Out-of-date go libraries with multiple vulnerabilities

[ajchiarello]

The go libraries used in the container are pretty old, and some of them have CVEs that have my InfoSec team rejecting the image for use. Can they be updated?

The specific libraries and CVEs are:

golang.org/x/net - Installed Version: v0.0.0-20220225172249-27dd8689420f CVEs: CVE-2022-27664, CVE-2022-41723, CVE-2023-39325, CVE-2023-3978, CVE-2023-44487 Looks like all of these are fixed by v0.17.0 or later.

golang.org/x/text - Installed Version: v0.3.7 CVE: CVE-2022-32149 Looks like it is fixed in v0.3.8

[travisghansen]

Sure! Probably just need to bump the ci go version.

[travisghansen]

Give v0.5.6 a try and let me know if that scans any better.