I am having a problem with go.mod. I'm using go 1.13.4 and you can easily replicate what I'm seeing.
I am trying to convert https://github.com/RobustPerception/nrpe_exporter from vendor/vendor.json to go.mod. Here's how I start: $ git clone https://github.com/RobustPerception/nrpe_exporter $ cd nrpe_exporter $ go mod init github.com/RobustPerception/nrpe_exporter go: creating new go.mod: module github.com/RobustPerception/nrpe_exporter go: copying requirements from vendor/vendor.json go: converting vendor/vendor.json: stat github.com/go-kit/log@: unknown revision $ cat go.mod module github.com/RobustPerception/nrpe_exporter go 1.13 require ( github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf github.com/go-kit/kit v0.5.1-0.20170917202734-0d313fb5fb3a github.com/go-logfmt/logfmt v0.3.0 github.com/go-stack/stack v1.6.0 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 github.com/pkg/errors v0.8.1-0.20170910134614-2b3a18b5f0fb *github.com/prometheus/common v0.0.0-20170908161822-2f17f4a9d485* gopkg.in/alecthomas/kingpin.v2 v2.2.5 ) That looks fine up to this point. Note in particular how a specific old version of prometheus/common from 2017 has been selected - highlighted. However, the next step is to type "go build ./...", and as soon as I do that, the dependencies are changed to point to newer versions of those libraries. $ go build ./... go: finding github.com/aperum/nrpe latest # github.com/RobustPerception/nrpe_exporter ./nrpe_exporter.go:124:37: cannot use &allowedLevel (type *promlog.AllowedLevel) as type *promlog.Config in argument to flag.AddFlags ./nrpe_exporter.go:128:23: cannot use allowedLevel (type promlog.AllowedLevel) as type *promlog.Config in argument to promlog.New $ cat go.mod module github.com/RobustPerception/nrpe_exporter go 1.13 require ( github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 github.com/aperum/nrpe v0.0.0-20170524093721-53d9ca02dfca github.com/go-kit/kit v0.9.0 github.com/go-logfmt/logfmt v0.4.0 github.com/go-stack/stack v1.8.0 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515 github.com/pkg/errors v0.8.1 github.com/prometheus/client_golang v1.2.1 *github.com/prometheus/common v0.7.0* gopkg.in/alecthomas/kingpin.v2 v2.2.6 ) You can see that go.mod has been updated to point to the newest version of prometheus/common - and that is why the build is failing (since the promlog API in prometheus/common has changed). I could update the code to make use of the newer dependencies. But really I'm confused: surely the point of go.mod / go.sum is to be able to refer to specific versions of libraries you depend on, so that you *don't* get caught out by this sort of problem? Obviously I'm missing something here, so I'd be very grateful if someone could enlighten me. What would I need to do to have "go build" use the dependencies listed in go.mod, rather than updating them? (I tried -mod=readonly, but then it just fails saying it needs to update them) Many thanks, Brian. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/5f27912d-2f31-45ad-b7fa-b74c8ad7f29a%40googlegroups.com.
