yxxhero
commented
2 years ago @SatanicMechanic see https://github.com/helm/helm/pull/11110
Closed SatanicMechanic closed 2 years ago
yxxhero
commented
2 years ago @SatanicMechanic see https://github.com/helm/helm/pull/11110
mattfarina
commented
2 years ago This is still an issue because the circleci image we use for building is outdated. circleci is no longer updating it and the version of Go is outdates. They have newer images (in new locations) to use instead. See https://circleci.com/developer/images/image/cimg/go
mattfarina
commented
2 years ago This should now be fixed with the merge of #11161 and is out with the release of Helm 3.9.2
Helm includes a version of go that has several high severity CVEs:
CVE-2022-23772 CVE-2022-23806 CVE-2022-23773 CVE-2022-24921 CVE-2022-24675 CVE-2022-28327
Is there an ETA for getting this lib updated? If they are being deferred for non-exploitability, would you mind sharing the analysis?