CVE-2024-45338 in addon-resizer

[kumar-mallikarjuna]

Which component are you using?:
/area addon-resizer

What version of the component are you using?:
1.8.22

Component version:

What k8s version are you using (kubectl version)?:

Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.7-eks-56e63d8

kubectl version Output

$ kubectl version

What environment is this in?:
prod

aws

What did you expect to happen?:
Not have CVEs.

What happened instead?:
Trivy scan shows:

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                       │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2024-45338 │ HIGH     │ fixed  │ v0.23.0           │ 0.33.0        │ golang.org/x/net/html: Non-linear parsing of      │
│                  │                │          │        │                   │               │ case-insensitive content in golang.org/x/net/html │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-45338        │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────┘

How to reproduce it (as minimally and precisely as possible):
Run a trivy scan on 1.8.22 build for addon-resizer.

Anything else we need to know?: