gitlab-cng-17.6/17.6.0-r1: cve remediation (#36565)

gitlab-cng-17.6/17.6.0-r1: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/gitlab-cng-17.6.advisories.yaml --------- Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: hbh7 <[email protected]>
wolfi-dev · Dec 16, 2024 · 297ca31 · 297ca31
1 parent dccd741
commit 297ca31
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/gitlab-cng-17.6.yaml b/gitlab-cng-17.6.yaml
@@ -34,7 +34,7 @@ package:
   name: gitlab-cng-17.6
   # ---Additional updates required--- Review 'vars' section (above), when reviewing version bumps.
   version: 17.6.0
-  epoch: 1
+  epoch: 2
   description: Cloud Native container images per component of GitLab
   copyright:
     - license: MIT
@@ -199,7 +199,7 @@ subpackages:
           mkdir -p "${{targets.contextdir}}"/etc/docker/registry
       - uses: go/bump
         with:
-          deps: github.com/golang-jwt/jwt/[email protected]
+          deps: github.com/golang-jwt/jwt/[email protected] golang.org/x/[email protected]
           modroot: ./container-registry
       - uses: go/build
         with:
@@ -442,6 +442,10 @@ subpackages:
           tag: v${{vars.shell-tag}}
           expected-commit: ${{vars.shell-commit}}
           destination: ./shell
+      - uses: go/bump
+        with:
+          deps: golang.org/x/[email protected]
+          modroot: ./shell
       - working-directory: ./shell
         runs: |
           make build