jitsucom-bulker/2.8.4-r0: cve remediation (#36613)

Bumping 'golang.org/x/[email protected]' for all the sub-components. There is no root go.mod so we need to do this at each project level. go/bump doesn't support multiple target destinations today, so we need to duplicate unfortunately. -------------- jitsucom-bulker/2.8.4-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/jitsucom-bulker.advisories.yaml --------- Signed-off-by: Mark McCormick <[email protected]> Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: Mark McCormick <[email protected]>
wolfi-dev · Dec 12, 2024 · d0d53ef · d0d53ef
1 parent f0dc830
commit d0d53ef
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/jitsucom-bulker.yaml b/jitsucom-bulker.yaml
@@ -1,7 +1,7 @@
 package:
   name: jitsucom-bulker
   version: 2.8.4
-  epoch: 0
+  epoch: 1
   description: Service for bulk-loading data to databases with automatic schema management (Redshift, Snowflake, BigQuery, ClickHouse, Postgres, MySQL)
   copyright:
     - license: MIT
@@ -20,6 +20,31 @@ pipeline:
       repository: https://github.com/jitsucom/bulker
       tag: jitsu2-v${{package.version}}
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: bulkerapp
+
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: ingest
+
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: sync-sidecar
+
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: sync-controller
+
+  - uses: go/bump
+    with:
+      deps: golang.org/x/[email protected]
+      modroot: ingress-manager
+
 data:
   - name: commands
     items: