After installing helm-diff 3.15.7 (helm plugin install https://github.com/databus23/helm-diff --version 3.15.7), container scans flag several high (and some medium/low) issues in the Go 1.26.0 standard library embedded in the prebuilt diff binary, for example:
CVE-2026-33810
CVE-2026-39836
CVE-2026-33814
CVE-2026-33811
CVE-2026-32283
CVE-2026-32281
CVE-2026-32280
CVE-2026-27137
CVE-2026-25679
(Fix versions are generally Go 1.26.2 / 1.26.3 per upstream advisories.)
Could you rebuild release artifacts on a patched Go toolchain (and refresh module deps as needed), similar to #950? That would clear these findings for consumers who install the plugin via helm plugin install.
Thanks.
After installing helm-diff 3.15.7 (helm plugin install https://github.com/databus23/helm-diff --version 3.15.7), container scans flag several high (and some medium/low) issues in the Go 1.26.0 standard library embedded in the prebuilt diff binary, for example:
CVE-2026-33810
CVE-2026-39836
CVE-2026-33814
CVE-2026-33811
CVE-2026-32283
CVE-2026-32281
CVE-2026-32280
CVE-2026-27137
CVE-2026-25679
(Fix versions are generally Go 1.26.2 / 1.26.3 per upstream advisories.)
Could you rebuild release artifacts on a patched Go toolchain (and refresh module deps as needed), similar to #950? That would clear these findings for consumers who install the plugin via helm plugin install.
Thanks.