Update `go-getter` to the latest version @aknysh (#1441)
what
- Update
go-getterto the latest version - Make
DisableSymlinksconfigurable on thegitclient
why
- The dependency github.com/hashicorp/go-getter:v1.7.8 was vulnerable:
"CVE-2025-8959", Score: 7.5
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized
read access beyond the designated directory boundaries. This vulnerability, identified as "CVE-2025-8959",
is fixed in go-getter 1.7.9.
Read More: https://www.mend.io/vulnerability-database/CVE-2025-8959
fix: improve error handling and code quality in merge package @osterman (#1440)
what
- Add
ErrInvalidListMergeStrategystatic error constant for consistent error handling - Improve
Mergefunction with better error handling to prevent panics - Replace if-else chain with switch statement for cleaner, more maintainable code
- Add defensive nil checks to prevent runtime panics when merge configuration is missing
- Add test coverage for edge cases including nil configuration handling
- Update CLAUDE.md with compilation requirements section
why
We've been experiencing intermittent panics in the merge package when the atmos configuration is unexpectedly nil or contains invalid merge strategies. This can occur during:
- Component initialization before configuration is fully loaded
- Stack processing with incomplete configuration
- Template rendering in certain edge cases
[describe-stacks] Fix: switch --component-types to StringSlice to match []string and support multi-values @dyer-oai (#1432)
what
- Change
describe stacksflag--component-typesfrom aStringto aStringSlice:cmd/describe_stacks.go:String("component-types", "", ...)→StringSlice("component-types", nil, ...)
- Add a unit test to validate slice parsing (CSV supported by pflag):
cmd/describe_stacks_test.go:TestSetCliArgs_ComponentTypes_StringSliceasserts--component-types=terraform,helmfile→[]string{"terraform","helmfile"}
why
- Fix a flag type mismatch that caused:
trying to get stringSlice value of flag of type stringwhen--component-typeswas registered as a String, the command later read it as a []string, triggering the pflag runtime error. - Aligns the flag’s declared type with how it’s consumed (
[]stringinDescribeStacksArgs), eliminating the error for:
atmos describe stacks --format=json --component-types=terraform - Improves UX by officially supporting multiple values via:
- CSV:
--component-types=terraform,helmfile - repeated flags:
--component-types=terraform --component-types=helmfile - Keeps behavior consistent with other multi-valued flags (e.g.,
--sections).
Backwards compatibility: single-value usage (--component-types=terraform) continues to work. Scripts that previously passed comma-separated values still work because pflag’s StringSlice accepts CSV.
Fix sample stacks/deploy/dev.yaml in add-another-component.mdx so atmos terraform apply works @canuck3141 (#1434)
Fixed errors in sample stacks/deploy/dev.yaml listed in Atmos Quick Start, Extra Credit - Deploy Another App so that atmos terraform apply station/1 -s dev works without error.
test: add comprehensive test coverage for pkg/git package @osterman (#1427)
Summary
- Added comprehensive test coverage for the
pkg/gitpackage - Achieved 86.8% test coverage (from 0%)
- All functions now have thorough test cases
Test plan
- Tests pass locally:
go test ./pkg/git -v - Coverage meets targets: 86.8% coverage achieved
- Edge cases covered: empty repos, invalid URLs, multiple remotes, etc.
test: improve test coverage for pkg/version and internal/tui/utils @osterman (#1428)
Summary
This PR adds comprehensive test coverage for two packages that previously had no tests:
- pkg/version: Achieved 100% coverage
- internal/tui/utils: Achieved 76% coverage
Test Coverage Added
pkg/version
- Tests for default version values
- Tests for version modifications
- Tests for version immutability
- Tests for concurrent access safety
internal/tui/utils
- Tests for
HighlightCode()function with various languages and syntax themes - Tests for
PrintStyledText()terminal output - Tests for
PrintStyledTextToSpecifiedOutput()ASCII art rendering - Tests for
RenderMarkdown()with comprehensive markdown elements including:- Headers, lists, code blocks
- Bold/italic text, links
- Tables, blockquotes, horizontal rules
- Unicode support and edge cases
Test Results
All tests pass successfully:
✅ pkg/version: 100% coverage
✅ internal/tui/utils: 76% coverage
test: improve test coverage for pkg/convert from 0% to 100% @osterman (#1423)
Summary
Add comprehensive test coverage for the pkg/convert package, bringing it from 0% to 100% coverage.
What
- Created comprehensive test suite for
pkg/convert/id.go - Added 8 test functions with multiple subtests covering all scenarios
- Included performance benchmarks and example usage
- Achieved 100% code coverage for the package
Why
- The
pkg/convertpackage had 0% test coverage - Goal is to increase overall project test coverage to above 80%
- This package was an ideal starting point: small, pure function with no external dependencies
- Establishes testing patterns that can be applied to other packages
Test Coverage Details
Test Categories Implemented
- Basic Functionality - Various input types and formats
- Edge Cases - Empty, nil, single byte inputs
- Special Characters - Unicode, binary data, non-printable chars
- Consistency - Deterministic output verification
- Known Values - SHA1 test vectors validation
- Large Inputs - Performance with up to 1MB inputs
- Parallel Execution - Thread safety verification
- Benchmarks - Performance characteristics measurement
Results
- ✅ All tests passing
- ✅ 100% code coverage achieved
- ✅ Excellent performance: ~2.4 GB/s throughput for large inputs
- ✅ Memory efficient: 96 bytes allocated per operation
test: increase filetype package coverage to 96% @osterman (#1422)
Summary
- Increased test coverage for
pkg/filetypepackage from 18.8% to 96.2% - Added comprehensive test suite with edge cases, benchmarks, and examples
- Ensures robust file format detection and parsing functionality
Test Coverage Improvements
Before
- Coverage: 18.8%
- Only basic parseYAML and processYAMLNode tests
After
- Coverage: 96.2%
- All public functions tested at 100%
- Comprehensive edge case testing
- Performance benchmarks included
Add comprehensive CLAUDE.md development guide @osterman (#1419)
what
- Add comprehensive CLAUDE.md file providing essential guidance for future Claude Code instances working with the Atmos codebase
- Document mandatory requirements for test coverage (80%), environment variables, logging, and schema updates
- Establish standards for cross-platform compatibility, multi-provider interfaces, and documentation
- Define CLI command structure with embedded markdown examples and Docusaurus integration
- Include pull request template requirements and development workflow guidelines
why
- Future Claude Code instances need clear guidance on Atmos development standards and conventions
- Many critical requirements (test coverage, environment variables, schema updates) were not documented
- Documentation standards using definition lists and Docusaurus conventions needed to be established
- Multi-provider interface patterns with mocking requirements needed documentation
- Cross-platform compatibility and template integration requirements needed specification
Fix flaky Packer tests in GitHub Actions @osterman (#1421)
Summary
- Add
PACKER_GITHUB_API_TOKENenvironment variable to Go acceptance tests - Fixes intermittent test failures caused by GitHub API rate limiting when Packer is invoked during test execution
Test plan
- Verify the PACKER_GITHUB_API_TOKEN is set correctly in the acceptance tests step
- CI tests should pass without Packer-related API rate limit errors
- Existing test functionality remains unchanged