Upgrade go dependencies to fix included CVE

go.mod references cobra dependency with version spf13/cobra v0.0.5 while version v1.2.1 is now available.

Cobra version 0.0.5 imports an outdated version of spf13/viper (v1.3.2 vs 1.8.1) which in turns imports an outdated version of (coreos/etcd v3.3.10+incompatible) which suffers the following CVE:
CVE-2020-15115 (Critical)
CVE-2020-15114 (Critical)
CVE-2020-15136 (Severe)

Upgrading depencies would remove the CVEs

What version of Go are you using (go version)?

$ go version1.17.3

What operating system are you using?

What version of Badger are you using?

dgraph-io/badger v3.2103.2

Does this issue reproduce with the latest master?


Steps to Reproduce the issue

Use go mod graph to review dependencies check they do not include

What Badger options were set?


What did you do?

go get the latest badger version and check vulnerabilities from dependencies

Revelant extract from go mod graph:

github.com/spf13/viper@v1.3.2 github.com/coreos/etcd@v3.3.10+incompatible
github.com/spf13/cobra@v0.0.5 github.com/spf13/viper@v1.3.2
github.com/dgraph-io/badger/v3@v3.2103.2 github.com/spf13/cobra@v0.0.5

What did you expect to see?

No fixed CVE reported in used dependencies

What did you see instead?

fixed CVE in later version of dependencies