-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to letting go get
mutate go.mod
#3590
Switch to letting go get
mutate go.mod
#3590
Commits on Apr 29, 2021
-
Switch to letting
go get
mutatego.mod
Previously, we were manually modifying `go.mod` for the dep we wanted to bump, then running `go get` to update `go.sum` and run the MVS algorithm to determine if any other changes needed to be made to `go.mod`. However, this caused a few problems: * the `go` docs/comments on github issues consistently recommend _not_ editing `go.mod` directly, but instead use `go get` to update it. * We have to copy/paste in private methods from upstream, and it's a pain to keep those in sync: #3580 * When `go get` sees that `go.mod` is in a state that has a version which it can't find in `go.sum`, then it _appears_ (although I'm not 100% certain) to try to recover by doing a bunch of additional checks to ensure it fixes the dep graph correctly. I saw @bcmills mention something along these lines in a github issue although I'm afraid I can't find the exact reference now. Compare to if `go get` is run against a `go.mod` that has a matching (`tidy`'d) `go.sum`, it appears to skip those checks. That seems to be the root cause of #3526 where those checks result in an impossible-to-recover-from-situation. (Side note: that problem looks like it will get resolved in `go 1.17` via the new [lazy module loading](http://golang.org/design/36460-lazy-module-loading).) * In some cases, we're doing an unecessary write to disk since `go.mod` gets written by us and then re-written by `go get`. That could be a single write. Instead of doing all this munging, we can simply pass our desired version to `go get -d <dep>@<version>` and it will handle updating `go.mod` and `go.sum`. Experimenting locally, this fixes #3526 which I was previously hitting in multiple repos. They all work now. It also lets us do some code cleanup, skip an uneccessary write-to-disk, become more idiomatic, and reduce the risk of our logic for updating `go.mod` from diverging from upstream.
Configuration menu - View commit details
-
Copy full SHA for 9551b73 - Browse repository at this point
Copy the full SHA 9551b73View commit details -
Configuration menu - View commit details
-
Copy full SHA for df0497a - Browse repository at this point
Copy the full SHA df0497aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ef6efb - Browse repository at this point
Copy the full SHA 5ef6efbView commit details -
Merge remote-tracking branch 'upstream/main' into switch-to-letting-g…
…o-get-mutate-go.mod
Configuration menu - View commit details
-
Copy full SHA for acce03d - Browse repository at this point
Copy the full SHA acce03dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 05cb135 - Browse repository at this point
Copy the full SHA 05cb135View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8cb409c - Browse repository at this point
Copy the full SHA 8cb409cView commit details -
Configuration menu - View commit details
-
Copy full SHA for a13eeee - Browse repository at this point
Copy the full SHA a13eeeeView commit details
Commits on Apr 30, 2021
-
`go get -d <dep>@<version> no longer raises an error on rename
This is tricky. * aa67f7d removed catching the error, because `go mod tidy` didn't flag it. * #3233 put it back because in `go 1.16`, `go get -d` started flagging the error again. * Now that we're switching from `go get -d` to `go get -d <dep>@<version>` this error is no longer thrown. Instead the `go.mod` file gets updated.
Configuration menu - View commit details
-
Copy full SHA for 7c75b11 - Browse repository at this point
Copy the full SHA 7c75b11View commit details -
Configuration menu - View commit details
-
Copy full SHA for 433a4f1 - Browse repository at this point
Copy the full SHA 433a4f1View commit details
Commits on May 6, 2021
-
Merge remote-tracking branch 'upstream/main' into switch-to-letting-g…
…o-get-mutate-go.mod
Configuration menu - View commit details
-
Copy full SHA for 8aff846 - Browse repository at this point
Copy the full SHA 8aff846View commit details
Commits on May 17, 2021
-
Update go_modules/lib/dependabot/go_modules/file_updater/go_mod_updat…
…er.rb Relax the regex to match both `go get` and `go mod` errors. Discussion here: https://github.com/dependabot/dependabot-core/pull/3590/files#r623710361
Configuration menu - View commit details
-
Copy full SHA for 478dc2c - Browse repository at this point
Copy the full SHA 478dc2cView commit details -
Merge remote-tracking branch 'upstream/main' into switch-to-letting-g…
…o-get-mutate-go.mod
Configuration menu - View commit details
-
Copy full SHA for 475b919 - Browse repository at this point
Copy the full SHA 475b919View commit details -
Remove no-longer applicable comment.
This was resolved in 5bfdf42#diff-491ccbbf0ae3cfe37dca8fba172104cc5466631d946daf9639deac37b014692eR44.
Configuration menu - View commit details
-
Copy full SHA for 73cecb7 - Browse repository at this point
Copy the full SHA 73cecb7View commit details
Commits on May 18, 2021
-
Configuration menu - View commit details
-
Copy full SHA for b466bb1 - Browse repository at this point
Copy the full SHA b466bb1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4233836 - Browse repository at this point
Copy the full SHA 4233836View commit details
Commits on Aug 5, 2021
-
Merge remote-tracking branch 'upstream/main' into switch-to-letting-g…
…o-get-mutate-go.mod
Configuration menu - View commit details
-
Copy full SHA for caaf083 - Browse repository at this point
Copy the full SHA caaf083View commit details