We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I want to delete dependencies on github.com/satori/go.uuid because it is vulnerable.
# master branch of https://github.com/jackc/pgx $ pwd /home/go/src/github.com/pgx $ go mod graph | grep satori github.com/jackc/[email protected] github.com/satori/[email protected] github.com/jackc/pgx/[email protected] github.com/satori/[email protected] github.com/jackc/[email protected] github.com/satori/[email protected] github.com/jackc/pgx/[email protected] github.com/satori/[email protected] github.com/jackc/[email protected] github.com/satori/[email protected] github.com/jackc/pgx/[email protected] github.com/satori/[email protected]
But, maybe we cannot do that because there are cyclic dependencies between modules as below(this is part of go mod graph outputs) .
go mod graph
github.com/jackc/pgx/v4 -> github.com/jackc/[email protected] -> github.com/jackc/[email protected] -> github.com/jackc/[email protected] -> github.com/jackc/[email protected] -> github.com/satori/[email protected]
github.com/jackc/pgmock depends on github.com/jackc/pgconn, and vice versa. github.com/jackc/pgx depends on github.com/jackc/pgtype, and vice versa.
I don't fully understand, but I think we cannot delete dependencies on older versions completely even if update module like #5.
Am I right? If yes, do you have any plan to resolve this?
Related Issues:
The text was updated successfully, but these errors were encountered:
No branches or pull requests
I want to delete dependencies on github.com/satori/go.uuid because it is vulnerable.
But, maybe we cannot do that because there are cyclic dependencies between modules as below(this is part of
go mod graphoutputs) .github.com/jackc/pgmock depends on github.com/jackc/pgconn, and vice versa.
github.com/jackc/pgx depends on github.com/jackc/pgtype, and vice versa.
I don't fully understand, but I think we cannot delete dependencies on older versions completely even if update module like #5.
Am I right?
If yes, do you have any plan to resolve this?
Related Issues:
The text was updated successfully, but these errors were encountered: