Skip to content

[Bug]: golang.org/x/crypto outdated and insecure #297

New issue
New issue
Open
Open
[Bug]: golang.org/x/crypto outdated and insecure#297
Assignees
norwoodjNepo26
Labels
bugSomething isn't workingtriageIssues that need to be triaged and categorized
@xrow

Description

@xrow
xrow
opened on Jul 26, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Trivy tells me that there are security issues.

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.
usr/bin/helm-docs (gobinary)

Total: 2 (CRITICAL: 2)
┌─────────────────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2024-45337 │ CRITICAL │ fixed │ v0.21.0 │ 0.31.0 │ golang.org/x/crypto/ssh: Misuse of │
│ │ │ │ │ │ │ ServerConfig.PublicKeyCallback may cause authorization │
│ │ │ │ │ │ │ bypass in golang.org/x/crypto │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45337
├─────────────────────┼────────────────┤ │ ├───────────────────┼─────────────────┼────────────────────────────────────────────────────────────┤
│ stdlib │ CVE-2024-24790 │ │ │ v1.22.1 │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │
│ │ │ │ │ │ │ IPv4-mapped IPv6 addresses │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-24790
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴────────────────────────────────────────────────────────────┘
[info] Generate SBOM in SPDX format
2025-07-26T08:16:52Z INFO "--format spdx-json" disables security scanning. Specify "--scanners vuln" explicitly if you want to include vulnerabilities in the "spdx-json" report.
2025-07-26T08:16:56Z INFO Detected OS family="redhat" version="9.5"
2025-07-26T08:16:56Z INFO Number of language-specific files num=1
real 0m 3.30s

Expected Behavior

no issues

Reference Chart

not needed

Reference Template

No response

Environment

  • Operating system:
  • Helm version (output of helm version):
  • GO version (output of go version):
  • Method of calling helm-docs (manual, jenkins, github action ...):

Link to helm-docs Logs

No response

Further Information

No response

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingtriageIssues that need to be triaged and categorized

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions