Open
Description
As a fix for #3179 a solution is to vendor the libraries with objects that participate in the license index pickle such that we are not dependent on their uncontrolled updates. These include:
- attrs
- intbitset and pyahocorasick: these are native libraries and are low priority since we are maintaining them and are able to control their release cycle
- license_expression and boolean.py though we maintain these, so low priority (used for the Rule.license_expression_object)
See also these related issues:
- Remove or fork commonmark #3190
- Clean up and review specific dependencies for v32 #3191
- An error occurs when parsing a general text file. #3179
Note: we are doing vendoring in https://github.com/nexB/typecode/blob/main/README.rst with vendy for pygments and also FetchCode (inherit from pip) and tracecode-toolkit-strace (using vendorize for altgraph and docopt). python-vendorize seems mostly current and upda to date.