Bump dependencies, run go mod tidy, bump go version #8
Conversation
| go 1.16 | ||
| go 1.20 |
There was a problem hiding this comment.
Is this strictly necessary?
There was a problem hiding this comment.
To only track the dependencies we need, we need at least 1.17 but that's already EOL. Technically 1.20 also just turned EOL https://endoflife.date/go
Since github.com/peterbourgon/ff/v3 requires 1.20 anway, go will probably complain in some scenario that the go version is to low.
There was a problem hiding this comment.
Strictly speaking, versions in go.mod map to capabilities, not Go releases, so stuff like EOL doesn't really matter.
There was a problem hiding this comment.
Does this PR fix any specific problem?
There was a problem hiding this comment.
Strictly speaking, versions in go.mod map to capabilities, not Go releases, so stuff like EOL doesn't really matter.
Since they changed this up in 1.22, I am not sure anymore. It's a bit of a mess.
Does this PR fix any specific problem?
Yeah, when using 1.16 or below, the unused dependencies are not removed from go.sum and clutter up depending projects.
There was a problem hiding this comment.
Yeah, when using 1.16 or below, the unused dependencies are not removed from go.sum and clutter up depending projects.
go.sum isn't a lock file, it's more like an append-only checksum file. It's not used to calculate or define dependencies, it's only used to verify the integrity of downloaded dependencies. So not really anything that can get "cluttered" 😇
Absent specific e.g. CVEs or bug fixes in the DNS library, I'll pass on this. But thanks for the contribution!
to match https://github.com/peterbourgon/ff/blob/main/go.mod