fix(deps): update module github.com/spf13/viper to v1.15.0

This change bumps spf13/viper to address reported vulnerabilities in yaml.v2 ``` ~> govulncheck -test ./... Scanning your code and 210 packages across 21 dependent modules for known vulnerabilities... Vulnerability #1: GO-2022-0956 Excessive resource consumption in gopkg.in/yaml.v2 More info: https://pkg.go.dev/vuln/GO-2022-0956 Module: gopkg.in/yaml.v2 Found in: gopkg.in/[email protected] Fixed in: gopkg.in/[email protected] Example traces found: #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal Vulnerability exercism#2: GO-2021-0061 Denial of service in gopkg.in/yaml.v2 More info: https://pkg.go.dev/vuln/GO-2021-0061 Module: gopkg.in/yaml.v2 Found in: gopkg.in/[email protected] Fixed in: gopkg.in/[email protected] Example traces found: #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal Vulnerability exercism#3: GO-2020-0036 Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2 More info: https://pkg.go.dev/vuln/GO-2020-0036 Module: gopkg.in/yaml.v2 Found in: gopkg.in/[email protected] Fixed in: gopkg.in/[email protected] Example traces found: #1: cmd/submit.go:129:23: cmd.getExerciseSolutionFiles calls viper.Viper.ReadInConfig, which eventually calls yaml.Unmarshal ```
nywilken · Sep 22, 2023 · 702bb70 · 702bb70
1 parent 5f027e5
commit 702bb70
Show file tree

Hide file tree

Showing 2 changed files with 491 additions and 52 deletions.
diff --git a/go.mod b/go.mod
@@ -6,27 +6,28 @@ require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
 	github.com/spf13/cobra v0.0.0-20170731170427-b26b538f6930
-	github.com/spf13/pflag v1.0.0
-	github.com/spf13/viper v0.0.0-20180507071007-15738813a09d
-	github.com/stretchr/testify v1.1.4
-	golang.org/x/net v0.0.0-20170726083632-f5079bd7f6f7
-	golang.org/x/text v0.0.0-20170730040918-3bd178b88a81
+	github.com/spf13/pflag v1.0.5
+	github.com/spf13/viper v1.15.0
+	github.com/stretchr/testify v1.8.1
+	golang.org/x/net v0.4.0
+	golang.org/x/text v0.5.0
 )
 
 require (
-	github.com/davecgh/go-spew v1.1.0 // indirect
-	github.com/fsnotify/fsnotify v1.4.2 // indirect
-	github.com/hashicorp/hcl v0.0.0-20170509225359-392dba7d905e // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/magiconair/properties v1.7.3 // indirect
-	github.com/mitchellh/mapstructure v0.0.0-20170523030023-d0303fe80992 // indirect
-	github.com/pelletier/go-buffruneio v0.2.0 // indirect
-	github.com/pelletier/go-toml v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spf13/afero v0.0.0-20170217164146-9be650865eab // indirect
-	github.com/spf13/cast v1.1.0 // indirect
-	github.com/spf13/jwalterweatherman v0.0.0-20170523133247-0efa5202c046 // indirect
-	golang.org/x/sys v0.0.0-20201202213521-69691e467435 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	golang.org/x/sys v0.3.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-	gopkg.in/yaml.v2 v2.0.0-20170721122051-25c4ec802a7d // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )