Could you please update the golang.org/x/net version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security vulnerabilities found from the latest 0.6.14 version.
Why is this needed?
Security scan results from a Docker image that uses the latest 0.6.14 version of aws-iam-authenticator have highlighted the CVE-2023-45288 vulnerability in the golang.org/x/net dependency, and the CVE-2024-24786 vulnerability in the google.golang.org/protobuf dependency. (I think the google.golang.org/protobuf version pinned in the code is up-to-date enough, but the latest released version of aws-iam-authenticator is not using this yet.)
What would you like to be added?
Could you please update the golang.org/x/net version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security vulnerabilities found from the latest 0.6.14 version.
Why is this needed?
Security scan results from a Docker image that uses the latest 0.6.14 version of
aws-iam-authenticator
have highlighted the CVE-2023-45288 vulnerability in thegolang.org/x/net
dependency, and the CVE-2024-24786 vulnerability in thegoogle.golang.org/protobuf
dependency. (I think the google.golang.org/protobuf version pinned in the code is up-to-date enough, but the latest released version of aws-iam-authenticator is not using this yet.)Anything else we need to know?
No response