I have recently updated the Mongo Go driver from v1.3.5 to v1.4.6 and I have noticed that the vendor directory pulled some 35.5k lines of code. After further inspection, I noticed that most of the updated code has nothing to do with Mongo driver, but its dependency on AWS SDK (mostly Credentials and Signer). Please note that I’m not using AWS to run my code. This giant dependency is caused by a rather simple need for some AWS auth utilities and I assume it can be avoided if you replace direct dependency with an interface wrapper and provide different implementations in different packages. That way, I would pull only what I need and have a cleaner update with no need to add dependencies I don’t intend to use. The other option is to simply reimplement a small chunk of the actual SDK MongoDB Driver needs to avoid any dependencies whatsoever because what you need really does not justify having the entire AWS SDK in vendors.