google-cloud-go icon indicating copy to clipboard operation
google-cloud-go copied to clipboard
verified publisher icon googleapis

spanner: third party dependency exception for github.com/json-iterator/go

Open noahdietz opened this issue 1 year ago • 2 comments

Module: spanner Usage(s): spanner/value.go

For the time being, it will be exempt from the third party dep check, but please do one of the following:

A. Remove the dependency by switching to a package own directly by Google, handwriting necessary functionality, or using stdlib B. Justify the exception and ack the risks, maintaining the exception indefinitely

noahdietz avatar Feb 06 '24 01:02 noahdietz

There is a significant concern from my point of view with json-iterator dependency due to it's heavy reliance on unsafe and modern-go/reflect2. See https://github.com/golang/go/issues/54766#issuecomment-1983808590 for issues that happen from it -- the lucky case is when your compilation or tests fail.

egonelbre avatar Apr 10 '24 11:04 egonelbre

Thanks @egonelbre for pointing this out, bumping the priority for now.

rahul2393 avatar Apr 10 '24 11:04 rahul2393