Dependency update [lightstep-tracer-go/go-opencensus] #1000
Description
Hello, we are using a dependency scanning tool and found an issue in the go.sum. The example application: addsvc uses the lightstep-tracer-go and the full go-kit library (go.mod/go.sum) also contains this dependency.
The issue with lightstep-tracer-go v0.18.1 is containing the version of apache-thrift v0.12.0 with some vulnerabilities:
[1]
[2]
I know that this doesn't affect the main code of go-kit library, but the dependency scanning tool doesn't like this vulnerability and shows it with a high severity level. I have checked the last version of lightstep-tracer-go v0.20.0 and they have updated the opencensus to v0.22.3 and the issues with the apacha-thrift is fixed (updated to v0.13.0).
My proposal is to update the dependency version in go.mod file to have the latest version of this tracer [to v0.20.0]