so github.com/dgrijalva/jwt-go v3.2.0+incompatible has a high vuln in prisma.

echo 4.1.11 uses it:
github.com/labstack/echo/v4@v4.1.11 github.com/dgrijalva/jwt-go@v3.2.0+incompatible

which is used by an old sentry-go:
github.com/cockroachdb/sentry-go@v0.6.1-cockroachdb.2 github.com/labstack/echo/v4@v4.1.11

which is used by an old errors:
github.com/cockroachdb/errors@v1.6.1 github.com/cockroachdb/sentry-go@v0.6.1-cockroachdb.2

which is used by an old datadriven:
github.com/cockroachdb/datadriven@v1.0.1-0.20211007161720-b558070c3be0 github.com/cockroachdb/errors@v1.6.1

which is used by a newer errors:
github.com/cockroachdb/errors@v1.8.8 github.com/cockroachdb/datadriven@v1.0.1-0.20211007161720-b558070c3be0

which is used by a newer datadriven:
github.com/cockroachdb/datadriven@v1.0.1-0.20220214170620-9913f5bc19b7 github.com/cockroachdb/errors@v1.8.8

which is used by the newest errors:
github.com/cockroachdb/errors@v1.9.0 github.com/cockroachdb/datadriven@v1.0.1-0.20220214170620-9913f5bc19b7

and I was hoping you might have some idea what I could do.

I see you have a 1.0.2 for datadriven: https://github.com/cockroachdb/datadriven/releases/tag/v1.0.2

so if you could just bump errors to 1.9.1 with that change (or maybe 1.9.2 if those 4 pending commits on master warrant it), that would maybe help?

let's try it!

here you are https://github.com/cockroachdb/errors/releases/tag/v1.9.1

trying, but either way, I really appreciate your super fast response and action

thanks to you for reporting this. we wouldn't have noticed otherwise.