Skip to content

Fix dependabot alert for indirect test dependency

Latest
Compare
Choose a tag to compare
@barweiss barweiss released this 01 Sep 07:54
936f0d4

Fix dependabot alert for the gopkg.in/yaml.v3 dependency, a transitive dependency of the github.com/stretchr/testify package.
The package is used only for assertions in test files. Requiring the go-tuple package does not transitively require github.com/stretchr/testify nor gopkg.in/yaml.v3 at all, and specifically not it's vulnerable version.

What's Changed

  • Upgrade stretchr/testify dependency to fix security issue in yaml.v3 by @barweiss in #23

Full Changelog: v1.1.1...v1.1.2