Hi team, We recently starting using the Google Artifact Registry's container scanning, and have been able to fix almost all critical vulnerabilities across our codebase. The one exception is the docker container created when we deploy our dataflow beam jobs.
The "critical" vulnerability reported is https://security-tracker.debian.org/tracker/CVE-2023-45853, and we are using Apache Beam golang v2.53.0. I cannot tell whether this is something that is even easily fixable in the docker setup or whether beam is even affected by this issue. Has anyone else run into this issue? Would a beam dataflow job actually be affected or is this more relevant for someone actually running servers on this particular version of debian? Should we just be ignoring this "critical" vulnerability since it is just in the docker container for a couple of batch jobs? Does the beam project generally attempt to address as many of these vulnerabilities? Best, 8 Token Transit
