Skip to content

Commit

Permalink
Bump go-yaml version to cover fixed ddos heuristic
Browse files Browse the repository at this point in the history 
This PR bumbs go-yaml to v2.2.4, which has the ddos vulnerability fixed.

Issue:
go-yaml preceding 2.2.4 had vulnerability to ddos attack via billion
laughs bomb.
Such attack lead to program to be unresponsive.
Issue has been described in
https://raesene.github.io/blog/2019/10/15/From-stackoverflow-to-CVE/

Signed-off-by: Petr Kotas <petr.kotas@gmail.com>
  • Loading branch information
@petrkotas
petrkotas committed Oct 17, 2019
1 parent 61ac912 commit 628dd5a
Show file tree
Hide file tree
Showing 6 changed files with 62 additions and 5 deletions.
3 changes: 2 additions & 1 deletion go.mod
View file
Expand Up @@ -65,7 +65,7 @@ require (
google.golang.org/grpc v1.19.1
gopkg.in/cheggaaa/pb.v1 v1.0.28
gopkg.in/ini.v1 v1.42.0
gopkg.in/yaml.v2 v2.2.2
gopkg.in/yaml.v2 v2.2.4
k8s.io/api v0.0.0-20190725062911-6607c48751ae
k8s.io/apiextensions-apiserver v0.0.0-20190315093550-53c4693659ed
k8s.io/apimachinery v0.0.0-20190719140911-bfcf53abc9f8
Expand All @@ -90,3 +90,4 @@ replace (
k8s.io/client-go => k8s.io/client-go v0.0.0-20190228174230-b40b2a5939e4
kubevirt.io/client-go => ./staging/src/kubevirt.io/client-go
)

2 changes: 2 additions & 0 deletions go.sum
View file
Expand Up @@ -454,6 +454,8 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.0.0-20190222213804-5cb15d344471 h1:MzQGt8qWQCR+39kbYRd0uQqsvSidpYqJLFeWiJ9l4OE=
Expand Down
38 changes: 38 additions & 0 deletions vendor/gopkg.in/yaml.v2/decode.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion vendor/gopkg.in/yaml.v2/resolve.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions vendor/gopkg.in/yaml.v2/scannerc.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions vendor/modules.txt
View file
Expand Up @@ -181,9 +181,9 @@ github.com/modern-go/concurrent
# github.com/modern-go/reflect2 v1.0.1
github.com/modern-go/reflect2
# github.com/onsi/ginkgo v1.8.0
github.com/onsi/ginkgo/types
github.com/onsi/ginkgo
github.com/onsi/ginkgo/config
github.com/onsi/ginkgo/types
github.com/onsi/ginkgo/extensions/table
github.com/onsi/ginkgo/internal/codelocation
github.com/onsi/ginkgo/internal/failer
Expand Down Expand Up @@ -381,7 +381,7 @@ gopkg.in/inf.v0
gopkg.in/ini.v1
# gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
gopkg.in/tomb.v1
# gopkg.in/yaml.v2 v2.2.2
# gopkg.in/yaml.v2 v2.2.4
gopkg.in/yaml.v2
# k8s.io/api v0.0.0-20190725062911-6607c48751ae => k8s.io/api v0.0.0-20190222213804-5cb15d344471
k8s.io/api/core/v1
Expand All @@ -393,6 +393,7 @@ k8s.io/api/rbac/v1
k8s.io/api/authorization/v1beta1
k8s.io/api/admission/v1beta1
k8s.io/api/extensions/v1beta1
k8s.io/api/storage/v1
k8s.io/api/autoscaling/v1
k8s.io/api/admissionregistration/v1alpha1
k8s.io/api/apps/v1beta1
Expand All @@ -414,7 +415,6 @@ k8s.io/api/rbac/v1beta1
k8s.io/api/scheduling/v1alpha1
k8s.io/api/scheduling/v1beta1
k8s.io/api/settings/v1alpha1
k8s.io/api/storage/v1
k8s.io/api/storage/v1alpha1
k8s.io/api/storage/v1beta1
# k8s.io/apiextensions-apiserver v0.0.0-20190315093550-53c4693659ed => k8s.io/apiextensions-apiserver v0.0.0-20190228180357-d002e88f6236
Expand Down

0 comments on commit 628dd5a

Please sign in to comment.