search

newrelic / go-agent

New Relic Go Agent
Apache License 2.0
762 stars 294 forks source link

Remove fasthttp dependency from main module #807

Closed rittneje closed 9 months ago

rittneje commented 10 months ago

Summary

As of v3.25.0 the github.com/newrelic/go-agent/v3 module has a direct dependency on github.com/valyala/fasthttp.

We have to carefully review third-party libraries. This one in particular is rather concerning due to its use of unsafe.

Judging from the code, it looks like the main module doesn't even need this dependency. It's just so that anyone who happens to use fasthttp can instrument their code. But this should have been isolated to an integration like everything else.

Desired Behavior

  1. The public API of the main module should not include anything outside the Go standard library.
  2. The main module should not include dependencies other than to support its public API and its backing implementation.

Possible Solution

It's a breaking change, so it's tricky. Either just make a breaking change in a minor release and direct people to use the new integration, or release a new major version.

iamemilio commented 10 months ago

scheduled for the next release

iamemilio commented 9 months ago

As of the 3.28.0 release, fast http is now isolated to its own integration package.