circular package dependency between golang.org/x/mod and golang.org/x/tools

[Nathan Lacey]

I noticed that we have a circular dependency between golang.org/x/mod and golang.org/x/tools

 golang.org/x/mod  zip/zip_test.go includes golang.org/x/tools

I think we could get rid of the circular package dependency by changing that unit test to remove the dependency to tools/txtar .

[Jan Mercl]

But why? What's the motivation to remove the cycle?

[Rob Pike]

If it's only in the test, the circularity only arises when testing both packages in a single build. That doesn't happen so is not a problem at all, and in fact the stdlib is full of such circularities involving common packages like fmt.

-rob

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAA40n-URNGfDo34j4Ui-wvCiYjQysfMoJii%2B1m3CP_U85c0ezA%40mail.gmail.com.

[Nathan Lacey]

My main concern is if you do a go mod graph of applications that import  these packages, you see references to old libraries, libraries that have security vulnerabilities.