it uses `go.yaml.in/yaml/v2 v2.4.3`: https://github.com/prometheus/common/blob/934ff3789ee17026206fe4f7e5f59c0a09fbe511/go.mod#L15 According to https://github.com/advisories/GHSA-hp87-p4gw-j4gq the bug is fixed in >=3.0.1
it uses
go.yaml.in/yaml/v2 v2.4.3:common/go.mod
Line 15 in 934ff37
According to GHSA-hp87-p4gw-j4gq the bug is fixed in >=3.0.1