Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple versions of the same module #31578

Closed
shamwow opened this issue Apr 20, 2019 · 5 comments
Closed

Multiple versions of the same module #31578

shamwow opened this issue Apr 20, 2019 · 5 comments

Comments

@shamwow
Copy link

shamwow commented Apr 20, 2019
edited

Is there a good reason why go mod doesn't support having multiple versions of the same module (at least as an opt in feature)?

What I'm trying to achieve:

I depend on module a@v1.0.0 and b@v1.0.0 but module a@v1.0.0 depends on b@v1.1.0. I'd like to retain the above dependencies above rather than flattening them and bumping module b to v1.1.0 for my application code.

b@v1.1.0 should be backwards compatible with b@v1.0.0 but this depends on module developers following semantic versioning. It would be much less error prone if each module was able to use its own set of dependencies.

If go mod would write a /vendor directory for each module, it seems like the above would be possible. Common dependencies along a chain could be pruned and included in the top most /vendor directory to help reduce binary blot.

Examples (-> indicates a dependency, M is the root project):

If the dependencies were:
M -> a@v1.0.0
M -> b@v1.0.1
a@v1.0.0 -> b@v1.0.0

The topmost vendor dir would look like:
vendor/a@v1.0.0
vendor/a@v1.0.0/vendor
vendor/a@v1.0.0/vendor/b@v1.1.0
vendor/b@v1.0.0

If the dependencies were:
M -> a@v1.0.0
M -> b@v1.0.0
a@v1.0.0 -> b@v1.0.0

The topmost vendor dir would look like:
vendor/a@v1.0.0
vendor/b@v1.0.0

If the dependencies were:
M -> a@v1.0.0
M -> c@v1.0.1
a@v1.0.0 -> b@v1.0.0
a@v1.0.0 -> c@v1.0.0
b@v1.0.0 -> c@v1.0.1

The topmost vendor dir would look like:
vendor/a@v1.0.0
vendor/c@v1.0.1
vendor/a@v1.0.0/vendor/b@v1.0.0
vendor/a@v1.0.0/vendor/c@v1.0.0
vendor/a@v1.0.0/vendor/b@v1.0.0/vendor/c@v1.0.1

Note that as described, a type defined in vendor/a@v1.0.0/vendor/b@v1.0.0/vendor/c@v1.0.1 would not be compatible with the same type in vendor/c@v1.0.1 even though they are from the same version of the same package.
@davecheney
Copy link
Contributor

This sounds like a recipe for making binaries even larger than they are today.

Also, what happen is if you have two minor versions of the same dependency that try to register themselves as http handlers, db drivers, or try to redirect stdout to themselves?

@mvdan
Copy link
Member

mvdan commented Apr 20, 2019

What @davecheney said. Also, the packages somemodule/pkg@v1.0.0 and somemodule/pkg@v1.1.0 have the same import path, somemodule/pkg, so it's impossible for the Go build system to differentiate them. The only way is to use different major versions, so that the second is somemodule/v2/pkg.

So, if you want to use multiple versions of one module at once, the answer is to use different major versions. Otherwise, simply using the latest version within one major version should work, as per semantic versioning. If a module out there pushed v1.1.0 with backwards incompatible changes, file a bug or fork the repository as needed.

@shamwow
Copy link
Author

shamwow commented Apr 21, 2019

@mvdan I'm not trying to use two minor versions in the same package but rather allow individual modules to specify their own minor version.

@davecheney's point about dependencies that try to register themselves as http handlers or db drivers is a good argument against this though.

@shamwow shamwow closed this as completed Apr 21, 2019
@emman27
Copy link

emman27 commented May 22, 2019

Hi @davecheney @mvdan, I'm curious as to your thoughts regarding dependencies that are pre-v1. I've encountered the exact same problem with a pre-v1 package which made incompatible changes (which by semver specification, is perfectly okay).

So
root -> modA -> github.com/apache/thrift@v0.0.0-20161221203622-b2a4d4ae21c7
root -> modB -> github.com/apache/thrift@v0.12.0

Seems like a valid dependency chain based on semver, but there's no way for me to resolve this?

@davecheney
Copy link
Contributor

@emman27 this issue is closed. Please move the discussion to another forum, https://github.com/golang/go/wiki#the-go-community

@golang golang locked as resolved and limited conversation to collaborators May 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davecheney @mvdan @shamwow @emman27