vulnerabilities due to using older go version

[GabiKalaora]

What steps did you take and what happened: we see vulnerabilities in protecode and whitesource(MEND) scans, these vulnerabilities can be resolved by using go version 1.21.4

What did you expect to happen: scans retun clean results

Anything else you would like to add: I see that in the last few version upgrades you didnt upgrade go, is it planned for the following version?

Environment:

• helm version v1.12.2
• helm chart version and app version 5.2.0
• Kubernetes version (use kubectl version):
• Kubernetes installer & version:
• Cloud provider or hardware configuration:
• OS (e.g. from /etc/os-release):

[jenting]

This is the helm chart repo which generally would not include the Go. Are you referring to the velero container image and it's related plugin images? If yes, could you please file the issue to https://github.com/vmware-tanzu/velero/issues? Thank you.

[jenting]

@qiuming-best could you please check this issue in Velero core code?

[qiuming-best]

@GabiKalaora we'll upgrade the Golang version in each Velero release, and we will do it in a later Velero version

[blackpiglet]

@GabiKalaora Velero hasn't used the scanner you mentioned. Could you post the found CVEs here?