Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update yaml v3 to v3.0.1 to fix CVE 2022 28948 #309

Merged
merged 2 commits into from Jun 10, 2022

Conversation

jimmystewpot
Copy link
Contributor

@jimmystewpot jimmystewpot commented Jun 9, 2022

gopkg.in/yaml.v3 has a vulnerability CVE-2022-28948 which is fixed in 3.0.1. This patch is a bump of the import version and a mod tidy.

@alecthomas alecthomas merged commit 9d72e94 into alecthomas:master Jun 10, 2022
2 checks passed
@pyqlsa
Copy link
Contributor

pyqlsa commented Jun 12, 2022

cc @alecthomas

Only commenting here because this update in particular peaked my interest with respect to some of the other recent PRs. There have been a few updates since the last tag, would you be amenable to pushing another tag when you're happy with the latest state of master? If nothing else, it will help anybody else whose CVE scanners pick up transitive CVEs through test dependencies bump to an updated version of kong a little easier 😁

@alecthomas
Copy link
Owner

alecthomas commented Jun 12, 2022

Good idea, tagged v0.6.0 :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants