go.mod: remove github.com/kr/pretty

[AkihiroSuda]

A bogus dependency on github.com/kr/pretty was somehow added to go.mod by dependabot in PR #3759 (6fb8f99)

[crazy-max]

Hum I'm wonder why our vendor validation does not see that this indirect dep is not used. I guess that's because this dep is still used by a peer dependency and therefore still relevant as an indirect one.

[thaJeztah]

LGTM

[thaJeztah]

does the vendor validation also run "go mod tidy"? Wondering if it's something like that perhaps 🤔

[AkihiroSuda]

does the vendor validation also run "go mod tidy"? Wondering if it's something like that perhaps 🤔

Yes, but go mod tidy doesn’t clean up this bogus dependency 🤷‍♂️

buildkit/hack/dockerfiles/vendor.Dockerfile

Line 15 in 333ee91

go mod tidy

[thaJeztah]

Yes, but go mod tidy doesn’t clean up this bogus dependency 🤷‍♂️

OH! I think I understand now why;

Here's what (I think) happened

• The dependency isn't actually used in the code, which is why it normally wouldn't show
• HOWEVER, dependabot added the line, and set a version that's higher than the version that's resolved by go mod (the minimum required version, based on all dependencies is v0.2.1)
• Because that version is higher than what the dependencies specify, the line won't be removed (it effectively now is a replace / override to indicate: "use a newer version than what's needed"
• (The newer version probably also brings in the requirement for a newer version of github.com/rogpeppe/go-internal, although that seems to be a dependency for github.com/containerd/stargz-snapshotter, so not sure about that one)

❓ why did dependabot decide to update that dependency though?

See:

go mod graph | grep ' github.com/kr/pretty'
github.com/moby/buildkit github.com/kr/pretty@v0.3.0
github.com/grpc-ecosystem/grpc-gateway/v2@v2.11.3 github.com/kr/pretty@v0.1.0
github.com/tonistiigi/fsutil@v0.0.0-20230105215944-fb433841cbfa github.com/kr/pretty@v0.2.0
github.com/prometheus/client_golang@v1.7.1 github.com/kr/pretty@v0.1.0
k8s.io/cri-api@v0.20.1 github.com/kr/pretty@v0.2.0
gopkg.in/errgo.v2@v2.1.0 github.com/kr/pretty@v0.1.0
github.com/frankban/quicktest@v1.11.3 github.com/kr/pretty@v0.2.1
github.com/Microsoft/hcsshim@v0.8.10 github.com/kr/pretty@v0.1.0
github.com/googleapis/gnostic@v0.4.1 github.com/kr/pretty@v0.2.0
github.com/Microsoft/hcsshim@v0.8.9 github.com/kr/pretty@v0.1.0
github.com/Microsoft/hcsshim@v0.8.14 github.com/kr/pretty@v0.1.0
github.com/go-openapi/swag@v0.19.5 github.com/kr/pretty@v0.1.0
github.com/grpc-ecosystem/grpc-gateway@v1.9.5 github.com/kr/pretty@v0.1.0
github.com/docker/distribution@v0.0.0-20190905152932-14b96e55d84c github.com/kr/pretty@v0.1.0
k8s.io/cri-api@v0.17.3 github.com/kr/pretty@v0.1.0
github.com/google/go-containerregistry@v0.0.0-20191010200024-a3d713f9b7f8 github.com/kr/pretty@v0.1.0
github.com/apex/log@v1.3.0 github.com/kr/pretty@v0.2.0
github.com/bombsimon/wsl/v2@v2.2.0 github.com/kr/pretty@v0.2.0
github.com/maxbrunsfeld/counterfeiter/v6@v6.2.2 github.com/kr/pretty@v0.1.0
github.com/securego/gosec@v0.0.0-20200401082031-e946c8c39989 github.com/kr/pretty@v0.1.0
k8s.io/apimachinery@v0.17.4 github.com/kr/pretty@v0.1.0
github.com/goreleaser/nfpm@v1.2.1 github.com/kr/pretty@v0.1.0
github.com/grpc-ecosystem/grpc-gateway@v1.9.0 github.com/kr/pretty@v0.1.0
github.com/go-openapi/swag@v0.19.2 github.com/kr/pretty@v0.1.0
github.com/bombsimon/wsl/v2@v2.0.0 github.com/kr/pretty@v0.1.0
github.com/securego/gosec@v0.0.0-20200103095621-79fbf3af8d83 github.com/kr/pretty@v0.1.0
github.com/Azure/azure-storage-blob-go@v0.8.0 github.com/kr/pretty@v0.1.0
github.com/securego/gosec/v2@v2.3.0 github.com/kr/pretty@v0.1.0
github.com/grpc-ecosystem/grpc-gateway@v1.9.2 github.com/kr/pretty@v0.1.0
github.com/grpc-ecosystem/grpc-gateway@v1.8.5 github.com/kr/pretty@v0.1.0

And:

go mod graph | grep ' github.com/rogpeppe/go-internal'
github.com/containerd/stargz-snapshotter@v0.14.1 github.com/rogpeppe/go-internal@v1.9.0
github.com/kr/pretty@v0.3.0 github.com/rogpeppe/go-internal@v1.6.1
honnef.co/go/tools@v0.0.1-2020.1.3 github.com/rogpeppe/go-internal@v1.3.0
honnef.co/go/tools@v0.0.1-2020.1.5 github.com/rogpeppe/go-internal@v1.3.0
mvdan.cc/unparam@v0.0.0-20200501210554-b37ab49443f7 github.com/rogpeppe/go-internal@v1.5.2
honnef.co/go/tools@v0.0.1-2020.1.4 github.com/rogpeppe/go-internal@v1.3.0
honnef.co/go/tools@v0.0.1-2019.2.3 github.com/rogpeppe/go-internal@v1.3.0
mvdan.cc/unparam@v0.0.0-20190720180237-d51796306d8f github.com/rogpeppe/go-internal@v1.3.0

[AkihiroSuda]

rebased

[thaJeztah]

@crazy-max good to go?

[thaJeztah]

looks like this was already addressed in the v0.11 branch, so removing the cherry-pick label