Making sure constraints exist for all direct dependencies #1654
Comments
|
@carolynvs I had noticed that That probably gets me most of the way there. Per my first question about enforcing constraints, I'm thinking of a hook that validates that all non-standard-library imports have constraints in It might be nice to have a way to blanket-add constraints for all direct dependencies, though. I'd like to know whether the project owners agree that this would be a good default behavior. If it's too much to change the default behavior of |
|
I written a small application just to check this, which forces our build to fail and therefore, the developer to include them manually. In case it's useful for you as it was for us. |
|
Dep was officially deprecated earlier this year, and the proposal to archive this repository was accepted. As such, I'm closing outstanding issues before archiving the repository. For any further comments, please use the proposal thread on the Go issue tracker. Thanks! |
dep initadds caret-style constraints for all the direct dependencies it finds, anddep ensure -adddoes this as well. This seems to make sense — I want a version that’s at least as new as the first version I started using, and I want to stay within the major version so I don’t get breaking changes. I also want to avoid pre-release versions unless I specifically opt-in to them.Should I try to enforce that my team’s
.tomlfiles have constraints for every direct dependency package? If so, candepdo that for me? Shoulddep ensure [-update](without-add) add this kind of constraint when it finds a new dependency?The text was updated successfully, but these errors were encountered: