Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: drop old golang-jwt/jwt dependency #39804

Closed
wants to merge 5 commits into from
Closed

refactor: drop old golang-jwt/jwt dependency #39804

wants to merge 5 commits into from

Conversation

kruskall
Copy link
Member

@kruskall kruskall commented Jun 5, 2024

Proposed commit message

drop old golang-jwt/jwt dependency

We are only using a small method that has nothing to do with jwt, it's better to copy the method and drop the dependency.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@kruskall kruskall requested review from a team as code owners June 5, 2024 03:59
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 5, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Jun 5, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @kruskall? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@ycombinator ycombinator added the Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team label Jun 5, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jun 5, 2024
@kruskall kruskall mentioned this pull request Jun 8, 2024
Merged
6 tasks
@kruskall
refactor: drop old golang-jwt/jwt dependency
0a3475d 
We are only using a small method that has nothing to do with jwt, it's better
to copy the method and drop the dependency.
shmsr
shmsr reviewed Jun 9, 2024
View reviewed changes
go.mod
@@ -307,6 +306,7 @@ require (
github.com/goccy/go-json v0.10.2 // indirect
github.com/godror/knownpb v0.1.0 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the changes look good, I suggest that since we have github.com/golang-jwt/jwt/v4 as an indirect dependency, why not use the function from there as the code is essentially the same and there is no overhead as far as I know. It is just that github.com/golang-jwt/jwt/v4 becomes a direct dependency.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree. Direct and indirect dependencies are not the same and should not be treated the same.
Beats already disables dead code elimination due to problematic use of reflection, adding more direct dependencies only makes the problem worse by increasing binary size for downstream users.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it is included, right? Indirect are dependencies imported by direct dependencies. So, they are already on the build list. As github.com/golang-jwt/jwt/v4 is already in the build list, I suggested let we make it a direct dependency instead (not v5, but v4).

What do you think?

@kruskall
Copy link
Member Author

After #39968 the jwt lib is actually used (which is good because it got rid of another dep) so this PR is not needed anymore.

@kruskall kruskall closed this Jun 23, 2024
@kruskall kruskall deleted the build/drop-jwt-go branch June 23, 2024 18:20
@shmsr
Copy link
Member

shmsr commented Jun 23, 2024

After #39968 the jwt lib is actually used (which is good because it got rid of another dep) so this PR is not needed anymore.

Also, as per my discussion with Craig offline, we decided to go with github.com/golang-jwt/jwt/v5 v5.0.0 for the fork used in #39840. See: elastic/go-sfdc@bcc8456

So, dropped one more extra lib (indirectly): github.com/dgrijalva/jwt-go (that too deprecated)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shmsr shmsr shmsr left review comments

Assignees

@kruskall kruskall

Labels
enhancement Team:Obs-InfraObs Label for the Observability Infrastructure Monitoring team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kruskall @shmsr @ycombinator