and remove tidwall/jsonc entirely. hujson.Standardize() returns an error on malformed input, which is now propagated rather than silently ignored as before.
Remove stale github.com/tidwall/jsonc entry and add github.com/tailscale/hujson (BSD-3-Clause) which replaced it.
📝 WalkthroughWalkthroughThe pull request replaces the Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@go.mod`:
- Line 60: The go.mod currently pins github.com/tailscale/hujson to an old
pseudo-version (github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a);
update that require line to the newer pseudo-version (e.g.,
v0.0.0-20260302212456-ecc657c15afd) by running `go get
github.com/tailscale/hujson@latest` or replacing the version in the require
statement and then run `go mod tidy` to ensure module graph is updated; ensure
the updated module line referencing github.com/tailscale/hujson is the only
change and run tests/build to verify compatibility.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f7d3487b-6006-4a3f-89d9-0866c986280d
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (3)
docs/pages/licenses/devpod.mdxgo.modpkg/devcontainer/config/parse.go
| github.com/spf13/cobra v1.10.2 | ||
| github.com/spf13/pflag v1.0.10 | ||
| github.com/stretchr/testify v1.11.1 | ||
| github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check the latest commits on tailscale/hujson to see if there are newer versions
gh api repos/tailscale/hujson/commits --jq '.[0:5] | .[] | "\(.sha[0:12]) \(.commit.committer.date) \(.commit.message | split("\n")[0])"'Repository: skevetter/devpod
Length of output: 220
🌐 Web query:
tailscale hujson releases latest commits 2024
💡 Result:
- GitHub releases:
tailscale/hujsonhas no releases published on GitHub. [1] - Latest commit in 2024: The repo shows one commit in 2024, on Oct 10, 2024:
29efb4a— “Add Value.All method to iterate over all values (#35)”. [2] - Go module versions (proxy-visible): Go Packages lists only two pseudo-versions for the module:
v0.0.0-20260302212456-ecc657c15afd(Mar 2, 2026)v0.0.0-20210909182915-05264adefaff(Sep 9, 2021) [3]
Sources: [1] [2] [3]
🌐 Web query:
tailscale/hujson github repository
💡 Result:
The GitHub repository is:
https://github.com/tailscale/hujson
It’s the Go implementation of HuJSON (“JSON for Humans”), used by Tailscale for policy/ACL files. [1]
Source:
[1] (pkg.go.dev)
Citations:
Update hujson to a more recent version.
The dependency swap from github.com/tidwall/jsonc to github.com/tailscale/hujson is correct. However, the pinned version v0.0.0-20221223112325-20486734a56a (December 2022) is significantly outdated. The Go module proxy shows a much newer pseudo-version available: v0.0.0-20260302212456-ecc657c15afd (March 2026), with continued development activity as recently as October 2024. Update to the latest commit.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` at line 60, The go.mod currently pins github.com/tailscale/hujson to
an old pseudo-version (github.com/tailscale/hujson
v0.0.0-20221223112325-20486734a56a); update that require line to the newer
pseudo-version (e.g., v0.0.0-20260302212456-ecc657c15afd) by running `go get
github.com/tailscale/hujson@latest` or replacing the version in the require
statement and then run `go mod tidy` to ensure module graph is updated; ensure
the updated module line referencing github.com/tailscale/hujson is the only
change and run tests/build to verify compatibility.
1 participant
Summary
tidwall/jsoncwas used inpkg/devcontainer/config/parse.goto strip comments and trailing commas from devcontainer JSON files before unmarshalling. Replaces it withtailscale/hujson, which was already an indirect dependency and provides stricter, AST-based JSONC parsing.The replacement adds proper error propagation:
hujson.Standardize()returns an error on genuinely malformed input, whereastidwall/jsoncsilently passed malformed files through tojson.Unmarshal. For all valid devcontainer.json files there is no behavior change.Changes
pkg/devcontainer/config/parse.go: replacedjsonc.ToJSON(data)pattern withhujson.Standardize(data)(2 call sites), with error propagationgo.mod:tidwall/jsoncremoved;tailscale/hujsonpromoted from indirect to directdocs/pages/licenses/devpod.mdx: removedtidwall/jsoncentry, addedtailscale/hujson(BSD-3-Clause)Summary by CodeRabbit
Release Notes