Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating dependency versions + cleanup #881

Merged
merged 1 commit into from Jul 15, 2021
Merged

Conversation

sivabalan
Copy link
Contributor

@sivabalan sivabalan commented Jun 17, 2021

Please review @bwplotka @kakkoyun and merge.

Signed-off-by: Sivabalan Thirunavukkarasu <s.thirunavukkarasu@salesforce.com>
Copy link
Member

@bwplotka bwplotka left a comment

Thank! One suggestion (:

google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
Copy link
Member

@bwplotka bwplotka Jun 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels very unnecessary. Can you describe what you did? Can you try to remove go.sum and run go mod tidy?

Copy link
Contributor Author

@sivabalan sivabalan Jun 18, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick review @bwplotka. Dependency on prometheus/common 0.26.0 added a bunch of older dependencies (some of them with known vulnerabilities) in dependency tree generated for go-kit 0.10.0.
So all I did was update the version of prometheus/common to 0.29.0 and run go mod tidy after removing go.sum.

Did that again as per your suggestion and there is no change in the generated go.sum.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is mostly because of the circular dependency between common and client_golang.

Copy link
Member

@beorn7 beorn7 Jul 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, known issue with Go Modules dependency resolution. None of this code will be compiled

@sagikazarmark
Copy link

sagikazarmark commented Jul 13, 2021

Anything else to be done here?

Copy link
Member

@kakkoyun kakkoyun left a comment

Thanks for the contribution. It seems like there's nothing much more to be done here.
With the lazy module loading that's coming to Go, I hope our dependency problem will be less intrusive.

@kakkoyun kakkoyun merged commit cb5c8ff into prometheus:master Jul 15, 2021
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants