-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the version of go-restful
to 2.16.0
#8092
Conversation
/cc |
@@ -71,6 +71,7 @@ require ( | |||
) | |||
|
|||
replace ( | |||
github.com/emicklei/go-restful => github.com/emicklei/go-restful v2.16.0+incompatible |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This cause that dependencies that use go-restful
to use the library locally ( locally we use v2.16.0 )
without it go-restful-openapi
and other libraries use old versions of go-restful
found the solutions in here:
https://stackoverflow.com/questions/69825533/why-does-go-sum-include-so-many-older-packages
and here some information about replace:
https://thewebivore.com/using-replace-in-go-mod-to-point-to-your-local-module/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went through your references but I am not sure what I should focus on. Can you be more specific? I think what you are looking for and what will contradict is how Go selects the library version it should use (ref )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Will update soon
/retest |
1 similar comment
/retest |
2899064
to
4f4aa6e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: xpivarc The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer if the git log history is populated with meaningful commit messages.
Please consider adding the details of why this change is done to the commit message as well.
/retest |
It's a bit off-topic for this PR :) but I'm having hard time to understand why this matters. PR description is way more readable, can update after the PR merges, can contain images, proper links and so on. How would we benefit from duplicating this description into the commit messages? Especially when the PR description updates and the commit message doesn't (this can also happen before the PR merges - it's easy to remember to update the PR and forget updating the commit messages). Also, when you I know it's an unpopular opinion, but I honestly don't think that saving a few seconds of searching the PR number in github is worth duplicating description that later can contradict or at least be different then what's explained at the PR. |
@EdDev
If we would just add the PR description, then we would have a way of having these descriptions inside git log. |
There are the regular "do not depend on the provider, it will lock you in even to learn about the history". Requiring me to have internet access, open a browser, copy paste the commit sha, search for it on GitHub and then reach the relevant PR is work I would prefer to avoid. (I am sure there are other ways to do this) I think it is more accurate to place the knowledge in the VCS and not in the provider. Additionally, when there are several commits in a PR, this also assists in the review process, to understand what the commit intention, so that it can be compared with what was actually done. I think the effort is not that high, I just copy the commit message content to the PR.
Merge commits are a different beast, I personally do not like this merge strategy which messes the history (IMO). |
4f4aa6e
to
6b738e6
Compare
Because of a security issue in go-restful v2.15.0 emicklei/go-restful#503 Signed-off-by: bmordeha <bmodeha@redhat.com>
6b738e6
to
2cbc394
Compare
@EdDev Done. |
I understand your point, and I think your opinion is way more popular, but I still don't agree with it :) If we copy the PR description to our merge commits you're not dependent on internet connection etc. And to be honest, the case of working without an opened browser and an internet connection is very very very rare (if ever happened at all), at least for me. By the way, I also use git blame a lot. I usually go straight to the PR description, then starting to look at the relevant commits I need. But if the PR description is good enough, I usually don't need anything except for the commit title. There are cases where implementation details and such are important at the commit itself, but it's pretty rare in my opinion. In any case, these details should usually reside only at the commit level and not the PR description.
It happens quite a lot that the implementation changes after some review comments. In these cases I often squash commits, reverse their order, and this would cause me to change the description as well. Instead, I find it a lot more comfortable to have the description of the whole PR (which is a cohesive unit) at the PR level. But we can agree to disagree on that :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
/retest |
1 similar comment
/retest |
/retest-required |
/hold for getting the clone fix PR in FYI @brianmcarey |
/unhold |
/unhold |
/retest-required |
1 similar comment
/retest-required |
/retest |
@Barakmor1: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/retest-required |
/cherrypick release-0.49 |
@Barakmor1: #8092 failed to apply on top of branch "release-0.49":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-0.53 |
@Barakmor1: new pull request created: #8108 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Original PR: kubevirt#8092 Because of a security issue in go-restful v2.15.0 Signed-off-by: bmordeha <bmodeha@redhat.com>
Bump the version of `go-restful` to 2.16.0 Because of a security issue in go-restful v2.15.0 Signed-off-by: bmordeha <bmodeha@redhat.com>
Original PR: kubevirt#8092 Because of a security issue in go-restful v2.15.0 Signed-off-by: bmordeha <bmodeha@redhat.com> (cherry picked from commit e74ac10) Signed-off-by: Jed Lejosne <jed@redhat.com>
Signed-off-by: bmordeha bmodeha@redhat.com
What this PR does / why we need it:
Bump the version of emicklei/go-restful from 2.15.0 to 2.16.0 to fix emicklei/go-restful#493
See emicklei/go-restful#489 (comment).
(emicklei/go-restful#503)
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
Modified files ( not auto generated ) :
go.mod
staging/src/kubevirt.io/client-go/go.mod
Release note: