Open
Description
The language server is licensed under MPL and we should ensure that whatever dependencies we take in as part of any PRs are compatible with that license and any other requirements we may have related to potential legal obligations in the future.
Additionally we should ensure that dependencies we rely on don't have known vulnerabilities and that we can be notified when a vulnerability is disclosed.
GitHub's own scanner doesn't support Go yet:
https://help.github.com/en/github/visualizing-repository-data-with-graphs/listing-the-packages-that-a-repository-depends-on#supported-package-ecosystems
Snyk does both of the above.