Vulnerability of dependency "gopkg.in/yaml.v3"

[Silence-worker-02]

Hello, we are a team researching the dependency management mechanism of Golang. During our analysis, we came across your project and noticed that it contains a vulnerability (https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2952714, CVE-2022-28948). In your project, the gopkg.in/yaml.v3 package is being used at version gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c, but the patched version is v3.0.1, and the pseudo-version you used was released before v3.0.0 released, and the fixing commit(CVE-2022-28948) was released after the pseudo-version that you used. To fix the vulnerability, we recommend modifying the go.mod file to update the version to v3.0.1 or higher. Thank you for your attention to this matter.

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.