Use upstream yaml.v2 #145
Use upstream yaml.v2 #145
Conversation
Codecov Report
@@ Coverage Diff @@
## master #145 +/- ##
=========================================
Coverage ? 64.51%
=========================================
Files ? 90
Lines ? 10938
Branches ? 0
=========================================
Hits ? 7057
Misses ? 3576
Partials ? 305
Continue to review full report at Codecov.
|
3b51ae5 to
4d9974d
Compare
|
@silvin-lubecki I've updated the vendoring to use the latest docker/cli |
|
|
||
| [[override]] | ||
| name = "gopkg.in/yaml.v2" | ||
| source = "https://github.com/simonferquel/yaml" |
There was a problem hiding this comment.
FWIW @simonferquel don't remove your branch, otherwise older release may no longer be able to check vendoring (if you want to get rid of the branch, you could tag it so that it's preserved)
Gopkg.toml
Outdated
| [[override]] | ||
| name = "github.com/docker/cli" | ||
| branch = "19.03" | ||
| revision = "d83cd90464377d4164c8f70248d064b979e5ca98" |
There was a problem hiding this comment.
I'll open a backport to current branches; if that's merged soon, we don't have to make this change
|
@chris-crone upstream is merged into 19.03 so you can switch back to that branch; docker/cli#2119 |
4d9974d to
c0198a9
Compare
|
Moved vendoring back to 19.03. |
To mitigate against malicious YAML (as described here: kubernetes/kubernetes#83253) we used a patched version of yaml.v2. There is now a fix upstream so we can leverage that. Signed-off-by: Christopher Crone <christopher.crone@docker.com>
c0198a9 to
fc232fa
Compare
To mitigate against malicious YAML (kubernetes/kubernetes#83253), we had implemented our own patch to the yams.v2 library. Now that there's an upstream fix, this PR brings us back to using the upstream library.
EDIT:
Note that this is implemented via the CLI so a PR has been opened there to implement the change. Once the CLI PR has been merged, this one will be updated to no longer use my CLI branch.This is now ready