The mimetype dependency is specified at v1.4.2, which is affected by a CVE impacting Go's net package. v1.4.3 resolved the issue. There is a merge request already out there by Dependabot bumping the version of net, but the root cause should be addressed by bumping mimetype, as well.
The mimetype dependency is specified at v1.4.2, which is affected by a CVE impacting Go's
net
package. v1.4.3 resolved the issue. There is a merge request already out there by Dependabot bumping the version ofnet
, but the root cause should be addressed by bumpingmimetype
, as well.