Using trivy scanner reported vulnerability from old golang.org/x/net v0.0.0. I think it's because the go.sum wasn't properly updated and the vulnerable version isn't used anymore even in transitive dependencies.
┌──────────────────┬────────────────┬──────────┬────────────────────────────────────┬─────────────────────────────────────┬───────────────────────────────────────────────────┐
11:08:34│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
11:08:34├──────────────────┼────────────────┼──────────┼────────────────────────────────────┼─────────────────────────────────────┼───────────────────────────────────────────────────┤
11:08:34│ golang.org/x/net │ CVE-2022-41721 │ HIGH │ v0.0.0-20220722155237-a158d28d115b │ 0.1.1-0.20221104162952-702349b0e862 │ A request smuggling attack is possible when using │
11:08:34│ │ │ │ │ │ MaxBytesHandler. Whe ... │
11:08:34│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41721 │
11:08:34└──────────────────┴────────────────┴──────────┴────────────────────────────────────┴─────────────────────────────────────┴───────────────────────────────────────────────────┘
Coverage: 74.191%. Remained the same when pulling 85e5a0f27f38c23e24094c93c3fa1f8aea4b9ff0 on tremblaysimon:updateGoModules into 8f07b0368280d9fc70b4ffd3708b31427bbc286d on go-playground:master.
Fixes Or Enhances
Using trivy scanner reported vulnerability from old golang.org/x/net v0.0.0. I think it's because the go.sum wasn't properly updated and the vulnerable version isn't used anymore even in transitive dependencies.
Reference: https://pkg.go.dev/vuln/GO-2023-1495
Make sure that you've checked the boxes below before you submit PR:
@go-playground/validator-maintainers