search

golang / dep

Go dependency management tool experiment (deprecated)
https://golang.github.io/dep/
BSD 3-Clause "New" or "Revised" License
12.87k stars 1.05k forks source link

Not respecting transative dependencies' dependencies versions #2211

Closed maciej-gol closed 3 years ago

maciej-gol commented 4 years ago

dep init and dep ensure -update are not respecting the version requirements by transative dependencies.

Given main.go:

# main.go
package main

import "github.com/urfave/cli"

func main() {
}

Running dep init gives:

$ dep init
  Using ^1.22.0 as constraint for direct dep github.com/urfave/cli
  Locking in v1.22.0 (bfe2e92) for direct dep github.com/urfave/cli
  Locking in v1.0.10 (7762f7e) for transitive dep github.com/cpuguy83/go-md2man
  Locking in v2.0.1 (d3b5b03) for transitive dep github.com/russross/blackfriday
  Locking in v1.0.0 (7bfe4c7) for transitive dep github.com/shurcooL/sanitized_anchor_name

But go-md2man@v1.0.10 requires blackfriday@v1.5.2. See https://github.com/cpuguy83/go-md2man/blob/v1.0.10/go.mod .

This causes my dependencies to be incorrect, because go-md2man@v1.0.10 does not support blackfriday@v2.0.1, making go build main.go give the following in the section below.

What version of dep are you using (dep version)?

v0.5.4-2-g5600de07

What dep command did you run?

dep init go build main.go

What did you expect to see?

Successful build

What did you see instead?

$ go build main.go
# x/vendor/github.com/cpuguy83/go-md2man/md2man
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:11:16: undefined: blackfriday.EXTENSION_NO_INTRA_EMPHASIS
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:12:16: undefined: blackfriday.EXTENSION_TABLES
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:13:16: undefined: blackfriday.EXTENSION_FENCED_CODE
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:14:16: undefined: blackfriday.EXTENSION_AUTOLINK
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:15:16: undefined: blackfriday.EXTENSION_SPACE_HEADERS
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:16:16: undefined: blackfriday.EXTENSION_FOOTNOTES
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:17:16: undefined: blackfriday.EXTENSION_TITLEBLOCK
vendor/github.com/cpuguy83/go-md2man/md2man/md2man.go:19:29: too many arguments to conversion to blackfriday.Markdown: blackfriday.Markdown(doc, renderer, extensions)
vendor/github.com/cpuguy83/go-md2man/md2man/roff.go:19:9: cannot use &roffRenderer literal (type *roffRenderer) as type blackfriday.Renderer in return argument:
    *roffRenderer does not implement blackfriday.Renderer (missing RenderFooter method)
vendor/github.com/cpuguy83/go-md2man/md2man/roff.go:102:11: undefined: blackfriday.LIST_TYPE_ORDERED
vendor/github.com/cpuguy83/go-md2man/md2man/roff.go:102:11: too many errors
mvdan commented 3 years ago

Dep was officially deprecated earlier this year, and the proposal to archive this repository was accepted. As such, I'm closing outstanding issues before archiving the repository. For any further comments, please use the proposal thread on the Go issue tracker. Thanks!