Flyte enables production-grade orchestration for machine learning workflows and data processing created to accelerate local workflows to production.

Flyte

Quick heads up that I just up <https://github.com/flyteorg/flyte/pull/5097> as a proposal / to discuss how to determine which Go version to use. Right now builds are pinned to 1.21.5, but I think they should float against 1.21.

The tl; dr is that I didn't fully triage the list of things I was given from the auditors to see how applicable the various vulns are... BUT... I thought it was some low-hanging fruit to at least use latest Z release of Go to build things and knock a number of vulns off the list.

Maybe you've already got plans for renovate / dependabot ... or it just needs to be configured to update Dockerfiles -- I didn't really look.

But this seemed like a reasonable short-term solution for now

Semi-related to vulns ... the PR to flyteconsole is still open at <https://github.com/flyteorg/flyteconsole/pull/834>

The base container image being used for console is still ancient / unmaintained. Should be using `<http://gcr.io/distroless/nodejs18-debian12|gcr.io/distroless/nodejs18-debian12>` rather than `<http://gcr.io/distroless/nodejs|gcr.io/distroless/nodejs>`

For a frontend image, it shouldn't really matter too much. It's mostly a compliance / auditing issue.