EOL for pmezard/go-difflib dependency

[anurag-deshpande]

[Problem Description]
We are consuming github.com/expr-lang/expr v1.15.7, which is latest as of date. This package is scanned for security vulnerabilities and EOLs by blackduck scanner at our source.

The blackduck scanner has identified a Project EOL component, pmezard-go-difflib20190219-snapshot-5d4384ee , which is a transitive dependency of github.com/expr-lang/expr v1.15.7. This project is not maintained and thus EOLed much earlier.

[Request]
We wish to consume all the dependencies which are non-EOLed, to maintain good coding practices. Can this EOLed component be updated by expr contributors or replaced with some alternative with similar functionality, to reduce the EOL risk?

Let me know if any more information is needed for this issue.

[antonmedv]

Expr uses testify (tests only), and testify uses go-difflib.

Upstream issue: stretchr/testify#1327

Will see what I can do about it.

[antonmedv]

Upstream issue is stale. Will vendor testify.