Skip to content

feat(output-options): allow using omitzero with prefer-skip-optional-pointer #2023

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jamietanna merged 2 commits into from
Jul 15, 2025
Merged

feat(output-options): allow using omitzero with prefer-skip-optional-pointer #2023

jamietanna merged 2 commits into from
Jul 15, 2025

Conversation

@jamietanna
Copy link
Member

@jamietanna jamietanna commented Jul 15, 2025
edited
Loading

One of the key things oapi-codegen does is to use an "optional
pointer", following idiomatic Go practices, to indicate that a
field/type is optional.

As noted in #1899, now Go 1.24+ has the omitzero JSON tag for
marshaling only when a type is not its zero value.

As we support generating omitzero JSON tags via the x-omitzero
extension, we can build on top of this to consider allowing the use of
omitzero when using the newly added global Output Option,
prefer-skip-optional-pointer to tune this behaviour.

This introduces a new Output Option,
prefer-skip-optional-pointer-with-omitzero, which mirrors behaviour
from prefer-skip-optional-pointer, but produces an omitzero flag for
any skipped pointer types, to not marshal the type if the zero value.

This allows folks using Go 1.24+ to much more ergonomically work with
different (optional) types, while allowing omitzero to simplify
(un)marshalling.

Right now, we don't have a straightforward means of enforcing/warning
that oapi-codegen is being generated into a non-Go-1.24+ project, so
we'll only document the behaviour.

Closes #1899.

@kusari-inspector
Copy link

kusari-inspector bot commented Jul 15, 2025
edited
Loading

Kusari Analysis Results

Analysis for commit: f5165d4, performed at: 2025-07-15T12:24:25Z

@kusari-inspector rerun - Trigger a re-analysis of this PR

@kusari-inspector feedback [your message] - Send feedback to our AI and team

Recommendation

✅ PROCEED with this Pull Request

Summary

No Flagged Issues Detected

All values appear to be within acceptable risk parameters.

This PR adds dependencies only to an example directory (examples/output-options/preferskipoptionalpointerwithomitzero/go.mod), not to the main codebase. While github.com/getkin/kin-openapi@v0.128.0 has a HIGH severity vulnerability (CVE-2025-30153), this is limited to example code and doesn't affect production functionality. The security code analysis found no issues in the actual code changes. All added dependencies use permissive licenses (MIT, Apache-2.0, BSD-3-Clause, ISC).

Found this helpful? Give it a 👍 or 👎 reaction!

Click to expand for details and specific link to issues

Dependency Changes

Status Package Change Version Latest Version Advisories License
⚠️ Flagged github.com/perimeterx/marshmallow added 1.1.5 v1.1.5 None MIT (permissive)
⚠️ Flagged github.com/pmezard/go-difflib added 1.0.0 v1.0.0 None BSD-3-Clause (permissive)
❓ Uncertain ../../../ added Unknown None Unknown
⚠️ Flagged github.com/go-openapi/jsonpointer added 0.21.0 v0.21.1 None Apache-2.0 (permissive)
⚠️ Flagged github.com/josharian/intern added 1.0.0 v1.0.0 None MIT (permissive)
⚠️ Flagged github.com/mailru/easyjson added 0.7.7 v0.9.0 None MIT (permissive)
⚠️ Flagged github.com/mohae/deepcopy added 0.0.0-20170929034955-c48cc78d4826 v0.0.0-20170929034955-c48cc78d4826 None MIT (permissive)
❓ Uncertain stdlib added 1.24 Unknown None Unknown
⚠️ Flagged github.com/davecgh/go-spew added 1.1.1 v1.1.1 None ISC (permissive)
⚠️ Flagged github.com/getkin/kin-openapi added 0.128.0 v0.132.0 1 found MIT (permissive)
⚠️ Flagged github.com/go-openapi/swag added 0.23.0 v0.23.1 None Apache-2.0 (permissive)
⚠️ Flagged github.com/vmware-labs/yaml-jsonpath added 0.3.2 v0.3.2 None Apache-2.0 (permissive)
⚠️ Flagged github.com/invopop/yaml added 0.3.1 v0.3.1 None BSD-3-Clause (permissive), MIT (permissive)

Security Advisories

github.com/getkin/kin-openapi:

Risk Details

github.com/perimeterx/marshmallow:
Scorecard Checks for pkg:golang/github.com%2Fperimeterx%2Fmarshmallow@v1.1.5:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 3/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/pmezard/go-difflib:
Scorecard Checks for pkg:golang/github.com%2Fpmezard%2Fgo-difflib@v1.0.0:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 1/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/go-openapi/jsonpointer:
Scorecard Checks for pkg:golang/github.com%2Fgo-openapi%2Fjsonpointer@v0.21.0:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 0/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/josharian/intern:
Scorecard Checks for pkg:golang/github.com%2Fjosharian%2Fintern@v1.0.0:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 2/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/mailru/easyjson:
Scorecard Checks for pkg:golang/github.com%2Fmailru%2Feasyjson@v0.7.7:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 5/10

github.com/mohae/deepcopy:
Scorecard Checks for pkg:golang/github.com%2Fmohae%2Fdeepcopy@v0.0.0-20170929034955-c48cc78d4826:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 1/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/davecgh/go-spew:
Scorecard Checks for pkg:golang/github.com%2Fdavecgh%2Fgo-spew@v1.1.1:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 6/10

github.com/getkin/kin-openapi:
Scorecard Checks for pkg:golang/github.com%2Fgetkin%2Fkin-openapi@v0.128.0:

  • maintained: 8/10
  • code-review: 9/10

github.com/go-openapi/swag:
Scorecard Checks for pkg:golang/github.com%2Fgo-openapi%2Fswag@v0.23.0:

  • maintained: 2/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 0/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/vmware-labs/yaml-jsonpath:
Scorecard Checks for pkg:golang/github.com%2Fvmware-labs%2Fyaml-jsonpath@v0.3.2:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 1/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

github.com/invopop/yaml:
Scorecard Checks for pkg:golang/github.com%2Finvopop%2Fyaml@v0.3.1:

  • maintained: 0/10
    ⚠️ Repo is not maintained actively in the last 90 days.
  • code-review: 0/10
    ⚠️ Project does not require human code review before all pull requests (aka merge requests) are merged.

