go.mod is both a manifest and a lockfile: direct deps are defined there, but Go Modules will also record indirect deps there with an // indirect suffix, e.g.:
require golang.org/x/net v1.2.3 // indirect
(specifically, this means that the dep isn't used in any packages of the given app, but it is used by one of the app's dependencies. See the docs here)
this change will introduce a new direct key to Bibliothecary's returned list of dependencies -- only for Go so far -- so that downstream users can use that data (instead of the typical "if it's in manifest it's direct, otherwise it's transitive"):
go.modis both a manifest and a lockfile: direct deps are defined there, but Go Modules will also record indirect deps there with an// indirectsuffix, e.g.:require golang.org/x/net v1.2.3 // indirect(specifically, this means that the dep isn't used in any packages of the given app, but it is used by one of the app's dependencies. See the docs here)
this change will introduce a new
directkey to Bibliothecary's returned list of dependencies -- only for Go so far -- so that downstream users can use that data (instead of the typical "if it's in manifest it's direct, otherwise it's transitive"):