Found Vulnerable Dependencies

[zibi94]

github.com/volatiletech/sqlboiler/[email protected]

From nancy [https://github.com/sonatype-nexus-community/nancy]: [CVE-2022-29153] CWE-918: Server-Side Request Forgery (SSRF) Description - HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.

-->github.com/volatiletech/sqlboiler/[email protected] ----> github.com/spf13/[email protected] ------> github.com/sagikazarmark/[email protected] --------> github.com/hashicorp/consul/[email protected]

[CVE-2022-29153] CWE-918: Server-Side Request Forgery (SSRF) Description - HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.

--> github.com/volatiletech/sqlboiler/[email protected] ----> github.com/spf13/[email protected] ------> github.com/sagikazarmark/[email protected] --------> github.com/hashicorp/consul/[email protected] ----------> github.com/hashicorp/consul/[email protected]

sonatype-2019-0890 Description - 1 non-CVE vulnerability found. --> github.com/volatiletech/sqlboiler/[email protected] ----> github.com/spf13/[email protected] ------> github.com/spf13/[email protected] --------> github.com/pkg/[email protected] && --> github.com/volatiletech/sqlboiler/[email protected] ----> github.com/spf13/[email protected] ------> github.com/spf13/[email protected] --------> github.com/spf13/[email protected] -----------> github.com/pkg/[email protected]

[aarondl]

These modules are unused in practice. They're all part of viper which is only used to read configuration from files and command line arguments, it does not use sftp or consul to read config. We should upgrade anyway but it's not urgent.

[Nitjsefni7]

New vulnerability from packages github.com/hashicorp/consul/[email protected] and github.com/hashicorp/consul/[email protected] [CVE-2021-41803]