You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 9, 2020. It is now read-only.
dep init adds caret-style constraints for all the direct dependencies it finds, and dep ensure -add does this as well. This seems to make sense — I want a version that’s at least as new as the first version I started using, and I want to stay within the major version so I don’t get breaking changes. I also want to avoid pre-release versions unless I specifically opt-in to them.
Should I try to enforce that my team’s .toml files have constraints for every direct dependency package? If so, can dep do that for me? Should dep ensure [-update] (without -add) add this kind of constraint when it finds a new dependency?
The text was updated successfully, but these errors were encountered:
@carolynvs I had noticed that dep ensure -add errors out instead of adding a constraint when there's an already-imported package, so I do support having it just add the dependency . 👍
That probably gets me most of the way there. Per my first question about enforcing constraints, I'm thinking of a hook that validates that all non-standard-library imports have constraints in Gopkg.toml, so that script could print out You should run dep ensure -add $package.
It might be nice to have a way to blanket-add constraints for all direct dependencies, though. I'd like to know whether the project owners agree that this would be a good default behavior. If it's too much to change the default behavior of dep ensure to do this, we could add it under a flag. Maybe dep ensure -add with no package argument could just do that.
I written a small application just to check this, which forces our build to fail and therefore, the developer to include them manually. In case it's useful for you as it was for us.
Dep was officially deprecated earlier this year, and the proposal to archive this repository was accepted. As such, I'm closing outstanding issues before archiving the repository. For any further comments, please use the proposal thread on the Go issue tracker. Thanks!
dep init
adds caret-style constraints for all the direct dependencies it finds, anddep ensure -add
does this as well. This seems to make sense — I want a version that’s at least as new as the first version I started using, and I want to stay within the major version so I don’t get breaking changes. I also want to avoid pre-release versions unless I specifically opt-in to them.Should I try to enforce that my team’s
.toml
files have constraints for every direct dependency package? If so, candep
do that for me? Shoulddep ensure [-update]
(without-add
) add this kind of constraint when it finds a new dependency?The text was updated successfully, but these errors were encountered: