同学，您这个项目引入了51个开源组件，存在1个漏洞，辛苦升级一下

[dependasec]

检测到 andersfylling/disgord-starter 一共引入了51个开源组件，存在1个漏洞

漏洞标题：Gin-Gonic Gin 环境问题漏洞
缺陷组件：github.com/gin-gonic/[email protected]
漏洞编号：CVE-2020-28483
漏洞描述：Gin-Gonic Gin是Gin-Gonic团队的一个基于Go语言的用于快速构建Web应用的框架。
github.com/gin-gonic/gin 全部版本存在安全漏洞，该漏洞源于可以通过设置X-Forwarded-For头来欺骗客户端的IP。
影响范围：(∞, 1.7.7)
最小修复版本：1.7.7
缺陷组件引入路径：main@->github.com/gin-gonic/[email protected]

另外还有几个漏洞，详细报告：https://mofeisec.com/jr?p=ad087f

[andersfylling]

Hi, this project is managed in english. Could you please explain further what the security exploit is? =)

[andersfylling]

It looks like it's related to gin, but this project does not use gin.

Edit: at least it has no reason to depend on gin. I am seeing gin dependencies in the disgord go.sum file though, uncertain why.

Seems the websocket module in disgord depends on gin. This should be resolved once andersfylling/disgord#466 is merged.