go.mod: prune indirect gopkg.in/yaml.v3#250
Merged
AkihiroSuda merged 2 commits intocontainerd:mainfrom Oct 26, 2024
Merged
Conversation
gopkg.in/yaml.v3 is a transient dependency of testify;
go mod graph | grep ' gopkg.in/yaml.v3'
github.com/containerd/continuity gopkg.in/[email protected]
github.com/stretchr/[email protected] gopkg.in/[email protected]
Which is depended on through logrus;
go mod graph | grep ' github.com/stretchr/[email protected]'
github.com/sirupsen/[email protected] github.com/stretchr/[email protected]
The `v3.0.0-20200313102051-9f266ea9e77c` -> `v3.0.1` bump may have been either
a manual bump (to prevent an old version with CVEs), or possibly stuck after
it was updated indirectly. Go mod doesn't remove such lines automatically but
it doesn't add them back if you remove them manually, so let's remove it here.
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Member
Author
|
Actually; looks like the |
thaJeztah
commented
Oct 26, 2024
Comment on lines
-15
to
-21
| require ( | ||
| github.com/inconshreveable/mousetrap v1.0.0 // indirect | ||
| github.com/spf13/pflag v1.0.5 // indirect | ||
| golang.org/x/sys v0.7.0 // indirect | ||
| google.golang.org/protobuf v1.33.0 // indirect | ||
| ) | ||
|
|
Member
Author
There was a problem hiding this comment.
Hm... weird; it sometimes adds it, sometimes doesn't; let me try in a container
Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
remove_transient_deps
branch
from
5b0e722 to
3eb1ef4
Compare
Member
Author
|
Removing |
AkihiroSuda
approved these changes
Oct 26, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
gopkg.in/yaml.v3 is a transient dependency of testify;
Which is depended on through logrus;
The
v3.0.0-20200313102051-9f266ea9e77c->v3.0.1bump may have been either a manual bump (to prevent an old version with CVEs), or possibly stuck after it was updated indirectly. Go mod doesn't remove such lines automatically but it doesn't add them back if you remove them manually, so let's remove it here.