A new CVE in golang/stdlib

[MilesTEG1]

Hello, There is again a CVE for golang/stdlib 😩

I'm trying to get rid of CVEs on an image I forked for the occasion (VDirsyncer-Dockerized fork, source here).

I use your instructions here to install your latest version of superconic: https://github.com/aptible/supercronic/releases/tag/v0.2.25

But when I add those lines, CVE appears in my image:

Can you build a new version with Fixed version : 1.20.5?

Thanks in advance.

[ollikarppinen]

Upgrading the package to use Go 1.20.5 would be much appreciated here as well. 🙏

It would fix following CVEs:

• https://nvd.nist.gov/vuln/detail/CVE-2023-29404
• https://nvd.nist.gov/vuln/detail/CVE-2023-29405
• https://nvd.nist.gov/vuln/detail/CVE-2023-29402
• https://nvd.nist.gov/vuln/detail/CVE-2023-29403

[UserNotFound]

https://github.com/aptible/supercronic/releases/tag/v0.2.26