Why github.com/bketelsen/crypt is a required dependency?

[ashi009]

After introducing cobra, we noticed that the go.sum exploded. Further investigation showed that the hundreds of dependencies introduced are because of the transitive dependency of github.com/bketelsen/crypt.

In my option, the encrypted configuration should be an extension to cobra/viper not transitively included by default.

[sagikazarmark]

Unfortunately we can't remove it from v1, because it would break backwards compatibility, but remote key-value stores will be provided as external modules in Viper v2.

Things are actually way better now that the latest crypt (and Viper) use etcd 3.5 that introduced proper module support. Things will become even better with Go 1.17

Cobra needs to release a new version with the updated Viper module though: https://github.com/spf13/cobra/blob/master/go.mod#L9

The issue is tracked here: #887

[ashi009]

Lovely! Thanks Márk Sági-Kazár ***@***.***>于2021年8月16日 周一17:50写道：

Unfortunately we can't remove it from v1, because it would break backwards compatibility, but remote key-value stores will be provided as external modules in Viper v2. Things are actually way better now that the latest crypt (and Viper) use etcd 3.5 that introduced proper module support. Things will become even better with Go 1.17 Cobra needs to release a new version with the updated Viper module though: https://github.com/spf13/cobra/blob/master/go.mod#L9 The issue is tracked here: #887 <#887> — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#1186 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFH2B3F6Y336KOYMGT6KS3T5DNOTANCNFSM5CG47WWQ> .

-- Sent from Gmail Mobile