GO vulns present in multiple locations in atlantis image

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

Vulnerability scanners looking at the latest atlantis image 0.25.0 reveal 5 versions of go installed at different paths. Only /usr/local/bin/atlantis and /usr/local/bin/terraform are at high enough versions of go to pass vulnerability scans. The go vulns present in the other three paths require an upgrade of those components, or we cannot deploy this tool.

Reproduction Steps

Download the atlantis:latest (atlants:0.25.0) image locally and scan it with your favourite vulnerability scanner. All the go vulns will light up like a stop light.

Logs

N/A

Environment details

Atlantis version: 0.25.0
Deployment method: n/a
If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: n/a
Atlantis flags: n/a

Atlantis server-side config file: n/a

Repo atlantis.yaml file: n/a

Any other information you can provide about the environment/deployment (efs/nfs, aws/gcp, k8s/fargate, etc)

Additional Context

runatlantis / atlantis