From 3ebfa99f2c2403c17348e41190406892abf21d2a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 7 Mar 2019 19:35:04 +0400 Subject: [PATCH] do not pin repos without releases to exact revisions (#3382) We're pinning repos without releases because it's very easy to upgrade all the dependencies by executing dep ensure --upgrade. Instead, we should just never run this command directly, only dep ensure --upgrade . And we can defend that in PRs. Refs #3374 The problem with pinning to exact revisions: people who import Tendermint as a library (e.g. abci/types) are stuck with these revisions even though the code they import may not even use them. --- Gopkg.toml | 36 ++++++++---------------------------- 1 file changed, 8 insertions(+), 28 deletions(-) diff --git a/Gopkg.toml b/Gopkg.toml index c334ab71d..db97cb090 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -76,34 +76,14 @@ version = "^0.9.1" ################################### -## Some repos dont have releases. -## Pin to revision - -[[constraint]] - name = "github.com/btcsuite/btcd" - revision = "ed77733ec07dfc8a513741138419b8d9d3de9d2d" - -[[constraint]] - name = "golang.org/x/crypto" - revision = "505ab145d0a99da450461ae2c1a9f6cd10d1f447" - -[[override]] - name = "github.com/jmhodges/levigo" - revision = "c42d9e0ca023e2198120196f842701bb4c55d7b9" - -# last revision used by go-crypto -[[constraint]] - name = "github.com/btcsuite/btcutil" - revision = "d4cc87b860166d00d6b5b9e0d3b3d71d6088d4d4" - - -[[constraint]] - name = "github.com/rcrowley/go-metrics" - revision = "e2704e165165ec55d062f5919b4b29494e9fa790" - -[[constraint]] - name = "golang.org/x/net" - revision = "292b43bbf7cb8d35ddf40f8d5100ef3837cced3f" +## Repos which don't have releases. + +## - github.com/btcsuite/btcd +## - golang.org/x/crypto +## - github.com/jmhodges/levigo +## - github.com/btcsuite/btcutil +## - github.com/rcrowley/go-metrics +## - golang.org/x/net [prune] go-tests = true