Prune go.sum #643
Prune go.sum #643
Conversation
…ferent imported libs at a time.
faddat
changed the title
Codecov Report
@@ Coverage Diff @@
## main #643 +/- ##
=======================================
Coverage 18.42% 18.42%
=======================================
Files 172 172
Lines 24254 24254
=======================================
Hits 4470 4470
Misses 19019 19019
Partials 765 765 Continue to review full report at Codecov.
|
| github.com/cosmos/go-bip39 v1.0.0 h1:pcomnQdrdH22njcAatO0yWojsUnCO3y2tNoV1cb6hHY= | ||
| github.com/cosmos/go-bip39 v1.0.0/go.mod h1:RNJv0H/pOIVgxw6KS7QeX2a0Uo0aKUlfhZ4xuwvCdJw= | ||
| github.com/cosmos/iavl v0.17.2 h1:BT2u7DUvLLB+RYz9RItn/8n7Bt5xe5rj8QRTkk/PQU0= | ||
| github.com/cosmos/iavl v0.17.2/go.mod h1:prJoErZFABYZGDHka1R6Oay4z9PrNeFFiMKHDAMOi4w= |
There was a problem hiding this comment.
I think this is also resolved by tm-db 0.6.6
go.sum
Outdated
| @@ -832,8 +833,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec | |||
| github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= | |||
| github.com/zondax/hid v0.9.0 h1:eiT3P6vNxAEVxXMw66eZUAAnU2zD33JBkfG/EnfAKl8= | |||
| github.com/zondax/hid v0.9.0/go.mod h1:l5wttcP0jwtdLjqjMMWFVEE7d1zO0jvSPA9OPZxWpEM= | |||
| go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= | |||
There was a problem hiding this comment.
Hey, thanks for looking into this in such depth!
Aside from the IBC-go bump to v2.0.1, I don't agree with the other changes here. I feel like this replace based approach adds untenable amounts of overheads / safety issues for updating any constituent library. I'm also unclear on where the problem stems from.
I think we do need replaces for SDK, Tendermint, and maybe SDK direct dependencies long term. This is due to our direct forking of an SDK version, and propensity to choose our own tendermint version, and need for compat.
But the rest of the dependencies should be chosen by tendermint / tm-db alone imo. I'd be much more happy to do just a tm-db version replace, and then check tendermint & tm-db in tandem.
| @@ -3,10 +3,10 @@ module github.com/osmosis-labs/osmosis | |||
| go 1.17 | |||
|
|
|||
| require ( | |||
| github.com/cosmos/cosmos-sdk v0.44.3 | |||
| github.com/cosmos/cosmos-sdk v0.44.5 | |||
There was a problem hiding this comment.
Lets not bump this, we're really importing v0.44.3 with our osmosis commits
| github.com/cosmos/iavl v0.17.3 | ||
| github.com/cosmos/ibc-go/v2 v2.0.1 |
There was a problem hiding this comment.
Not really a fan of bumping minor versions unless we have a reason to do so, or have looked carefully into changes at hand. Its more things to think about for non-determinism / surface area for incompatibility between versions.
In the ibc-go case, seems fine to me. (Looked into it due to this commit)
In IAVL, not sure. Would prefer to not be first to test it, sounds liable to cause slowdowns for parallel queries. (And i think theres a better fix for the bug at hand)
| @@ -120,8 +120,12 @@ require ( | |||
|
|
|||
| replace ( | |||
| github.com/cosmos/cosmos-sdk => github.com/osmosis-labs/cosmos-sdk v0.43.0-rc3.0.20211119062100-2f81f59f3aa1 | |||
| github.com/cosmos/go-bip39 => github.com/cosmos/go-bip39 v1.0.0 | |||
There was a problem hiding this comment.
I don't really grok why we had a bip39 issue, especailly if its past 1.0. The bip39 library authors should be guaranteeing API compatibility.
go.mod
Outdated
| github.com/tendermint/tendermint => github.com/tendermint/tendermint v0.34.14 | ||
| github.com/tendermint/tm-db => github.com/osmosis-labs/tm-db v0.6.5-0.20210911033928-ba9154613417 | ||
| go.etcd.io/bbolt => go.etcd.io/bbolt v1.3.5 |
There was a problem hiding this comment.
The bbolt stuff is odd, but it all only differs in patch version. I don;t want to add maintainence burden on us to check every time we update a dependency if it for some reason depends on a new feature in next minor bump, and we get a subtle error due to this replace.
There was a problem hiding this comment.
so, your concern here, was actually the same as mine (regarding the fix)
| github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1 | ||
| github.com/tecbot/gorocksdb => github.com/cosmos/gorocksdb v0.0.0-20211202124722-2c356d6d98e4 |
There was a problem hiding this comment.
ditto for my comment re: bbolt. Do we have to upgrade this every patch version of TM/SDK/TM-db?
I'm more happy to do this if we decide to give more rocksdb support, but I want to be clear on why were getting multiple versions, and if we can do this replace in (say) our SDK fork, or a tm-db fork.
There was a problem hiding this comment.
It seems to me that they've resolved this issue in tm-db v0.6.6
|
Also not sure I agree with the performance improvement aspect of this. (Not at all clear to me how this impacts performance, aside from potentially binary size) I do agree with the dependency mitigation / security surface area reduction aspects of consideration with the imports / replaces though! |
|
Re: performance-- the claim isn't so much that this will improve performance, but instead that it'll allow for investigation into performance issues. |
|
@ValarDragon thanks so much for your review and responsiveness during my discovery process on this. I summarized my findings in this thread of tweets: https://twitter.com/gadikian/status/1469512833809678342 Conclusion: We can actually close this PR and should work to get this: merged asap, and we're all good. I'll see if I can get our tm-db updated w/the changes from tendermint/tm-db so all of this is simply eliminated as a concern. |
|
Sweet! Thanks for the work on investigating all of the dependencies |
Description
To explore preformance issues more deeply, we need to prune go.sum as much as possible. This represents a good first start, but is in no way complete. Since when do cosmos projects need four different versions of btcd, for example?
Sure, likely they need one.... but I reckon that we've got four may be causing trouble.
For contributor use:
docs/) or specification (x/<module>/spec/)Unreleasedsection inCHANGELOG.mdFiles changedin the Github PR explorer