Our project depends on github.com/jcmturner/gokrb5:v8.4.4. One of its child dependencies, github.com/jcmturner/aescts:v2.0.0, appears to be outdated or end-of-life and should be upgraded to a maintained version to ensure ongoing security and compatibility.
Impact:
Potential security risks from using an unmaintained or outdated cryptographic library.
Possible build or compatibility issues with future Go releases.
Suggested Solution:
Identify a maintained version or replacement for github.com/jcmturner/aescts.
Update the dependency reference in the go.mod file.
Rebuild the project and verify that all tests pass successfully.
Ensure backward compatibility with gokrb5.
Our project depends on github.com/jcmturner/gokrb5:v8.4.4. One of its child dependencies, github.com/jcmturner/aescts:v2.0.0, appears to be outdated or end-of-life and should be upgraded to a maintained version to ensure ongoing security and compatibility.
Impact:
Potential security risks from using an unmaintained or outdated cryptographic library.
Possible build or compatibility issues with future Go releases.
Suggested Solution:
Identify a maintained version or replacement for github.com/jcmturner/aescts.
Update the dependency reference in the go.mod file.
Rebuild the project and verify that all tests pass successfully.
Ensure backward compatibility with gokrb5.