# contribute

Ethan Brown

03/22/2024, 4:43 PM
Quick heads up that I just up as a proposal / to discuss how to determine which Go version to use. Right now builds are pinned to 1.21.5, but I think they should float against 1.21. The tl; dr is that I didn't fully triage the list of things I was given from the auditors to see how applicable the various vulns are... BUT... I thought it was some low-hanging fruit to at least use latest Z release of Go to build things and knock a number of vulns off the list.
Maybe you've already got plans for renovate / dependabot ... or it just needs to be configured to update Dockerfiles -- I didn't really look. But this seemed like a reasonable short-term solution for now
Semi-related to vulns ... the PR to flyteconsole is still open at The base container image being used for console is still ancient / unmaintained. Should be using
rather than
For a frontend image, it shouldn't really matter too much. It's mostly a compliance / auditing issue.