Chia-Ping Tsai created YUNIKORN-2416:
----------------------------------------
Summary: Cleanup replace directives
Key: YUNIKORN-2416
URL: https://issues.apache.org/jira/browse/YUNIKORN-2416
Project: Apache YuniKorn
Issue Type: Improvement
Reporter: Chia-Ping Tsai
The replace directives should be used only if
1. the dependency is indirect, AND
2. the indirect version is too old or has CVEs
For example: core repo has following deps in the replace
golang.org/x/crypto => golang.org/x/crypto v0.18.0
this should be removed since the indirect version is v0.19.0
golang.org/x/lint => golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
this should be removed since we don't use it actually, and golangci-lint is
replacement in our CI.
golang.org/x/net => golang.org/x/net v0.20.0
this should be removed since this dep is used directly
golang.org/x/sys => golang.org/x/sys v0.16.0
this should be removed since the indirect version is v0.17.0
golang.org/x/text => golang.org/x/text v0.14.0
this should be removed since the indirect version is v0.14.0
golang.org/x/tools => golang.org/x/tools v0.17.0
this is the only one we should keep in the replace since the resolved version
is v0.6.0 and it is too stale (released on Feb 8, 2023)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
