go.mod: remove github.com/kr/pretty#3780
Conversation
|
Hum I'm wonder why our vendor validation does not see that this indirect dep is not used. I guess that's because this dep is still used by a peer dependency and therefore still relevant as an indirect one. |
|
does the vendor validation also run "go mod tidy"? Wondering if it's something like that perhaps 🤔 |
Yes, but |
OH! I think I understand now why; Here's what (I think) happened
❓ why did dependabot decide to update that dependency though? See: go mod graph | grep ' github.com/kr/pretty'
github.com/moby/buildkit github.com/kr/[email protected]
github.com/grpc-ecosystem/grpc-gateway/[email protected] github.com/kr/[email protected]
github.com/tonistiigi/[email protected] github.com/kr/[email protected]
github.com/prometheus/[email protected] github.com/kr/[email protected]
k8s.io/[email protected] github.com/kr/[email protected]
gopkg.in/[email protected] github.com/kr/[email protected]
github.com/frankban/[email protected] github.com/kr/[email protected]
github.com/Microsoft/[email protected] github.com/kr/[email protected]
github.com/googleapis/[email protected] github.com/kr/[email protected]
github.com/Microsoft/[email protected] github.com/kr/[email protected]
github.com/Microsoft/[email protected] github.com/kr/[email protected]
github.com/go-openapi/[email protected] github.com/kr/[email protected]
github.com/grpc-ecosystem/[email protected] github.com/kr/[email protected]
github.com/docker/[email protected] github.com/kr/[email protected]
k8s.io/[email protected] github.com/kr/[email protected]
github.com/google/[email protected] github.com/kr/[email protected]
github.com/apex/[email protected] github.com/kr/[email protected]
github.com/bombsimon/wsl/[email protected] github.com/kr/[email protected]
github.com/maxbrunsfeld/counterfeiter/[email protected] github.com/kr/[email protected]
github.com/securego/[email protected] github.com/kr/[email protected]
k8s.io/[email protected] github.com/kr/[email protected]
github.com/goreleaser/[email protected] github.com/kr/[email protected]
github.com/grpc-ecosystem/[email protected] github.com/kr/[email protected]
github.com/go-openapi/[email protected] github.com/kr/[email protected]
github.com/bombsimon/wsl/[email protected] github.com/kr/[email protected]
github.com/securego/[email protected] github.com/kr/[email protected]
github.com/Azure/[email protected] github.com/kr/[email protected]
github.com/securego/gosec/[email protected] github.com/kr/[email protected]
github.com/grpc-ecosystem/[email protected] github.com/kr/[email protected]
github.com/grpc-ecosystem/[email protected] github.com/kr/[email protected]And: go mod graph | grep ' github.com/rogpeppe/go-internal'
github.com/containerd/[email protected] github.com/rogpeppe/[email protected]
github.com/kr/[email protected] github.com/rogpeppe/[email protected]
honnef.co/go/[email protected] github.com/rogpeppe/[email protected]
honnef.co/go/[email protected] github.com/rogpeppe/[email protected]
mvdan.cc/[email protected] github.com/rogpeppe/[email protected]
honnef.co/go/[email protected] github.com/rogpeppe/[email protected]
honnef.co/go/[email protected] github.com/rogpeppe/[email protected]
mvdan.cc/[email protected] github.com/rogpeppe/[email protected] |
A bogus dependency on github.com/kr/pretty was somehow added to go.mod by dependabot in PR 3759 (6fb8f99) Signed-off-by: Akihiro Suda <[email protected]>
|
rebased |
|
@crazy-max good to go? |
|
looks like this was already addressed in the v0.11 branch, so removing the cherry-pick label |

A bogus dependency on github.com/kr/pretty was somehow added to go.mod by dependabot in PR #3759 (6fb8f99)