cilium-envoy-1.16/1.16.5-r0: cve remediation (#38294)

cilium-envoy-1.16/1.16.5-r0: fix GHSA-w32m-9786-jp63 Advisory data: https://github.com/wolfi-dev/advisories/blob/main/cilium-envoy-1.16.advisories.yaml --------- Signed-off-by: Ajay Kemparaj <[email protected]> Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: Ajay Kemparaj <[email protected]>
wolfi-dev · Dec 24, 2024 · 2825e0b · 2825e0b
1 parent 0c01707
commit 2825e0b
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/cilium-envoy-1.16.yaml b/cilium-envoy-1.16.yaml
@@ -2,7 +2,7 @@
 package:
   name: cilium-envoy-1.16
   version: 1.16.5
-  epoch: 0
+  epoch: 1
   description: Envoy with additional cilium plugins
   copyright:
     - license: Apache-2.0
@@ -51,6 +51,11 @@ pipeline:
       expected-commit: ad6882773c5f89feda9c295276707f01de269296
       destination: cilium
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: cilium
+
   - uses: git-checkout
     with:
       repository: https://github.com/cilium/proxy
@@ -66,6 +71,16 @@ pipeline:
         | sed "s/^ARG.*:v[0-9.]\+-[0-9]\+-//g" | cut -d@ -f1)
       git reset --hard $ENVOY_SHA
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+
+  - runs: |
+      # Bazel errors out on toolchain stanza
+      sed -i '/$toolchain /d' go.mod
+      # Bazel errors out on go point release
+      sed -i 's|^\(go 1\.[0-9]*\)\.[0-9]*|\1|' go.mod
+
   - name: Build and Install proxylib
     runs: |
       cd ./proxylib