You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Basically the title. This package is one of the few that I am aware of, which us a forked version of Sprig templates by masterminds, instead of the main repo. Was this a mistake running go mod tidy or something similar, or is this intentional?
If so, I have to wonder why we're using a fork that seems to be intended for development purposes only, and not the well-known repo that is used by many well known organizations and projects, and also scores higher on deps.dev:
If in the future security issues arise, this fork might not receive vital updates whereas I believe the main repo has a much higher chance of staying reliable.
The text was updated successfully, but these errors were encountered:
In summary the idea was that slim-sprig added fewer dependencies, resulting in a potentially lower security risk relating to keeping dependencies up to date. But your point about the more heavily used one potentially getting more updates is valid.
Just because this decision was made in the past, it doesn't mean that it's the correct decision for now.
Basically the title. This package is one of the few that I am aware of, which us a forked version of Sprig templates by masterminds, instead of the main repo. Was this a mistake running
go mod tidy
or something similar, or is this intentional?If so, I have to wonder why we're using a fork that seems to be intended for development purposes only, and not the well-known repo that is used by many well known organizations and projects, and also scores higher on deps.dev:
Open Source Insights
Open Source Insights
If in the future security issues arise, this fork might not receive vital updates whereas I believe the main repo has a much higher chance of staying reliable.
The text was updated successfully, but these errors were encountered: