Fix CVE-2019-11254 by upgrading yaml.v2.

See https://github.com/icedream/icecon/security/dependabot/1.
2022-04-09 16:41:36 +02:00 · 2022-04-09 16:41:36 +02:00 · e327325b27
parent ec97251317
commit e327325b27
3 changed files with 4 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Binaries are now compiled statically and using Go 1.18.
 - Reuse server address as typed in by the user in connect dialog instead of using resolved IP address. (Windows UI)
 - Update copyright text.
 - Update several dependencies, including yaml.v2 to fix potential looping resource hog (https://github.com/icedream/icecon/security/dependabot/1).
 ## [1.0.0] - 2016-05-07
 ### Added
--- a/go.mod
+++ b/go.mod
@ -11,4 +11,5 @@ require (
 	golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f // indirect
 	gopkg.in/Knetic/govaluate.v3 v3.0.0 // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -38,3 +38,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=