helm-operator-fips-1.33
Chainguard
Status
Impact
To fix the vulnerability Helm dependency needs to be upgraded to v3.18.5. The upgrade to Helm v3.18.5 requires Go 1.24 but rebuilding with this toolchain led to multiple compatibility issues. These failures indicate upstream needs to align dependencies and update the integration with Go 1.24 to support Helm v3.18.5. Once all of this has been addressed, we can then upgrade and remediate the vulnerability.
Status
Impact
Govulncheck found vulnerable symbols in Go binaries at the following locations: in helm-operator-fips-1.33-1.33.0-r17.apk, at usr/bin/helm-operator, usr/bin/helm-operator.
Status