Exclude gin and bluemonday package from dependencies
What does this MR do and why?
- github.com/gin-gonic/gin < 1.6.0 vulnerable to CVE-2020-28483
- github.com/microcosm-cc/bluemonday < 1.0.16 to CVE-2021-42576
The vulnerabilities are not exploitable in Workhorse because these packages are nested dependencies and used by nhooyr/websocket and sentry-go/iris that we don't use directly.
Related issues:
Edited by Igor Drozdov