Upgrade to YAMLv3

[davidmateos]

This relates to:

runtime/go.mod

Line 20 in 3f9800f

gopkg.in/yaml.v2 v2.4.0

The current yaml library version is impacted by CVE-2022-28948. See

• https://nvd.nist.gov/vuln/detail/CVE-2022-28948
• v3: panic "attempted to parse unknown event (please report): none" go-yaml/yaml#666

[sagarmamdapure]

@davidmateos I'm also facing the same issue. Looks like this package has been abandoned. Any suggestion on an alternate solution to fix this?

[casualjim]

It has not been abandoned but the upgrade to yaml.v3 is not straightforward for us.