You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our app depends on a library A ver 0.6.9, and someday we import another lib, whose subpackage has 0.8.0 version info for this library A, but we don't directly depends on this subpackage. Go mod still "helps" us to update A to 0.8.0 and build fails.
According to semver spec:
Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
Auto-update library 0.x.y will cause the user's build to fail. go mod should consider not update the lib's version in such situation
What did you expect to see?
go mod didn't update the lib's versoin.
What did you see instead?
the lib A ver 0.6.9 was auto-updated to 0.8.0
The text was updated successfully, but these errors were encountered:
andybons
changed the title
go mod should not auto update dependencies in version 0.x.y
cmd/go: go mod should not auto update dependencies in version 0.x.y
Apr 27, 2020
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Our app depends on a library A ver 0.6.9, and someday we import another lib, whose subpackage has 0.8.0 version info for this library A, but we don't directly depends on this subpackage. Go mod still "helps" us to update A to 0.8.0 and build fails.
According to semver spec:
Auto-update library 0.x.y will cause the user's build to fail. go mod should consider not update the lib's version in such situation
What did you expect to see?
go mod didn't update the lib's versoin.
What did you see instead?
the lib A ver 0.6.9 was auto-updated to 0.8.0
The text was updated successfully, but these errors were encountered: