Skip to content

Security vuln CVE-2019-19794 with transitive dependency github.com/miekg/dns@v1.0.14 #1249

@francogeller

Description

@francogeller

What would you like?

Latest version 0.12.0 have a transitive dependency with github.com/miekg/dns@v1.0.14 because it is a dependency of the following direct dependencies:

  • github.com/hashicorp/serf@v0.9.5
  • github.com/hashicorp/consul/api@v1.10.1

Any dependency with github.com/miekg/dns@v1.0.14 must be fully deprecated due to known vulnerability CVE-2019-19794 with this module version.

To definitely deprecate github.com/miekg/dns@v1.0.14 we must:

  • Update github.com/hashicorp/serf@v0.9.5 up to to github.com/hashicorp/serf@v0.10.0 (current latest)
  • Update github.com/hashicorp/consul/api@v1.10.1 up to github.com/hashicorp/consul/api@v1.14.0 (current latest)
$ go get -u github.com/hashicorp/serf@latest
$ go get -u github.com/hashicorp/consul/api@latest
$ go mod tidy

After this:
All transitive dependencies with github.com/miekg/dns@v1.0.14 are completely removed.
All tests continues to complete successfully.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions