The cipher subpackage is importing a third party package `github.com/apexskier/cryptoPadding` and uses only this part of it:<p><a href="https://github.com/apexskier/cryptoPadding/blob/master/pkcs7.go" rel="nofollow">https://github.com/apexskier/cryptoPadding/blob/master/pkcs7...</a><p>I think it would be a good idea to avoid that otherwise small dependency with some copy-pasta/vendoring.