Bump golang.org/x/sys from 0.2.0 to 0.4.0#63
Conversation
dependabot
bot
added
the
dependencies
|
Let's wait til #62 merged and use this PR to ensure the new CI pipeline works as expected... |
|
I'm slightly on the fence if its good to update these dependencies to "latest", as this module only uses a very minimal subset of golang.org/x/sys. Go modules were designed to specify the minimum required version (consumers of the module may decide to update to a more current version). Updating the version to latest also forces all consumers of this module to update, and those consumers may be using a way larger part of golang.org/x/sys; forcing them to update can be problematic in some cases. |
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.2.0 to 0.4.0. - [Release notes](https://github.com/golang/sys/releases) - [Commits](golang/sys@v0.2.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/go_modules/golang.org/x/sys-0.4.0
branch
from
6161b5d to
c6c9d6a
Compare
|
True, I completely forgot I was working on a library and not an app when I wrote ☝️. We shouldn't bump... if anything we should go back to |
|
I think it's good to have a tagged version; even though most projects will already be on a more current version, it's easier to get a grasp based on a version than on a pseudo-version. That said; given that this is a library indeed, perhaps we should not automatically update versions (unless there's a strong reason), to allow consumers to decide wether or not updates of golang/x/sys are needed or not. One of the reasons for that is that, unfortunately, the Go project itself is currently practicing "do as we say, not as we do" 😓 . Where previously they would (reasonably) reject updating dependencies if there was no reason for updating, they now started to masquerade CalVer as SemVer, and "just do automate releases and update everything". While their modules are generally of good quality, it does cause a lot of code-churn, and all risks involved with that (and not all project may have the luxury of inventing custom hacks, like
|
jeffwidman
left a comment
jeffwidman
left a comment
There was a problem hiding this comment.
Let's hold off on this for a while for reasons discussed ☝️
|
A newer version of golang.org/x/sys exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
It's probably fine to bump to this newer version now. |
2 participants
Bumps golang.org/x/sys from 0.2.0 to 0.4.0.
Commits
b60007cunix: add Uvmexp and SysctlUvmexp for NetBSDb751db5unix: gofmt hurd files after CL 459895b360406unix: support TIOCGETA on GNU/Hurd3086868unix: regen on OpenBSD 7.22b11e6bunix: remove Mclpool from openbsd types7c6badcunix: convert openbsd/mips64 to direct libc calls3b1fc93unix: avoid allocations for common uses of Readv, Writev, etc.2204b66cpu: parse /proc/cpuinfo on linux/arm64 on old kernels when needed72f772cunix: offs2lohi should shift by bits, not bytescffae8eunix: add ClockGettime on *bsd and solarisYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)