You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would kindly like to ask whether you could upgrade your dependency to module gopkg.in/yaml.v2 from v2.2.1 to v2.2.8?
There were improvements to the performance in specific cases, fixed by go-yaml/yaml#555, and versions of yaml.v2 without that fix even have a CVE entry, although the description there is a little bit confusing, as it is mainly talking about the K8S API server...
Still, updating from v2.2.1 to v2.2.8 should neither introduce compatibility issues nor other problems. I also did the update locally, and the test suite ran fine. I can also provide a PR that updates the go.mod file and contents of the vendor dir if you want.
Thanks!
The text was updated successfully, but these errors were encountered:
Hi,
I would kindly like to ask whether you could upgrade your dependency to module gopkg.in/yaml.v2 from v2.2.1 to v2.2.8?
There were improvements to the performance in specific cases, fixed by go-yaml/yaml#555, and versions of yaml.v2 without that fix even have a CVE entry, although the description there is a little bit confusing, as it is mainly talking about the K8S API server...
Still, updating from v2.2.1 to v2.2.8 should neither introduce compatibility issues nor other problems. I also did the update locally, and the test suite ran fine. I can also provide a PR that updates the
go.mod
file and contents of thevendor
dir if you want.Thanks!
The text was updated successfully, but these errors were encountered: