Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump version of stretchr/testify? #1419

Closed
amaciejk opened this issue Feb 13, 2024 · 3 comments
Closed

Bump version of stretchr/testify? #1419

amaciejk opened this issue Feb 13, 2024 · 3 comments
Labels

Comments

@amaciejk
Copy link

amaciejk commented Feb 13, 2024

It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:

github.com/sirupsen/logrus
github.com/sirupsen/logrus.test
github.com/stretchr/testify/assert
gopkg.in/yaml.v3

You are currently using v1.7.0 of testify/assert:
https://github.com/sirupsen/logrus/blob/master/go.mod#L5

But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher):
https://github.com/stretchr/testify/releases

@amaciejk amaciejk changed the title Bump version of strechr/testify? Bump version of stretchr/testify? Feb 13, 2024
@dolmen
Copy link
Contributor

dolmen commented Mar 12, 2024

Would be fixed by #1344.

Copy link

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Apr 12, 2024
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants