Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too many duplicate dependencies in go.mod #1057

Closed
DemiMarie opened this issue Aug 20, 2022 · 4 comments · Fixed by #1058
Closed

Too many duplicate dependencies in go.mod #1057

DemiMarie opened this issue Aug 20, 2022 · 4 comments · Fixed by #1058
Milestone
v0.49.0

Comments

@DemiMarie
Copy link

Current cloudflare-go version

ebb2785

Description

cloudflare-go seems to depend on 35 versions of cloud.google.com/go, six of cloud.google.com/go/bigquery, five of github.com/BurntSushi/toml, and many other duplicate versions.

Use cases

The main use-case is containers that want to minimize dependency footprints.

Potential cloudflare-go usage

// N/A, this is a meta issue

References

No response
@jacobbednarz
Copy link
Member

I gather you're talking about the go.sum file in which case, this is expected.

@jacobbednarz jacobbednarz closed this as not planned Won't fix, can't repro, duplicate, stale Aug 20, 2022
@DemiMarie
Copy link
Author

I gather you're talking about the go.sum file in which case, this is expected.

I see. Does this mean that some dependencies have not updated to newer versions of their dependencies?

If so, this is not a serious problem unless one of those transitive dependencies has a security hole or other major flaw. It does, however, lead to an unnecessarily bloated binary.

@jacobbednarz
Copy link
Member

not necessarily. the checksum file contains the hashes of all versions seen for a dependency and it's dependants.

there was some discussion about splitting the package at #1025 to split the runtime/dev dependencies however, it's not a huge priority at the moment.

jacobbednarz added a commit to jacobbednarz/cloudflare-go that referenced this issue Aug 22, 2022
@jacobbednarz
tools: move tools to internal package and tighten up dependencies
ee063b0 
This commit does two things:

1) Moves all tooling related dependencies and functionality into `internal/` to
mark the code as not intended to be used outside of the package (which I found
forks doing 🤦)
2) Reduces the dependency footprint for library-only use.

Fixes cloudflare#1057
Fixes cloudflare#1025
@jacobbednarz jacobbednarz mentioned this issue Aug 22, 2022
Merged
jacobbednarz added a commit to jacobbednarz/cloudflare-go that referenced this issue Aug 22, 2022
@jacobbednarz
tools: move tools to internal package and tighten up dependencies
05bd28f 
This commit does two things:

1) Moves all tooling related dependencies and functionality into `internal/` to
mark the code as not intended to be used outside of the package (which I found
forks doing 🤦)
2) Reduces the dependency footprint for library-only use.

Fixes cloudflare#1057
Fixes cloudflare#1025
@github-actions github-actions bot added this to the v0.49.0 milestone Aug 22, 2022
@github-actions
Copy link
Contributor

This functionality has been released in v0.49.0.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.49.0
Development

Successfully merging a pull request may close this issue.

tools: move tools to internal package and tighten up dependencies jacobbednarz/cloudflare-go
2 participants
@jacobbednarz @DemiMarie