go.mod: update gopkg.in/yaml.v3

Upgrade to non-vulerable version.

Also update tests because the behavior of yaml has slightly changed with
how whitespace is handled.

Change-Id: Ie6088046da9cd79ee6ad6e5aefb03fdc65cd707b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/499655
Auto-Submit: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>

go.mod

@@ -29,7 +29,7 @@ require (
 	golang.org/x/tools v0.9.1
 	google.golang.org/api v0.70.0
 	google.golang.org/grpc v1.44.0
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
+	gopkg.in/yaml.v3 v3.0.1
 	honnef.co/go/tools v0.2.2
 	mvdan.cc/unparam v0.0.0-20220926085101-66de63301820
 )

go.sum

@@ -767,8 +767,9 @@ gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

internal/report/testdata/report.yaml

@@ -1,21 +1,21 @@
 id: report
 modules:
-  - module: github.com/gin-gonic/gin
-    versions:
-      - fixed: 1.6.0
-    packages:
-      - package: github.com/gin-gonic/gin
-        symbols:
-          - defaultLogFormatter
+    - module: github.com/gin-gonic/gin
+      versions:
+        - fixed: 1.6.0
+      packages:
+        - package: github.com/gin-gonic/gin
+          symbols:
+            - defaultLogFormatter
 description: |
     The default Formatter for the Logger middleware (LoggerConfig.Formatter),
     which is included in the Default engine, allows attackers to inject arbitrary
     log entries by manipulating the request path.
 credits:
-  - '@thinkerou <thinkerou@gmail.com>'
+    - '@thinkerou <thinkerou@gmail.com>'
 references:
-  - fix: https://github.com/gin-gonic/gin/pull/2237
-  - fix: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
+    - fix: https://github.com/gin-gonic/gin/pull/2237
+    - fix: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
 cve_metadata:
     id: CVE-9999-0001
     cwe: 'CWE-20: Improper Input Validation'

internal/worker/worker_test.go

@@ -272,13 +272,13 @@ See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md)
 
 ` + "```" + `
 modules:
-  - module: a.Module
-    packages:
-      - package: a.Module
+    - module: a.Module
+      packages:
+        - package: a.Module
 description: |
     a description
 cves:
-  - ID1
+    - ID1
 
 ` + "```"
 	if diff := cmp.Diff(unindent(want), got); diff != "" {
@@ -323,14 +323,14 @@ See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md)
 
 ` + "```" + `
 modules:
-  - module: aPackage
-    versions:
-      - fixed: 1.2.3
-    packages:
-      - package: aPackage
+    - module: aPackage
+      versions:
+        - fixed: 1.2.3
+      packages:
+        - package: aPackage
 description: a description
 ghsas:
-  - G1
+    - G1
 
 ` + "```"