Scanners catch CVE-2024-45337 in Argo rollout 1.8.3

Checklist:

* [ x] I've included steps to reproduce the bug.
* [ x] I've included the version of argo rollouts.

**Describe the bug**


The CrowdStrike scanner has found a vulnerability related to the golang.org/x/cryptov 0.27.0, which is currently used in ArgoRollout 1.8.3. The recommendation is to upgrade the crypto to version 0.31.0, and as far as I see, the latest code you have is already 0.32.0, but not in any release yet. 
A new release can fix this issue, so I wonder if one is in the plans soon.

**To Reproduce**



**Expected behavior**



**Screenshots**



**Version**
1.8.3



**Logs**

```
# Paste the logs from the rollout controller

# Logs for the entire controller:
kubectl logs -n argo-rollouts deployment/argo-rollouts

# Logs for a specific rollout:
kubectl logs -n argo-rollouts deployment/argo-rollouts | grep rollout=<ROLLOUTNAME
```

---

**Message from the maintainers**:

Impacted by this bug? Give it a 👍. We prioritize the issues with the most 👍.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Scanners catch CVE-2024-45337 in Argo rollout 1.8.3 #4455

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Scanners catch CVE-2024-45337 in Argo rollout 1.8.3 #4455

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions