Go version bump for multiple CVEs - can this be automated?

[crispygoth]

I'm currently in the process of evaluating nginx-prometheus-exporter for use on our environment, however I noticed that Docker Scout reports a number of issues with the current image for v1.3.0 (3x HIGH, 1x MEDIUM), all within the golang/stdlib package - the image currently has 1.22.5 and the fixed version is 1.22.7. We have a strict requirement within our environment that all HIGH or greater level issues must be fixed within 14 days of a fix being available, due to requirements under the UK Government Cyber Essentials scheme.

A quick test shows that simply checking out the v1.3.0 tag and rebuilding with make container resolves all of these issues by pulling in an updated version of the Go stdlib. While of course we can automate this build locally for our deployment, it would be preferable if we can utilise the pre-built images shipped on Docker Hub.

Is there any possibility of releasing an updated image for v1.3.0 ahead of the v1.4.0 update? And is this something that could be automated or semi-automated?