search

go-openapi / strfmt

openapi toolkit common string formats
Apache License 2.0
102 stars 62 forks source link

Bump dependencies to avoid yaml.v3 vulnerability #103

Closed padamstx closed 2 years ago

padamstx commented 2 years ago

This PR bumps the versions of a few dependencies to try to avoid using the yaml.v3@v3.0.0 dependency which has a CVE filed against it, in favor of the 3.0.1 version which has been fixed.

Signed-off-by: Phil Adams phil_adams@us.ibm.com

padamstx commented 2 years ago

@casualjim Could you please take a look and if all is well, please merge and create a new release of the strfmt module. This is to avoid a CVE related to the yaml.v3@v3.0.0 module. Thanks!

codecov[bot] commented 2 years ago

Codecov Report

Merging #103 (6ce5980) into master (8ad3739) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #103   +/-   ##
=======================================
  Coverage   81.52%   81.52%           
=======================================
  Files          12       12           
  Lines        2019     2019           
=======================================
  Hits         1646     1646           
  Misses        295      295           
  Partials       78       78

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8ad3739...6ce5980. Read the comment docs.