Dependency version inconsistency

[Ben131-Go]

It is a reminder of dependency version inconsistency introduced by replace directive used in github.com/caddyserver/caddy@v2.4.6.

Dependency line:

github.com/sillygod/cdp-cache --> github.com/caddyserver/caddy --> ... --> github.com/manifoldco/promptui
github.com/caddyserver/caddy v2.4.6 --> github.com/manifoldco/promptui 70ccd47
https://github.com/caddyserver/caddy/blob/v2.4.6/go.mod#L39

Background

Repo github.com/caddyserver/caddy at version v2.4.6 uses replace directive to pin dependency github.com/manifoldco/promptui to version 70ccd47.
According to Go Modules wikis, replace directives in modules other than the main module are ignored when building the main module. It means such replace usage in dependency's go.mod cannot be inherited when building main module. And it turns out that sillygod/cdp-cache indirectly relies on manifoldco/promptui@v8.0.0, which is different from the pinned version caddyserver/caddy needed.

https://github.com/sillygod/cdp-cache/blob/master/go.mod(Line 77)

github.com/manifoldco/promptui v0.8.0 // indirect

https://github.com/caddyserver/caddy/blob/v2.4.6/go.mod(line 39)

// avoid license conflict from juju/ansiterm until https://github.com/manifoldco/promptui/pull/181
// is merged or other dependency in path currently in violation fixes compliance
replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797

It doesn't necessarily cause dependency issues. So this is just a reminder in the hope that you can notice such an inconsistency.

Solution

1. Bump the version of dependency github.com/caddyserver/caddy

You can upgrade github.com/caddyserver/caddy to a new release which has eliminated the use of the replace directive.

2. Add the same replace rule to your go.mod

replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797

Tips: Introduce replace directive may break go install and it can not be inherited by downstream projects.