Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dependency cycle with objx #1292 #1453

Merged
merged 2 commits into from
Jan 21, 2024
Merged

Fix dependency cycle with objx #1292 #1453

merged 2 commits into from
Jan 21, 2024

Conversation

dolmen
Copy link
Collaborator

@dolmen dolmen commented Aug 9, 2023
edited

Summary

Fix dependency cycle with module github.com/stretchr/objx (which depends on testify).

Changes

$ go get github.com/stretchr/objx@v0.5.1
$ go mod tidy
$ go mod edit -exclue=github.com/stretchr/testify@v1.8.2
$ go mod tidy

Motivation

  • Cleanup circular dependency.
  • Remove old versions of our dependencies (some had security issues) from the dependency tree. They were still referenced in go.mod (even if not used in practice) and so some security checkers incorrectly reported issues.

Related issues

@dolmen
deps: upgrade objx to v0.5.1 to fix dep cycle
975128c 
See stretchr/objx#140

go get github.com/stretchr/objx@v0.5.1
@dolmen
deps: exclude old testify to break the dependency cycle from objx
838caea 
In go.mod exclude the old version of testify brought by objx. This
allows to break the dependency cycle and completely remove the
dependency link to old versions of dependencies (some of which had
security issues).

Closes #1292.

go mod edit -exclude=github.com/stretchr/testify@v1.8.2 && go.mod
@dolmen dolmen self-assigned this Aug 9, 2023
@dolmen dolmen mentioned this pull request Aug 9, 2023
Closed
@dolmen dolmen added the dependencies Pull requests that update a dependency file label Oct 10, 2023
@peymanmortazavi
Copy link

LGTM 🙏

peymanmortazavi
peymanmortazavi approved these changes Oct 12, 2023
View reviewed changes
Copy link

@peymanmortazavi peymanmortazavi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🙏

@dolmen dolmen added the hacktoberfest-accepted Hacktoberfest label Oct 16, 2023
@dolmen
Copy link
Collaborator Author

dolmen commented Nov 1, 2023

Following my announcement on Slack, I'm pinging all other co-maintainers.

@MovieStoreGuy MovieStoreGuy merged commit 12f05f7 into master Jan 21, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peymanmortazavi peymanmortazavi peymanmortazavi approved these changes

@hanzei hanzei hanzei approved these changes

@MovieStoreGuy MovieStoreGuy MovieStoreGuy approved these changes

@ernesto-jimenez ernesto-jimenez Awaiting requested review from ernesto-jimenez

@DAddYE DAddYE Awaiting requested review from DAddYE

@mazondo mazondo Awaiting requested review from mazondo

@matryer matryer Awaiting requested review from matryer

@glesica glesica Awaiting requested review from glesica

@georgelesica-wf georgelesica-wf Awaiting requested review from georgelesica-wf

@bencampbell-wf bencampbell-wf Awaiting requested review from bencampbell-wf

@boyan-soubachov boyan-soubachov Awaiting requested review from boyan-soubachov

Assignees

@dolmen dolmen

Labels
dependencies Pull requests that update a dependency file hacktoberfest-accepted Hacktoberfest
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dolmen @peymanmortazavi @hanzei @MovieStoreGuy