calico-3.29/3.29.1-r0: cve remediation

calico-3.29.yaml

@@ -1,7 +1,7 @@
 package:
   name: calico-3.29
   version: 3.29.1
-  epoch: 0
+  epoch: 1
   description: "Cloud native networking and network security"
   copyright:
     - license: Apache-2.0
@@ -66,6 +66,10 @@ pipeline:
       repository: https://github.com/projectcalico/calico
       tag: v${{package.version}}
       expected-commit: ddfc3b1ea724e2580c68d34950f0ccd318ae3ebf
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      replaces: golang.org/x/crypto=golang.org/x/[email protected]
   - working-directory: felix
     pipeline:
       # Equivalent to target: "build-bpf"
@@ -175,11 +179,6 @@ subpackages:
               LDFLAGS="$LDFLAGS -X node/buildinfo.BuildDate=$(date -u +'%FT%T%z')"
               LDFLAGS="$LDFLAGS -X node/buildinfo.GitRevision=$(git rev-parse HEAD || echo '<unknown>')"
 
-              # Mitigate CVE-2023-48795
-              go mod edit -replace=golang.org/x/crypto=golang.org/x/[email protected]
-
-              go mod tidy
-
               CGO_ENABLED=1 \
                 CGO_LDFLAGS="$CGO_LDFLAGS" \
                 CGO_CFLAGS="$CGO_CFLAGS" \