update go-yaml in nix proxy (digital-asset#18026)

This code hasn't changed since it was first created 4 years ago. I wasn't able to find any way to go through the generation steps again (`go mod download` to go from `go.mod` to `go.sum`, then `vgo2nix` - which doesn't exist anymore - to go from `go.sum` to `deps.nix`) so instead I: 1. Deleted the `go.sum` file as it's mostly misdirection at this point. 2. Manually udpated the yaml version to the first non-vulnerable version so dependabot is happy, in both `go.mod` (which dependabot looks at) and `deps.nix` (which is the one we really use to resolve dependencies).
kgeonw · Dec 15, 2023 · df5fe42 · df5fe42
1 parent 542f3d3
commit df5fe42
Showing 3 changed files with 3 additions and 190 deletions.
diff --git a/nix/tools/nix-store-gcs-proxy/deps.nix b/nix/tools/nix-store-gcs-proxy/deps.nix
@@ -779,8 +779,8 @@
     fetch = {
       type = "git";
       url = "https://gopkg.in/yaml.v2";
-      rev = "v2.2.2";
-      sha256 = "01wj12jzsdqlnidpyjssmj0r4yavlqy7dwrg7adqd8dicjc4ncsa";
+      rev = "v2.2.4";
+      sha256 = "sha256-4mnIZoZTmJhCe8pX+ChsXTSxN1rYPWpZbhNFfsqRfIU=";
     };
   }
   {

diff --git a/nix/tools/nix-store-gcs-proxy/go.mod b/nix/tools/nix-store-gcs-proxy/go.mod
@@ -7,5 +7,5 @@ require (
 	github.com/urfave/cli v1.20.0
 	github.com/urfave/negroni v1.0.0
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/yaml.v2 v2.2.2 // indirect
+	gopkg.in/yaml.v2 v2.2.4 // indirect
 )
diff --git a/nix/tools/nix-store-gcs-proxy/go.sum b/nix/tools/nix-store-gcs-proxy/go.sum