You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@remycx Note also that I have proposed #1579 to unlink Testify from gopkg.in/yaml.v3 (which is as unmaintained as the 2 other dependencies mentioned here, and is, in my opinion, a much higher security risk, not for Testify but for the Go ecosystem in general). Your opinion and review of that PR would be welcome.
Description
https://github.com/pmezard/go-difflib : as quoted, "THIS PACKAGE IS NO LONGER MAINTAINED." ; code hasn't evolved in 9 years.
https://github.com/davecgh/go-spew : hasn't been touched in 6 years.
Removing old & dangerous code would lead to a cleaner codebase.
Proposed solution
Use case
Reduce the dependency on outdated & abandoned repositories, to improve the safety of the library, and the potential supply chain attacks.
The text was updated successfully, but these errors were encountered: