Need upgraded versions of "golang.org/x/net","jinja2","requests" packages to resolve security vulnerabilities

Hi, we are currently using operator-sdk v1.37.0 as the base image to build our operator. During our Security scan, below vulnerabilities were found. 
<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta name=ProgId content=Excel.Sheet>
<meta name=Generator content="Microsoft Excel 15">
<link id=Main-File rel=Main-File
href="file:///C:/Users/SIVANI~1/AppData/Local/Temp/msohtmlclip1/01/clip.htm">
<link rel=File-List
href="file:///C:/Users/SIVANI~1/AppData/Local/Temp/msohtmlclip1/01/clip_filelist.xml">



</head>

<body link="#467886" vlink="#96607D">


Package | CVE | Current version | Required upgraded version |  
-- | -- | -- | -- | --
golang.org/x/net | CVE-2024-45338 | v0.29.0 | v0.33.0 |  
jinja2 | CVE-2024-56201,   CVE-2024-56326 | v3.1.4 | v3.1.5 |  
requests | CVE-2024-35195 |   | v2.32.0 |  



</body>

</html>


Can we know by when the new version of operator-sdk will be released with the upgraded versions of these packages?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Need upgraded versions of "golang.org/x/net","jinja2","requests" packages to resolve security vulnerabilities #125

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Package	CVE	Current version	Required upgraded version
golang.org/x/net	CVE-2024-45338	v0.29.0	v0.33.0
jinja2	CVE-2024-56201, CVE-2024-56326	v3.1.4	v3.1.5
requests	CVE-2024-35195		v2.32.0

Need upgraded versions of "golang.org/x/net","jinja2","requests" packages to resolve security vulnerabilities #125

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions