Closed SalDaniele closed 1 year ago
There is a known vulnerability in version of gopkg.in/yaml.v2 prior to v2.2.4 [1]. Currently this vulnerability is indirectly referenced as follows:
Gomega requires github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 requires github.com/stretchr/testify v1.5.1
github.com/stretchr/testify v1.5.1 requires gopkg.in/yaml.v2 v2.2.2
This commit bumps slim-sprig to the most recent commit, in which github.com/stretchr/testify v1.6.1 is used and does not include the vulnerability
[1] https://pkg.go.dev/vuln/GO-2022-0956
Thank you @SalDaniele
There is a known vulnerability in version of gopkg.in/yaml.v2 prior to v2.2.4 [1]. Currently this vulnerability is indirectly referenced as follows:
Gomega requires github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 requires github.com/stretchr/testify v1.5.1
github.com/stretchr/testify v1.5.1 requires gopkg.in/yaml.v2 v2.2.2
This commit bumps slim-sprig to the most recent commit, in which github.com/stretchr/testify v1.6.1 is used and does not include the vulnerability
[1] https://pkg.go.dev/vuln/GO-2022-0956