-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove old golang dependencies #2795
Comments
This is very nice!! |
Shameless plug: as an alternative to |
@mitar what about just the I'm hesitant to push this project to replace an archived dependency for one that's uncommonly used (judging by project stars) |
@nitrocode I completely understand. But it is a bit of chicken & egg problem. :-) I think the questions for you is if you need/want stack traces or not. If you do, then this package provides almost the same API as the standard |
Community Note
Describe the user story
There are a lot of dependencies that may not be needed. Some dependencies are years old and could be vulnerable. The fewer dependencies, the less risk.
Describe the solution you'd like
It would be good to audit our dependencies and find ones that could be easily replaced or removed. We should use non forks if possible unless there is a good reason to use a fork.
It would also be good to scrutinize new PRs with additional dependencies to ensure we do not unnecessarily increase our exposure. For example, we should never use a dependency that is a fork or archived, possibly abandoned, not widely used, has old dependencies, or open security issues.
List of current dependencies https://github.com/runatlantis/atlantis/network/dependencies
Some old dependencies from a cursory look
Analyzing these will simplify dependent management via renovatebots dashboard #2818
Direct
archived
errors
archived no longer
old
jul 2021 - https://github.com/spf13/pflagFor testing
These do not get compiled with Atlantis
go-spew
withkr/pretty
#3108moby
withpatternmatcher
#3106Indirect
These come from other dependencies and need to be analyzed to find the direct source
https://stackoverflow.com/a/68927825/2965993
Some tools that may be useful
Here are all the go.mod code references sorted in ascending order
Describe the drawbacks of your solution
Potential breakage of the app unless proper unit and integration test coverage is there.
Describe alternatives you've considered
None
The text was updated successfully, but these errors were encountered: