Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go.mod: prune indirect gopkg.in/yaml.v3 #250

Merged
merged 2 commits into from
Oct 26, 2024
Merged

go.mod: prune indirect gopkg.in/yaml.v3 #250

merged 2 commits into from
Oct 26, 2024

Conversation

thaJeztah
Copy link
Member

gopkg.in/yaml.v3 is a transient dependency of testify;

go mod graph | grep ' gopkg.in/yaml.v3'
github.com/containerd/continuity gopkg.in/yaml.v3@v3.0.1
github.com/stretchr/testify@v1.7.0 gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c

Which is depended on through logrus;

go mod graph | grep ' github.com/stretchr/testify@v1.7.0'
github.com/sirupsen/logrus@v1.9.3 github.com/stretchr/testify@v1.7.0

The v3.0.0-20200313102051-9f266ea9e77c -> v3.0.1 bump may have been either a manual bump (to prevent an old version with CVEs), or possibly stuck after it was updated indirectly. Go mod doesn't remove such lines automatically but it doesn't add them back if you remove them manually, so let's remove it here.

@thaJeztah
go.mod: prune indirect gopkg.in/yaml.v3
f0775b0 
gopkg.in/yaml.v3 is a transient dependency of testify;

    go mod graph | grep ' gopkg.in/yaml.v3'
    github.com/containerd/continuity gopkg.in/yaml.v3@v3.0.1
    github.com/stretchr/testify@v1.7.0 gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c

Which is depended on through logrus;

    go mod graph | grep ' github.com/stretchr/testify@v1.7.0'
    github.com/sirupsen/logrus@v1.9.3 github.com/stretchr/testify@v1.7.0

The `v3.0.0-20200313102051-9f266ea9e77c` -> `v3.0.1` bump may have been either
a manual bump (to prevent an old version with CVEs), or possibly stuck after
it was updated indirectly. Go mod doesn't remove such lines automatically but
it doesn't add them back if you remove them manually, so let's remove it here.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
Copy link
Member Author

Actually; looks like the cmd/ also prunes indirects? Let me check

thaJeztah
thaJeztah commented Oct 26, 2024
View reviewed changes
cmd/continuity/go.mod Outdated
Comment on lines 15 to 21
require (
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/sys v0.7.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm... weird; it sometimes adds it, sometimes doesn't; let me try in a container

@thaJeztah
cmd/continuity: tidy go.mod, go.sum
3eb1ef4 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the remove_transient_deps branch from 5b0e722 to 3eb1ef4 Compare October 26, 2024 08:45
@thaJeztah
Copy link
Member Author

Removing go.sum and having it re-generate it also produced some diff. go mod tidy isn't always that stable if there's prior state. Either way; should be good to go now @AkihiroSuda

@AkihiroSuda AkihiroSuda merged commit 45e78a9 into containerd:main Oct 26, 2024
13 checks passed
@thaJeztah thaJeztah deleted the remove_transient_deps branch October 26, 2024 10:27
@dmcgowan dmcgowan mentioned this pull request Jan 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thaJeztah @AkihiroSuda