lambda-go-api-proxy makes it easy to port APIs written with Go frameworks such as Gin (https://gin-gonic.github.io/gin/ ) to AWS Lambda and Amazon API Gateway.
We found a vulnerability for during our code scan:
github.com/coreos/etcd v3.3.13+incompatible
github.com/microcosm-cc/bluemonday@v1.0.2
github.com/kataras/iris/v12@v12.1.8
github.com/nats-io/jwt@v0.3.0
github.com/labstack/echo/v4@v4.1.17
github.com/valyala/fasthttp@v1.16.0
This is due to the usage of this package(github.com/awslabs/aws-lambda-go-api-proxy).
It looks like this may need to be cascaded to lower level packages.
Unfortunately there isn't a new stable version of Iris. The only option would be to update to 12.2.2-beta, which may include breaking changes. Let us work through this over the next few days.
We found a vulnerability for during our code scan:
This is due to the usage of this package(github.com/awslabs/aws-lambda-go-api-proxy). It looks like this may need to be cascaded to lower level packages.
Dependency graph:
github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/dgraph-io/badger@v1.6.0 -> github.com/spf13/cobra@v0.0.5 -> github.com/spf13/viper@v1.3.2 -> github.com/coreos/etcd@v3.3.10+incompatible
github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/microcosm-cc/bluemonday@v1.0.2
github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/kataras/neffos@v0.0.14 -> github.com/nats-io/nats.go@v1.9.1 -> github.com/nats-io/jwt@v0.3.0
github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/gofiber/fiber/v2@v2.1.0 -> github.com/valyala/fasthttp@v1.16.0
github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/labstack/echo/v4@v4.1.17