[BUG] snyk scan shows 7 issues, 13 vulnerable paths

What version of Dgraph are you using? (result of `dgraph version`) main branch based on v21.03 branch

Tell us a little more about your go-environment? (result of `go version`)

Have you tried reproducing the issue with the latest release? yes

What is the hardware spec (RAM, CPU, OS)? n/a

Steps to reproduce the issue (command/config used to run Dgraph).

brew tap snyk/tap
brew install snyk
snyk test

Expected behavior and actual result.

I expected that there would be no security vulnerabilities, but I found this report:

✗ Medium severity vulnerability found in gopkg.in/yaml.v2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV2-1083943
  Introduced through: gopkg.in/yaml.v2@2.2.4, github.com/spf13/viper@1.7.1
  From: gopkg.in/yaml.v2@2.2.4
  From: github.com/spf13/viper@1.7.1 > gopkg.in/yaml.v2@2.2.4
  Fixed in: 2.2.8

✗ Medium severity vulnerability found in golang.org/x/text/internal/language
  Description: Out-of-bounds Read
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXTEXTINTERNALLANGUAGE-2400718
  Introduced through: golang.org/x/text/language@0.3.3, golang.org/x/text/collate@0.3.3
  From: golang.org/x/text/language@0.3.3 > golang.org/x/text/internal/language@0.3.3
  From: golang.org/x/text/collate@0.3.3 > golang.org/x/text/language@0.3.3 > golang.org/x/text/internal/language@0.3.3
  From: golang.org/x/text/language@0.3.3 > golang.org/x/text/internal/language/compact@0.3.3 > golang.org/x/text/internal/language@0.3.3
  and 1 more...
  Fixed in: 0.3.7

✗ Medium severity vulnerability found in github.com/prometheus/client_golang/prometheus/promhttp
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819
  Introduced through: contrib.go.opencensus.io/exporter/prometheus@0.1.0
  From: contrib.go.opencensus.io/exporter/prometheus@0.1.0 > github.com/prometheus/client_golang/prometheus/promhttp@0.9.3
  Fixed in: 1.11.1

✗ Medium severity vulnerability found in github.com/graph-gophers/graphql-go/internal/validation
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGRAPHGOPHERSGRAPHQLGOINTERNALVALIDATION-2359051
  Introduced through: github.com/graph-gophers/graphql-go@#dae41bde9ef9, github.com/graph-gophers/graphql-go/relay@#dae41bde9ef9
  From: github.com/graph-gophers/graphql-go@#dae41bde9ef9 > github.com/graph-gophers/graphql-go/internal/validation@#dae41bde9ef9
  From: github.com/graph-gophers/graphql-go/relay@#dae41bde9ef9 > github.com/graph-gophers/graphql-go@#dae41bde9ef9 > github.com/graph-gophers/graphql-go/internal/validation@#dae41bde9ef9
  Fixed in: 1.3.0

✗ Medium severity vulnerability found in github.com/apache/thrift/lib/go/thrift
  Description: Improper Input Validation
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAPACHETHRIFTLIBGOTHRIFT-474612
  Introduced through: contrib.go.opencensus.io/exporter/jaeger@0.1.0
  From: contrib.go.opencensus.io/exporter/jaeger@0.1.0 > github.com/apache/thrift/lib/go/thrift@0.12.0
  From: contrib.go.opencensus.io/exporter/jaeger@0.1.0 > contrib.go.opencensus.io/exporter/jaeger/internal/gen-go/jaeger@0.1.0 > github.com/apache/thrift/lib/go/thrift@0.12.0
  Fixed in: 0.13.0

✗ High severity vulnerability found in gopkg.in/yaml.v3
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557
  Introduced through: github.com/stretchr/testify/require@1.6.1
  From: github.com/stretchr/testify/require@1.6.1 > github.com/stretchr/testify/assert@1.6.1 > gopkg.in/yaml.v3@#eeeca48fe776
  Fixed in: 3.0.0

✗ High severity vulnerability found in github.com/dgrijalva/jwt-go
  Description: Access Restriction Bypass
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
  Introduced through: github.com/dgrijalva/jwt-go@3.2.0
  From: github.com/dgrijalva/jwt-go@3.2.0
  Fixed in: 4.0.0-preview1

dgraph-io / dgraph

[BUG] snyk scan shows 7 issues, 13 vulnerable paths #8222

What version of Dgraph are you using? (result of `dgraph version`) main branch based on v21.03 branch

Tell us a little more about your go-environment? (result of `go version`)

Have you tried reproducing the issue with the latest release? yes

What is the hardware spec (RAM, CPU, OS)? n/a

Steps to reproduce the issue (command/config used to run Dgraph).

Expected behavior and actual result.

dgraph-io / dgraph

[BUG] snyk scan shows 7 issues, 13 vulnerable paths #8222

What version of Dgraph are you using? (result of dgraph version) main branch based on v21.03 branch

Tell us a little more about your go-environment? (result of go version)

Have you tried reproducing the issue with the latest release? yes

What is the hardware spec (RAM, CPU, OS)? n/a

Steps to reproduce the issue (command/config used to run Dgraph).

Expected behavior and actual result.

What version of Dgraph are you using? (result of `dgraph version`) main branch based on v21.03 branch

Tell us a little more about your go-environment? (result of `go version`)