### Summary Our container security scans have detected multiple vulnerabilities in the `golang.org/x/crypto` library currently used in the `gitlab-runner` binary. ### Vulnerability Details The current version used (`v0.43.0`) is vulnerable to the following CVEs: 1. **CVE-2025-47914** (Medium Severity): * **Issue:** SSH Agent servers do not validate the size of messages, causing panics (DoS) on malformed inputs. * **Fixed in:** v0.45.0 2. **CVE-2025-58181** (Medium Severity): * **Issue:** SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms, allowing unbounded memory consumption. * **Fixed in:** v0.45.0 ### Affected Components * **Binary:** `/usr/bin/gitlab-runner` * **Current Dependency Version:** `v0.43.0` * **Scan Tool:** GitLab Container Scanning (Trivy) ### Proposal Please update `go.mod` to require `golang.org/x/crypto v0.45.0` or later to remediate these vulnerabilities.