From 2825e0b3c582679cef961cd97b6b7cc47cb50516 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Tue, 24 Dec 2024 22:59:58 +0300
Subject: [PATCH] cilium-envoy-1.16/1.16.5-r0: cve remediation (#38294)

cilium-envoy-1.16/1.16.5-r0: fix GHSA-w32m-9786-jp63

Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/cilium-envoy-1.16.advisories.yaml

---------

Signed-off-by: Ajay Kemparaj <ajaykemparaj@gmail.com>
Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
Co-authored-by: Ajay Kemparaj <ajaykemparaj@gmail.com>
---
 cilium-envoy-1.16.yaml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/cilium-envoy-1.16.yaml b/cilium-envoy-1.16.yaml
index 01d2d55bab9..6530461b5f6 100644
--- a/cilium-envoy-1.16.yaml
+++ b/cilium-envoy-1.16.yaml
@@ -2,7 +2,7 @@
 package:
   name: cilium-envoy-1.16
   version: 1.16.5
-  epoch: 0
+  epoch: 1
   description: Envoy with additional cilium plugins
   copyright:
     - license: Apache-2.0
@@ -51,6 +51,11 @@ pipeline:
       expected-commit: ad6882773c5f89feda9c295276707f01de269296
       destination: cilium
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/net@v0.33.0
+      modroot: cilium
+
   - uses: git-checkout
     with:
       repository: https://github.com/cilium/proxy
@@ -66,6 +71,16 @@ pipeline:
         | sed "s/^ARG.*:v[0-9.]\+-[0-9]\+-//g" | cut -d@ -f1)
       git reset --hard $ENVOY_SHA
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/net@v0.33.0
+
+  - runs: |
+      # Bazel errors out on toolchain stanza
+      sed -i '/$toolchain /d' go.mod
+      # Bazel errors out on go point release
+      sed -i 's|^\(go 1\.[0-9]*\)\.[0-9]*|\1|' go.mod
+
   - name: Build and Install proxylib
     runs: |
       cd ./proxylib