Revisit old dependency libraries

[andrii-korotkov-verkada]

Summary

Here's some summary

• github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 // A simple old library with external dependencies, probably okay to keep, may want to replace the dependencies version
• github.com/chainguard-dev/git-urls v1.0.2 // A simple old library with no external dependencies, probably okay to keep
• github.com/dustin/go-humanize v1.0.1 // A simple old library with no external dependencies, probably okay to keep
• github.com/gobwas/glob v0.2.3 // An old library with no external dependenices, need to decide what to do
• github.com/gogits/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 // An old library with no external dependencies, need to decide what to do
• github.com/gogo/protobuf v1.3.2 // A deprecated old library, probably need to replace
• github.com/google/go-jsonnet v0.20.0 // An old library with external dependencies, need to decide what to do
• github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // A simple old library with no external dependencies, probably okay to keep
• github.com/grpc-ecosystem/grpc-gateway v1.16.0 // An old library, need a major version migration
• github.com/improbable-eng/grpc-web v0.15.1-0.20230209220825-1d9bbb09a099 // An old library in maintenance mode with external dependencies, need to decide what to do
• github.com/jeremywohl/flatten v1.0.2-0.20211013061545-07e4a09fb8e4 // An old library with no external dependencies, probably okay to keep
• github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // An old library with no external dependencies, probably okay to keep
• github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 // An old library, need a major version upgrade
• github.com/olekukonko/tablewriter v0.0.6-0.20230925090304-df64c4bbad77 // A simple old library with external dependencies, probably okay to keep, may want to replace the dependencies version
• github.com/patrickmn/go-cache v2.1.0+incompatible // An old library with no external dependencies, probably okay to keep
• github.com/r3labs/diff/v3 v3.0.1 // An old library with external dependencies, probably okay to keep, may want to replace the dependencies version
• github.com/robfig/cron/v3 v3.0.1 // An old library with no external dependencies, probably okay to keep
• github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // A simple old library with no external dependencies, probably okay to keep
• github.com/soheilhy/cmux v0.1.5 // An old library with external dependencies, probably okay to keep, may want to replace the dependencies version
• github.com/valyala/fasttemplate v1.2.2 // A simple old library with external dependencies, probably okay to keep, may want to replace the dependencies version, but depends only on another valyala library which doesn't have external dependencies.
• gopkg.in/yaml.v2 v2.4.0 // An old library, but well-known one, probably need a major version upgrade
• gopkg.in/yaml.v3 v3.0.1 // An old library, but well-known one
• sigs.k8s.io/yaml // An old library, but well-known one

Motivation

Keep things up-to-date, reduce the image size with removing some older transitive dependencies.

Proposal

Revisit each lib updated not too recently and decide what to do.

[andrii-korotkov-verkada]

I'll try to update some versions upsteam

[andrii-korotkov-verkada]

• chore: Update deps version TomOnTime/utfutil#7 (new one was created doing the same thing)

[andrii-korotkov-verkada]

• chore: Update dependency versions google/go-jsonnet#794

[andrii-korotkov-verkada]

• chore: Update some dependencies improbable-eng/grpc-web#1183

[andrii-korotkov-verkada]

• chore: Update some dependencies olekukonko/tablewriter#234

[andrii-korotkov-verkada]

• chore: Update some dependencies r3labs/diff#113

[andrii-korotkov-verkada]

• chore: Update some dependencies soheilhy/cmux#104

[andrii-korotkov-verkada]

I've tried for Yaml, but it's too hard (e.g. goccy yaml likes uint64, which can't be deep copied in json) and yaml dependencies still remain as indirect.

[andrii-korotkov-verkada]

For github.com/google/go-jsonnet, improbable-eng/grpc-web, olekukonko/tablewriter, r3labs/diff, soheilhy/cmux I won't use my fork as suggested in the Argo CD PR, and would just have the latest of what's available and evaluate if replaces are warranted, e.g. due to some CVEs.