Bump version of stretchr/testify? #1419
Labels
Comments
amaciejk
changed the title
|
Would be fixed by #1344. |
|
This issue is stale because it has been open for 30 days with no activity. |
|
This issue was closed because it has been inactive for 14 days since being marked as stale. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:
You are currently using v1.7.0 of testify/assert:
https://github.com/sirupsen/logrus/blob/master/go.mod#L5
But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher):
https://github.com/stretchr/testify/releases
The text was updated successfully, but these errors were encountered: