Open chadmyers opened 1 year ago
It appears that upgrading to the v2 AWS SDK for Go (aws-sdk-go-v2) will fix these issues. I looked into the process for upgrading but my Go experience is poor and so I'm not quite sure where to start. For example, the aws-sdk-go-v2 release numbers look like 2023-03-14
and go.mod expects the v1.2.3
format so I'm not even sure how to reference that version.
I think they are using different versions for different sub-modules and the date is only used as an informal name. See https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2023-07-31 and https://github.com/moby/moby/blob/95bbbc0418390b28717674a2969edc8313b61fe7/vendor.mod#L19 as an example.
When I run
trivy
on this repo, it reports two vulnerabilities in the aws-sdk-go module. When I upgradego.mod
to point to the latest release ofaws-sdk-go
(1.44.221 at the time of this writing), I get the same two vulnerabilities: