gopkg.in/yaml.v2 vulnerability CVE-2019-11254

natefinch / lumberjack

lumberjack is a log rolling package for Go

MIT License

4.81k stars 593 forks source link

Closed ronyscp closed 1 year ago

ronyscp commented 2 years ago

need to upgrade gopkg.in/yaml.v2 to version 2.2.8 or higher.

fahedouch commented 2 years ago

why not upgrading to gopkg.in/yaml.v3 ?

natefinch commented 2 years ago

Honestly, I think a better option is to remove the tests that use yaml entirely, so we don't have a dependency on an external library just for tests.