Open thediveo opened 5 months ago
As explained in the toolchain doc, your go.mod should specify a go version greater than or equal to version 1.22.0, if one of your dependencies has a version 1.22.0 in it's go.mod file.
This can be done by running the command:
go get go@1.22
which will update the go version in go.mod, as well as downloading go version 1.22 if you are using a go version less than 1.22
I'm afraid we're not yet on the same page of the book. What if I can't upgrade my module yet to 1.22 minimum, because of a N and N-1 version support? Also downloading a toolchain inside a CI/CD pipeline looks like the opposite of reproducible builds, when you're amidstream module and not a leaf application module...
I would like to still being able to upgrade dependencies that don't require upgrading the toolchain. At the moment, it seems that go-mod-upgrade can't handle this situations, because it errors out completely. Do you see a way to support in the future dependeny upgrades up to the ceiling of a toolchain upgrade?
AFAIK, the go command used to find dependencies updates (which is used internally by go-mod-upgrade) doesn’t expose what’s needed for your use case. If that’s true, the only option you have right now is create an issue in the golang repo and hope the go team implements what’s needed for this to work. Then we could incorporate this in go-mod-upgrade.
I've created a new post Upgrading to latest version of dependency without upgrading toolchain? in the golang-nuts forum. Let's see if this turns up something useful.
forum was deaf, but there's a fresh issue https://github.com/golang/go/issues/67574 now for the go repo that looks as if would fix this.
Ah, the Go "toolchain" gift that keeps up giving. Consider a dependency for
k8s.io/api@v0.26.2
which has ago 1.21
in itsgo.mod
, whereask8s.io/api@v0.30.0
throws a spanner into the works by usinggo 1.22.0
. Now, any attempt atgo-mod-upgrade
crashes and burns withIs there a way around this so that
go-mod-upgrade
tries to use the latest upgrade that doesn't trigger the toolchain problems?