New security vulnerabilities found in multiple direct and indirect third-party dependencies
sagarsaini1 opened this issue · comments
What did you do?
A security check was run on the service which is using go-kit/kit as a third-party dependency.
What did you expect?
No security vulnerabilities were to be found during the scan.
No vulnerable libraries should be used.
What happened instead?
Security vulnerabilities were detected on the following libraries used inside of kit:
direct dependencies:
- github.com/hashicorp/consul/api v1.20.0
- github.com/nats-io/nats-server/v2 v2.8.4
indirect dependencies:
- golang.org/x/net v0.12.0
link between above mentioned libraries and go-kit/kit was established using the go mod graph command.