Fix CVE-2022-28948 by patching gopkg.in/yaml.v3

[trstringer]

This PR fixes CVE-2022-28948, which causes an issue when attemping to
deserialize invalid input.

Signed-off-by: Thomas Stringer [email protected]

Affected area:

Functional Area
Security	[X]

Please answer the following questions with yes/no.

1. Does this change contain code from or inspired by another project? No.

2. Is this a breaking change? No.

3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? Not applicable.

[codecov-commenter]

Codecov Report

Merging #4771 (104f027) into main (1f0f93c) will increase coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #4771      +/-   ##
==========================================
+ Coverage   68.97%   69.00%   +0.03%     
==========================================
  Files         226      226              
  Lines       16432    16432              
==========================================
+ Hits        11334    11339       +5     
+ Misses       5046     5041       -5     
  Partials       52       52              

Flag	Coverage Δ
unittests	69.00% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/certificate/manager.go	92.66% <0.00%> (+1.83%)	⬆️
pkg/messaging/workqueue.go	100.00% <0.00%> (+10.71%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1f0f93c...104f027. Read the comment docs.