Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update spf13/viper to v1.8.0 or later to avoid a high severity vulnerability #423

Closed
yamada-wacul opened this issue Nov 29, 2021 · 1 comment · Fixed by #427
Closed

Update spf13/viper to v1.8.0 or later to avoid a high severity vulnerability #423

yamada-wacul opened this issue Nov 29, 2021 · 1 comment · Fixed by #427

Comments

@yamada-wacul
Copy link

There's a high severity vulnerability!

mockery depends on spf13/viper@v1.7.0.
ref: https://github.com/vektra/mockery/blob/master/go.mod#L10

spf13/viper@v1.7.0 depends on jwt-go@v3.2.0.
ref: https://github.com/spf13/viper/blob/v1.7.0/go.mod#L10

jwt-go <= v3.2.0 has high severity vulnerability.
ref: GHSA-w73w-5m7g-f7qc

Please update spf13/viper to v1.8.0 or later (it does NOT depends on jwt-go) to avoid it.
ref: https://github.com/spf13/viper/blob/v1.8.0/go.mod
@yamada-wacul
Copy link
Author

@LandonTClipp How about this one?

LandonTClipp added a commit that referenced this issue Jan 25, 2022
@LandonTClipp
Upgrade all dependencies
21d2728 
This fixes #425, #416, #423
@LandonTClipp LandonTClipp mentioned this issue Jan 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade all dependencies vektra/mockery
1 participant
@yamada-wacul