yannh
commented
1 month ago Will cut a release soon. The actual production docker images and assets are all built by the version of Go used by the goreleaser image - @deepflame I'm quite interested, how does your scanner detect the Go version, by analysing the binaries in the docker images? Is it actually trivial to find what version of go an executable has been built with?
Hi,
thanks for your efforts on kubeconform. Could you release a new version built with Go >=1.22.4 to fix https://github.com/advisories/GHSA-49gw-vxvf-fc2g ? It might be that the CVE can not be exploited in this code base but our security scanner complains :)
Thanks a lot Andreas