Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential collision and risk from indirect dependence "github.com/gotestyourself/gotestyourself" #663

Open
KateGo520 opened this issue Aug 12, 2020 · 3 comments
Open

Potential collision and risk from indirect dependence "github.com/gotestyourself/gotestyourself" #663

KateGo520 opened this issue Aug 12, 2020 · 3 comments
Labels
bug Something isn't working

Comments

@KateGo520
Copy link

KateGo520 commented Aug 12, 2020
edited
Loading

Background

Repo ystia/yorc used the old path to import gotestyourself indirectly.
This caused that github.com/gotestyourself/gotestyourself and gotest.tools coexist in this repo:
https://github.com/ystia/yorc/blob/develop/go.mod (Line 52 & 118)

github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
gotest.tools v2.2.0+incompatible // indirect

That’s because the gotestyourself has already renamed it’s import path from "github.com/gotestyourself/gotestyourself" to "gotest.tools". When you use the old path "github.com/gotestyourself/gotestyourself" to import the gotestyourself, will reintroduces gotestyourself through the import statements "import gotest.tools" in the go source file of gotestyourself.

https://github.com/gotestyourself/gotest.tools/blob/v2.2.0/fs/example_test.go#L8

package fs_test
import (
	…
	"gotest.tools/assert"
	"gotest.tools/assert/cmp"
	"gotest.tools/fs"
	"gotest.tools/golden"
)

"github.com/gotestyourself/gotestyourself" and "gotest.tools" are the same repos. This will work in isolation, bring about potential risks and problems.

Solution

Add replace statement in the go.mod file:

replace github.com/gotestyourself/gotestyourself => gotest.tools v2.3.0

Then clean the go.mod.
@KateGo520 KateGo520 added the bug Something isn't working label Aug 12, 2020
@KateGo520
Copy link
Author

@stebenoist @loicalbertin Could you help me review this issue? Thx :p

@loicalbertin
Copy link
Member

Hi @KateGo520,

Thanks for opening this issue!

Repositories renaming is such painful for users!

Are you actually facing an issue on Yorc or is this really just about potential risks & problems?

Actually this dependency is transitively coming from a old version of Hashicorp Vault itself using an old version of github.com/ory/dockertest.

Using

replace github.com/gotestyourself/gotestyourself => gotest.tools v2.2.0

Is not that simple as we will face the pkg used for two different module paths issue so we will probably need to replace to another version like

replace github.com/gotestyourself/gotestyourself => gotest.tools v2.3.0

In fact github.com/ory/dockertest recently fixes in its v3 the issue by now using gotest.tools/v3.
To properly fix this, Vault should be updated to use github.com/ory/dockertest/v3 and we should upgrade to a newer version of Vault (which is planned in #619).

@KateGo520
Copy link
Author

KateGo520 commented Aug 13, 2020
edited
Loading

Thank you for your reply! @loicalbertin
Updating to a newer version of Vault sounds good to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@loicalbertin @KateGo520