Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-5643

[security] upgrade gopkg.in/yaml.v3 to version >= 3.0.0

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Done
    • Priority: (None)
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Sprint:
      MEN Sprint 165
    • Story Points:
      3
    • Backlog:
      yes
    • Days in progress:
      6

      Description

      Many of our repositories are vendoring gopkg.in/yaml.v3, therefore are affected by CVE-2022-28948. We need to upgrade to a more recent version (≥ 3.0.0).

      List of affected repositories (according to dependabot):

      • deployments
      • mender
      • mendertesting
      • deviceauth
      • inventory
      • mender-artifact
      • go-lib-micro
      • useradm
      • mender-stress-test-client
      • integration-test-runner

        Attachments

          Activity

            People

            Assignee:
            MaciejTe Maciej Tomczuk
            Reporter:
            tranchitella Fabio Tranchitella
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support