Release v0.0.148
Summary
Bumps indirect Go dependencies to address fixable container image vulnerabilities found in quay.io/kubescape/synchronizer@sha256:e247d1263daf749e2cec03840b7c178ec43478bda6ea20949ca0261e6a21be99.
| CVE | Severity | Package | From | To |
|---|---|---|---|---|
| CVE-2026-34040 | HIGH | github.com/docker/docker |
v28.5.0 | v28.5.2 |
| CVE-2026-33997 | MEDIUM | github.com/docker/docker |
v28.5.0 | v28.5.2 |
| CVE-2026-33481 | MEDIUM | github.com/anchore/syft |
v1.32.0 | v1.44.0 |
Both are indirect dependencies. Build verified with make build after the update.
Note: Trivy reports the docker/docker fix version as v29.3.1, which is not yet available in the Go module proxy. v28.5.2 is the latest available patch release on the v28 line.
Test plan
-
go mod tidyran cleanly -
make buildpasses - CI passes
🤖 Generated with Claude Code