Snyk reporting vulnerability due to unknown license

vmware-labs / yaml-jsonpath

JSONPath implementation for the gopkg.in/yaml.v3 node API

Other

49 stars 12 forks source link

Snyk reporting vulnerability due to unknown license #53

Closed joerowe closed 10 months ago

joerowe commented 1 year ago

Describe the bug

Snyk reports:

High severity issue found in github.com/vmware-labs/yaml-jsonpath/pkg/yamlpath
  Description: Unknown license
  Info: https://snyk.io/vuln/snyk:lic:golang:github.com:vmware-labs:yaml-jsonpath:Unknown

Link to Snyk page

Reproduction steps

Add yaml-jsonpath as a dependency
Scan with Snyk

Expected behavior

A green tick!

Additional context

No response

joerowe commented 1 year ago

(FYI this may be completely nothing to do with you all, I wanted to flag so you are aware that Snyk is raising this false positive, rather than expect you ought to do something to fix it !)

joerowe commented 1 year ago

Snyk have confirmed this is a bug on their side, I'll close this issue and hopefully it gets fixed before anyone else gets exposed to it !

(feel free to reopen if you'd rather keep this ticket live until Snyk confirm the bug is fixed !)