From 999ba0c4190550e5c1454f25a55d5b1a9c10ff4b Mon Sep 17 00:00:00 2001
From: Adhityaa Chandrasekar <adtac@adtac.in>
Date: Sun, 12 Aug 2018 23:36:51 +0530
Subject: [PATCH] dep: add dependency version pinning with dep

Closes https://gitlab.com/commento/commento-ce/issues/69
---
 .gitignore           |   6 ++
 Gopkg.lock           | 158 +++++++++++++++++++++++++++++++++++++++++++
 Gopkg.toml           |  45 ++++++++++++
 api/markdown.go      |   2 +-
 api/markdown_html.go |   2 +-
 5 files changed, 211 insertions(+), 2 deletions(-)
 create mode 100644 Gopkg.lock
 create mode 100644 Gopkg.toml

diff --git a/.gitignore b/.gitignore
index d5bedd7..f65b3ee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,9 @@ devel.env
 # Ignoring for IDE-specific files
 .idea/*
 .dir-locals.el
+
+# We don't *need* the vendor directory because Gopkg.lock has all the
+# information you might need about version pinning. The vendor directory
+# needlessly bloats the repo size. Discuss here:
+#   https://gitlab.com/commento/commento-ce/issues/74
+vendor
diff --git a/Gopkg.lock b/Gopkg.lock
new file mode 100644
index 0000000..44ffd03
--- /dev/null
+++ b/Gopkg.lock
@@ -0,0 +1,158 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  digest = "1:5c3894b2aa4d6bead0ceeea6831b305d62879c871780e7b76296ded1b004bc57"
+  name = "cloud.google.com/go"
+  packages = ["compute/metadata"]
+  pruneopts = "UT"
+  revision = "64a2037ec6be8a4b0c1d1f706ed35b428b989239"
+  version = "v0.26.0"
+
+[[projects]]
+  digest = "1:15042ad3498153684d09f393bbaec6b216c8eec6d61f63dff711de7d64ed8861"
+  name = "github.com/golang/protobuf"
+  packages = ["proto"]
+  pruneopts = "UT"
+  revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
+  version = "v1.1.0"
+
+[[projects]]
+  digest = "1:c79fb010be38a59d657c48c6ba1d003a8aa651fa56b579d959d74573b7dff8e1"
+  name = "github.com/gorilla/context"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "08b5f424b9271eedf6f9f0ce86cb9396ed337a42"
+  version = "v1.1.1"
+
+[[projects]]
+  digest = "1:664d37ea261f0fc73dd17f4a1f5f46d01fbb0b0d75f6375af064824424109b7d"
+  name = "github.com/gorilla/handlers"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "7e0847f9db758cdebd26c149d0ae9d5d0b9c98ce"
+  version = "v1.4.0"
+
+[[projects]]
+  digest = "1:e73f5b0152105f18bc131fba127d9949305c8693f8a762588a82a48f61756f5f"
+  name = "github.com/gorilla/mux"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "e3702bed27f0d39777b0b37b664b6280e8ef8fbf"
+  version = "v1.6.2"
+
+[[projects]]
+  digest = "1:37ce7d7d80531b227023331002c0d42b4b4b291a96798c82a049d03a54ba79e4"
+  name = "github.com/lib/pq"
+  packages = [
+    ".",
+    "oid",
+  ]
+  pruneopts = "UT"
+  revision = "90697d60dd844d5ef6ff15135d0203f65d2f53b8"
+
+[[projects]]
+  digest = "1:9fb8ccf24ca918be80e6129761cf232de0c142537f8d9eeb7a3a779a7f38fdd4"
+  name = "github.com/lunny/html2md"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "13aaeeae9fb293668db3ef1e145064684735f3ce"
+
+[[projects]]
+  digest = "1:a1f5a38c6c82d8f1e8a7b9fb9ea8b125b17188cdfb38f2cd08055ff9b51f5ec4"
+  name = "github.com/microcosm-cc/bluemonday"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "dafebb5b6ff2861a0d69af64991e10866c19be85"
+  version = "v1.0.0"
+
+[[projects]]
+  digest = "1:5b3b29ce0e569f62935d9541dff2e16cc09df981ebde48e82259076a73a3d0c7"
+  name = "github.com/op/go-logging"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "b2cb9fa56473e98db8caba80237377e83fe44db5"
+  version = "v1"
+
+[[projects]]
+  digest = "1:8bc629776d035c003c7814d4369521afe67fdb8efc4b5f66540d29343b98cf23"
+  name = "github.com/russross/blackfriday"
+  packages = ["."]
+  pruneopts = "UT"
+  revision = "55d61fa8aa702f59229e6cff85793c22e580eaf5"
+  version = "v1.5.1"
+
+[[projects]]
+  branch = "master"
+  digest = "1:1ecf2a49df33be51e757d0033d5d51d5f784f35f68e5a38f797b2d3f03357d71"
+  name = "golang.org/x/crypto"
+  packages = [
+    "bcrypt",
+    "blowfish",
+  ]
+  pruneopts = "UT"
+  revision = "de0752318171da717af4ce24d0a2e8626afaeb11"
+
+[[projects]]
+  branch = "master"
+  digest = "1:aa58645c149c9c3b62dc7ff51460602a88fc7b887633f2546fcdde27c91e6f03"
+  name = "golang.org/x/net"
+  packages = [
+    "context",
+    "context/ctxhttp",
+    "html",
+    "html/atom",
+  ]
+  pruneopts = "UT"
+  revision = "c39426892332e1bb5ec0a434a079bf82f5d30c54"
+
+[[projects]]
+  branch = "master"
+  digest = "1:bea0314c10bd362ab623af4880d853b5bad3b63d0ab9945c47e461b8d04203ed"
+  name = "golang.org/x/oauth2"
+  packages = [
+    ".",
+    "google",
+    "internal",
+    "jws",
+    "jwt",
+  ]
+  pruneopts = "UT"
+  revision = "3d292e4d0cdc3a0113e6d207bb137145ef1de42f"
+
+[[projects]]
+  digest = "1:c8907869850adaa8bd7631887948d0684f3787d0912f1c01ab72581a6c34432e"
+  name = "google.golang.org/appengine"
+  packages = [
+    ".",
+    "internal",
+    "internal/app_identity",
+    "internal/base",
+    "internal/datastore",
+    "internal/log",
+    "internal/modules",
+    "internal/remote_api",
+    "internal/urlfetch",
+    "urlfetch",
+  ]
+  pruneopts = "UT"
+  revision = "b1f26356af11148e710935ed1ac8a7f5702c7612"
+  version = "v1.1.0"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  input-imports = [
+    "github.com/gorilla/handlers",
+    "github.com/gorilla/mux",
+    "github.com/lib/pq",
+    "github.com/lunny/html2md",
+    "github.com/microcosm-cc/bluemonday",
+    "github.com/op/go-logging",
+    "github.com/russross/blackfriday",
+    "golang.org/x/crypto/bcrypt",
+    "golang.org/x/oauth2",
+    "golang.org/x/oauth2/google",
+  ]
+  solver-name = "gps-cdcl"
+  solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
new file mode 100644
index 0000000..1d6dcac
--- /dev/null
+++ b/Gopkg.toml
@@ -0,0 +1,45 @@
+[[constraint]]
+  name = "github.com/gorilla/handlers"
+  version = "1.4.0"
+
+[[constraint]]
+  name = "github.com/gorilla/mux"
+  version = "1.6.2"
+
+[[constraint]]
+  # unfortunately, lib/pq doesn't have semver-ed releases yet
+  # TODO: don't use revisions, use a proper version once this is solved:
+  #   https://github.com/lib/pq/issues/637
+  name = "github.com/lib/pq"
+  revision = "90697d60dd844d5ef6ff15135d0203f65d2f53b8"
+
+[[constraint]]
+  # html2md doesn't have semver-ed releases yet either
+  # TODO: use a version once this is solved:
+  #   https://github.com/lunny/html2md/issues/8
+  name = "github.com/lunny/html2md"
+  revision = "13aaeeae9fb293668db3ef1e145064684735f3ce"
+
+[[constraint]]
+  name = "github.com/microcosm-cc/bluemonday"
+  version = "1.0.0"
+
+[[constraint]]
+  name = "github.com/op/go-logging"
+  version = "1.0.0"
+
+[[constraint]]
+  name = "golang.org/x/crypto"
+  branch = "master"
+
+[[constraint]]
+  name = "golang.org/x/oauth2"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/russross/blackfriday"
+  version = "1.5.1"
+
+[prune]
+  go-tests = true
+  unused-packages = true
diff --git a/api/markdown.go b/api/markdown.go
index 9f3db05..20fc970 100644
--- a/api/markdown.go
+++ b/api/markdown.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"github.com/microcosm-cc/bluemonday"
-	"gopkg.in/russross/blackfriday.v1"
+	"github.com/russross/blackfriday"
 )
 
 var policy *bluemonday.Policy
diff --git a/api/markdown_html.go b/api/markdown_html.go
index e799d18..22c49db 100644
--- a/api/markdown_html.go
+++ b/api/markdown_html.go
@@ -1,7 +1,7 @@
 package main
 
 import (
-	"gopkg.in/russross/blackfriday.v1"
+	"github.com/russross/blackfriday"
 )
 
 func markdownToHtml(markdown string) string {