dominicbarnes opened a new pull request, #13322: URL: https://github.com/apache/arrow/pull/13322
This PR updates the github.com/stretchr/testify dependency to get a security patch for gopkg.in/yaml.v3 which has a DoS exploit. See https://github.com/stretchr/testify/pull/1192 for more details. I'm unsure how this project handles security patches for appears to be older versions. I'm here because I have dependencies that rely on v7, so that's what is bringing me here to make this very particular change. It looks like v6.0.0 and v6.0.1 tags exist, so I expect merging this here and tagging v7.0.1 would be the path forward. If not, let me know what would be preferred. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
