search

fullstorydev / grpcurl

Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
MIT License
10.39k stars 496 forks source link

update golang.org/x/text #275

Closed jhump closed 2 years ago

jhump commented 2 years ago

Resolves #274.

Sadly, go mod why golang.org/x/text just reports this:

# golang.org/x/text
(main module does not need package golang.org/x/text)

It would be nice to know via what path of indirect deps this module is entering the dependency graph. That way we could update the appropriate direct dependency (or dependencies).

jeffwidman commented 2 years ago

go mod graph can be helpful in these situations:

go mod graph | grep golang.org/x/text@v0.3.2                                                                           NL-9389-bump-golang-text-lib-past-CVE
cloud.google.com/go@v0.56.0 golang.org/x/text@v0.3.2
go.opencensus.io@v0.22.3 golang.org/x/text@v0.3.2
golang.org/x/text@v0.3.2 golang.org/x/tools@v0.0.0-20180917221912-90fa682c2a6e
google.golang.org/api@v0.20.0 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.52.0 golang.org/x/text@v0.3.2
google.golang.org/api@v0.15.0 golang.org/x/text@v0.3.2
google.golang.org/api@v0.17.0 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.53.0 golang.org/x/text@v0.3.2
google.golang.org/api@v0.18.0 golang.org/x/text@v0.3.2
go.opencensus.io@v0.22.2 golang.org/x/text@v0.3.2
google.golang.org/appengine@v1.6.5 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.50.0 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.44.2 golang.org/x/text@v0.3.2
google.golang.org/api@v0.8.0 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.44.1 golang.org/x/text@v0.3.2
google.golang.org/api@v0.7.0 golang.org/x/text@v0.3.2
google.golang.org/appengine@v1.6.1 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.45.1 golang.org/x/text@v0.3.2
go.opencensus.io@v0.22.0 golang.org/x/text@v0.3.2
google.golang.org/api@v0.9.0 golang.org/x/text@v0.3.2
cloud.google.com/go@v0.46.3 golang.org/x/text@v0.3.2
google.golang.org/api@v0.14.0 golang.org/x/text@v0.3.2
google.golang.org/api@v0.13.0 golang.org/x/text@v0.3.2

Points to: https://github.com/googleapis/google-cloud-go/blob/v0.56.0/go.mod#L23

There may be others as well, but that's an obvious one.

Looks like the latest version of cloud.google.com/go completely dropped that dep: https://github.com/googleapis/google-cloud-go/blob/v0.100.2/go.mod

jeffwidman commented 2 years ago

@jhump any chance of cutting a new release with this?

Trying to switch my makefile from go get to go install but in that case my local pin override won't take effect, it simply installs what is specified here in grpcurl... so a tagged release with this fixed would be more convenient than having to pin to a specific commit.