Closed ronyscp closed 1 year ago
gopkg.in/yaml.v2 has vulnerability https://nvd.nist.gov/vuln/detail/CVE-2019-11254.
gopkg.in/yaml.v2
need to upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.
why not upgrading to gopkg.in/yaml.v3 ?
gopkg.in/yaml.v3
Honestly, I think a better option is to remove the tests that use yaml entirely, so we don't have a dependency on an external library just for tests.
gopkg.in/yaml.v2
has vulnerability https://nvd.nist.gov/vuln/detail/CVE-2019-11254.need to upgrade
gopkg.in/yaml.v2
to version 2.2.8 or higher.