What did you do?

Run dependency check of known vulnerabilities in a project with go-kit 0.12.0.

What did you expect?

Run dependency check with go-kit without vulnerabilities medium or higher.

What happened instead?

Found a vulnerability of high impact from https://nvd.nist.gov/vuln/detail/CVE-2022-21698.
The vulnerability was fixed here https://github.com/prometheus/client_golang/releases/tag/v1.11.1, so you should upgrade from github.com/prometheus/client_golang 1.11.0 to 1.11.1 without any problem.