This sort of use-case is pretty much exactly what the exclude directive is for. (See https://tip.golang.org/cmd/go/#hdr-The_go_mod_file.)
In your go.mod file, add a directive like: exclude github.com/vendor/package v1.3.0 In the meantime, send a PR or file an issue with github.com/vendor/package to fix the bug. Once it's fixed, you can run go get github.com/vendor/package@$COMMIT at whatever commit fixed the bug in order to upgrade past it; then you can remove the exclude directive. On Monday, July 15, 2019 at 2:14:22 PM UTC-4, Pantelis Sampaziotis wrote: > > Hi, > > I would like to ask if there is a functionality similar to apt-mark hold > (which prevents package from being automatically installed, upgraded or > removed) in go modules. > > The case I have is that after updating a package from 1.2.2 to 1.3.0, a > bug was introduced which can break the app in some cases edge cases (when > parsing specific json responses) on runtime. > > I want to lock down the version to 1.2.2 and make sure that this package > is not updated when someone runs go get -u until the bug is fixed. > > It seems the replace directive > https://github.com/golang/go/wiki/Modules#when-should-i-use-the-replace-directive > provides > similar functionality: > > replace github.com/vendor/package => github.com/vendor/package v1.2.2 > > Is this the correct way? Is there any other solution? > > thank you > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/205161bf-1742-4c7f-a5c2-f2935d533b86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.