embedshim
embedshim copied to clipboard
fuweid
Dependency version warning
Dependency line:
github.com/fuweid/embedshim --> github.com/containerd/containerd --> github.com/urfave/cli
github.com/containerd/containerd v1.5.13 --> github.com/urfave/cli v1.22.1
https://github.com/containerd/containerd/blob/v1.5.13/go.mod#L119
Background
Repo github.com/containerd/containerd at version v1.5.13 uses replace directive to pin dependencygithub.com/urfave/cli to version v1.22.1.
According to Go Modules wikis, replace directives in modules other than the main module are ignored when building the main module.
It means such replace usage in dependency's go.mod cannot be inherited when building main module. And it turns out that fuweid/embedshim depends on urfave/[email protected], which is different from the pinned version containerd/containerd needed.
https://github.com/fuweid/embedshim/blob/unstable/go.mod(Line 19)
github.com/urfave/cli v1.22.2
https://github.com/containerd/containerd/blob/v1.5.13/go.mod(line 52&119)
github.com/urfave/cli v1.22.2
github.com/urfave/cli => github.com/urfave/cli v1.22.1
So this is just a reminder in the hope that you can notice such an inconsistency.
Solution
1. Bump the version of dependency github.com/containerd/containerd
You can try upgrading dependency github.com/containerd/containerd to a newer version, which may have eliminated the use of this directive.
2. Add the same replace rule to your go.mod
replace github.com/urfave/cli => github.com/urfave/cli v1.22.1
Closing because it looks like bot reply. Please feel free to reopen it if it is mistake.
It seems to relate to issue https://github.com/urfave/cli/issues/1092. I'm just giving a kind reminder entirely from the perspective of dependency analysis. It doesn't necessarily mean it will cause dependency issues to your project at now, but it might be better to update to a new fixed version of urfave/cli, say [v1.22.6 - v1.22.12]. Overall, it depends on your choice and there is nothing particularly serious.