Request for dependency updates to mitigate CVEs

I am incorporating `okta-aws-cli` into a docker image.  The GitLab container scanning (Trivy) reported two high CVEs that trace back to `okta-aws-cli`.

The first one, [CVE-2025-22869](https://www.cve.org/CVERecord?id=CVE-2025-22869), recommends updating to version of ` golang.org/x/crypto` greater than `0.35.0`.  Currently [`0.32.0` is specified in `go.mod`](https://github.com/okta/okta-aws-cli/blob/d20a94c83f6fcad0550c165be8369a2ca585abea/go.mod#L29).

The second one, [CVE-2025-47907](https://www.cve.org/CVERecord?id=CVE-2025-47907), recommends updating the Go version to `1.23.12`, `1.24.6`.  Currently [`1.21` is specified in `go.mod`](https://github.com/okta/okta-aws-cli/blob/d20a94c83f6fcad0550c165be8369a2ca585abea/go.mod#L3).

Updates to these would be much appreciated to help calm the security dashboards.  Thanks!



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request for dependency updates to mitigate CVEs #300

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Request for dependency updates to mitigate CVEs #300

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions