Bump go-kit to 0.12.0

go-kit 0.11.0 has a dependency on github.com/dgrijalva/jwt-go which has a few vulns. Namely dgrijalva/jwt-go#428. go-kit switched to the properly maintained fork in go-kit/kit#1026 so this commit bumps up to 0.12.0 in order to pick up that change and remove the dependency on the vulnerable lib Signed-off-by: Colin Douch <iam@colindou.ch>
sinkingpoint · May 25, 2022 · 3a7499f · 3a7499f
1 parent f9992f7
commit 3a7499f
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 128 deletions.
diff --git a/go.mod b/go.mod
@@ -56,7 +56,7 @@ require (
 )
 
 require (
-	github.com/HdrHistogram/hdrhistogram-go v1.0.1 // indirect
+	github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
 	github.com/VividCortex/gohistogram v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/benbjohnson/clock v1.1.0 // indirect
@@ -72,7 +72,7 @@ require (
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.2 // indirect
-	github.com/go-kit/kit v0.11.0 // indirect
+	github.com/go-kit/kit v0.12.0 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect