Security vuln CVE-2019-19794 with transitive dependency github.com/miekg/dns@v1.0.14

[francogeller]

What would you like?

Latest version 0.12.0 have a transitive dependency with github.com/miekg/dns@v1.0.14 because it is a dependency of the following direct dependencies:

• github.com/hashicorp/serf@v0.9.5
• github.com/hashicorp/consul/api@v1.10.1

Any dependency with github.com/miekg/dns@v1.0.14 must be fully deprecated due to known vulnerability CVE-2019-19794 with this module version.

To definitely deprecate github.com/miekg/dns@v1.0.14 we must:

• Update github.com/hashicorp/serf@v0.9.5 up to to github.com/hashicorp/serf@v0.10.0 (current latest)
• Update github.com/hashicorp/consul/api@v1.10.1 up to github.com/hashicorp/consul/api@v1.14.0 (current latest)

$ go get -u github.com/hashicorp/serf@latest
$ go get -u github.com/hashicorp/consul/api@latest
$ go mod tidy

After this: All transitive dependencies with github.com/miekg/dns@v1.0.14 are completely removed. All tests continues to complete successfully.

[francogeller]

PR #1250 is a proposal to fix the vulnerability