The root cause of the problem is cpuguy83/go-md2man#28
The owner of blackfriday kindly left the master branch of the repo on the v1 API so it wouldn't break go get. However, dep tries to do the actual right thing and defaults by grabbing the latest tagged release (v2.0) instead of whatever is on the master branch unless there is a constraint somewhere that tells it not to. Since go-md2man doesn't support the 2.0 api yet, this causes breakage. I'm able to add a constraint in my own project to fix it, but obviously, we don't want every app to have to add this constraint. Ideally, the root issue above should be the place to fix this, but a constraint could be added here until the issue is resolved upstream.
Ran into the same problem. Have you tried the latest version of dep? They merged proper govend support in https://github.com/golang/dep/pull/1040. In theory https://github.com/cpuguy83/go-md2man/blob/master/vendor.yml should pick the right revision of blackfriday.
oh wow. That was merged in earlier the same day. What timing. Fortunately, upstream is open to fixing this problem at its source, so I'll just withdraw this once cpuguy83/go-md2man#29 gets merged.
Cool. Maybe it is also worth starting a discussion on whether cobra should start caring about proper dependency management.
Agreed. Now is a pretty good time to jump on the dep bandwagon. The manifest and lock files have been declared officially stable, so there's no real reason not to. The only complication I can forsee for cobra is there is currently no great way to ensure that the user's cobra cli was built using the same version of cobra that their application is importing ( golang/dep#221 ). That said, you didn't have any way of ensuring that pre-dep either, so I wouldn't expect it to be a blocker for dep adoption.
Closing this particular issue now that blackfriday isn't a problem anymore.
I've been having this problem with rclone and go mod.
This is the solution just in case anyone else has the same problem
go get -u github.com/russross/[email protected]
Most helpful comment
Cool. Maybe it is also worth starting a discussion on whether cobra should start caring about proper dependency management.