Closed shauncampbell closed 1 year ago
This PR updates sretchr/testify to the latest version. The main reason for this is because of a vulnerability in gopkg.in/yaml.v3 which was fixed v3.0.1.
go/pkg/mod/github.com/go-task/slim-sprig@v0.0.0-20230315185526-52ccab3ef572/go.mod (gomod) ========================================================================================== Total: 1 (HIGH: 1, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬───────────────────────────────────┬───────────────────────────────────┬─────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼─────────────────────────────────────────────────────────┤ │ gopkg.in/yaml.v3 │ CVE-2022-28948 │ HIGH │ 3.0.0-2020031[310](https://github.com/zuvaai/aitk-mlc/actions/runs/4535412124/jobs/7990827947?pr=78#step:11:317)2051-9f266ea9e77c │ 3.0.0-20220521103104-8f96da9f5d5e │ golang-gopkg-yaml: crash when attempting to deserialize │ │ │ │ │ │ │ invalid input │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-28948 │ └──────────────────┴────────────────┴──────────┴───────────────────────────────────┴───────────────────────────────────┴─────────────────────────────────────────────────────────┘
Hi @shauncampbell,
Sorry for taking so long to review. I just pushed a commit to upgrade to an ever newer version.
Cheers
This PR updates sretchr/testify to the latest version. The main reason for this is because of a vulnerability in gopkg.in/yaml.v3 which was fixed v3.0.1.