(Created from #1437 so we can add it to the discussion milestone.)
We're using go-yaml.v3 in SOPS. Unfortunately this library doesn't seem to be actively maintained anymore; the last commit is from May 2022, and there are quite a few bug reports and bugfix PRs that haven't been looked at / haven't progressed, some of them for years. (I got one myself, https://github.com/go-yaml/yaml/pull/690, open since January 2021, last maintainer reaction in May 2021. This is blocking a bugfix on sops's side: https://github.com/getsops/sops/issues/936#issuecomment-917198987)
Two issues have been created in the past in the repository asking whether it's still maintained, and the (single) maintainer always responded that it still is:
Maybe we should also consider switching to that fork? Or is anyone aware of other forks of go-yaml.v3, or even other actively maintained YAML libraries for Go?
(Created from #1437 so we can add it to the discussion milestone.)
We're using go-yaml.v3 in SOPS. Unfortunately this library doesn't seem to be actively maintained anymore; the last commit is from May 2022, and there are quite a few bug reports and bugfix PRs that haven't been looked at / haven't progressed, some of them for years. (I got one myself, https://github.com/go-yaml/yaml/pull/690, open since January 2021, last maintainer reaction in May 2021. This is blocking a bugfix on sops's side: https://github.com/getsops/sops/issues/936#issuecomment-917198987)
Two issues have been created in the past in the repository asking whether it's still maintained, and the (single) maintainer always responded that it still is:
Other projects have actually went on to fork go-yaml locally, like kubernetes-sigs:
Maybe we should also consider switching to that fork? Or is anyone aware of other forks of go-yaml.v3, or even other actively maintained YAML libraries for Go?