The go libraries used in the container are pretty old, and some of them have CVEs that have my InfoSec team rejecting the image for use. Can they be updated?
The specific libraries and CVEs are:
golang.org/x/net -
Installed Version: v0.0.0-20220225172249-27dd8689420f
CVEs: CVE-2022-27664, CVE-2022-41723, CVE-2023-39325, CVE-2023-3978, CVE-2023-44487
Looks like all of these are fixed by v0.17.0 or later.
golang.org/x/text -
Installed Version: v0.3.7
CVE: CVE-2022-32149
Looks like it is fixed in v0.3.8
The go libraries used in the container are pretty old, and some of them have CVEs that have my InfoSec team rejecting the image for use. Can they be updated?
The specific libraries and CVEs are:
golang.org/x/net - Installed Version: v0.0.0-20220225172249-27dd8689420f CVEs: CVE-2022-27664, CVE-2022-41723, CVE-2023-39325, CVE-2023-3978, CVE-2023-44487 Looks like all of these are fixed by v0.17.0 or later.
golang.org/x/text - Installed Version: v0.3.7 CVE: CVE-2022-32149 Looks like it is fixed in v0.3.8