Skip to content

Fix dependabot alert for indirect test dependency

Latest
Latest
Compare
Choose a tag to compare
@barweiss barweiss released this 01 Sep 07:54
v1.1.2
936f0d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Fix dependabot alert for the gopkg.in/yaml.v3 dependency, a transitive dependency of the github.com/stretchr/testify package.
The package is used only for assertions in test files. Requiring the go-tuple package does not transitively require github.com/stretchr/testify nor gopkg.in/yaml.v3 at all, and specifically not it's vulnerable version.

What's Changed

  • Upgrade stretchr/testify dependency to fix security issue in yaml.v3 by @barweiss in #23

Full Changelog: v1.1.1...v1.1.2

Contributors

barweiss
Assets 2
Loading