Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/go: go mod should not auto update dependencies in version 0.x.y #38668

Closed
cch123 opened this issue Apr 26, 2020 · 2 comments
Closed

cmd/go: go mod should not auto update dependencies in version 0.x.y #38668

cch123 opened this issue Apr 26, 2020 · 2 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@cch123
Copy link
Contributor

cch123 commented Apr 26, 2020
edited
Loading

What version of Go are you using (go version)?

go version go1.13.9 darwin/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/xargin/Library/Caches/go-build"
GOENV="/Users/xargin/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/xargin/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/sw/j70z06s92rj_wwv71lvt3vhm0000gp/T/go-build841600596=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

Our app depends on a library A ver 0.6.9, and someday we import another lib, whose subpackage has 0.8.0 version info for this library A, but we don't directly depends on this subpackage. Go mod still "helps" us to update A to 0.8.0 and build fails.

According to semver spec:

Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.

Auto-update library 0.x.y will cause the user's build to fail. go mod should consider not update the lib's version in such situation

What did you expect to see?

go mod didn't update the lib's versoin.

What did you see instead?

the lib A ver 0.6.9 was auto-updated to 0.8.0
@andybons andybons changed the title go mod should not auto update dependencies in version 0.x.y cmd/go: go mod should not auto update dependencies in version 0.x.y Apr 27, 2020
@andybons
Copy link
Member

@jayconrod @bcmills @matloob

@andybons andybons added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 27, 2020
@andybons andybons added this to the Unplanned milestone Apr 27, 2020
@bcmills
Copy link
Contributor

bcmills commented Apr 27, 2020

Duplicate of #28692

@bcmills bcmills marked this as a duplicate of #28692 Apr 27, 2020
@bcmills bcmills closed this as completed Apr 27, 2020
@golang golang locked and limited conversation to collaborators Apr 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
4 participants
@andybons @cch123 @bcmills @gopherbot