testify icon indicating copy to clipboard operation
testify copied to clipboard
verified publisher icon stretchr

Please migrate to new Yaml Version V3

Open reachlakstar opened this issue 3 years ago • 1 comments

FORTIFY is throwing vulnerability with Yaml V2, can you please migrate to V3

reachlakstar avatar Aug 02 '22 18:08 reachlakstar

v1.8.0 does not use Yaml V2:

% go mod why -m "gopkg.in/yaml.v2"
# gopkg.in/yaml.v2
(main module does not need module gopkg.in/yaml.v2)

And nancy is happy:

% go list -json -deps | nancy sleuth
Checking for updates...
Already up-to-date.
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Summary                     ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━┫
┃ Audited Dependencies    ┃ 4 ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━┫
┃ Vulnerable Dependencies ┃ 0 ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━┛

What version of testify are you using?

brackendawson avatar Aug 04 '22 10:08 brackendawson