-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions #3320
Conversation
So we are not impacted by this one iiuc as v1.0.4 is same as v1.0.2? Not sure why we need to bump this indirect dep then? Do you know which module brings this indirect dep?
What do you mean by that? |
v1.0.4 is the same as v1.0.3, but v1.0.2 is broken, but not retracted, which means that someone using buildkit as dependency may accidentally use
Arf.. opened PRs across multiple repos, forgot to update the commit message; let me fix.
Many, unfortunately, so updating them all takes a while to get the bad minimum version out, which is why we should bump the version ahead; go mod graph | grep ' github.com/matttproud/golang_protobuf_extensions'
github.com/moby/buildkit github.com/matttproud/golang_protobuf_extensions@v1.0.2
github.com/containerd/containerd@v1.6.10 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/containerd/nydus-snapshotter@v0.3.1 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/prometheus/client_golang@v1.14.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/common@v0.37.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
k8s.io/component-base@v0.22.5 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/prometheus/common@v0.30.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/containerd/containerd@v1.6.9 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
k8s.io/component-base@v0.20.6 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/prometheus/common@v0.26.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
k8s.io/component-base@v0.20.1 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/prometheus/common@v0.6.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/common@v0.32.1 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/common@v0.10.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
k8s.io/component-base@v0.20.4 github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369
github.com/prometheus/common@v0.4.1 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/docker/distribution@v0.0.0-20190905152932-14b96e55d84c github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/common@v0.4.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/tsdb@v0.7.1 github.com/matttproud/golang_protobuf_extensions@v1.0.1
go.opencensus.io@v0.18.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
github.com/prometheus/common@v0.2.0 github.com/matttproud/golang_protobuf_extensions@v1.0.1
go.opencensus.io@v0.19.1 github.com/matttproud/golang_protobuf_extensions@v1.0.1 |
This module made a whoopsie, and updated to `google.golang.org/protobuf` in a patch release, but `google.golang.org/protobuf` is not backward compatible with `github.com/golang/protobuf`. Updating the minimum version to v1.0.4 which corrects this, to prevent users of buildkit as a module from accidentally pulling in the wrong version: - v1.0.3 switched to use `google.golang.org/protobuf`; https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.2..v1.0.3 - This was reverted in v1.0.4 (which is the same as v1.0.2); https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.3..v1.0.4 - And a `v2` was created instead; https://github.com/matttproud/golang_protobuf_extensions/releases/tag/v2.0.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
9438b87
to
64484e6
Compare
fixed the commit message |
This module made a whoopsie, and updated to
google.golang.org/protobuf
in a patch release, butgoogle.golang.org/protobuf
is not backward compatible withgithub.com/golang/protobuf
.Updating the minimum version to v1.0.4 which corrects this, to prevent users of buildkit as a module from accidentally pulling in the wrong version:
google.golang.org/protobuf
; https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.2..v1.0.3v2
was created instead; https://github.com/matttproud/golang_protobuf_extensions/releases/tag/v2.0.0