Safe Dependency Changes

Status Package Change Version Latest Version Advisories License
✅ Safe github.com/speakeasy-api/jsonpath added 0.6.0 v0.6.2 None Apache-2.0 (permissive)
✅ Safe github.com/dprotaso/go-yit added 0.0.0-20220510233725-9ba8df137936 v0.0.0-20250704131239-f7e42b186c1e None MIT (permissive)
✅ Safe github.com/speakeasy-api/openapi-overlay added 0.10.2 v0.10.3 None MIT (permissive)
✅ Safe github.com/stretchr/testify added 1.10.0 v1.10.0 None MIT (permissive)
✅ Safe golang.org/x/tools added 0.21.1-0.20240508182429-e35e4ccd0d2d v0.35.0 None BSD-3-Clause (permissive)
✅ Safe gopkg.in/yaml.v3 added 3.0.1 v3.0.1 None Apache-2.0 (permissive), MIT (permissive)
✅ Safe golang.org/x/mod added 0.17.0 v0.25.0 None BSD-3-Clause (permissive)
✅ Safe golang.org/x/text added 0.20.0 v0.26.0 None BSD-3-Clause (permissive)
✅ Safe gopkg.in/yaml.v2 added 2.4.0 v2.4.0 None Apache-2.0 (permissive)

@jamietanna jamietanna force-pushed the feat/preferskipoptionalpointerwithomitzero branch from e2b8b59 to 3cc99f0 Compare July 15, 2025 12:17
@jamietanna jamietanna changed the title sq feat(output-options): allow using omitzero with prefer-skip-optional-pointer Jul 15, 2025
@kusari-inspector
Copy link

kusari-inspector bot commented Jul 15, 2025

Kusari PR Analysis rerun based on - 3cc99f0 performed at: 2025-07-15T12:17:44Z - link to updated analysis

@jamietanna jamietanna force-pushed the feat/preferskipoptionalpointerwithomitzero branch from 3cc99f0 to 81fc8db Compare July 15, 2025 12:21
@jamietanna jamietanna mentioned this pull request Jul 15, 2025
Closed
@kusari-inspector
Copy link

kusari-inspector bot commented Jul 15, 2025

Kusari PR Analysis rerun based on - 81fc8db performed at: 2025-07-15T12:21:04Z - link to updated analysis

@kusari-inspector
Copy link

kusari-inspector bot commented Jul 15, 2025

Kusari PR Analysis rerun based on - 220ab27 performed at: 2025-07-15T12:22:46Z - link to updated analysis

Jamie Tanna added 2 commits July 15, 2025 13:24
feat(output-options): allow using omitzero with `prefer-skip-option…
47536e1 
…al-pointer`

One of the key things `oapi-codegen` does is to use an "optional
pointer", following idiomatic Go practices, to indicate that a
field/type is optional.

As noted in #1899, now Go 1.24+ has the `omitzero` JSON tag for
marshaling only when a type is not its zero value.

As we support generating `omitzero` JSON tags via the `x-omitzero`
extension, we can build on top of this to consider allowing the use of
`omitzero` when using the newly added global Output Option,
`prefer-skip-optional-pointer` to tune this behaviour.

This introduces a new Output Option,
`prefer-skip-optional-pointer-with-omitzero`, which mirrors behaviour
from `prefer-skip-optional-pointer`, but produces an `omitzero` flag for
any skipped pointer types, to not marshal the type if the zero value.

This allows folks using Go 1.24+ to much more ergonomically work with
different (optional) types, while allowing `omitzero` to simplify
(un)marshalling.

Right now, we don't have a straightforward means of enforcing/warning
that `oapi-codegen` is being generated into a non-Go-1.24+ project, so
we'll only document the behaviour.

Closes #1899.
docs(output-options): document how to skip the "optional pointer"
f5165d4 
As a follow-up from the two options we've recently introduced for this.

This adds an anchor so we can reference it more easily than the
GitHub-generated name for the long heading.
@jamietanna jamietanna force-pushed the feat/preferskipoptionalpointerwithomitzero branch from 220ab27 to f5165d4 Compare July 15, 2025 12:24
@jamietanna jamietanna marked this pull request as ready for review July 15, 2025 12:24
@jamietanna jamietanna requested a review from a team as a code owner July 15, 2025 12:24
@jamietanna jamietanna added enhancement New feature or request notable changes Used for release notes to highlight these more highly labels Jul 15, 2025
@kusari-inspector
Copy link

kusari-inspector bot commented Jul 15, 2025

Kusari PR Analysis rerun based on - f5165d4 performed at: 2025-07-15T12:24:25Z - link to updated analysis

@jamietanna jamietanna merged commit 22ccd05 into main Jul 15, 2025
37 checks passed
@jamietanna jamietanna deleted the feat/preferskipoptionalpointerwithomitzero branch July 15, 2025 14:42
jamietanna pushed a commit that referenced this pull request Jul 15, 2025
fixup! feat(output-options): allow using omitzero with `prefer-skip…
f4a544e 
…-optional-pointer`

We should have rebased #2023 before this was merged, as the versions
were outdated.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement New feature or request notable changes Used for release notes to highlight these more highly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for Go 1.24's omitzero to replace unnecessary "optional pointers"

2 participants

@jamietanna