This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/master by this push:
new 6af8b47223 ARROW-16759: [Go] update testify to get security patch for
gopkg.in/yaml.v3 (v7)
6af8b47223 is described below
commit 6af8b472237203b0371b347e6efd3a383d36ffca
Author: Dominic Barnes <[email protected]>
AuthorDate: Fri Jun 10 10:16:14 2022 -0400
ARROW-16759: [Go] update testify to get security patch for gopkg.in/yaml.v3
(v7)
This PR updates the github.com/stretchr/testify dependency to get a
security patch for gopkg.in/yaml.v3 which has a DoS exploit. See
https://github.com/stretchr/testify/pull/1192 for more details.
I'm unsure how this project handles security patches for appears to be
older versions. I'm here because I have dependencies that rely on v7, so that's
what is bringing me here to make this very particular change. It looks like
v6.0.0 and v6.0.1 tags exist, so I expect merging this here and tagging v7.0.1
would be the path forward. If not, let me know what would be preferred.
The linked Jira issue also calls out v8.0.0 as having the same
vulnerability, but that would need to be addressed in it's own PR.
Closes #13322 from dominicbarnes/go-security-patch-testify
Authored-by: Dominic Barnes <[email protected]>
Signed-off-by: Matthew Topol <[email protected]>
---
go/go.mod | 2 +-
go/go.sum | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/go/go.mod b/go/go.mod
index e49dbb350a..65e54cd679 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -32,7 +32,7 @@ require (
github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8
github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3
github.com/pierrec/lz4/v4 v4.1.12
- github.com/stretchr/testify v1.7.0
+ github.com/stretchr/testify v1.7.2
github.com/zeebo/xxh3 v1.0.1
golang.org/x/exp v0.0.0-20211216164055-b2b84827b756
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
diff --git a/go/go.sum b/go/go.sum
index 06bd776d92..d883c7c122 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -317,8 +317,9 @@ github.com/stretchr/testify v1.2.2/go.mod
h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
github.com/stretchr/testify v1.3.0/go.mod
h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod
h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1/go.mod
h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0
h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2
h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+github.com/stretchr/testify v1.7.2/go.mod
h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod
h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/urfave/cli v1.20.0/go.mod
h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod
h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
@@ -564,8 +565,9 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod
h1:JAlM8MvJe8wmxCU4Bl
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
