Security update - YAML parsing library (CVE-2019-11253)

Security update needed in YAML parsing library

## Expected Behaviour



There was a vulnerability found in the YAML library used in Docker / K8s and OpenFaaS, we should update the CLI 

https://github.com/docker/cli/pull/2117

https://github.com/kubernetes/kubernetes/issues/83253

## Current Behaviour



Excessive resources can be consumed on the client or server if a particular nested/referential payload is used.

## Possible Solution



Update vendored version of gopkg.in/yaml.v2 to v2.2.3 

## Affected areas

- [x] OpenFaaS CLI https://github.com/openfaas/faas
- [x] OpenFaaS Cloud bootstrap https://github.com/openfaas-incubator/ofc-bootstrap
- [x] OpenFaaS Cloud deployment pipeline https://github.com/openfaas/openfaas-cloud/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security update - YAML parsing library (CVE-2019-11253) #1346

Expected Behaviour

Current Behaviour

Possible Solution

Affected areas

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Security update - YAML parsing library (CVE-2019-11253) #1346

Description

Expected Behaviour

Current Behaviour

Possible Solution

Affected areas

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions