Summary
Several dependencies have fallen behind, accumulating security and compatibility risk:
| Dependency |
Current |
Latest |
| Go |
1.19 (EOL) |
1.25 |
k8s.io/* |
v0.26.2 |
v0.35.3 |
golang.org/x/net |
v0.7.0 |
v0.52.0 |
golangci-lint |
v1.49.0 |
v1.64.8 |
multiarch/qemu-user-static |
5.2.0-2 |
8.1.5-1 |
| GitHub Actions runners |
ubuntu-20.04 (EOL Apr 2025) |
ubuntu-24.04 |
| GitHub Actions versions |
SHA-pinned v2/v3 era |
current major versions |
Notes
- Go 1.19 is end-of-life and no longer receives security patches
golang.org/x/net has had multiple CVEs since v0.7.0k8s.io/* at v0.26.2 is 9 minor versions behind, causing cascading transitive dependency drift- ubuntu-20.04 standard support ended April 2025
Summary
Several dependencies have fallen behind, accumulating security and compatibility risk:
k8s.io/*golang.org/x/netgolangci-lintmultiarch/qemu-user-staticNotes
golang.org/x/nethas had multiple CVEs since v0.7.0k8s.io/*at v0.26.2 is 9 minor versions behind, causing cascading transitive dependency drift