Speaking as a new Gopher, but I have had lots of experience with software
dependencies. A tool like dep would be perfect for this. You could simply
pin the one dependency until a fix is provided for the error, and for the
others you can simply keep updating to the latest.
This may not be the
I have been using https://github.com/FiloSottile/gvt for years, it's great,
simple, you vendor only what you want, so, in this case, that one lib you
are talking about
you can even leave the imports as they are, but point to your own fork of
the repo by modifying the manifest file
for example,