Not planned
Description
Go version
1.24rc1
Output of go env
in your module/workspace:
AR='ar'
CC='clang'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='clang++'
GCCGO='gccgo'
GO111MODULE=''
GOARCH='arm64'
GOARM64='v8.0'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/Users/will/Library/Caches/go-build'
GODEBUG=''
GOENV='/Users/will/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/bx/qk0phsxd265fqj512dnnpg080000gp/T/go-build3319980599=/tmp/go-build -gno-record-gcc-switches -fno-common'
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMOD='/Users/will/Developer/t/go.mod'
GOMODCACHE='/Users/will/Library/Application Support/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/will/Library/Application Support/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/Users/will/Library/Application Support/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24rc1.darwin-arm64'
GOSUMDB='sum.golang.org'
GOTELEMETRY='off'
GOTELEMETRYDIR='/Users/will/Library/Application Support/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/Users/will/Library/Application Support/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24rc1.darwin-arm64/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.24rc1'
GOWORK=''
PKG_CONFIG='pkg-config'
What did you do?
I had:
-- t.go --
package main
import (
"fmt"
)
func main() {
fmt.Println("t")
}
-- go.mod --
module t
go 1.24rc1
tool golang.org/x/tools/cmd/stringer
require (
golang.org/x/mod v0.22.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/tools v0.26.0 // indirect
)
golang.org/x/tools@v0.26.0 had never been downloaded on my computer.
$ go get tool
What did you see happen?
It upgraded golang.org/x/tools from v0.26.0 to v0.29.0:
$ go get tool
go: upgraded golang.org/x/tools v0.26.0 => v0.29.0
This is inconsistent with go get:
usage: go get [-t] [-u] [-tool] [build flags] [packages]
Get resolves its command-line arguments to packages at specific module versions,
updates go.mod to require those versions, and downloads source code into the
module cache.
go get -u is meant to upgrade dependencies:
The -u flag instructs get to update modules providing dependencies
of packages named on the command line to use newer minor or patch
releases when available.
What did you expect to see?
It download the version specified in go.mod, and nothing else:
$ go get tool
go: downloading golang.org/x/tools v0.26.0
$
Then, if I want to upgrade the tool:
$ go get -u golang.org/x/tools # or go get -u tool
go: downloading golang.org/x/tools v0.29.0
go: upgraded golang.org/x/tools v0.26.0 => v0.29.0
$
This auto-upgrade behavior is going to be a footgun.
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Activity
gabyhelp commentedon Jan 16, 2025
Related Issues
Related Code Changes
Related Documentation
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
seankhliao commentedon Jan 16, 2025
see:
tool is a meta package, and go get works consistently in upgrading it to latest.