Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade gopkg.in/yaml to v3 #1415

Merged
merged 2 commits into from Jun 19, 2022
Merged

Upgrade gopkg.in/yaml to v3 #1415

merged 2 commits into from Jun 19, 2022

Conversation

jszwedko
Copy link
Contributor

@jszwedko jszwedko commented Jun 18, 2022

What type of PR is this?

  • bug

What this PR does / why we need it:

Fixes vulnerability: GHSA-hp87-p4gw-j4gq

Which issue(s) this PR fixes:

Special notes for your reviewer:

yaml.v3 deserializes nested maps as map[string]interface{} now. TOML still deserializes nested maps as map[interface{}]interface{}. I considered updating MapInputSource to store a map[string]interface{} for its valueMap but this would break the API of NewMapInputSource so I went with the approach you see here of handling both map types when looking up values.

Testing

go build ./...
go test ./...

Release Notes

NONE

Fixes vulnerability: GHSA-hp87-p4gw-j4gq

YAML v3 deserializes maps as map[string]interface{} so we handle this in
MapImportSource now.

Signed-off-by: Jesse Szwedko <jesse@szwedko.me>
@jszwedko jszwedko requested a review from a team as a code owner Jun 18, 2022
mostynb
mostynb previously approved these changes Jun 18, 2022
altsrc/map_input_source.go Outdated Show resolved Hide resolved
Signed-off-by: Jesse Szwedko <jesse@szwedko.me>
@meatballhat meatballhat merged commit b927c6a into main Jun 19, 2022
13 checks passed
@meatballhat meatballhat deleted the upgrade-go-yaml branch Jun 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants