# contribute

Ethan Brown

03/29/2024, 3:36 PM
Did a little more vuln triaging to satisfy the scanners - have 4 PRs open to update logrus, go-restful, lestrrat-go/jwx and cloudevents 🧵
There are also a few that got picked up in go-jose ... but I didn't tackle that one just yet. I see 2 variants of that library in use, which should probably be corrected

Kevin Su

03/29/2024, 5:01 PM
thank you so much, we will take a look

Ethan Brown

03/30/2024, 12:08 AM
One more vuln PR for some of the Go experimental packages -
Most of those are HTTP2 related
Actually, I'm wrong about the source of those scan results ... that last PR shouldn't be as critical. Updating the grpc probe should resolve most of these issues:
And I think the last 2 around vuln remediation to make our scanners (Twistlock) happy: