Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upcmd/go: module update should not add indirect dependencies? #26474
Comments
This comment has been minimized.
This comment has been minimized.
Currently there is a workaround to run |
This comment has been minimized.
This comment has been minimized.
This is working as intended. (It's a bit confusing, but arguably less confusing than the alternatives.) In general, When you started out, you had a direct requirement on In this specific case, we theoretically have enough information to prune out the dependency. However, in the general case that can get expensive: if the main module depends on some other package
|
This comment has been minimized.
This comment has been minimized.
I'm going to close this for now, but we'll keep an eye out for similar issues. Thanks for the great repro steps! |
This comment has been minimized.
This comment has been minimized.
Thanks for a great explanation, Brian! Actually the common usage will be
Which leads to the minimal case of upgrading a single dependency with I checked Let's reopen the issue to update the docs? And @bcmills, could you please take a look at #26048 (comment) about |
This comment has been minimized.
This comment has been minimized.
Done. |
This comment has been minimized.
This comment has been minimized.
I don't think this is working as intended, fwiw. Maybe I'm wrong. Will return to this. |
This comment has been minimized.
This comment has been minimized.
I think this is probably incorrect behavior but it's not a showstopper for Go 1.11 because 'go mod tidy' will correct it. Don't want to make changes now but we should investigate for Go 1.12. |
This comment has been minimized.
This comment has been minimized.
Contrast #29702. |
What version of Go are you using (
go version
)?Latest go devel:
go version devel +d278f09333 Thu Jul 19 05:40:37 2018 +0000 darwin/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?What did you do?
Sorry, can't give you a standalone reproduction - bug is produced only with downloading updated dependencies.
Consider the following flow:
A(v0.0.1) uses B(v0.0.1):
Then A(v0.1.0) drops the dependency.
Here we got a project
main
which uses A(v0.0.1) and we want to upgrade A to v0.1.0We get an unexpected indirect dependency
github.com/mwf/vgo-modules/b v0.0.1 // indirect
ingo.mod
, it seems to be taken from go.sum as a side-effect.What did you expect to see?
go.mod
should contain updateda
dependencyWhat did you see instead?
We get an unexpected indirect dependency from
b
ingo.mod
, it seems to be taken fromgo.sum
as a side-effect.