Hi,
Thank you for maintaining this excellent project!
I wanted to bring to your attention that a security scan has identified five CVEs associated with two dependencies in certstream-server-go:
golang.org/x/crypto (v0.26.0):
golang.org/x/net (v0.28.0):
These vulnerabilities may pose risks to the project. I recommend reviewing the dependencies and considering an update to patched versions. Let me know if you need any additional details!
I apologize for not submitting a pull request, as I’m not very familiar with Go. However, I tried upgrading the two libraries locally, and the project appeared to function correctly.
Best regards
Hi,
Thank you for maintaining this excellent project!
I wanted to bring to your attention that a security scan has identified five CVEs associated with two dependencies in
certstream-server-go:golang.org/x/crypto(v0.26.0):golang.org/x/net(v0.28.0):These vulnerabilities may pose risks to the project. I recommend reviewing the dependencies and considering an update to patched versions. Let me know if you need any additional details!
I apologize for not submitting a pull request, as I’m not very familiar with Go. However, I tried upgrading the two libraries locally, and the project appeared to function correctly.
Best regards