Dependency version inconsistency
Opened this issue · 0 comments
It is a reminder of dependency version inconsistency introduced by replace directive used in github.com/caddyserver/caddy@v2.4.6.
Dependency line:
github.com/sillygod/cdp-cache --> github.com/caddyserver/caddy --> ... --> github.com/manifoldco/promptui
github.com/caddyserver/caddy v2.4.6 --> github.com/manifoldco/promptui 70ccd47
https://github.com/caddyserver/caddy/blob/v2.4.6/go.mod#L39
Background
Repo github.com/caddyserver/caddy at version v2.4.6 uses replace directive to pin dependency github.com/manifoldco/promptui to version 70ccd47.
According to Go Modules wikis, replace directives in modules other than the main module are ignored when building the main module.
It means such replace usage in dependency's go.mod cannot be inherited when building main module. And it turns out that sillygod/cdp-cache indirectly relies on manifoldco/promptui@v8.0.0, which is different from the pinned version caddyserver/caddy needed.
https://github.com/sillygod/cdp-cache/blob/master/go.mod(Line 77)
github.com/manifoldco/promptui v0.8.0 // indirecthttps://github.com/caddyserver/caddy/blob/v2.4.6/go.mod(line 39)
// avoid license conflict from juju/ansiterm until https://github.com/manifoldco/promptui/pull/181
// is merged or other dependency in path currently in violation fixes compliance
replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797It doesn't necessarily cause dependency issues. So this is just a reminder in the hope that you can notice such an inconsistency.
Solution
1. Bump the version of dependency github.com/caddyserver/caddy
You can upgrade github.com/caddyserver/caddy to a new release which has eliminated the use of the replace directive.
2. Add the same replace rule to your go.mod
replace github.com/manifoldco/promptui => github.com/nguyer/promptui v0.8.1-0.20210517132806-70ccd4709797Tips: Introduce replace directive may break go install and it can not be inherited by downstream projects.