Open bzbikowski opened 2 years ago
Maybe @fasaxc or @caseydavenport might know?
I think since the issue appears to be that the retracted version is found as the dependency for our wgctrl
version, the easiest solution is to go with the proprosed solution and just update the wgctrl
version. I tested it on the most recent commit and it fixes the go list
command. @mikestephen any idea if updating the wgctrl
version might cause any issues?
I was able to upgrade locally to commit fde48d68ee68e3f7af735747d6b97ecb713d924a
and it seemed to work, though it would need further testing.
We should definitely stop using a retracted version (and should probably have some CI on our end to catch when we are using a retracted version).
@mikestephen would you be able to submit a PR with that pin update? We should bump to whatever the latest compatible released module version is.
Hello, we are using a third-party tool, that is running
go list -mod=readonly -m -u -json all
to parse the dependencies of the projects. But the command returns an error, that module golang.zx2c4.com/wireguard@v0.0.20200121 is retracted by module author, when github.com/projectcalico/libcalico-go is used. That module is used by golang.zx2c4.com/wireguard/wgctrl@v0.0.0-20200324154536-ceff61240acf, which is included in your go.mod file.Expected Behavior
Command
go list -mod=readonly -m -u -json all
should pass without issues and should return list of modules in JSON.Current Behavior
Command
go list -mod=readonly -m -u -json all
fails with error code 1 with following output:go list -m: golang.zx2c4.com/wireguard@v0.0.20200121: retracted by module author
Possible Solution
Bump up version of golang.zx2c4.com/wireguard/wgctrl to the latest available.
Context
Blackduck scans (for GO_MOD detector) are failing due to this problem, when libcalico-go is used as dependency. At some point during scan the command above is being called, which fails whole process.
Your Environment