Skip to content

Release v0.0.148

Choose a tag to compare

@github-actions github-actions released this 26 May 10:24
d219638

Summary

Bumps indirect Go dependencies to address fixable container image vulnerabilities found in quay.io/kubescape/synchronizer@sha256:e247d1263daf749e2cec03840b7c178ec43478bda6ea20949ca0261e6a21be99.

CVE Severity Package From To
CVE-2026-34040 HIGH github.com/docker/docker v28.5.0 v28.5.2
CVE-2026-33997 MEDIUM github.com/docker/docker v28.5.0 v28.5.2
CVE-2026-33481 MEDIUM github.com/anchore/syft v1.32.0 v1.44.0

Both are indirect dependencies. Build verified with make build after the update.

Note: Trivy reports the docker/docker fix version as v29.3.1, which is not yet available in the Go module proxy. v28.5.2 is the latest available patch release on the v28 line.

Test plan

  • go mod tidy ran cleanly
  • make build passes
  • CI passes

🤖 Generated with Claude Code