[
https://issues.apache.org/jira/browse/YUNIKORN-2416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chia-Ping Tsai resolved YUNIKORN-2416.
--------------------------------------
Fix Version/s: 1.5.0
Resolution: Fixed
all reverts are completed
> Cleanup replace directives
> --------------------------
>
> Key: YUNIKORN-2416
> URL: https://issues.apache.org/jira/browse/YUNIKORN-2416
> Project: Apache YuniKorn
> Issue Type: Improvement
> Reporter: Chia-Ping Tsai
> Assignee: Yu-Lin Chen
> Priority: Minor
> Labels: pull-request-available
> Fix For: 1.5.0
>
>
> The replace directives should be used only if
> 1. the dependency is indirect, AND
> 2. the indirect version is too old or has CVEs
> For example: core repo has following deps in the replace
> golang.org/x/crypto => golang.org/x/crypto v0.18.0
> this should be removed since the indirect version is v0.19.0
> golang.org/x/lint => golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
> this should be removed since we don't use it actually, and golangci-lint is
> replacement in our CI.
> golang.org/x/net => golang.org/x/net v0.20.0
> this should be removed since this dep is used directly
> golang.org/x/sys => golang.org/x/sys v0.16.0
> this should be removed since the indirect version is v0.17.0
> golang.org/x/text => golang.org/x/text v0.14.0
> this should be removed since the indirect version is v0.14.0
> golang.org/x/tools => golang.org/x/tools v0.17.0
> this is the only one we should keep in the replace since the resolved version
> is v0.6.0 and it is too stale (released on Feb 8, 2023)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@yunikorn.apache.org
For additional commands, e-mail: dev-h...@yunikorn.apache.org
