search

pmorie / osb-starter-pack

A quickstart for making a new Open Service Broker
Apache License 2.0
69 stars 47 forks source link

Adjust Gopkg.toml according to the dep warning #64

Closed lilic closed 6 years ago

lilic commented 6 years ago

Remove gorilla/mux from lock as its no longer a direct dependency of the current project.

I ran into the following warning while running dep ensure locally:

Warning: the following project(s) have [[constraint]] stanzas in Gopkg.toml:

  ✗  github.com/gorilla/mux

However, these projects are not direct dependencies of the current project:
they are not imported in any .go files, nor are they in the 'required' list in
Gopkg.toml. Dep only applies [[constraint]] rules to direct dependencies, so
these rules will have no effect.

I removed it from the toml file, not sure this is the correct approach? cc @carolynvs :)

Along with that it seems the gopkg.in/yaml.v2 version changed? cc @carolynvs again as you did a PR for this. :)

carolynvs commented 6 years ago

I removed it from the lock file, not sure this is the correct approach?

Rather than hand-editing the lock file, what dep really wanted you to do (and did not say clearly) is to remove the ineffective constraint from your Gopkg.toml, and then re-run dep ensure. Dep then handles apply any changes to the lockfile, and recalculates the lock digest at the bottom of the file. Your hand edit is missing that last part, so the next time someone runs dep ensure, the file will be modified.

it seems the gopkg.in/yaml.v2 version changed

I may have made a mistake when adding that yaml constraint? I'm really not sure. But it is switching from being on a random commit on the v2 branch to a specific release, so it seems like a good change to me anyway. 😀

lilic commented 6 years ago

@carolynvs

Rather than hand-editing the lock file, what dep really wanted you to do (and did not say clearly) is to remove the ineffective constraint from your Gopkg.toml, and then re-run dep ensure. Dep then handles apply any changes to the lockfile, and recalculates the lock digest at the bottom of the file. Your hand edit is missing that last part, so the next time someone runs dep ensure, the file will be modified.

Sorry about that! I meant I removed from the Gopkg.toml file. And ran dep ensure as well.

lilic commented 6 years ago

@carolynvs I updated the git commit and the description to not be misleading, as I mixed up my toml with a lock. :D PTALA :) Thanks!