Address known vulnerabilities with a module update

Through an update of the go main stdlib and crypto dependency many of the known CVEs can be addressed. 

Here a list of the detected findings reported by trivy on a scan of ghcr.io/willnorris/imageproxy@sha256:ccfa95e7413a97a3bc6af17edacae7006ad542bbc46e99b9e77050c17f99ca84 as of today:

- CVE-2023-36308 (open, no fixes yet for it)
- CVE-2025-47906
- CVE-2025-47907
- CVE-2025-47912
- CVE-2025-47914
- CVE-2025-58181
- CVE-2025-58183
- CVE-2025-58185
- CVE-2025-58186
- CVE-2025-58187
- CVE-2025-58188
- CVE-2025-58189
- CVE-2025-61723
- CVE-2025-61724
- CVE-2025-61725
- CVE-2025-61727
- CVE-2025-61729

I'm not telling these are critical or so but it looks like a low hanging fruit to take the findings count back to a low number

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Address known vulnerabilities with a module update #488

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Address known vulnerabilities with a module update #488

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions