switch to warning when replacing to lower version than require block

chainguard-dev / gobump

Go tool to declaratively bump dependencies.

Apache License 2.0

7 stars 11 forks source link

switch to warning when replacing to lower version than require block #23

Closed hectorj2f closed 9 months ago

hectorj2f commented 9 months ago

You can do this in go.mod files when the version of require is higher than the one in replace, e.g github.com/dockerdocker https://github.com/upbound/up/blob/v0.22.1/go.mod#L271C30-L271C77

luhring commented 9 months ago

I actually don't know if we should do this. I'd like to better understand why this is necessary first — I think the "raising an error" aspect of the automation is actually a foundational part of its value

hectorj2f commented 9 months ago

There is a discussion about this change here https://chainguard-dev.slack.com/archives/C05GYUBM07Q/p1706813575607189?thread_ts=1706780682.248069&cid=C05GYUBM07Q

hectorj2f commented 9 months ago

Closing this PR! @luhring and I discussed about this and we prefer to error for the moment.