mattfarina
commented
8 years ago Dependencies are complicated. There's even a wikipedia page call Dependency Hell that talks about the complications. One simple example is diamond dependencies. You have two dependencies that rely on a 3rd dependency (transitive). What happens when they rely on different versions of that dependency?
In Glide we capture more information than the dependency name and location. There is version information (see the version property in the yaml). When none is supplied we assume the tip of the default branch is the version.
When you fetch a new dependency you need to make sure it and it's dependencies work with the rest of the dependencies in the tree. So, it resolves the tree and the versions. When no versions are specified it resolves the tree to the tip of master which is why you may see many updates.
We're looking into doing more limited updates when we can. This is not a simple issue when dealing with transitive dependencies and trees of dependencies.
edrex
When I glide get a single package, it changes all the version hashes in the glide.lock file. Surely it should only act upon the single, new package not all all the packages in the project? Or am I misunderstanding something?