Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade gopkg.in/yaml.v3 to v3.0.1 #5344

Merged
merged 1 commit into from Oct 19, 2022
Merged

Upgrade gopkg.in/yaml.v3 to v3.0.1 #5344

merged 1 commit into from Oct 19, 2022

Conversation

kaovilai
Copy link
Contributor

@kaovilai kaovilai commented Sep 14, 2022
edited

Resolve gopkg.in/yaml.v3 vulnerabilities by upgrading gopkg.in/yaml.v3 to v3.0.1

as shown from https://security.snyk.io/package/golang/gopkg.in%2Fyaml.v3

Signed-off-by: Tiger Kaovilai tkaovila@redhat.com

https://www.cve.org/CVERecord?id=CVE-2022-28948

❯ go mod why gopkg.in/yaml.v3                               
# gopkg.in/yaml.v3
github.com/vmware-tanzu/velero/pkg/test
github.com/stretchr/testify/assert
gopkg.in/yaml.v3

Thank you for contributing to Velero!

Please add a summary of your change

Does your change fix a particular issue?

Fixes #(issue)

Please indicate you've done the following:

  • Accepted the DCO. Commits without the DCO will delay acceptance.
  • Created a changelog file or added /kind changelog-not-required as a comment on this pull request.
  • Updated the corresponding documentation in site/content/docs/main.

@github-actions github-actions bot added the Dependencies Pull requests that update a dependency file label Sep 14, 2022
@kaovilai
Resolve gopkg.in/yaml.v3 vulnerabilities
876238e 
as shown from https://security.snyk.io/package/golang/gopkg.in%2Fyaml.v3

Signed-off-by: Tiger Kaovilai <tkaovila@redhat.com>
@kaovilai kaovilai changed the title Resolve gopkg.in/yaml.v3 vulnerabilities Upgrade gopkg.in/yaml.v3 to v3.0.1 Sep 14, 2022
@codecov-commenter
Copy link

codecov-commenter commented Sep 14, 2022
edited

Codecov Report

Merging #5344 (876238e) into main (100d6b4) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #5344   +/-   ##
=======================================
  Coverage   40.84%   40.84%           
=======================================
  Files         234      234           
  Lines       20260    20260           
=======================================
  Hits         8276     8276           
  Misses      11383    11383           
  Partials      601      601

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@reasonerjt reasonerjt merged commit ae3ebf7 into vmware-tanzu:main Oct 19, 2022
sshende-catalogicsoftware pushed a commit to catalogicsoftware/velero that referenced this pull request Oct 20, 2022
@reasonerjt @sshende-catalogicsoftware
Merge pull request vmware-tanzu#5344 from kaovilai/CVE-2022-28948
1ebdadc 
Upgrade gopkg.in/yaml.v3 to v3.0.1
@kaovilai kaovilai deleted the CVE-2022-28948 branch November 21, 2023 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reasonerjt reasonerjt reasonerjt approved these changes

@blackpiglet blackpiglet blackpiglet approved these changes

Assignees

@kaovilai kaovilai

Labels
Dependencies Pull requests that update a dependency file has-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kaovilai @codecov-commenter @reasonerjt @blackpiglet