govulncheck reporting vulnerability GO-2022-0646

[udhos]

govulncheck is reporting vulnerability for applications built with aws-sigv4-auth-cassandra-gocql-driver-plugin.

$ govulncheck -show verbose ./...
Scanning your code and 192 packages across 8 dependent modules for known vulnerabilities...

Fetching vulnerabilities from the database...

Checking the code against the vulnerabilities...

=== Symbol Results ===

No vulnerabilities found.

=== Package Results ===

No other vulnerabilities found.

=== Module Results ===

Vulnerability #1: GO-2022-0646
    Use of risky cryptographic algorithm in github.com/aws/aws-sdk-go
  More info: https://pkg.go.dev/vuln/GO-2022-0646
  Module: github.com/aws/aws-sdk-go
    Found in: github.com/aws/aws-sdk-go@v1.54.7
    Fixed in: N/A

Your code is affected by 0 vulnerabilities.
This scan also found 0 vulnerabilities in packages you import and 1
vulnerability in modules you require, but your code doesn't appear to call these
vulnerabilities.

go.mod:

$ more go.mod
module github.com/udhos/keyspaces-demo

go 1.22.4

require (
	github.com/aws/aws-sigv4-auth-cassandra-gocql-driver-plugin v1.1.0
	github.com/gocql/gocql v1.6.0
)

require (
	github.com/aws/aws-sdk-go v1.54.7 // indirect
	github.com/golang/snappy v0.0.4 // indirect
	github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect
	github.com/jmespath/go-jmespath v0.4.0 // indirect
	gopkg.in/inf.v0 v0.9.1 // indirect
)