With the new version of gobump, we drop any replacement and require block of a dependency we want to add as require or replace.
However when we add a dep to the deps and this dependency appears on a replace block in the go.mod. We need to use the old.path of the dependency to be able to drop the existing replacement and use the proposed dep bump.
With the new version of gobump, we drop any replacement and require block of a dependency we want to add as require or replace.
However when we add a dep to the
depsand this dependency appears on a replace block in the go.mod. We need to use the old.path of the dependency to be able to drop the existing replacement and use the proposed dep bump.To give an example, keda-2.9 has a replacement of the crypto dep that we want to bump https://github.com/kedacore/keda/blob/v2.9.1/go.mod#L99 and it also appears on a require block https://github.com/kedacore/keda/blob/v2.9.1/go.mod#L271. If we need to change the go.mod to use the new dep version, we need to drop the replace and require.