Skip to content

[18.09 backport] vendor: Bump gopkg.in/yaml.v2#2118

Merged
andrewhsu merged 1 commit intodocker:18.09from
thaJeztah:18.09_backport_bump_yaml.v2_2.2.3
Oct 3, 2019
Merged

[18.09 backport] vendor: Bump gopkg.in/yaml.v2#2118
andrewhsu merged 1 commit intodocker:18.09from
thaJeztah:18.09_backport_bump_yaml.v2_2.2.3

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Oct 1, 2019
edited by kolyshkin
Loading

backport of #2117

To mitigate against malicious YAML (kubernetes/kubernetes#83253), we had implemented our own patch to the yams.v2 library. Now that there's an upstream fix, this PR brings us back to using the upstream library.

Description for the changelog

  • Mitigate against YAML files that has excessive aliasing

@chris-crone @thaJeztah
vendor: Bump gopkg.in/yaml.v2
f2e7dc5 
Signed-off-by: Christopher Crone <christopher.crone@docker.com>
(cherry picked from commit 91cf8b0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah added this to the 18.09.10 milestone Oct 1, 2019
@thaJeztah
Copy link
Member Author

thaJeztah commented Oct 1, 2019

ping @silvin-lubecki @chris-crone @vdemeester PTAL

@codecov-io
Copy link

codecov-io commented Oct 1, 2019

Codecov Report

Merging #2118 into 18.09 will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##            18.09    #2118   +/-   ##
=======================================
  Coverage   54.28%   54.28%           
=======================================
  Files         291      291           
  Lines       19459    19459           
=======================================
  Hits        10563    10563           
  Misses       8215     8215           
  Partials      681      681

chris-crone
chris-crone approved these changes Oct 1, 2019
View reviewed changes
Copy link
Member

@chris-crone chris-crone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@andrewhsu andrewhsu merged commit 0fcc210 into docker:18.09 Oct 3, 2019
kolyshkin
kolyshkin approved these changes Oct 3, 2019
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah deleted the 18.09_backport_bump_yaml.v2_2.2.3 branch October 4, 2019 08:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chris-crone chris-crone chris-crone approved these changes

+1 more reviewer

@kolyshkin kolyshkin kolyshkin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

impact/changelog status/2-code-review

Projects

None yet

Milestone

18.09.10

Development

Successfully merging this pull request may close these issues.

6 participants

@thaJeztah @codecov-io @chris-crone @kolyshkin @andrewhsu @GordonTheTurtle