matcornic / hermes

Golang package that generates clean, responsive HTML e-mails for sending transactional mail

[security] CVE-2019-11254 - SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236

nabbar opened this issue 3 years ago · comments

Nicolas JUHEL commented 3 years ago

Hello,

Could you bump your dependancies and specialy yaml package ?
The current package is concerned by a CVE for the version included in the go.mod :

report at Snyk.io : https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOYAMLYAML-564236
report at mitre.org : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11254

Thanks in advance.