Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indirect dependency github.com/blend/go-sdk v1.1.1 does not exist #64

Open
stevebriskin opened this issue Jul 1, 2022 · 6 comments
Open

Indirect dependency github.com/blend/go-sdk v1.1.1 does not exist #64

stevebriskin opened this issue Jul 1, 2022 · 6 comments

Comments

@stevebriskin
Copy link

I suspect that the library maintainers prepended "legacy-" to versions before changing the versioning scheme. At the least, this dependency should be updated to legacy-v1.1.1.
@pjebs
Copy link
Collaborator

pjebs commented Jul 1, 2022

If it's indirect, how can I control it?

@stevebriskin
Copy link
Author

stevebriskin commented Jul 1, 2022 via email

This was referenced Oct 3, 2022
Open
Open
@MarkieMark
Copy link

MarkieMark commented Oct 3, 2022
edited

to clarify what Steve said, adding

replace (
	github.com/blend/go-sdk v1.1.1 => github.com/blend/go-sdk legacy-v1.1.1
)

to your go.mod works; however there is now a new dependency error

go: github.com/sjwhitworth/golearn@v0.0.0-20211014193759-a8b69c276cd8 requires
	github.com/rocketlaunchr/dataframe-go@v0.0.0-20201007021539-67b046771f0b requires
	github.com/cnkei/gospline@v0.0.0-20191204072713-842a72f86331: invalid version: unknown revision 842a72f86331

that needs a more involved replace directive

github.com/cnkei/gospline v0.0.0-20191204072713-842a72f86331 => github.com/cnkei/gospline v0.0.0-20191204052713-d67fac29a294

@pjebs
Copy link
Collaborator

pjebs commented Oct 5, 2022

I've never been able to reproduce this issue. That's why this issue has been kept open.

@MarkieMark
Copy link

I'm working in Fedora 36 with (as far as I recall) a basically vanilla .rpm go; a $ go get github.com/sjwhitworth/golearn from a Fedora 36 virtual machine should behave similarly

@stevebriskin
Copy link
Author

stevebriskin commented Oct 5, 2022
edited

We encountered it after configuring our project for dependabot in github. Dependabot runs failed fetching blend.
Our theory is that go get uses a proxy by default which caches blend v1.1.1 even though the tag has been renamed to legacy-v1.1.1. To repro, we ran go get without a proxy GONOSUMDB=* GONOPROXY=* go get -x github.com/blend/go-sdk@v1.1.1 which led to "unknown revision" errors. So... things currently work but presumably only because there's a proxy that caches this old tag, which is flaky.

Per https://proxy.golang.org/:

Whenever possible, the mirror aims to cache content in order to avoid breaking builds for people that depend on your package, so this bad release may still be available in the mirror even if it is not available at the origin. The same situation applies if you delete your entire repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MarkieMark @stevebriskin @pjebs