Closed amaciejk closed 2 months ago
It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:
github.com/sirupsen/logrus github.com/sirupsen/logrus.test github.com/stretchr/testify/assert gopkg.in/yaml.v3
You are currently using v1.7.0 of testify/assert: https://github.com/sirupsen/logrus/blob/master/go.mod#L5
But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher): https://github.com/stretchr/testify/releases
Would be fixed by #1344.
This issue is stale because it has been open for 30 days with no activity.
This issue was closed because it has been inactive for 14 days since being marked as stale.
It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:
You are currently using v1.7.0 of testify/assert: https://github.com/sirupsen/logrus/blob/master/go.mod#L5
But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher): https://github.com/stretchr/testify/releases