-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/go: 'mod tidy' downgrades an unused indirect dependency upgraded by 'get -u' #29702
Comments
/cc @bcmills |
Looks like they agree on the build list but disagree about whether dependencies are
|
Wait, no. |
This case is interesting, though: nothing in the build actually imports from |
The tests do though (via |
Nothing in the import graph imports
In this case, |
I see; I suppose if it's an _ import and nothing is actually used that's fair. |
Nothing in the example program imports |
oops, sorry, you're right of course. |
Why did |
Having this issue as well, but with local private dependencies. Both go mod tidy and go mod vendor alter my go mod file this way, and running go build on the modified |
This is probably a side-effect of #26902. |
Now that #26902 is resolved, I tried to reproduce this using tip (e.g., As hoped or expected,
which results in no diff reported, and
I used Also, I did not however attempt to evaluate all the commentary in this issue -- I only tried the first set of steps reported here (in comment #29702 (comment)). @SamWhited would you be willing to try this with tip? Does this seem resolved from your perspective, or does it seem there are still pieces pending? |
Timed out in state WaitingForInfo. Closing. (I am just a bot, though. Please speak up if this is a mistake or you have the requested information.) |
This still happens on We're reproducing it in the following scenario, consider two libraries
Then
We have noted that this behavior is not reproduced if we're importing a library without a hostname (i.e., This behavior forces us to disable the tidyness check in our CI pipelines, since our tests are adding the indirect dependency. @bcmills PTAL and ask for more info if needed. P.D.: I've omitted the |
I thought I remembered an issue about this being fixed already, but I couldn't find it and it's still happening and causing problems. Sorry of this is noise and the issue is still floating around somewhere.
The specific dependency in this example that's being stripped out and re-added does not use modules, but does use semantic versioned tags which testify is pinning to.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
It happens with
go1.12beta2
,go1.12beta1
, andgo1.11.4
.What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Create a program that imports a package that exhibits this behavior. I noticed it with the Stripe SDK, and testify seems to be the dependency causing the problem so the following also has the same issue:
Now run
go mod init testmod
, andgo get -u
. You will end up with the followinggo.mod
file:now run
go mod tidy
and you wind up with the following:What did you expect to see?
The file does not change.
What did you see instead?
Every time you run go mod tidy it strips out indirect dependencies inserted by go get -u and you end up with unmerged changes in your repo.
The text was updated successfully, but these errors were encountered: