Remove github.com/stretchr/testify dependency #112
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Given this Go module underpins many others, it should try to minimize dependencies. This removes the testify dependency by converting the unit testing logic to local testing helpers.
bflad
force-pushed
the
bflad-remove-testify-dependency
branch
from
fd0a796
to
1e251ac
Compare
|
Rebased on top of #113 |
bflad
added a commit
that referenced
this pull request
Jun 6, 2022
Reference: GHSA-hp87-p4gw-j4gq Reference: #112 Updates the github.com/stretchr/testify dependency, which in turn updates the gopkg.in/yaml.v3 dependency. Updated via: ```shell go get github.com/stretchr/testify@v1.7.2 go mod tidy ```
|
This was fixed in #114 instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Given this Go module underpins many others, it should likely try to minimize dependencies where possible. This removes the testify dependency by converting the unit testing logic to local testing helpers. Happy to adjust this change or take another approach.
Additional Context
Ultimately this is reference to GHSA-hp87-p4gw-j4gq, where
gopkg.in/yaml.v3recently had a CVE filed against it. That Go module is a dependency of this one via testify, according togo mod why -m gopkg.in/yaml.v3:Indirectly referencing a YAML handling module seems less than ideal for a logging system, especially if it is only for some testing helpers.
References