Vulnerability due to indirect imports

[RohitPSPH]

We found a vulnerability for during our code scan:

• github.com/coreos/etcd v3.3.13+incompatible
• github.com/microcosm-cc/bluemonday@v1.0.2
• github.com/kataras/iris/v12@v12.1.8
• github.com/nats-io/jwt@v0.3.0
• github.com/labstack/echo/v4@v4.1.17
• github.com/valyala/fasthttp@v1.16.0

This is due to the usage of this package(github.com/awslabs/aws-lambda-go-api-proxy). It looks like this may need to be cascaded to lower level packages.

Dependency graph:

• github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/dgraph-io/badger@v1.6.0 -> github.com/spf13/cobra@v0.0.5 -> github.com/spf13/viper@v1.3.2 -> github.com/coreos/etcd@v3.3.10+incompatible

• github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/microcosm-cc/bluemonday@v1.0.2

• github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/kataras/iris/v12@v12.1.8 -> github.com/kataras/neffos@v0.0.14 -> github.com/nats-io/nats.go@v1.9.1 -> github.com/nats-io/jwt@v0.3.0

• github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/gofiber/fiber/v2@v2.1.0 -> github.com/valyala/fasthttp@v1.16.0

• github.com/awslabs/aws-lambda-go-api-proxy@v0.13.1 -> github.com/labstack/echo/v4@v4.1.17

• 

• 

• 

• 

[sapessi]

Unfortunately there isn't a new stable version of Iris. The only option would be to update to 12.2.2-beta, which may include breaking changes. Let us work through this over the next few days.