Hello,
Our security tooling is showing that v2.9.0 has the vulnerability CVE-2023-44487. This requires upgrading to a newer golang patch to pull in the latest net package.
This has been fixed for sure in v2.10.0, where we use go 1.21.5.
I think it's also fixed in 2.9.3, which uses github.com/grpc/grpc-go v1.59.0 that has the issue fixed.
/close
In response to [this](https://github.com/kubernetes-csi/node-driver-registrar/issues/347#issuecomment-1916833190):
>This has been fixed for sure in v2.10.0, where we use go 1.21.5.
>I think it's also fixed in 2.9.3, which uses github.com/grpc/grpc-go v1.59.0 that has the issue fixed.
>/close
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
Hello, Our security tooling is showing that v2.9.0 has the vulnerability CVE-2023-44487. This requires upgrading to a newer golang patch to pull in the latest net package.![Screenshot 2023-10-27 at 9 18 20 AM](https://github.com/kubernetes-csi/node-driver-registrar/assets/4107699/cd6dc1a2-86ec-4365-99a3-7fb00ad644fd)