Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
client-go pins a version of gopkg.in/yaml.v2 from 2 years ago #325
The Godeps.json for client-go pins gopkg.in/yaml.v2 to version 53feefa2559fb8dfa8d81baad31be332c97d6c77 . That commit is from 2 years ago, and lacks a lot of bug fixes and new functionality (notably UnmarshalStrict, which is extremely useful for parsing configs out of ConfigMaps).
Please update this package pin to a (much) newer version.
More generally, this is a worrying consequence of using package locks without actively updating them over time. How many CVEs am I vulnerable to because client-go is forcing my code to pull in ancient libraries? Are there any plans to try and address this?
Issues go stale after 90d of inactivity.
If this issue is safe to close now please do so with
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.