-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dex tagging on master branch to support dependabot #2880
Comments
New minor versions are tagged from the main branch, patch versions are tagged from release branches, but I'm not sure I understand the problem with that. Also, Dex is not supposed to be imported as a module under normal circumstances. Can I ask what your use case is for doing so? |
We are using just open shift connector as a lib. |
Looking at this again: I believe the explanation given in the linked issue is wrong. Most tags are indeed on the main branch (except maybe some patch versions that contain backported fixes) The pseudo version is the result of the fact the Dex module does not have a /v2 segment as required by Go modules. It was a decision made early that we can't change at this point. If Dex ever sees a version 3, we are going to fix it. Again, Dex is not really supposed to be imported as a library, so it's not really prepared for this use case. |
I'm gonna close this issue for now as there isn't anything we can do at the moment. |
Dex versions are not compatible with Go nor dependabot. See: dexidp/dex#2880
Dex versions are not compatible with Go nor dependabot. See: dexidp/dex#2880
Preflight Checklist
Problem Description
Dependabot does not works with dex. The last version it recognizes is 2.13.1 and incorectly tries to downgrade to it.
Proposed Solution
Tag on the main branch as described in dependabot/dependabot-core#6947 (comment)
Alternatives Considered
No response
Additional Information
The text was updated successfully, but these errors were encountered: