search

opencontainers / runtime-tools

OCI Runtime Tools
https://www.opencontainers.org/
Apache License 2.0
434 stars 141 forks source link

generate, validate: isolate gojson* dependencies. #755

Closed klihub closed 2 years ago

klihub commented 2 years ago

Split out those few capability validation functions (LastCap(), CapValid()) which Generator depends on into a validate/capabilities subpackage of their own. This should prevent github.com/xeipuuv/gojson* from sneaking in to the dependencies of anyone who uses Generator for OCI Spec manipulation.

Those gojsonschema and related packages are often considered problematic because they do not seem to be actively maintained. At the time of this commit they received their last updates in 2018, 2019 and 2020. Excluding them from the dependency blast radius can lower the barrier for accepting/allowing import of generate.Generator.

pohly commented 2 years ago

Those gojsonschema and related packages are often considered problematic because they do not seem to be actively maintained.

Even without that concern it is better to not pull in additional dependencies that aren't needed. For example, compilation becomes faster.

pohly commented 2 years ago

@saschagrunert: thanks. Is there a chance to get this into a tagged release soon(ish)?

saschagrunert commented 2 years ago

@kolyshkin PTAL

rhatdan commented 2 years ago

@giuseppe @mrunalp PTAL

elezar commented 2 years ago

@saschagrunert @rhatdan what is still required to get these changes merged?