We've identified a category high vulnerability (CVE-2023-24535) in the docker image caused by google.golang.org/protobuf@v1.29.0 which can be resolved by upgrading to google.golang.org/protobuf@v1.29.1.
It seems to be an indirect dependency from another module of yours (intents-operator).
Is it something that can be updated and taken care of or are you reliant on this specific protobuf version?
Import graph:
❯ go mod graph | grep protobuf@v1.29.0
github.com/otterize/network-mapper/src google.golang.org/protobuf@v1.29.0
github.com/otterize/intents-operator/src@v0.0.0-20230823142133-caf026796b72 google.golang.org/protobuf@v1.29.0
google.golang.org/protobuf@v1.29.0 github.com/golang/protobuf@v1.5.0
google.golang.org/protobuf@v1.29.0 github.com/google/go-cmp@v0.5.5
Hi team!
We've identified a category high vulnerability (CVE-2023-24535) in the docker image caused by
google.golang.org/protobuf@v1.29.0
which can be resolved by upgrading togoogle.golang.org/protobuf@v1.29.1
. It seems to be an indirect dependency from another module of yours (intents-operator
).Is it something that can be updated and taken care of or are you reliant on this specific protobuf version?
Import graph:
Aquasecurity scan:
Thank you!