Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to v3 #1415

merged 2 commits into from Jun 19, 2022

Upgrade to v3 #1415

merged 2 commits into from Jun 19, 2022


Copy link

@jszwedko jszwedko commented Jun 18, 2022

What type of PR is this?

  • bug

What this PR does / why we need it:

Fixes vulnerability: GHSA-hp87-p4gw-j4gq

Which issue(s) this PR fixes:

Special notes for your reviewer:

yaml.v3 deserializes nested maps as map[string]interface{} now. TOML still deserializes nested maps as map[interface{}]interface{}. I considered updating MapInputSource to store a map[string]interface{} for its valueMap but this would break the API of NewMapInputSource so I went with the approach you see here of handling both map types when looking up values.


go build ./...
go test ./...

Release Notes


Fixes vulnerability: GHSA-hp87-p4gw-j4gq

YAML v3 deserializes maps as map[string]interface{} so we handle this in
MapImportSource now.

Signed-off-by: Jesse Szwedko <>
@jszwedko jszwedko requested a review from a team as a code owner June 18, 2022 18:54
mostynb previously approved these changes Jun 18, 2022
altsrc/map_input_source.go Outdated Show resolved Hide resolved
Signed-off-by: Jesse Szwedko <>
@meatballhat meatballhat merged commit b927c6a into main Jun 19, 2022
@meatballhat meatballhat deleted the upgrade-go-yaml branch June 19, 2022 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

3 participants