Addressing security vulnerabilities in the Temporalio/admin-tools :1.27.2

[thle40]

Expected Behavior

No more CVEs found

Actual Behavior

There are some CVEs found from the latest Temporal image: temporalio/admin-tools:1.27.2

Steps to Reproduce the Problem

Pull the latest image temporalio/admin-tools:1.27.2 from Dockerhub Scan the image with any vulnerability scanner

CVE	SEVERITY	CVSS	PACKAGE	VERSION	FIX IN
CVE-2025-30204	high	7.50	github.com/golang-jwt/jwt/v4	v4.5.1	4.5.2
CVE-2025-30204	high	7.50	github.com/golang-jwt/jwt	v3.2.2	open
CVE-2024-45338	high	0.00	golang.org/x/net/html	v0.31.0	fixed in 0.33.0
CVE-2024-2689	medium	4.40	go.temporal.io/server	v1.18.1-0.20230217005328-b313b7f58641	fixed in 1.20.5, 1.21.6, 1.22.7
CVE-2023-3485	low	3.00	go.temporal.io/server	v1.18.1-0.20230217005328-b313b7f58641	fixed in 1.20.0
CVE-2025-31498	low	0.00	c-ares	1.34.3-r0	fixed in 1.34.5-r0
CVE-2025-31115	low	0.00	xz	5.6.3-r0	fixed in 5.6.3-r1
CVE-2025-21490	low	0.00	mariadb	11.4.4-r1	fixed in 11.4.5-r0
CVE-2025-1094	low	0.00	postgresql17	17.2-r0	fixed in 17.4-r0
CVE-2024-8176	low	0.00	expat	2.6.4-r0	fixed in 2.7.0-r0

[thle40]

more cves are reported for this version

CVE	SEVERITY	CVSS	PACKAGE	VERSION	FIX IN
CVE-2025-29087	high	7.5	sqlite	3.48.0-r0	fixed in 3.48.0-r1
CVE-2025-22870	high	8.8	golang.org/x/net/http/httpproxy	v0.35.0	fixed in 0.36.0
CVE-2025-22868	high	8.7	golang.org/x/oauth2/jws	v0.26.0	fixed in 0.27.0
CVE-2023-47108	high	7.5	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.36.4	fixed in 0.46.0
CVE-2024-44337	medium	6.9	github.com/gomarkdown/markdown/parser	v0.0.0-20241105142532-d03b89096d81	N/A
CVE-2025-4207	low	None	postgresql17	17.2-r0	17.5-r0
CVE-2025-4516	low	None	python3	3.12.9-r0	3.12.10-r1
CVE-2024-51744	low	2.3	github.com/golang-jwt/jwt	v3.2.2+incompatible	N/A