cmd/go: suspicious use of modload.Selected in modload.checkRetractions #42601
Labels
FrozenDueToAge
modules
NeedsFix
The path to resolution is known, but the work has not been done.
okay-after-beta1
Used by release team to mark a release-blocker issue as okay to resolve either before or after beta1
release-blocker
Milestone
(Noticed while refactoring for #36460.)
modload.checkRetractions
is supposed to consult thego.mod
file from the latest (possibly self-retracted) version of the associated module. However, we're currently invokingQuery
withSelected(path)
.If the selected version is a
+incompatible
version higher than the compatible latest version, that query will return the highest+incompatible
version. Otherwise, its result depends on whether the latest compatible version includes ago.mod
file.Since retractions are themselves published in the
go.mod
file, we should instead prefer that compatible version if it exists — especially because thatgo.mod
file may explicitly retract the previously-published+incompatible
versions.(Marking as release-blocker for 1.16 because retractions are new as of this release.)
go/src/cmd/go/internal/modload/modfile.go
Lines 115 to 119 in f24ff38
The text was updated successfully, but these errors were encountered: