Patching vulnerabilities and keeping the project up to date

These are a few fixable vulnerabilities found.

```
$ grype .
 ✔ Vulnerability DB                [updated]  
 ✔ Indexed file system                                                                                                                                                                                                                                                                                                     .
 ✔ Scanned for vulnerabilities     [3 vulnerability matches]  
   ├── by severity: 0 critical, 1 high, 2 medium, 0 low, 0 negligible
   └── by status:   3 fixed, 0 not-fixed, 0 ignored 
[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                                 INSTALLED                           FIXED-IN                           TYPE       VULNERABILITY        SEVERITY 
github.com/prometheus/client_golang  v1.7.1                              1.11.1                             go-module  GHSA-cg3q-j54f-5p7p  High      
golang.org/x/sys                     v0.0.0-20200812155832-6a926be9bd1d  0.0.0-20220412211240-33da011f77ad  go-module  GHSA-p782-xgp4-8hr8  Medium    
google.golang.org/protobuf           v1.25.0                             1.33.0                             go-module  GHSA-8r3f-844c-mc37  Medium
```

I am providing a patch, but it would be beneficial to setup dependabot on this project.

https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Patching vulnerabilities and keeping the project up to date #26

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Patching vulnerabilities and keeping the project up to date #26

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions