Prevent a package from being updated using go modules

136 views
Skip to first unread message

Pantelis Sampaziotis

unread,
Jul 15, 2019, 2:14:22 PM7/15/19
to golang-nuts
Hi,

I would like to ask if there is a functionality similar to apt-mark hold (which prevents package from being automatically installed, upgraded or removed) in go modules.

The case I have is that after updating a package from 1.2.2 to 1.3.0, a bug was introduced which can break the app in some cases edge cases (when parsing specific json responses) on runtime.

I want to lock down the version to 1.2.2 and make sure that this package is not updated when someone runs go get -u until the bug is fixed.

It seems the replace directive https://github.com/golang/go/wiki/Modules#when-should-i-use-the-replace-directive provides similar functionality:

replace github.com/vendor/package => github.com/vendor/package v1.2.2

Is this the correct way? Is there any other solution?

thank you


Bryan Mills

unread,
Jul 16, 2019, 11:56:30 AM7/16/19
to golang-nuts
This sort of use-case is pretty much exactly what the exclude directive is for.

In your go.mod file, add a directive like:


In the meantime, send a PR or file an issue with github.com/vendor/package to fix the bug.

Once it's fixed, you can run go get github.com/vendor/package@$COMMIT at whatever commit fixed the bug in order to upgrade past it; then you can remove the exclude directive.

Pantelis Sampaziotis

unread,
Jul 21, 2019, 4:38:18 PM7/21/19
to golang-nuts
Thank you Bryan.
Reply all
Reply to author
Forward
0 new messages