Open cloudxxx8 opened 7 months ago
The current golang build is based on 1.21.0, and some CVE would be discovered if the binary is built from this version.
$ docker scout cves --format only-packages --only-vuln-packages edgexfoundry/core-metadata:0.0.0-dev ✓ Image stored for indexing ✓ Indexed 75 packages ✗ Detected 2 vulnerable packages with a total of 14 vulnerabilities Name Version Type Vulnerabilities ──────────────────────────────────────────────────────────────────────────── golang.org/x/net 0.21.0 golang 0C 0H 1M 0L stdlib 1.21.0 golang 0C 4H 4M 0L 6?
Thus, we should upgrade to use the latest patch version
The current golang build is based on 1.21.0, and some CVE would be discovered if the binary is built from this version.
Thus, we should upgrade to use the latest patch version