-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/tools/gopls: broken build with x/vuln@latest #59837
Comments
@bcmills can you tell us more why is labelled "soon"? The x/vuln API is not stable at all and our intention was not to update x/vuln dependency until a new API becomes available and we migrate to the new one. |
If this is WAI, I propose that we close this issue. |
Even unstable dependencies have points of stability. That means that if critical bugs or vulnerabilities are found and patched in If |
I really don't understand this perspective, given that we own both projects. They are versioned together, and any critical bugfix would need to be fixed in both x/vuln and gopls. We have this responsibility. Bryan, is your point that they have diverged too much for this to be feasible in a timely manner? In that case, I would defer to @hyangah and @julieqiu to decide. |
Yes — that, and that the divergence adds friction for testing and maintenance in other ways. For example:
|
x/vuln is currently actively working on API finalization. The API is significantly different and the current mode is an alternative to copying or vendoring the whole repo. This will be addressed in a couple of months, so let's not worry about this. |
This is the milestone for x/vuln API work https://github.com/golang/go/milestone/308 |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes; it also reproduces with CL 471595 patched in.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
What did you expect to see?
Dependencies of
gopls
successfully updated to their latest versions.What did you see instead?
The missing packages were moved in CL 475015.
(attn @hyangah @julieqiu; CC @findleyr @adonovan)
The text was updated successfully, but these errors were encountered: