go.mod: sort and move self managed indirect dependencies to first block

[zchee]

As @thaJeztah suggested on #2331 (comment), Sort and moved self-managed indirect dependencies and pinned (replace ) to the new block.

[zchee]

If there are more self-managed packages, post comments, please. I'll move the suggested package to the new require block.

[thaJeztah]

If there are more self-managed packages, post comments, please. I'll move the suggested package to the new require block.

I tried to discover which of these are "manual" overrides. What I did to discover that;

1. checkout current "master" branch
2. remove all packages from the second require except for github.com/golang/snappy (as we know that one was manual) to keep "two" blocks
3. ran make vendor to have go modules itself add the other indirects

After the above, the diff should show those dependencies for which the version in go.mod didn't match the version that was automatically found by go modules, so I ran:

git diff -- go.mod

Which gave me:

diff --git a/go.mod b/go.mod
index 5e1f3cd2..39d81b13 100644
--- a/go.mod
+++ b/go.mod
@@ -24,6 +24,7 @@ require (
 	github.com/gofrs/flock v0.7.3
 	github.com/gogo/googleapis v1.4.0
 	github.com/gogo/protobuf v1.3.2
+	github.com/golang/protobuf v1.5.2
 	github.com/google/go-cmp v0.5.6
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/grpc-ecosystem/go-grpc-middleware v1.2.0
@@ -71,7 +72,7 @@ require (
 )
 
 require (
-	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bits-and-blooms/bitset v1.2.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.1 // indirect
@@ -89,7 +90,6 @@ require (
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/felixge/httpsnoop v1.0.2 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
-	github.com/golang/protobuf v1.5.2
 	// snappy: updated for go1.17 support
 	github.com/golang/snappy v0.0.4-0.20210608040537-544b4180ac70 // indirect
 	github.com/google/uuid v1.2.0 // indirect
@@ -97,12 +97,12 @@ require (
 	github.com/hanwen/go-fuse/v2 v2.1.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/ishidawataru/sctp v0.0.0-20210226210310-f2269e66cdee // indirect
+	github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect
 	github.com/klauspost/compress v1.12.3 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/moby/sys/mount v0.2.0 // indirect
+	github.com/moby/sys/mount v0.1.1 // indirect
 	github.com/moby/sys/mountinfo v0.4.1 // indirect
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
+	github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_golang v1.11.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect

So those are the ones that were set manually, and the ones we should keep separate from the auto-generated ones.

[thaJeztah]

(Looks like github.com/golang/protobuf also accidentally landed in the wrong block)

[thaJeztah]

I think it's ok to keep these together with the first group (but open to suggestions from others)

[thaJeztah]

Note that go.mod allows additional comments to be put after // indirect by adding a semi-colon (;) followed by the comment.

Perhaps we should use that notation so that the comment explaining why we have the override is there, e.g.;

Suggested change

	// snappy: updated for go1.17 support
	github.com/golang/snappy v0.0.4-0.20210608040537-544b4180ac70 // indirect
	github.com/golang/snappy v0.0.4-0.20210608040537-544b4180ac70 // indirect; snappy: updated for go1.17 support

[tonistiigi]

Looks like we might be able to revert the snappy change golang/snappy#61 (comment) but can be separate from here and I haven't verified myself. Seems like the breakage may have only been in rc releases.

[zchee]

@thaJeztah @tonistiigi Fixed. I'll describe more details later.

[thaJeztah]

LGTM

removing my LGTM (see above)

[zchee]

@thaJeztah @tonistiigi done, PTAL.

[thaJeztah]

Looks like this one was downgraded in the last iteration (or did I miss that in the previous iteration as well?) can you keep it at the same version as what it was? (in that case, it may have to go into the first block)

[thaJeztah]

noticed that one module was downgraded; can you also squash the commits?

[zchee]

@thaJeztah done. PTAL.

[thaJeztah]

@zchee hm... could it be you forgot to make a change? Looks like github.com/ishidawataru/sctp is still at the wrong commit (and commits not squashed)

Let me know if you need help making the changes

[zchee]

@thaJeztah ah, you means squash all commit messages? I see, will do.
Also, fix your pointed out.

[thaJeztah]

ah, you means squash all commit messages? I see, will do.

Yes, if it's only moving the modules to a different block, I think it makes sense to have the changes in a single commit

[zchee]

@thaJeztah Sorry for taking your time. PTAL.

[thaJeztah]

Sorry for taking your time. PTAL.

No worries, thanks for contributing!

LGTM

[thaJeztah]

@tonistiigi @crazy-max PTAL

[crazy-max]

LGTM

[zchee]

JFYI: Go core also split two blocks
golang/go@3c764ba