Skip to content
This repository has been archived by the owner on Jul 31, 2023. It is now read-only.

Testify needs updating due to DOS and Null ptr dereference - plz update testify to >= 1.7.5 #1282

Closed
rohanthewiz opened this issue Oct 25, 2022 · 0 comments · Fixed by #1284
Closed

Testify needs updating due to DOS and Null ptr dereference - plz update testify to >= 1.7.5 #1282

rohanthewiz opened this issue Oct 25, 2022 · 0 comments · Fixed by #1284
Labels
bug

Comments

@rohanthewiz
Copy link

rohanthewiz commented Oct 25, 2022
edited
Loading

Please answer these questions before submitting a bug report.

What version of OpenCensus are you using?

latest (master as of March 2022)

What version of Go are you using?

1.19.1

What did you do?

If possible, provide a recipe for reproducing the error.
Issue identified by Snyk
CWE-400
CWE-476

go.opencensus.io@v0.23.0 › github.com/stretchr/testify@v1.6.1 › gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c

What did you expect to see?

No Denial of Service, no Null pointer deference

What did you see instead?

CWE-400 and CWE-476

Additional context

testify@v1.6.1 includes yaml.v3@3.0.0. Issue is fixed in testify@1.7.5 which includes yaml.v3@3.0.1
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix CI, and update testify dashpole/opencensus-go
1 participant
@rohanthewiz