High CVE in golang.org/x/crypto/ssh/agent

[AkshithaRajavelDev]

Describe the bug
In quay.io/argoproj/argo-events:latest (v1.9.7) image, snyk security scanner has detected a high severity CVE (CVE-2025-47913) introduced through golang.org/x/crypto/ssh/agent package. Can we expect this to be patched in v1.9.8 ?

[AkshithaRajavelDev]

Some medium and low vulns are also found in the following packages
github.com/emitter-io/go/v2
github.com/valyala/fasthttp
github.com/golang-jwt/jwt

[santiagomangone]

+1 on the fasthttp update. We're tracking SNYK-GOLANG-GITHUBCOMVALYALAFASTHTTP-6815320 (Open Redirect, medium
severity) internally.

Bumping this to see if maintainers can include fasthttp v1.53.0 in the next release. Thanks!