From d7660d82a02eff481eaae22faa1233f78627f8ea Mon Sep 17 00:00:00 2001
From: Peng Tao <bergwolf@hyper.sh>
Date: Tue, 10 Oct 2023 03:46:21 +0000
Subject: [PATCH] runtime: unify gopkg.in/yaml.v3 to v3.0.1

The older versions have Denial of Service issues.

Signed-off-by: Peng Tao <bergwolf@hyper.sh>
---
 src/runtime/go.mod             | 1 +
 src/runtime/go.sum             | 5 -----
 src/runtime/vendor/modules.txt | 3 ++-
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/runtime/go.mod b/src/runtime/go.mod
index b762ff0cc5..baea7c3e4f 100644
--- a/src/runtime/go.mod
+++ b/src/runtime/go.mod
@@ -123,4 +123,5 @@ replace (
 	golang.org/x/text => golang.org/x/text v0.7.0
 	google.golang.org/genproto => google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8
 	google.golang.org/grpc => google.golang.org/grpc v1.47.0
+	gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
 )
diff --git a/src/runtime/go.sum b/src/runtime/go.sum
index cd78843aaa..064e69f2cc 100644
--- a/src/runtime/go.sum
+++ b/src/runtime/go.sum
@@ -2084,11 +2084,6 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
diff --git a/src/runtime/vendor/modules.txt b/src/runtime/vendor/modules.txt
index 46d62af7d8..f76b652b24 100644
--- a/src/runtime/vendor/modules.txt
+++ b/src/runtime/vendor/modules.txt
@@ -556,7 +556,7 @@ gopkg.in/inf.v0
 # gopkg.in/yaml.v2 v2.4.0
 ## explicit; go 1.15
 gopkg.in/yaml.v2
-# gopkg.in/yaml.v3 v3.0.1
+# gopkg.in/yaml.v3 v3.0.1 => gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
 # k8s.io/apimachinery v0.22.5
@@ -576,3 +576,4 @@ sigs.k8s.io/yaml
 # golang.org/x/text => golang.org/x/text v0.7.0
 # google.golang.org/genproto => google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8
 # google.golang.org/grpc => google.golang.org/grpc v1.47.0
+# gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1