Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go-difflib library v1.0.0 reached End Of Life #1877

Open
3 tasks done
vlbarou opened this issue Jul 1, 2024 · 2 comments
Open
3 tasks done

go-difflib library v1.0.0 reached End Of Life #1877

vlbarou opened this issue Jul 1, 2024 · 2 comments
Labels
kind/bug Something isn't working

Comments

@vlbarou
Copy link

vlbarou commented Jul 1, 2024

Preflight Checklist

  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.
  • I have checked the troubleshooting guide for my problem, without success.

Viper Version

1.19.0

Go Version

1.22.4

Config Source

Defaults

Format

No response

Repl.it link

No response

Code reproducing the issue

No response

Expected Behavior

Latest version depends on EOL library go.mod: github.com/pmezard/go-difflib v1.0.0, which raises security concerns

Actual Behavior

An easy way to check, is to download the master branch and do a grep -r go-difflib. The output is the following:

go.mod:	github.com/pmezard/go-difflib v1.0.0 // indirect
go.sum:github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
go.sum:github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
remote/go.sum:github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
remote/go.sum:github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
remote/go.sum:github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

Steps To Reproduce

No response

Additional Information

No response
@vlbarou vlbarou added the kind/bug Something isn't working label Jul 1, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 1, 2024

👋 Thanks for reporting!

A maintainer will take a look at your issue shortly. 👀

In the meantime: We are working on Viper v2 and we would love to hear your thoughts about what you like or don't like about Viper, so we can improve or fix those issues.

⏰ If you have a couple minutes, please take some time and share your thoughts: https://forms.gle/R6faU74qPRPAzchZ9

📣 If you've already given us your feedback, you can still help by spreading the news,
either by sharing the above link or telling people about this on Twitter:

https://twitter.com/sagikazarmark/status/1306904078967074816

Thank you! ❤️

@sagikazarmark
Copy link
Collaborator

I can see you've opened an issue in testify that actually depends on this module: stretchr/testify#1618

There isn't much we can do here. It's not going to be compiled into the final binary, because we don't use it anywhere, but in tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sagikazarmark @vlbarou