From 3d645ac1a75462b2dbd70110557aa0afd7b4a237 Mon Sep 17 00:00:00 2001 From: Kyle Fossum Date: Sun, 19 Jun 2022 11:11:01 +0000 Subject: [PATCH 1/2] revved gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948 --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 421e5c962..9b843da9d 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( google.golang.org/grpc v1.45.0 google.golang.org/protobuf v1.28.0 gopkg.in/ini.v1 v1.66.4 - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b + gopkg.in/yaml.v3 v3.0.1 ) require ( From 6292573c7bcc8c2b732ca5ecac69e9adfb7b4ba5 Mon Sep 17 00:00:00 2001 From: Kyle Fossum Date: Tue, 28 Jun 2022 03:41:16 +0000 Subject: [PATCH 2/2] updated yaml.v3 using package manager so go.sum gets modified --- go.sum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go.sum b/go.sum index 10c214b09..a9df67ebc 100644 --- a/go.sum +++ b/go.sum @@ -997,6 +997,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=