Hi there!

I work on the team that writes nancy, and in a scan of a project where I use cobra, I discovered that your downstream dependency on gorilla/websocket is effected by: GHSA-jf24-p9p9-4rjh

Not sure if this would make cobra vulnerable, but I figured I'd file an issue, as upgrading to 1.4.1 seems trivial and gets you out of the line of fire :)

Cheers,
Jeffry