Update github.com/elazarl/goproxy for security vulnerability

[lantoli]

Hi,
we're using this Go package in MongoDB from: https://github.com/mongodb/terraform-provider-mongodbatlas/blob/master/tools/check-changelog-entry-file/main.go

We've detected a vulnerability in a dependency. Would it be possible if you update it?

Also can you please evaluate to do Github releases for this package?

More info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247

Dependency chain from our script:

go mod why  github.com/elazarl/goproxy 

# github.com/elazarl/goproxy
github.com/mongodb/terraform-provider-mongodbatlas/tools/check-changelog-entry-file
github.com/hashicorp/go-changelog
github.com/go-git/go-git/v5
github.com/go-git/go-git/v5/plumbing/transport/client
github.com/go-git/go-git/v5/plumbing/transport/http
github.com/go-git/go-git/v5/plumbing/transport/http.test
github.com/elazarl/goproxy

Thanks a lot

[hanshasselberg]

Hello @lantoli,

thanks for reporting. It is not clear to me how to fix this, I don't know which version of goproxy contains a fix for this.

[lantoli]

thanks @hanshasselberg , the issue was fixed in elazarl/goproxy#507 but it looks like they don't do releases, so you can take the latest commit in master as the version to use.

also in the link above with Snyk:

A fix was pushed into the master branch but not yet published.

[Zuhairahmed]

hi any updates on next steps @hanshasselberg ?