Bump go-kit to 0.12.0

go-kit 0.11.0 has a dependency on github.com/dgrijalva/jwt-go which has a few vulns. Namely dgrijalva/jwt-go#428. go-kit switched to the properly maintained fork in go-kit/kit#1026 so this commit bumps up to 0.12.0 in order to pick up that change and remove the dependency on the vulnerable lib
sinkingpoint · May 25, 2022 · dddb985 · dddb985
1 parent f9992f7
commit dddb985
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/go.mod b/go.mod
@@ -72,7 +72,7 @@ require (
 	github.com/eapache/queue v1.1.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.2 // indirect
-	github.com/go-kit/kit v0.11.0 // indirect
+	github.com/go-kit/kit v0.12.0 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect