From 5e8797225b23af0832e259260472d8b073de5661 Mon Sep 17 00:00:00 2001
From: Debasish Biswas <debasishbsws.dev@gmail.com>
Date: Sat, 14 Dec 2024 11:01:56 +0530
Subject: [PATCH] using go/bump instead of go mod -edit

pervious pipeline can result in that at some point we downgrade the version because of this command present in the pipeline and we didn't notice.

Signed-off-by: Debasish Biswas <debasishbsws.dev@gmail.com>
---
 calico-3.29.yaml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/calico-3.29.yaml b/calico-3.29.yaml
index f3a26225492..22397fb9912 100644
--- a/calico-3.29.yaml
+++ b/calico-3.29.yaml
@@ -66,6 +66,10 @@ pipeline:
       repository: https://github.com/projectcalico/calico
       tag: v${{package.version}}
       expected-commit: ddfc3b1ea724e2580c68d34950f0ccd318ae3ebf
+  - uses: go/bump
+    with:
+      deps: golang.org/x/crypto@v0.31.0
+      replaces: golang.org/x/crypto=golang.org/x/crypto@v0.31.0
   - working-directory: felix
     pipeline:
       # Equivalent to target: "build-bpf"
@@ -175,11 +179,6 @@ subpackages:
               LDFLAGS="$LDFLAGS -X node/buildinfo.BuildDate=$(date -u +'%FT%T%z')"
               LDFLAGS="$LDFLAGS -X node/buildinfo.GitRevision=$(git rev-parse HEAD || echo '<unknown>')"
 
-              # Mitigate GHSA-v778-237x-gjrc
-              go mod edit -replace=golang.org/x/crypto=golang.org/x/crypto@v0.31.0
-
-              go mod tidy
-
               CGO_ENABLED=1 \
                 CGO_LDFLAGS="$CGO_LDFLAGS" \
                 CGO_CFLAGS="$CGO_CFLAGS" \