High CVE on golang.org/x/net
Closed this issue · 1 comments
sodul commented
Our security scans are detecting a high CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-41721
This is caused by an indirect dependency on golang.org/x/net v0.0.0-20221002022538-bcab6841153b.
The go mod graph command shows that the dependency comes from bluemonday. Since this was addressed in bluemonday 1.0.26, the fix should be simply to update go.mod to point to 1.0.26 or newer and perform a new release.
microcosm-cc/bluemonday@0eb99d2
This relates to containerscrew/tftools#3