Please update prometheus lib to 1.11.1 due to CVE-2022-21698

hashicorp / go-metrics

A Golang library for exporting performance and runtime metrics to external metrics systems (i.e. statsite, statsd)

MIT License

1.46k stars 177 forks source link

Please update prometheus lib to 1.11.1 due to CVE-2022-21698 #130

Open sseide opened 2 years ago

sseide commented 2 years ago

all older versions of the prometheus client_golang package have an vulnerability rated HIGH flagged by multiple security scanner for all apps using your library.

Can you please update the old 1.4.0 version to latest 1.11.1 and publish a new release for others to pick up? Thanks in advance.

https://nvd.nist.gov/vuln/detail/CVE-2022-21698

yijia2413 commented 2 years ago

:100:

please update to latest version: github.com/prometheus/client_golang v1.12.1