Bump github.com/stretchr/testify from 1.7.1 to 1.8.0

[mrb113]

1.7.1 has a vulnerable dependency yaml.v3 that's fixed in 1.8.0. Anyone using go-mysql who's running security tooling is getting warnings about the following:
Security bug: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2952714

To resolve, you should be able to do:

go get github.com/stretchr/testify
go mod tidy

I don't see any breaking changes between the 1.7.1 and 1.8.0 versions

[lance6716]

Hi, do you have time to submit a PR 😄

[mrb113]

I don't have a development environment set up for this project - filing an issue because we use it as a dependency.

[mrb113]

thanks for addressing this! looking forward to the release w/ the fix

[lance6716]

thanks for addressing this! looking forward to the release w/ the fix

PTAL @atercattus

[atercattus]

Hello.

As I see we still use the wrong yaml.v3 version:

$ go mod graph | grep [email protected]
github.com/stretchr/[email protected] gopkg.in/[email protected]

$ go mod graph | grep github.com/stretchr/[email protected]
github.com/stretchr/[email protected] github.com/stretchr/[email protected]

And objx uses wrong yaml.v3 in the latest version.

And the latest testify uses wrong objx.

And as I see you know about this stretchr/objx#121 :)

We need to update objx too to fix this vulnerability...