You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While reviewing dependencies on some other poject, i found this one was somewhat suffering from a recurrent update policy which is good security practice in general.
a go get -u reveals the following updates are pending:
Thank you for your interest in the maintenance of memberlist!
Since memberlist is a library (not an application), and Go modules use minimum version selection, I believe it is generally a good practice to leave the required versions at the lowest viable version. The versions in the memberlist go.mod are only really relevant for running the tests in this repository.
Any application that uses memberlist should require more recent versions. Updating the go.mod file in this repo to the latest version of everything could make it more difficult to use memberlist. It would mean that someone updating memberlist would be forced to update a lot more dependencies.
If there are specific security problems or bug fixes in our dependencies that impact memberlist , we should definitely update the minimum supported version. Otherwise I think it is better for consumers to leave them as-is.
Getting this error
go: github.com/armon/go-metrics@v0.5.1: parsing go.mod:
module declares its path as: github.com/hashicorp/go-metrics
but was required as: github.com/armon/go-metrics
While reviewing dependencies on some other poject, i found this one was somewhat suffering from a recurrent update policy which is good security practice in general.
a
go get -u
reveals the following updates are pending:The text was updated successfully, but these errors were encountered: