diff --git a/go.mod b/go.mod index 76e534a51..cdb2ef193 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.0 toolchain go1.23.4 require ( - github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible + github.com/Knetic/govaluate v3.0.1-0.20250325060307-7625b7f8c03d+incompatible github.com/agoda-com/opentelemetry-logs-go v0.6.0 github.com/benbjohnson/clock v1.3.5 github.com/go-kit/kit v0.13.0 diff --git a/go.sum b/go.sum index 144cc9c30..49d76b359 100644 --- a/go.sum +++ b/go.sum @@ -62,8 +62,9 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.3.3/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/HdrHistogram/hdrhistogram-go v0.9.0/go.mod h1:nxrse8/Tzg2tg3DZcZjm6qEclQKK70g0KxO61gFFZD4= -github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= +github.com/Knetic/govaluate v3.0.1-0.20250325060307-7625b7f8c03d+incompatible h1:PQkGQvISFXAw+Lkmcyd5OUGDVtdQdY1u0CIDjDbBg64= +github.com/Knetic/govaluate v3.0.1-0.20250325060307-7625b7f8c03d+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= diff --git a/vendor/github.com/Knetic/govaluate/ARCHIVED.md b/vendor/github.com/Knetic/govaluate/ARCHIVED.md new file mode 100644 index 000000000..4002295e1 --- /dev/null +++ b/vendor/github.com/Knetic/govaluate/ARCHIVED.md @@ -0,0 +1,26 @@ +Archived +==== + +John Carmack [had a quote](https://youtu.be/I845O57ZSy4?t=10392) on a recent podcast; + +> Every high-level programmer, sometime in their career, invents their own programming language. It seems to be a thing that's broadly done. [...] I don't regret having done it [...] building my own language was an experience, I learned a lot. But there was a generation of programmers who learned programming through QuakeC, which was nothing to write home about. [...] It's not what I'd do today. + +Yeah man, that nails it. Partly I'm sorry to every student who got assigned to read my code for their systems programming courses - I was 25 years old (the same age as Carmack when he did it, humorously), I learned a lot, I don't regret it, but I've moved onto many other things. + +## History + +When this project started, I was working as devops, frustrated with Ruby. I wanted to write monitoring expressions in a modern langauge. Shortly after, I attended Gophercon 2015, and I was energized. Every night I came back to my hotel and carved out the basics of this repo, completely immersed. + +Once the repo was in good working order, it started attracting contributors and users steadily. At first I was pretty happy about this, and consistently maintained the repo, fixed bugs, took pull requests, and did what you're supposed to do. But, not long after, I made the jump from devops to plain development, and my progress stalled on a failed branch to reimplement accessors (the ".", allowing structs to be used) in a less buggy way. It always seemed just right around the corner, but every time I tried, it never worked. I got ashamed of the repo, and stopped looking at it. + +After a few years, I realized the repo was quite popular, and has large and respected users from across the globe. It was being taught in multiple universities (ironic, considering I dropped out of school at age 12), it's a core part of chaincode, bytedance uses it, it had thousands of stars, it was being pulled thousands of times a day, hundreds visited the repo every day, ChatGPT references it a few dozen times a day. At the time of writing, the company I work at is onboarding Argo, which _uses this repo_. + +I respect long-lived open source projects, I depend on them daily. But that's not me. The reason everything I open-source is MIT-licensed is because I move on to other things, and if people find what I've done valuable, great, take it and use it. But, I started a family, I've had a deeply engaging and fulfilling job for many years, I've had other projects that have taken my interest. It's been a decade with little progress, and it's time to admit that I'm never going to come back to this. + +## Why not hand over maintainance? + +This repo is old. There are other projects that have clearly taken what was started here, and built on top of it. [expr](https://github.com/expr-lang/expr) is a good example (i haven't spoken with the author, but it's very clearly a fork, as you can see from the earliest commits). [Casbin](https://github.com/casbin/govaluate) has put together a direct fork of this repo, and is accepting PR's. + +But, more specifically, I simply haven't put in the effort to find someone to trust, and given the nature of the [XZ utils attack](https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/) in recent memory, a few private communications i _have_ received about the topic make me wary. So, the point of open source is that you can take it and run with it, like expr and casbin have. So, use one of those. The authors are active maintainers. + +So, this repo is preserved in amber. It'll always work, but there's no point in pretending that it will ever receive any updates. So long, and thanks for all the fish. \ No newline at end of file diff --git a/vendor/github.com/Knetic/govaluate/LICENSE b/vendor/github.com/Knetic/govaluate/LICENSE index 24b9b4591..7eb864e85 100644 --- a/vendor/github.com/Knetic/govaluate/LICENSE +++ b/vendor/github.com/Knetic/govaluate/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2014-2016 George Lester +Copyright (c) 2014-2025 George Lester Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/github.com/Knetic/govaluate/README.md b/vendor/github.com/Knetic/govaluate/README.md index 2e5716d4f..5ccecf6d6 100644 --- a/vendor/github.com/Knetic/govaluate/README.md +++ b/vendor/github.com/Knetic/govaluate/README.md @@ -1,13 +1,12 @@ govaluate ==== -[![Build Status](https://travis-ci.org/Knetic/govaluate.svg?branch=master)](https://travis-ci.org/Knetic/govaluate) [![Godoc](https://img.shields.io/badge/godoc-reference-5272B4.svg)](https://godoc.org/github.com/Knetic/govaluate) -[![Go Report Card](https://goreportcard.com/badge/github.com/Knetic/govaluate)](https://goreportcard.com/report/github.com/Knetic/govaluate) -[![Gocover](https://gocover.io/_badge/github.com/Knetic/govaluate)](https://gocover.io/github.com/Knetic/govaluate) Provides support for evaluating arbitrary C-like artithmetic/string expressions. +# ARCHIVED -- See [ARCHIVED.md](./ARCHIVED.md) for reasons and alternatives. + Why can't you just write these expressions in code? -- diff --git a/vendor/modules.txt b/vendor/modules.txt index dd4c11798..6b705ccd9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible +# github.com/Knetic/govaluate v3.0.1-0.20250325060307-7625b7f8c03d+incompatible ## explicit github.com/Knetic/govaluate # github.com/agoda-com/opentelemetry-logs-go v0.6.0