Multiple CVE:s with severity level High due to use of SuperCronic 0.2.1 (that uses Go-lang version 1.18.3).

[jorander]

Pre issue-raising checklist

I have already (please mark the applicable with an x):

• [x] Confirmed this is the right place to raise the issue - only issues related to the Dockerization of the Pact Broker should be raised here. Issues related to the Pact Broker application itself should be raised in the Pact Broker project.
• [x] Upgraded to the latest Pact Broker Docker image OR
• [x] Checked the CHANGELOG to see if the issue I am about to raise has been fixed
• [x] Read the Troubleshooting page

Software versions

• pact-broker gem version: 2.106.0
• pact-broker docker version: 2.106.0.0

Expected behaviour

No CVE:s with severity High from used of SuperCronic

Actual behaviour

Several CVE:s with severity High from used of SuperCronic.

Steps to reproduce

Security scan provided by Jfrog Xray.

Relevent log files

N/A

[jorander]

Pact-Broker is already using the latest version of SuperCronic. I have opened an issue with the SuperCronic project asking them to upgrade their underlaying Go-lang-version. When that is resolved and a new version of SuperCronic is released we can do an upgrade and resolve this issue as well.

[jorander]

The issue I opened with the SuperCronic project has now been fixed in their latest version. An upgrade is provided in the attached pull request.