Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing CVE-2022-28948 #1193

Closed
wants to merge 1 commit into from
Closed

Conversation

uname223
Copy link

Summary

Fixing CVE-2022-28948

Changes

Updates gopkg.in/yaml.v3 to v3.0.0

Motivation

Security fix

Related issues

go-yaml/yaml#666

@lni
Copy link

lni commented May 28, 2022

This is already the third PR trying to address the above mentioned security vulnerability.

Could anyone from stretchr please review any one of those PRs and get it merged? Thanks.

@CubicrootXYZ
Copy link

#1192 already includes the bump to v3.0.1 let's focus on getting that merged in favor of this merge request.

@boyan-soubachov
Copy link
Collaborator

Closing as this has already been addressed

@dolmen dolmen added YAML About YAML and dependency dependencies Pull requests that update a dependency file labels Mar 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file YAML About YAML and dependency
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants