rio, terraform, traefik1.7 and terraform-provider-openstack uses the vulnerable Masterminds/goutils v1.1.0 in at least openSUSE:Factory. However, afaics, rio is archived upstream and the last version still uses the vulnerable goutils