change yaml library to go.yaml.in/yaml/v3 #1772
Conversation
The [go-yaml](https://github.com/go-yaml/yaml/) project was archived on Apr 1, 2025 and is no longer maintained. Luckily the official YAML organization forked the project and is maintaining it under https://github.com/yaml/go-yaml/tree/v3.
|
There is work in progress about the license of that project: yaml/go-yaml#6 So we should block until that is stabilized. |
License of go-yaml has changed to Apache now. This PR can move forward |
|
The change are only on main branch for now. go-yaml has only released -rc for now for the v4. It might be a bit early |
dolmen
added
YAML
|
I'd like to see this PR merged, with the v3 tag it now has, while the YAML organization works on v4. That move would make it easier to get buy-in for using Testify at organizations that balk at running abandonware. The main branch's README received a July 30 update that makes it clear that v3 will receive security updates. |
|
I think this is good to be merged, so instantly all indirect dependencies to the archive repo would disappear. |
* fixes go-openapi#127 The direct dependencies to this archived repo have been replaced by the active fork imported from go.yaml.in/yaml/v3. NOTE: an indirect dependency remains from stretchr/testify. There is an open PR there to solve this stretchr/testify#1772. There is not much I can do here to remove this indirect test dependency. Signed-off-by: Frederic BIDON <[email protected]>
* fixes #127 The direct dependencies to this archived repo have been replaced by the active fork imported from go.yaml.in/yaml/v3. NOTE: an indirect dependency remains from stretchr/testify. There is an open PR there to solve this stretchr/testify#1772. There is not much I can do here to remove this indirect test dependency. Signed-off-by: Frederic BIDON <[email protected]>
|
The majority of testify users would need to wait until we make a release to benefit from this. Recently we've been on a (very) approximate 6-monthly release cadence, that's not to say we couldn't release earlier than expected to mitigate this and another EOL dependency. My point is that there isn't a pressing need to rush this. We really do want to merge this, but v4 is in release candidate so I don't think it will be all that long now. |
7 participants
Summary
The go-yaml project was archived on Apr 1, 2025 and is no longer maintained. Luckily the official YAML organization forked the project and is maintaining it under https://github.com/yaml/go-yaml/tree/v3.
Changes
Replaced all occurrences of
gopkg.in/yaml.v3withgo.yaml.in/yaml/v3Motivation
go-yaml was archived on Apr 1.
Related issues