Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update yaml v3 to v3.0.1 to fix CVE 2022 28948 #309

merged 2 commits into from Jun 10, 2022


Copy link

@jimmystewpot jimmystewpot commented Jun 9, 2022 has a vulnerability CVE-2022-28948 which is fixed in 3.0.1. This patch is a bump of the import version and a mod tidy.

@alecthomas alecthomas merged commit 9d72e94 into alecthomas:master Jun 10, 2022
2 checks passed
Copy link

pyqlsa commented Jun 12, 2022

cc @alecthomas

Only commenting here because this update in particular peaked my interest with respect to some of the other recent PRs. There have been a few updates since the last tag, would you be amenable to pushing another tag when you're happy with the latest state of master? If nothing else, it will help anybody else whose CVE scanners pick up transitive CVEs through test dependencies bump to an updated version of kong a little easier 😁

Copy link

alecthomas commented Jun 12, 2022

Good idea, tagged v0.6.0 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants