calico-3.29/3.29.1-r0: cve remediation (#36566)

calico-3.29/3.29.1-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/calico-3.29.advisories.yaml --------- Signed-off-by: Debasish Biswas <[email protected]> Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: Hunter Harris <[email protected]> Co-authored-by: Debasish Biswas <[email protected]>
wolfi-dev · Dec 14, 2024 · d4c661c · d4c661c
1 parent 51e084f
commit d4c661c
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/calico-3.29.yaml b/calico-3.29.yaml
@@ -1,7 +1,7 @@
 package:
   name: calico-3.29
   version: 3.29.1
-  epoch: 0
+  epoch: 1
   description: "Cloud native networking and network security"
   copyright:
     - license: Apache-2.0
@@ -66,6 +66,10 @@ pipeline:
       repository: https://github.com/projectcalico/calico
       tag: v${{package.version}}
       expected-commit: ddfc3b1ea724e2580c68d34950f0ccd318ae3ebf
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      replaces: golang.org/x/crypto=golang.org/x/[email protected]
   - working-directory: felix
     pipeline:
       # Equivalent to target: "build-bpf"
@@ -175,11 +179,6 @@ subpackages:
               LDFLAGS="$LDFLAGS -X node/buildinfo.BuildDate=$(date -u +'%FT%T%z')"
               LDFLAGS="$LDFLAGS -X node/buildinfo.GitRevision=$(git rev-parse HEAD || echo '<unknown>')"
 
-              # Mitigate CVE-2023-48795
-              go mod edit -replace=golang.org/x/crypto=golang.org/x/[email protected]
-
-              go mod tidy
-
               CGO_ENABLED=1 \
                 CGO_LDFLAGS="$CGO_LDFLAGS" \
                 CGO_CFLAGS="$CGO_CFLAGS" \