Uploaded image for project: 'Apache Arrow'
  1. Apache Arrow
  2. ARROW-16759

[Go] Update testify to fix securiy vulnerability

    XMLWordPrintableJSON

Details

    • Patch

    Description

      The packges under github.com/apache/arrow/go currently have a dependency on github.com/stretchr/testify v1.7.0 which has a dependency on gopkg.in/yaml.v3 that has an outstanding security vulnerability. (CVE-2022-28948)

      While testify is only used during tests, this is not distinguished by the go toolchain and other tools like Snyk which scan the dependency chain for vulnerabilities. Unfortunately, due to Go's Minimal version selection this ends up requiring us to visit our dependencies to ensure this security vulnerability is addressed.

      Attachments

        Activity

          People

            dominicbarnes Dominic Barnes
            dominicbarnes Dominic Barnes
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 4.5h
                4.5h