Skip to content

Update modules to reduce dependency tree.#111

Closed
creack wants to merge 1 commit intomasterfrom
creack/update-modules
Closed

Update modules to reduce dependency tree.#111
creack wants to merge 1 commit intomasterfrom
creack/update-modules

Conversation

@creack
Copy link
Copy Markdown

@creack creack commented Dec 20, 2024
edited
Loading

Run go get -u ./... && go mod tidy

Dep tree generating using modgraphviz / graphviz

go install golang.org/x/exp/cmd/modgraphviz@latest
brew install graphviz
go mod graph | modgraphviz | dot -Tpng -o graph.png

Before:

dot: graph is too large for cairo-renderer bitmaps. Scaling by 0.059917 to fit

Screenshot 2024-12-20 at 8 12 38 AM

After:

trace-after

@creack creack requested a review from rosstimothy December 20, 2024 14:15
@creack creack force-pushed the creack/update-modules branch from eca3982 to 6bcd43e Compare December 20, 2024 14:21
@creack creack force-pushed the creack/update-modules branch from 6bcd43e to 9105fa3 Compare December 20, 2024 14:29
rosstimothy
rosstimothy reviewed Dec 20, 2024
View reviewed changes
Comment thread go.mod
module github.com/gravitational/trace

go 1.15
go 1.22
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Dec 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is quite a large leap for a library, is this enforced on us by gRPC? Should we consider moving trail to another module or removing it altogether and vendoring it in teleport?

Copy link
Copy Markdown
Author

@creack creack Dec 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is enforce by Go. 1.23 will not run the tests for anything lower, complaining about go mod needed tidy and reverting back to 1.22.

Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy Jan 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm exploring removing trail, which pulls in grpc-go in #112. I cannot find any other consumers of the package outside of gravitational.

@codingllama
Copy link
Copy Markdown
Contributor

codingllama commented Jan 14, 2025

FYI, I've just landed #113 due to a CVE. It bumps /x/net, Go to 1.20 (required by testify) and a few indirects that also hit on CVEs. It also deletes a lot of lines from go.sum, so I think I've trimmed the dependencies as a side-effect in there.

@creack
Copy link
Copy Markdown
Author

creack commented Jan 15, 2025

Closing in favor of #113

@creack creack closed this Jan 15, 2025
@creack creack deleted the creack/update-modules branch January 15, 2025 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rosstimothy rosstimothy rosstimothy left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@creack @codingllama @rosstimothy