You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possible to have one go.mod / go.sum for each package ?
I use the hmetrics package in my app. hmetrics doesn't need dependencies aside from the standard lib.
However, using hmetrics in my app comes with the cost of installing 50+ dependencies from heroku/x's go.mod.
This is heavy and raises useless security alerts (e.g. heroku/x depends on cobra@v1 which depends on viper@v1 which depends on dgrijalva/jwt-go@v3 which is deprecated and has CVE-2020-26160).
Thanks!
The text was updated successfully, but these errors were encountered:
Hi !
Would it be possible to have one go.mod / go.sum for each package ?
I use the
hmetricspackage in my app.hmetricsdoesn't need dependencies aside from the standard lib.However, using
hmetricsin my app comes with the cost of installing 50+ dependencies fromheroku/x's go.mod.This is heavy and raises useless security alerts (e.g.
heroku/xdepends oncobra@v1which depends onviper@v1which depends ondgrijalva/jwt-go@v3which is deprecated and has CVE-2020-26160).Thanks!
The text was updated successfully, but these errors were encountered: