You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Several packages by Mitchell Hashimoto remain in Vault's dependency tree after being archived. Two related issues already exist (#29884 for aws-sdk-go v1, #31558 for mapstructure), but the following archived packages have not been reported:
api/cliconfig/config.go, api/tokenhelper/, command/base.go etc. (6 files)
mitchellh/reflectwalk
Archived
2020-04
audit/hashstructure.go — audit log hashing
Context
These packages were archived because their functionality is now covered by the Go standard library or by successor packages. They no longer receive bug fixes or security patches.
copystructure is used for deep-copying ACL parameters (AllowedParameters, DeniedParameters), policy data, and request objects.
go-homedir is used for ~ expansion in CLI config and token helper paths.
reflectwalk is used in the audit subsystem to walk and hash sensitive fields in request/response structs.
Suggested replacements
copystructure → a minimal internal deep-copy helper (~100 lines with reflect). The original is ~300 lines; an LLM can generate a replacement with tests in minutes.
Summary
Several packages by Mitchell Hashimoto remain in Vault's dependency tree after being archived. Two related issues already exist (#29884 for aws-sdk-go v1, #31558 for mapstructure), but the following archived packages have not been reported:
mitchellh/copystructurevault/acl.go,vault/policy.go,sdk/logical/request.go,vault/mount.gomitchellh/go-homedirapi/cliconfig/config.go,api/tokenhelper/,command/base.goetc. (6 files)mitchellh/reflectwalkaudit/hashstructure.go— audit log hashingContext
These packages were archived because their functionality is now covered by the Go standard library or by successor packages. They no longer receive bug fixes or security patches.
AllowedParameters,DeniedParameters), policy data, and request objects.~expansion in CLI config and token helper paths.Suggested replacements
reflect). The original is ~300 lines; an LLM can generate a replacement with tests in minutes.os.UserHomeDir()(stdlib since Go 1.12). We submitted the same replacement to Trivy: refactor(deps): replace archived go-homedir with os.UserHomeDir aquasecurity/trivy#10484reflectpackage (stdlib). The walker pattern can be reimplemented with standard reflection.Related issues
How this was detected
Scanned with uzomuzo, an open-source dependency lifecycle scanner.