search

claudiodangelis / qrcp

:zap: Transfer files over wifi from your computer to your mobile device by scanning a QR code without leaving the terminal.
https://qrcp.sh
MIT License
9.89k stars 524 forks source link

fix(sec): upgrade gopkg.in/yaml.v2 to 2.2.8 #285

Closed chncaption closed 8 months ago

chncaption commented 1 year ago

What happened?

There are 1 security vulnerabilities found in gopkg.in/yaml.v2 v2.2.2

What did I do?

Upgrade gopkg.in/yaml.v2 from v2.2.2 to 2.2.8 for vulnerability fix

What did you expect to happen?

Ideally, no insecure libs should be used.

How can we automate the detection of these types of issues?

By using the GitHub Actions configurations provided by murphysec, we can conduct automatic code security checks in our CI pipeline.

The specification of the pull request

PR Specification from OSCS

claudiodangelis commented 8 months ago

Hello, thanks for taking the time to report. I think this PR is superseded by #271 (which is taken care of by @dependabot).