Testify needs updating due to DOS and Null ptr dereference - plz update testify to >= 1.7.5
rohanthewiz opened this issue · 0 comments
rohanthewiz commented
Please answer these questions before submitting a bug report.
What version of OpenCensus are you using?
latest (master as of March 2022)
What version of Go are you using?
1.19.1
What did you do?
If possible, provide a recipe for reproducing the error.
Issue identified by Snyk
CWE-400
CWE-476
go.opencensus.io@v0.23.0 › github.com/stretchr/testify@v1.6.1 › gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c
What did you expect to see?
No Denial of Service, no Null pointer deference
What did you see instead?
CWE-400 and CWE-476
Additional context
testify@v1.6.1 includes yaml.v3@3.0.0. Issue is fixed in testify@1.7.5 which includes yaml.v3@3.0.1