Description of problem: The operator SDK 0.17 pull sin package https://github.com/bouk/monkey/ through the dependency graph. The license terms on this package are at https://github.com/bouk/monkey/blob/master/LICENSE.md and say 'I do not give anyone permissions to use this tool for any purpose. Don't use it.' This appears to have been fixed in the Operator SDK 0.18, but customer is not able to update to that at the moment due to breaking changes. Can a backport/fix be provided for 0.17? This package is pulled in indirectly through the operator SDK dependency on github.com/otiai10/copy and github.com/otiai10/mint. Using operator-sdk 0.17. It causes this non-permitted package to be pulled into a wide number of IBM operators Version-Release number of selected component (if applicable): operator-sdk 0.17 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This issue has been fixed in later versions of the Operator SDK. We recommend upgrading to a newer version of the Operator SDK. We have no plans to update the v0.17.x. In the short term you could upgrade to v0.19.4 which supports the older operator scaffolding. https://v0-19-x.sdk.operatorframework.io/docs/migration/ If you want to prepare for the longer term, consider migrating to the latest Operator SDK version v1.1.0: https://v1-1-x.sdk.operatorframework.io/docs/upgrading-sdk-version/