[Public security vulnerability]: update dependency versions please #719
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
needs-triage
Indicates an issue or PR lacks a `triage/foo` label and requires one.
What would you like to be added?
Could you please update the golang.org/x/net version to 0.23.0, and then release a new version of aws-iam-authenticator after that? Due to security vulnerabilities found from the latest 0.6.14 version.
Why is this needed?
Security scan results from a Docker image that uses the latest 0.6.14 version of
aws-iam-authenticator
have highlighted the CVE-2023-45288 vulnerability in thegolang.org/x/net
dependency, and the CVE-2024-24786 vulnerability in thegoogle.golang.org/protobuf
dependency. (I think the google.golang.org/protobuf version pinned in the code is up-to-date enough, but the latest released version of aws-iam-authenticator is not using this yet.)Anything else we need to know?
No response
The text was updated successfully, but these errors were encountered: