Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace issue.go dependency on archived project github.com/fatih/structs #413

Open
allisonsierra opened this issue Oct 26, 2021 · 5 comments
Open

Replace issue.go dependency on archived project github.com/fatih/structs #413

allisonsierra opened this issue Oct 26, 2021 · 5 comments
Labels
needs triage Ticket that needs triage (a proper look for classification)

Comments

@allisonsierra
Copy link

Is your feature request related to a problem? Please describe.

issue.go currently imports the github.com/fatih/structs module which is an archived project no longer receiving maintenance updates. The last update to the project was over 3 years ago. This is causing dependency scanning software I am using (Sonatype IQ) to flag go-jira as a potential security risk.

Describe the solution you'd like

Replace the dependency on github.com/fatih/structs using the standard library. I only see this dependency being used once here.

Describe alternatives you've considered

Find an active project to use in place of github.com/fatih/structs that provides the same functionality

Additional context
@github-actions
Copy link

Hi! Thank you for taking the time to create your first issue! Really cool to see you here for the first time. Please give us a bit of time to review it.

@benjivesterby
Copy link
Contributor

Thanks for bringing this to our attention. I'll take a look this evening.

@benjivesterby
Copy link
Contributor

@allisonsierra Is there a CVE associated with this issue that would require an update? If you would like to submit a PR to replace the use of the structs package here I would be willing to review it. Unless there is a CVE associated with the structs package I cannot allocate my personal resources to this request at this time.

@allisonsierra
Copy link
Author

There's no current CVE I'm aware of with the structs package. I'd be happy to take a shot at this and get a PR submitted for review.

@andygrunwald andygrunwald added the needs triage Ticket that needs triage (a proper look for classification) label Aug 20, 2022
@andygrunwald
Copy link
Owner

Hey,

I am very sorry that this issue has been open for a long time with no final solution. We work on this project in our spare time, and sometimes, other priorities take over. This is the typical open source dilemma.

However, there is news: We are kicking off v2 of this library 🚀

To provide visibility, we created the Road to v2 Milestone and calling for your feedback in #489

The development will take some time; however, I hope you can benefit from the changes.
If you seek priority development for your issue + you like to sponsor it, please contact me.

What does this mean for my issue?

We will work on this issue indirectly.
This means that during the development phase, we aim to tackle it.
Maybe in a different way like it is currently handled.
Please understand that this will take a while because we are running this in our spare time.

Final words

Thanks for using this library.
If there is anything else you would like to tell us, let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage Ticket that needs triage (a proper look for classification)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andygrunwald @benjivesterby @allisonsierra