Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New security vulnerabilities found in multiple direct and indirect third-party dependencies #1280

Open
sagarsaini1 opened this issue Dec 11, 2023 · 0 comments
Open

New security vulnerabilities found in multiple direct and indirect third-party dependencies #1280

sagarsaini1 opened this issue Dec 11, 2023 · 0 comments
Labels
bug

Comments

@sagarsaini1
Copy link

What did you do?

A security check was run on the service which is using go-kit/kit as a third-party dependency.

What did you expect?

No security vulnerabilities were to be found during the scan.
No vulnerable libraries should be used.

What happened instead?

Security vulnerabilities were detected on the following libraries used inside of kit:

direct dependencies:

  • github.com/hashicorp/consul/api v1.20.0
  • github.com/nats-io/nats-server/v2 v2.8.4

indirect dependencies:

  • golang.org/x/net v0.12.0

link between above mentioned libraries and go-kit/kit was established using the go mod graph command.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sagarsaini1