Skip to content

Comments

fix(cli): notices with complex component matching using DNF format are not backwards compatible#1166

Merged
mrgrain merged 1 commit intomainfrom
mrgrain/feat/toolkit-lib/notices-schema-version-2
Feb 23, 2026
Merged

fix(cli): notices with complex component matching using DNF format are not backwards compatible#1166
mrgrain merged 1 commit intomainfrom
mrgrain/feat/toolkit-lib/notices-schema-version-2

Conversation

@mrgrain
Copy link
Contributor

@mrgrain mrgrain commented Feb 21, 2026
edited
Loading

DNF (Disjunctive Normal Form) component matching was introduced in #128. The components field was typed as Array<Component | Component[]>, which made it look like DNF was fully supported. Based on this, new notices with nested component arrays were published to the data source. However, CLI versions 2.1000.0 and older do not understand nested arrays in components and fail to process these notices correctly, causing a regression for users on older CLI versions.

Instead we will be using schemaVersion to gate support for this new feature. The components field is now again (correctly) typed as a flat Array<Component> (OR-only), which is all that schema version 1 ever supported. A new componentsV2 field (Array<Component | Component[]>) carries the DNF data and is only read when schemaVersion is '2'. This way, older CLIs that don't know about componentsV2 will simply ignore it and continue to work with the flat components array, while newer CLIs can take advantage of the full DNF matching through componentsV2.

Checklist

  • This change contains a major version upgrade for a dependency and I confirm all breaking changes are addressed
    • Release notes for the new version:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@mrgrain
feat(toolkit-lib): add schemaVersion 2 support for notices with compo…
7aac233 
…nentsV2

Restrict `components` to a flat `Array<Component>` (OR-only) and
introduce `componentsV2` as `Array<Component | Component[]>` for
Disjunctive Normal Form (OR of ANDs) matching.

The `componentsV2` field is only used when `schemaVersion` is `'2'`,
with a fallback to `components` when absent.
@github-actions github-actions bot added the p2 label Feb 21, 2026
@mrgrain mrgrain changed the title feat(toolkit-lib): add schemaVersion 2 support for notices with componentsV2 fix(cli): notices with complex component matching using DNF format are not backwards compatible Feb 21, 2026
@codecov-commenter
Copy link

codecov-commenter commented Feb 21, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.76%. Comparing base (f7ffdad) to head (7aac233).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1166   +/-   ##
=======================================
  Coverage   87.76%   87.76%           
=======================================
  Files          72       72           
  Lines       10137    10137           
  Branches     1339     1339           
=======================================
  Hits         8897     8897           
  Misses       1215     1215           
  Partials       25       25
Flag Coverage Δ
suite.unit 87.76% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mrgrain mrgrain mentioned this pull request Feb 21, 2026
Merged
@mrgrain mrgrain enabled auto-merge February 22, 2026 12:57
@mrgrain mrgrain added this pull request to the merge queue Feb 23, 2026
Merged via the queue into main with commit f1eaa50 Feb 23, 2026
54 of 56 checks passed
@mrgrain mrgrain deleted the mrgrain/feat/toolkit-lib/notices-schema-version-2 branch February 23, 2026 12:33
github-merge-queue bot pushed a commit to cdklabs/aws-cdk-notices that referenced this pull request Feb 23, 2026
@mrgrain
fix: add schemaVersion 2 support with componentsV2 for backwards-comp…
3cb88cd 
…atible DNF notices (#1049)

Redo of #1042 using `schemaVersion` `"2"` and `componentsV2` for
backwards compatibility.

Constructs 10.5.0 introduced changes that require updated JSII language
bindings. .NET and Go CDK libraries at version 2.238.0 and below don't
have these bindings yet, causing JSII runtime failures at build time.
This notice tells affected users to stay on Constructs 10.4.5 until they
can upgrade their CDK library to 2.239.0 or later.

The notice uses AND-grouped components to target only the specific
combinations that are actually broken, rather than matching all .NET and
Go users regardless of their framework version. This requires
Disjunctive Normal Form (DNF) in the components field, which is
expressed as nested arrays.

The previous attempt in #1042 put the nested arrays directly in
`components`. However, CLI versions 2.1000.0 and older don't understand
nested arrays and fail to process these notices correctly. To solve
this, the notice now uses `schemaVersion` `"2"` with a new
`componentsV2` field for the DNF data, while `components` is left as an
empty array. Older CLIs will safely skip the notice since it has no
matching components, while newer CLIs (see
[aws/aws-cdk-cli#1166](aws/aws-cdk-cli#1166))
read the DNF data from `componentsV2`.

The validator and README are updated to enforce and document these
constraints.
github-merge-queue bot pushed a commit to cdklabs/aws-cdk-notices that referenced this pull request Feb 23, 2026
@mrgrain
fix: add notice for aws/aws-cdk#37041 (#1049)
4864cb5 
Redo of #1042 using `schemaVersion` `"2"` and `componentsV2` for
backwards compatibility.

Constructs 10.5.0 introduced changes that require updated JSII language
bindings. .NET and Go CDK libraries at version 2.238.0 and below don't
have these bindings yet, causing JSII runtime failures at build time.
This notice tells affected users to stay on Constructs 10.4.5 until they
can upgrade their CDK library to 2.239.0 or later.

The notice uses AND-grouped components to target only the specific
combinations that are actually broken, rather than matching all .NET and
Go users regardless of their framework version. This requires
Disjunctive Normal Form (DNF) in the components field, which is
expressed as nested arrays.

The previous attempt in #1042 put the nested arrays directly in
`components`. However, CLI versions 2.1000.0 and older don't understand
nested arrays and fail to process these notices correctly. To solve
this, the notice now uses `schemaVersion` `"2"` with a new
`componentsV2` field for the DNF data, while `components` is left as an
empty array. Older CLIs will safely skip the notice since it has no
matching components, while newer CLIs (see
[aws/aws-cdk-cli#1166](aws/aws-cdk-cli#1166))
read the DNF data from `componentsV2`.

The validator and README are updated to enforce and document these
constraints.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@otaviomacedo otaviomacedo otaviomacedo approved these changes

Assignees

No one assigned

Labels

p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrgrain @codecov-commenter @otaviomacedo