Consider removing easyjson dependency due to security risks

[alexandear]

This project has a dependency on github.com/mailru/easyjson

mailru/easyjson is a Go library with maintainers based in Russia and affiliated with VK Group. VK Group has known ties to the Russian government and a history of cooperating with Russian security services, including sharing user data.

According to the Hunted Labs report, "The Russian Open Source Project That We Can’t Live Without", this dependency poses a significant supply chain risk. To mitigate these risks, I propose to remove this dependency.

See also:

• Usage of easyjson library (from mail[dot]ru) mattermost/mattermost#31193
• Mail.Ru easyjson library security concerns swaggo/swag#1857
• Security risk: Remove indirect dependency on github.com/mailru/easyjson SpecterOps/bloodhound-go-sdk#11
• Consider removing easyjson dependency due to sanction concerns apache/incubator-kie-tools#3111
• Consider removing easyjson dependency due to sanction concerns apache/answer#1332

[avivpxi]

Hi @alexandear, I do not wish to go into politics and it feels rather political. I don't see any evidence of misbehavior on the library in any of the recent commits, nor any warning from any vulnerability check tool.
But i will tell you this - I considered removing this dependency since this is the only (non dev) dependency of this library. Which means getting rid of easyjson make this a dependency free library.
All we need to do is implement the behavior of easyjson/jlexer package on version 0.7.7. this is no more than a few hundred lines of code. If you want it addressed, feel free to submit a PR with such a change.