Github Advisor reported a vulnerable package: gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
Here is the CVE report.
One of my application usestestify package as dependency, in the current setup my application is vulnerable, this is why I am asking from you to correct this vulnerability.
I checked the dependency usage in the following way:
go mod graph | grep "gopkg.in/[email protected]"
github.com/stretchr/[email protected] gopkg.in/[email protected]
go mod graph | grep "github.com/stretchr/[email protected]"
github.com/stretchr/[email protected] github.com/stretchr/[email protected]
go mod graph | grep "github.com/stretchr/[email protected]"
github.com/stretchr/[email protected] github.com/stretchr/[email protected]
go mod graph | grep "github.com/stretchr/[email protected]"
github.com/stretchr/[email protected] github.com/stretchr/[email protected]
go mod graph | grep "github.com/stretchr/[email protected]"
github.com/stretchr/[email protected] github.com/stretchr/[email protected]
go mod graph | grep "github.com/stretchr/[email protected]"
github.ibm.com/cloudant/rc-sync github.com/stretchr/[email protected]
github.com/stretchr/[email protected] github.com/davecgh/[email protected]
github.com/stretchr/[email protected] github.com/pmezard/[email protected]
github.com/stretchr/[email protected] github.com/stretchr/[email protected]
github.com/stretchr/[email protected] gopkg.in/[email protected]
github.ibm.com/IAM/[email protected] github.com/stretchr/[email protected]
github.ibm.com/IAM/pep/[email protected] github.com/stretchr/[email protected]
github.ibm.com/IAM/token/[email protected] github.com/stretchr/[email protected]
From the above dependency tree can be seen that the vulnerable package is pulled in through github.com/stretchr/[email protected].
I would like to ask from you to correct this package vulnerability.
Github Advisor reported a vulnerable package:
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77cHere is the CVE report.
One of my application uses
testifypackage as dependency, in the current setup my application is vulnerable, this is why I am asking from you to correct this vulnerability.I checked the dependency usage in the following way:
From the above dependency tree can be seen that the vulnerable package is pulled in through
github.com/stretchr/[email protected].I would like to ask from you to correct this package vulnerability.