Why use go-task/slim-sprig Fork instead of masterminds/sprig.

[Dan6erbond]

Basically the title. This package is one of the few that I am aware of, which us a forked version of Sprig templates by masterminds, instead of the main repo. Was this a mistake running go mod tidy or something similar, or is this intentional?

If so, I have to wonder why we're using a fork that seems to be intended for development purposes only, and not the well-known repo that is used by many well known organizations and projects, and also scores higher on deps.dev:

Open Source Insights

Open Source Insights

If in the future security issues arise, this fork might not receive vital updates whereas I believe the main repo has a much higher chance of staying reliable.

[blgm]

Here's the original conversation: #775

In summary the idea was that slim-sprig added fewer dependencies, resulting in a potentially lower security risk relating to keeping dependencies up to date. But your point about the more heavily used one potentially getting more updates is valid.

Just because this decision was made in the past, it doesn't mean that it's the correct decision for now.