client_golang icon indicating copy to clipboard operation
client_golang copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Yaml V2 Vulnerability

Open reachlakstar opened this issue 3 years ago • 2 comments

FORTIFY is throwing Yaml V2 vulnerabilities, could you please migrate to new versions

reachlakstar avatar Aug 10 '22 16:08 reachlakstar

https://github.com/prometheus/common is using lower version

reachlakstar avatar Aug 10 '22 16:08 reachlakstar

Could you please point give references to vulnerabilities? We can check if the yaml v2 has the security patches we've missed.

Please keep in mind that, certain security scanners raise blanket issues as soon as they see a dependency. We need to check if we're affected.

kakkoyun avatar Aug 24 '22 05:08 kakkoyun

Hello 👋 Looks like there was no activity on this issue for the last 3 months. Do you mind updating us on the status? Is this still reproducible or needed? If yes, just comment on this PR or push a commit. Thanks! 🤗 If there will be no activity in the next 4 weeks, this issue will be closed (we can always reopen an issue if we need!).

stale[bot] avatar Apr 02 '23 13:04 stale[bot]

Closing for now as promised, let us know if you need this to be reopened! 🤗

stale[bot] avatar Sep 17 '23 06:09 stale[bot]