-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SNYK-GOLANG-GOPKGINYAMLV3-2841557 #70
Comments
+1 to fixing this issue (CVE-2022-28948) related to package |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey all - I'm trying to solve https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557 which I'm getting via https://github.com/aws/aws-sdk-go. Usually, I'd put a PR in to bump the dependency in the tree but as it seems the link is testify which has been submodule here due to lock testify at
1.5.1
maintaining compatibility with Go <1.12 I'm not 100% on the next steps.Does anyone with a better understanding of this package have any pointers on how to mitigate this vulnerability?
The text was updated successfully, but these errors were encountered: