CVE-2024-45338

[yariksheptykin]

Our CI is failing because trivy reports usr/local/bin/dockerize using golang.org/x/net v0.32.0, which is apparently affected by CVE-2024-45338. Can we bump golang.org/x/net to v0.33.0?

usr/local/bin/dockerize (gobinary)
==================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                       │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ HIGH     │ fixed  │ v0.32.0           │ 0.33.0        │ Non-linear parsing of case-insensitive content in │
│                  │                │          │        │                   │               │ golang.org/x/net/html                             │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-45338        │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘

[pahnin]

@jwilder is it possible to do another minor release so that this CVE is resolved?

[pahnin]

0.9.1 doesn't have this commit 5bf6fdb...master