stretchr
change yaml library to go.yaml.in/yaml/v3
Summary
The go-yaml project was archived on Apr 1, 2025 and is no longer maintained. Luckily the official YAML organization forked the project and is maintaining it under https://github.com/yaml/go-yaml/tree/v3.
Changes
Replaced all occurrences of gopkg.in/yaml.v3 with go.yaml.in/yaml/v3
Motivation
go-yaml was archived on Apr 1.
Related issues
- https://github.com/stretchr/testify/issues/1724
There is work in progress about the license of that project: https://github.com/yaml/go-yaml/pull/6
So we should block until that is stabilized.
There is work in progress about the license of that project: yaml/go-yaml#6
So we should block until that is stabilized.
License of go-yaml has changed to Apache now. This PR can move forward
The change are only on main branch for now.
go-yaml has only released -rc for now for the v4.
It might be a bit early
I'd like to see this PR merged, with the v3 tag it now has, while the YAML organization works on v4. That move would make it easier to get buy-in for using Testify at organizations that balk at running abandonware. The main branch's README received a July 30 update that makes it clear that v3 will receive security updates.
I think this is good to be merged, so instantly all indirect dependencies to the archive repo would disappear. Notice that the build tags trick that is used in assert/yaml has no influence on how go.mod propagates dependencies.
The majority of testify users would need to wait until we make a release to benefit from this. Recently we've been on a (very) approximate 6-monthly release cadence, that's not to say we couldn't release earlier than expected to mitigate this and another EOL dependency.
My point is that there isn't a pressing need to rush this. We really do want to merge this, but v4 is in release candidate so I don't think it will be all that long now.
