Updating dependency versions + cleanup #881
Conversation
Signed-off-by: Sivabalan Thirunavukkarasu <[email protected]>
| google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= | ||
| google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= | ||
| google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= | ||
| google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= |
There was a problem hiding this comment.
This feels very unnecessary. Can you describe what you did? Can you try to remove go.sum and run go mod tidy?
There was a problem hiding this comment.
Thanks for the quick review @bwplotka. Dependency on prometheus/common 0.26.0 added a bunch of older dependencies (some of them with known vulnerabilities) in dependency tree generated for go-kit 0.10.0.
So all I did was update the version of prometheus/common to 0.29.0 and run go mod tidy after removing go.sum.
Did that again as per your suggestion and there is no change in the generated go.sum.
There was a problem hiding this comment.
I think this is mostly because of the circular dependency between common and client_golang.
There was a problem hiding this comment.
Yeah, known issue with Go Modules dependency resolution. None of this code will be compiled
|
Anything else to be done here? |
Please review @bwplotka @kakkoyun and merge.