logrus icon indicating copy to clipboard operation
logrus copied to clipboard
verified publisher icon sirupsen

Bump version of stretchr/testify?

Open amaciejk opened this issue 2 years ago • 0 comments

It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:

github.com/sirupsen/logrus
github.com/sirupsen/logrus.test
github.com/stretchr/testify/assert
gopkg.in/yaml.v3

You are currently using v1.7.0 of testify/assert: https://github.com/sirupsen/logrus/blob/master/go.mod#L5

But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher): https://github.com/stretchr/testify/releases

amaciejk avatar Feb 13 '24 10:02 amaciejk