search

getsentry / sentry-go

The official Go SDK for Sentry (sentry.io)
https://docs.sentry.io/platforms/go/
MIT License
903 stars 211 forks source link

v0.26.0 out of date #765

Closed UnaffiliatedCode closed 7 months ago

UnaffiliatedCode commented 7 months ago

required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

Looking to get the version updated to v1.0.26.

Issue was easy to resolve by updating github.com/kataras/iris/v12 within ./iris/sentryiris.go

UnaffiliatedCode commented 7 months ago

Example update available: https://github.com/getsentry/sentry-go/pull/766

I see there have been previous issues with a 1.21 update.

cleptric commented 7 months ago

You can bump iris in your own application.

UnaffiliatedCode commented 7 months ago

We utilize this library in our application, can you advise on how to update iris without requiring this module to be updated? I'm not aware of a means to skip/force a dependency version.

cleptric commented 7 months ago

image

I'm not able to reproduce the issue you are seeing.

UnaffiliatedCode commented 7 months ago

Steps to Replicate

Step 1: create a hello world project Step 2: add a unit test which uses getsentry/sentry-go (purely for simplicity, can be in the native app) Step 3: Install GORELEASE to generate semantic versioning Step 4: run gorelease on your application:

Install GORELEASE

go install golang.org/x/exp/cmd/gorelease@latest

Running on your APP (same directory as the go.mod)

      # gorelease requires a clean working directory, create directory for
      # generated files
    - export OUTDIR=$(mktemp -d)
    - gorelease > $OUTDIR/gorelease.out

In the provided MR, i provided a message on the commit to help outline this. Please advise if this requires further clarity.

Test Output

Local Minified APP

Here's my output:

C:\sentryApp> gorelease 
# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

# summary
Inferred base version: v0.1.0
Suggested version: v0.1.1

V0.26.0 of this library

When i run it on the current release of this library (824589bd5be49de6242d5f867a94c7df05510a4e):

PS C:\GoProjects\public\sentry-go> gorelease  
# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

# summary
Inferred base version: v0.26.0
Suggested version: v0.26.1

After this change

linked PR: https://github.com/getsentry/sentry-go/pull/766

PS C:\GoProjects\public\sentry-go> gorelease
# github.com/getsentry/sentry-go/iris
## incompatible changes
New: changed from func(Options) github.com/kataras/iris/v12/context.Handler to func(Options) func(*github.com/kataras/iris/v12/context.Context)

# summary
Inferred base version: v0.26.0
Suggested version: v0.27.0

As part of this change, due to a change in IRIS it's recommend a change in minor version number as opposed to a patch increment.

I am also receiving unit test failures on the profiler tests, however they dont appear to be related (Happens PRE and POST the recommended change). image

UnaffiliatedCode commented 7 months ago

@cleptric , anything we can do to re-open this ticket?

cleptric commented 7 months ago

We no longer bump the baseline of dependencies. If you do not use iris, graph pruning should not compile iris into the binary, if you use iris, you can update it in your application.

UnaffiliatedCode commented 7 months ago

If you do not use iris, graph pruning should not compile iris into the binary, if you use iris, you can update it in your application.

In the replication steps above I was not using IRIS, just a simple hello world and a unit test, I was able to replicate the issue, even with iris updated locally, the sentry dependency still loads. Maybe I am doing it wrong, but documenting the solution within the issue might help future readers. I do not know of a command to do what you're asking, and stackover/google isn't providing any results. Please advise.

Regarding the visibility of the retraction

If you'd like, the following will allow you to view retracted & deprecated libraries used:

go list -u -m all
github.com/getsentry/sentry-go
...
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.5.2 [v1.5.3] (deprecated)
...
github.com/iris-contrib/go.uuid v2.0.0+incompatible
...
github.com/microcosm-cc/bluemonday v1.0.23 (retracted) [v1.0.26]
...
github.com/schollz/closestmatch v2.1.0+incompatible
...

I've removed a bunch of lines (replaced with "...") to help with readability.