EOL for pmezard/go-difflib dependency #618
Labels
Comments
|
Expr uses testify (tests only), and testify uses go-difflib. Upstream issue: stretchr/testify#1327 Will see what I can do about it. |
antonmedv
changed the title
|
Upstream issue is stale. Will vendor testify. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[Problem Description]
We are consuming
github.com/expr-lang/expr v1.15.7, which is latest as of date. This package is scanned for security vulnerabilities and EOLs by blackduck scanner at our source.The blackduck scanner has identified a Project EOL component,
pmezard-go-difflib20190219-snapshot-5d4384ee, which is a transitive dependency ofgithub.aaakk.us.kg/expr-lang/expr v1.15.7. This project is not maintained and thus EOLed much earlier.[Request]
We wish to consume all the dependencies which are non-EOLed, to maintain good coding practices. Can this EOLed component be updated by expr contributors or replaced with some alternative with similar functionality, to reduce the EOL risk?
Let me know if any more information is needed for this issue.
The text was updated successfully, but these errors were encountered: