Skip to content

Replace outdated unmaintained dependencies with modern alternatives#22

Merged
ChronosMasterOfAllTime merged 9 commits into
mainfrom
copilot/update-core-dependencies
Oct 16, 2025
Merged

Replace outdated unmaintained dependencies with modern alternatives#22
ChronosMasterOfAllTime merged 9 commits into
mainfrom
copilot/update-core-dependencies

Conversation

Copilot AI commented Oct 16, 2025

Copy link
Copy Markdown

Overview

This PR addresses security and maintenance concerns by replacing two core dependencies that are no longer maintained with actively supported alternatives.

Changes

1. Markdown Rendering: blackfriday → goldmark

Replaced: github.com/russross/blackfriday/v2 v2.1.0 (unmaintained since 2020)
With: github.com/yuin/goldmark v1.7.13 (actively maintained)

The goldmark library is configured with GitHub-flavored markdown extensions to maintain full compatibility with existing functionality:

  • Table support with HTML align attributes for backward compatibility
  • Linkify for automatic URL linking
  • Strikethrough text support
  • Task list support

2. Email Sending: go-gomail → wneessen/go-mail

Replaced: github.com/go-gomail/gomail (unmaintained since 2016)
With: github.com/wneessen/go-mail v0.7.2 (actively maintained)

Updated the examples to use the modern go-mail API while preserving all existing functionality including sender formatting, multi-part messages (text/plain and text/html), and SMTP authentication.

Benefits

  • Security: Both new libraries are actively maintained and receive regular security updates
  • Performance: goldmark offers better performance than blackfriday
  • Standards Compliance: wneessen/go-mail is more compliant with modern SMTP standards
  • Future-proof: Active communities ensure continued support and bug fixes

Testing

  • ✅ All existing tests pass without modification (100% success rate)
  • ✅ Examples build and run successfully
  • ✅ Email HTML/text generation verified
  • ✅ CodeQL security analysis: 0 alerts
  • ✅ No breaking changes to public API

Migration Impact

For library users: No changes required. This is a drop-in replacement with full backward compatibility.

For users referencing the examples: If you've based your email sending code on the examples, you'll need to update your imports and use the new go-mail API. See examples/main.go for the updated implementation.

Fixes #[issue_number]

Original prompt

This section details on the original issue you should resolve

<issue_title>Core dependencies are outdated and unmaintained</issue_title>
<issue_description>Hey! 👋

First off, thanks for forking this and adding some cool new features!

I was looking into using the library and noticed a couple of its core dependencies pose a potential security risk:

  1. gomail is unmaintained since 2016.

  2. The markdown renderer blackfriday is unmaintained since 2020.

Would you consider updating them to more current, maintained versions?

Thanks 🙏</issue_description>

<agent_instructions>Please solve the issue with the outdated libraries and use the suggested replacements.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

@ChronosMasterOfAllTime Good catch! Will look into alternatives and update accordingly

Fixes #21


💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI and others added 3 commits October 16, 2025 13:59
Co-authored-by: ChronosMasterOfAllTime <28963807+ChronosMasterOfAllTime@users.noreply.github.com>
Co-authored-by: ChronosMasterOfAllTime <28963807+ChronosMasterOfAllTime@users.noreply.github.com>
Co-authored-by: ChronosMasterOfAllTime <28963807+ChronosMasterOfAllTime@users.noreply.github.com>
Copilot AI changed the title [WIP] Update outdated core dependencies for security Replace outdated unmaintained dependencies with modern alternatives Oct 16, 2025
@github-actions github-actions Bot added the chore label Oct 16, 2025
@ChronosMasterOfAllTime ChronosMasterOfAllTime marked this pull request as ready for review October 16, 2025 18:40
@ChronosMasterOfAllTime ChronosMasterOfAllTime merged commit e7fd052 into main Oct 16, 2025
4 of 7 checks passed
@ChronosMasterOfAllTime ChronosMasterOfAllTime deleted the copilot/update-core-dependencies branch October 16, 2025 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Core dependencies are outdated and unmaintained

3 participants