sprig icon indicating copy to clipboard operation
sprig copied to clipboard
verified publisher icon Masterminds

Replace deprecated mitchellh/copystructure

Open SanMasood opened this issue 3 months ago • 0 comments

Hello team,

While reviewing dependencies for compliance/security purposes, I noticed that this project depends on github.com/mitchellh/copystructure which has been archived and is no longer maintained.

Repo: https://github.com/mitchellh/copystructure

Status: Archived / unmaintained

See usage here: https://github.com/Masterminds/sprig/blob/master/go.mod#L13C2-L13C36

Relying on archived/unmaintained packages is generally considered a risk for long-term support, compliance (e.g., SOC2), and security review processes, even if no CVEs are currently reported.

I do not have a suggested change for this at the moment but I can look into it and update this issue with my findings.

Would it be possible to update this in a future release? Thank you.

SanMasood avatar Sep 23 '25 08:09 SanMasood