False Positive: CVE-2019-3826 should not apply to Golang package

Hi there,

regardless of the changes themselves which might need a rework, I believe this vulnerability should be double-checked and eventually marked as FP.

CVE-2019-3826 (nvd) should apply to the Prometheus product rather than the Golang package.

If for some reason it should apply to the Golang package the proper version should be used: the latest (not retracted) for this Golang package is v0.48.0 (ref: https://pkg.go.dev/github.com/prometheus/prometheus?tab=versions)