CVE issues

[Ravikirandg29]

When is the official release date for next chart museum version? As the previous 0.16.2 has many critical CVE issues.

[scbizu]

@Ravikirandg29 Hi , could you provide much more report details about those CVEs , some of these are upstream issues , we received tons of PRs from dependabot to update our dependencies daily which really cause the spam (most of these update the indirect dependency) , we will try to resolve the spam next , so , if you have the CVEs list , we can help with it by bumping up some of the massive dependencies and maybe work out a release .

[Ravikirandg29]

@scbizu Below are the critical issues which were reported in the current chartm 0.16.2 version which we are using.
Just wanted to know if there is any release planned with this fix. Since the last official release was on jul 2024.
CVE-2024-41110
Recommendation:
Upgrade github.com/docker/docker from v24.0.9+incompatible to 25.0.6 to fix the vulnerability.

CVE-2024-45337
Recommendation:
Upgrade golang.org/x/crypto from v0.21.0 to 0.31.0 to fix the vulnerability.

[scbizu]

@Ravikirandg29 I think I fixed this , you can try our canary image . As for next rc , I am working on the other fix #1051 to be merged. Maybe this weekend or 1w later .