Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop outdated/abandoned dependencies #1589

Closed
remycx opened this issue Apr 16, 2024 · 5 comments
Closed

Drop outdated/abandoned dependencies #1589

remycx opened this issue Apr 16, 2024 · 5 comments
Labels
dependencies Pull requests that update a dependency file help wanted

Comments

@remycx
Copy link

remycx commented Apr 16, 2024

Description

https://github.com/pmezard/go-difflib : as quoted, "THIS PACKAGE IS NO LONGER MAINTAINED." ; code hasn't evolved in 9 years.
https://github.com/davecgh/go-spew : hasn't been touched in 6 years.

Removing old & dangerous code would lead to a cleaner codebase.

Proposed solution

Use case

Reduce the dependency on outdated & abandoned repositories, to improve the safety of the library, and the potential supply chain attacks.
@dolmen
Copy link
Collaborator

dolmen commented Apr 23, 2024
edited
Loading

Easy to say. But what concrete solution do you suggest? Did you have a look at existing issues?

@dolmen
Copy link
Collaborator

dolmen commented Apr 23, 2024

@remycx Note also that I have proposed #1579 to unlink Testify from gopkg.in/yaml.v3 (which is as unmaintained as the 2 other dependencies mentioned here, and is, in my opinion, a much higher security risk, not for Testify but for the Go ecosystem in general). Your opinion and review of that PR would be welcome.

@dolmen dolmen added dependencies Pull requests that update a dependency file and removed enhancement labels Apr 23, 2024
@dolmen
Copy link
Collaborator

dolmen commented May 16, 2024

@remycx Dropping abandonned issue.

@dolmen dolmen closed this as not planned Won't fix, can't repro, duplicate, stale May 16, 2024
@pohly
Copy link

pohly commented Sep 27, 2024

Is https://github.com/google/go-cmp perhaps a viable replacement for https://github.com/pmezard/go-difflib?

@pohly
Copy link

pohly commented Sep 27, 2024

go-cmp might be overkill. A simple diff implementation for two sequences of a comparable type like strings in

testify/assert/assertions.go

Lines 1883 to 1891 in b074924

diff, _ := difflib.GetUnifiedDiffString(difflib.UnifiedDiff{
A: difflib.SplitLines(e),
B: difflib.SplitLines(a),
FromFile: "Expected",
FromDate: "",
ToFile: "Actual",
ToDate: "",
Context: 1,
})
isn't hard to write - I'll have a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pohly @dolmen @remycx