From 89f21dce0c42c432a7b75e2ef0518b91ea14e399 Mon Sep 17 00:00:00 2001
From: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
Date: Tue, 28 Nov 2023 09:12:09 +0000
Subject: [PATCH 1/2] keda/2.12.1 package update

---
 keda.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/keda.yaml b/keda.yaml
index 85f80f4ed8f..8d682f56657 100644
--- a/keda.yaml
+++ b/keda.yaml
@@ -1,8 +1,8 @@
 package:
   name: keda
   # See https://github.com/kedacore/keda/blob/main/SECURITY.md#supported-versions for upstream-supported versions
-  version: 2.12.0
-  epoch: 6
+  version: 2.12.1
+  epoch: 0
   description: KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
   copyright:
     - license: Apache-2.0
@@ -27,7 +27,7 @@ pipeline:
     with:
       repository: https://github.com/kedacore/keda
       tag: v${{package.version}}
-      expected-commit: 9527a7f1f2797aa5662b2b45b1d26acf22a0cd09
+      expected-commit: dc76ca70f19c22e8f0c806f84d95256d771f3dc9
 
   - runs: |
       # CVE-2023-39325

From ec3cb58c3795e773248610a5ee5bf56e642ba4fc Mon Sep 17 00:00:00 2001
From: James Rawlings <jrawlings@chainguard.dev>
Date: Tue, 28 Nov 2023 09:34:44 +0000
Subject: [PATCH 2/2] keda: remove patches as applied upstream

https://github.com/kedacore/keda/blob/v2.12.1/go.mod

Signed-off-by: James Rawlings <jrawlings@chainguard.dev>
---
 keda.yaml | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/keda.yaml b/keda.yaml
index 8d682f56657..2752651341c 100644
--- a/keda.yaml
+++ b/keda.yaml
@@ -30,25 +30,6 @@ pipeline:
       expected-commit: dc76ca70f19c22e8f0c806f84d95256d771f3dc9
 
   - runs: |
-      # CVE-2023-39325
-      go get golang.org/x/net@v0.17.0
-
-      # Remediate GHSA-m425-mq94-257g
-      go mod edit -droprequire=google.golang.org/grpc
-      go get google.golang.org/grpc@v1.58.3
-
-      # google.golang.org/grpc@v1.58.3 changes the required sigs.k8s.io/custom-metrics-apiserver version
-      go mod edit -replace=sigs.k8s.io/custom-metrics-apiserver=sigs.k8s.io/custom-metrics-apiserver@v1.28.0
-
-      # CVE-2023-45142
-      go get go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.0
-      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.19.0
-      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.19.0
-      go get go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp@v0.42.0
-      go get go.opentelemetry.io/otel/sdk@v1.21.0
-      go mod edit -droprequire=go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
-      go get go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0
-
       # GHSA-2c7c-3mj9-8fqh
       go get github.com/go-jose/go-jose/v3@v3.0.1