It looks like flytectl is being built with older Go 1.22.0 and therefore has some vulns -- the toolchain ref in go.mod was the only thing I saw pointing to go 1.22.0, but I don't think that should be what causes this. Maybe there's some other plumbing / environment declaration elsewhere? Small PR up at https://github.com/flyteorg/flyte/pull/5723