getsentry / sentry-go

The official Go SDK for Sentry (sentry.io)

Home Page:https://docs.sentry.io/platforms/go/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

v0.26.0 out of date

UnaffiliatedCode opened this issue · comments

required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

Looking to get the version updated to v1.0.26.

Issue was easy to resolve by updating github.com/kataras/iris/v12 within ./iris/sentryiris.go

Example update available:
#766

I see there have been previous issues with a 1.21 update.

You can bump iris in your own application.

We utilize this library in our application, can you advise on how to update iris without requiring this module to be updated? I'm not aware of a means to skip/force a dependency version.

image

I'm not able to reproduce the issue you are seeing.

Steps to Replicate

Step 1: create a hello world project
Step 2: add a unit test which uses getsentry/sentry-go (purely for simplicity, can be in the native app)
Step 3: Install GORELEASE to generate semantic versioning
Step 4: run gorelease on your application:

Install GORELEASE

go install golang.org/x/exp/cmd/gorelease@latest

Running on your APP (same directory as the go.mod)

      # gorelease requires a clean working directory, create directory for
      # generated files
    - export OUTDIR=$(mktemp -d)
    - gorelease > $OUTDIR/gorelease.out

In the provided MR, i provided a message on the commit to help outline this. Please advise if this requires further clarity.

Test Output

Local Minified APP

Here's my output:

C:\sentryApp> gorelease 
# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

# summary
Inferred base version: v0.1.0
Suggested version: v0.1.1

V0.26.0 of this library

When i run it on the current release of this library (824589b):

PS C:\GoProjects\public\sentry-go> gorelease  
# diagnostics
required module github.com/microcosm-cc/bluemonday@v1.0.23 retracted by module author: Retract older versions as only latest is to be depended upon

# summary
Inferred base version: v0.26.0
Suggested version: v0.26.1

After this change

linked PR:
#766

PS C:\GoProjects\public\sentry-go> gorelease
# github.com/getsentry/sentry-go/iris
## incompatible changes
New: changed from func(Options) github.com/kataras/iris/v12/context.Handler to func(Options) func(*github.com/kataras/iris/v12/context.Context)

# summary
Inferred base version: v0.26.0
Suggested version: v0.27.0

As part of this change, due to a change in IRIS it's recommend a change in minor version number as opposed to a patch increment.

I am also receiving unit test failures on the profiler tests, however they dont appear to be related (Happens PRE and POST the recommended change).
image

@cleptric , anything we can do to re-open this ticket?

We no longer bump the baseline of dependencies.
If you do not use iris, graph pruning should not compile iris into the binary, if you use iris, you can update it in your application.

If you do not use iris, graph pruning should not compile iris into the binary, if you use iris, you can update it in your application.

In the replication steps above I was not using IRIS, just a simple hello world and a unit test, I was able to replicate the issue, even with iris updated locally, the sentry dependency still loads. Maybe I am doing it wrong, but documenting the solution within the issue might help future readers. I do not know of a command to do what you're asking, and stackover/google isn't providing any results. Please advise.

Regarding the visibility of the retraction

If you'd like, the following will allow you to view retracted & deprecated libraries used:

go list -u -m all
github.com/getsentry/sentry-go
...
github.com/golang-jwt/jwt v3.2.2+incompatible
github.com/golang/protobuf v1.5.2 [v1.5.3] (deprecated)
...
github.com/iris-contrib/go.uuid v2.0.0+incompatible
...
github.com/microcosm-cc/bluemonday v1.0.23 (retracted) [v1.0.26]
...
github.com/schollz/closestmatch v2.1.0+incompatible
...

I've removed a bunch of lines (replaced with "...") to help with readability.