Hi Team,
We are currently using go-ldap v3.4.10 in our project. During our dependency and security review, we observed that Azure/go-ntlmssp is pulled in as a transitive dependency.
We would like to request an update of the Azure/go-ntlmssp dependency to the latest available stable version (or a version that addresses known security concerns, if applicable).
Upgrading this dependency would help ensure:
Alignment with the latest security patches
Improved dependency hygiene
Reduced vulnerability exposure in downstream consumers
Could you please review and consider updating the transitive dependency in an upcoming release?
Please let us know if any additional details are required from our side.
Thank you for your continued support and maintenance of this project.
Best regards,
Shivali Bandi
Hi Team,
We are currently using go-ldap v3.4.10 in our project. During our dependency and security review, we observed that Azure/go-ntlmssp is pulled in as a transitive dependency.
We would like to request an update of the Azure/go-ntlmssp dependency to the latest available stable version (or a version that addresses known security concerns, if applicable).
Upgrading this dependency would help ensure:
Alignment with the latest security patches
Improved dependency hygiene
Reduced vulnerability exposure in downstream consumers
Could you please review and consider updating the transitive dependency in an upcoming release?
Please let us know if any additional details are required from our side.
Thank you for your continued support and maintenance of this project.
Best regards,
Shivali Bandi