I am working at Manomano and we use gemnasium analyser to report securities issues.
We use zap logger and goleak is a dependency of zap.logger.
This little pr purpose you to update your yaml dependency to a fixed version.
Detail report:
| Severity | Unknown |
| Identifier | |
| URL | docker/cli#2117 |
| Scanner | Gemnasium |
| Message | XML Entity Expansion in gopkg.in/yaml.v2 |
| Package | gopkg.in/yaml.v2 v2.2.1 |
| Solution | Upgrade to version 2.2.3 or above. |
| File | go.sum |
prashantv
commented
3 years ago
Hello,
I am working at Manomano and we use gemnasium analyser to report securities issues.
We use zap logger and goleak is a dependency of zap.logger. This little pr purpose you to update your yaml dependency to a fixed version. Detail report: | Severity | Unknown | | Identifier | | | URL | docker/cli#2117 | | Scanner | Gemnasium | | Message | XML Entity Expansion in gopkg.in/yaml.v2 | | Package | gopkg.in/yaml.v2 v2.2.1 | | Solution | Upgrade to version 2.2.3 or above. | | File | go.sum |
PR link: https://github.com/uber-go/goleak/pull/59