Upgrade gopkg.in/yaml to v3

Fixes vulnerability: https://github.com/advisories/GHSA-hp87-p4gw-j4gq YAML v3 deserializes maps as map[string]interface{} so we handle this in MapImportSource now. Signed-off-by: Jesse Szwedko <jesse@szwedko.me>
2022-06-18 11:02:36 -07:00
parent e576ba4022
commit ee0756044c
5 changed files with 16 additions and 8 deletions
--- a/altsrc/map_input_source.go
+++ b/altsrc/map_input_source.go
@@ -32,11 +32,19 @@ func nestedVal(name string, tree map[interface{}]interface{}) (interface{}, bool
 			if !ok {
 				return nil, false
 			}
-			ctype, ok := child.(map[interface{}]interface{})
-			if !ok {
+
+			switch child := child.(type) {
+			case map[string]interface{}:
+				m := make(map[interface{}]interface{}, len(child))
+				for k, v := range child {
+					m[k] = v
+				}
+				node = m
+			case map[interface{}]interface{}:
+				node = child
+			default:
 				return nil, false
 			}
-			node = ctype
 		}
 		if val, ok := node[sections[len(sections)-1]]; ok {
 			return val, true
--- a/altsrc/yaml_file_loader.go
+++ b/altsrc/yaml_file_loader.go
@@ -11,7 +11,7 @@ import (

 	"github.com/urfave/cli/v2"

-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"
 )

 type yamlSourceContext struct {