Scanned CVE-2025-22874 in v0.9.3

[colaheart]

A scan with the tool Trivy of one of our Docker images using dockerize v0.9.3 found one potential vulnerability CVE-2025-22874 (https://avd.aquasec.com/nvd/2025/cve-2025-22874/) in GO, more specifically in crypto/x509 (golang/go#73612).

As I understand it, the issue is fixed in GO 1.24.4 and 1.25.0.

Can the GO version be bumped accordingly for a new release of dockerize?

Thank you!

[codyjohnsonfb]

@jwilder Could this be looked into? I see there are a couple of PRs already open, but they are also stale.

Cheers

[moicalcob]

@jwilder it seems that the new 0.9.4 version is still affected by this one and some other issues:

Vulnerabilities (4)

Could this be checked? 🙏🏼 I've proposed a PR as I believe that the issue is that the application is being built with go1.24.0: #245

Package	ID	Severity	Installed Version	Fixed Version	Path
stdlib	CVE-2025-4673	Medium	go1.24.0	1.23.10, 1.24.4	/usr/local/bin/dockerize
stdlib	CVE-2025-22871	Critical	go1.24.0	1.23.8, 1.24.2	/usr/local/bin/dockerize
stdlib	CVE-2025-22874	High	go1.24.0	1.24.4	/usr/local/bin/dockerize

[jwilder]

v0.9.5 should be good now.