Bump version of stretchr/testify? #1419

amaciejk · 2024-02-13T10:15:32Z

It looks like the go.mod/sum for sirupsen/logrus hasn't been updated in a while. This is causing a security hit for https://nvd.nist.gov/vuln/detail/CVE-2022-28948 in yaml.v3 via the following dep tree:

github.com/sirupsen/logrus
github.com/sirupsen/logrus.test
github.com/stretchr/testify/assert
gopkg.in/yaml.v3

You are currently using v1.7.0 of testify/assert:
https://github.com/sirupsen/logrus/blob/master/go.mod#L5

But there are more recent versions which will fix the yaml vul (looks like v1.7.2 or higher):
https://github.com/stretchr/testify/releases

The text was updated successfully, but these errors were encountered:

dolmen · 2024-03-12T17:19:04Z

Would be fixed by #1344.

github-actions · 2024-04-12T01:45:12Z

This issue is stale because it has been open for 30 days with no activity.

github-actions · 2024-04-26T01:45:35Z

This issue was closed because it has been inactive for 14 days since being marked as stale.

amaciejk changed the title ~~Bump version of strechr/testify?~~ Bump version of stretchr/testify? Feb 13, 2024

amaciejk mentioned this issue Feb 13, 2024

Sec vul CVE-2022-28948 from sirupsen/logrus > stretchr/testify > yaml.v3 minio/minio-go#1932

Closed

github-actions bot added the stale label Apr 12, 2024

github-actions bot closed this as completed Apr 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump version of stretchr/testify? #1419

Bump version of stretchr/testify? #1419

amaciejk commented Feb 13, 2024 •

edited

dolmen commented Mar 12, 2024

github-actions bot commented Apr 12, 2024

github-actions bot commented Apr 26, 2024

Bump version of stretchr/testify? #1419

Bump version of stretchr/testify? #1419

Comments

amaciejk commented Feb 13, 2024 • edited

dolmen commented Mar 12, 2024

github-actions bot commented Apr 12, 2024

github-actions bot commented Apr 26, 2024

amaciejk commented Feb 13, 2024 •

edited