CVE embedded via testify@v1.4.0 -> gopkg.in/yaml.v2 dependencies

[cboitel]

Issue Description

echo has a dependency on gommon@v0.3.0 which embeds yaml.v2@v2.2.2 (see labstack/gommon#48) suffering a reported CVE.

As a consequence, security scanning performed on project using echo report the CVE. If gommon is updated, echo will require to update its depency to remove the CVE report

Checklist

• Dependencies installed
• No typos
• Searched existing issues and docs

Expected behaviour

update

Actual behaviour

Steps to reproduce

Working code to debug

package main

import _ "github.com/labstack/echo"

func main() {
}

go mod init main

go mod tidy

go mod graph
## 
go mod graph | egrep "yaml.v2|testify"
main github.com/stretchr/testify@v1.7.0
github.com/labstack/gommon@v0.3.0 github.com/stretchr/testify@v1.4.0
github.com/stretchr/testify@v1.7.0 github.com/davecgh/go-spew@v1.1.0
github.com/stretchr/testify@v1.7.0 github.com/pmezard/go-difflib@v1.0.0
github.com/stretchr/testify@v1.7.0 github.com/stretchr/objx@v0.1.0
github.com/stretchr/testify@v1.7.0 gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c
github.com/stretchr/testify@v1.4.0 github.com/davecgh/go-spew@v1.1.0
github.com/stretchr/testify@v1.4.0 github.com/pmezard/go-difflib@v1.0.0
github.com/stretchr/testify@v1.4.0 github.com/stretchr/objx@v0.1.0
github.com/stretchr/testify@v1.4.0 gopkg.in/yaml.v2@v2.2.2
gopkg.in/yaml.v2@v2.2.2 gopkg.in/check.v1@v0.0.0-20161208181325-20d25e280405

Version/commit