netns icon indicating copy to clipboard operation
netns copied to clipboard

Published 20 hours ago verified publisher icon vishvananda

Bump golang.org/x/sys from 0.2.0 to 0.4.0

Open dependabot[bot] opened this issue 2 years ago • 5 comments

Bumps golang.org/x/sys from 0.2.0 to 0.4.0.

Commits
  • b60007c unix: add Uvmexp and SysctlUvmexp for NetBSD
  • b751db5 unix: gofmt hurd files after CL 459895
  • b360406 unix: support TIOCGETA on GNU/Hurd
  • 3086868 unix: regen on OpenBSD 7.2
  • 2b11e6b unix: remove Mclpool from openbsd types
  • 7c6badc unix: convert openbsd/mips64 to direct libc calls
  • 3b1fc93 unix: avoid allocations for common uses of Readv, Writev, etc.
  • 2204b66 cpu: parse /proc/cpuinfo on linux/arm64 on old kernels when needed
  • 72f772c unix: offs2lohi should shift by bits, not bytes
  • cffae8e unix: add ClockGettime on *bsd and solaris
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Jan 13 '23 18:01 dependabot[bot]

Let's wait til #62 merged and use this PR to ensure the new CI pipeline works as expected...

jeffwidman avatar Jan 13 '23 18:01 jeffwidman

I'm slightly on the fence if its good to update these dependencies to "latest", as this module only uses a very minimal subset of golang.org/x/sys. Go modules were designed to specify the minimum required version (consumers of the module may decide to update to a more current version). Updating the version to latest also forces all consumers of this module to update, and those consumers may be using a way larger part of golang.org/x/sys; forcing them to update can be problematic in some cases.

thaJeztah avatar Jan 13 '23 19:01 thaJeztah

True, I completely forgot I was working on a library and not an app when I wrote ☝️. We shouldn't bump... if anything we should go back to v0.1.0... but doesn't seem to buy us much given https://github.com/vishvananda/netns/pull/64#issuecomment-1382345118, so not worth taking the time to do that unless someone complains IMO.

jeffwidman avatar Jan 13 '23 20:01 jeffwidman

I think it's good to have a tagged version; even though most projects will already be on a more current version, it's easier to get a grasp based on a version than on a pseudo-version.

That said; given that this is a library indeed, perhaps we should not automatically update versions (unless there's a strong reason), to allow consumers to decide wether or not updates of golang/x/sys are needed or not.

One of the reasons for that is that, unfortunately, the Go project itself is currently practicing "do as we say, not as we do" 😓 . Where previously they would (reasonably) reject updating dependencies if there was no reason for updating, they now started to masquerade CalVer as SemVer, and "just do automate releases and update everything". While their modules are generally of good quality, it does cause a lot of code-churn, and all risks involved with that (and not all project may have the luxury of inventing custom hacks, like // tagx:compat, // tagx:ignore to work around issues related to that).

</rant> 😅.

thaJeztah avatar Jan 14 '23 11:01 thaJeztah

A newer version of golang.org/x/sys exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

dependabot[bot] avatar Feb 13 '23 18:02 dependabot[bot]