mipnw
commented
2 years ago Based on your go.mod, it appears golang.org/x/text is an indirect dependency, so the work is to figure out which of your direct dependencies brings this and use a newer version.
CVE-2020-14040 (Severity=High) and CVE-2021-38561 (Severity=Unknown) are found when scanning https://github.com/googleinterns/cloud-operations-api-mock/releases/download/v2-alpha/mock_server-x64-linux-v2-alpha with trivy
Both of those CVEs would be fixed by upgrading golang.org/x/text from v0.3.0 to v0.3.7.