Vulnerabilities of dependency "gopkg.in/yaml.v2"

[datablitz7]

The below vulnerabilities are found in the gopkg.in/yaml.v2 dependency:

CVE-2022-3064- Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. CVE-2021-4235 - Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE-2022-29526 - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Reporting in syscall. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Looks like the version that patches all three is 2.2.4