fix vulnerability GO-2022-0603

[peczenyj]

while running the govulncheck program I find one issue and I decided to fix it via pull request

this is an interesting tool to add into the Makefile

$ govulncheck ./...
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.

Using go1.20.2 and govulncheck@v0.0.0 with
vulnerability data from https://vuln.go.dev (last modified 27 Mar 23 17:34 UTC).

Scanning your code and 225 packages across 18 dependent modules for known vulnerabilities...
No vulnerabilities found.

=== Informational ===

Found 1 vulnerability in packages that you import, but there are no call
stacks leading to the use of this vulnerability. You may not need to
take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.

Vulnerability #1: GO-2022-0603
  An issue in the Unmarshal function can cause a program to panic
  when attempting to deserialize invalid input.
  More info: https://pkg.go.dev/vuln/GO-2022-0603
  Found in: gopkg.in/yaml.v3@v3.0.0-20210107192922-496545a6307b
  Fixed in: gopkg.in/yaml.v3@v3.0.0-20220521103104-8f96da9f5d5e

[johanbrandhorst]

Thanks for your contribution! Note that most work today is happening on the v2 branch, maybe you want to rerun this tool on there?

[peczenyj]

on V2 I've got the same output (so, the resolution should be the same)