Backport of security: fine-tune release scanner and bump coredns into release/1.17.x (#21041)

security: fine-tune release scanner and bump coredns Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
7 months ago · 34f9bab5cc
parent 3c0a762152
commit 34f9bab5cc
3 changed files with 329 additions and 262 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -42,6 +42,13 @@ container {
 				"CVE-2023-46219", # curl@8.4.0-r0
 				"CVE-2023-5678",  # openssl@3.1.4-r0
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
@ -76,6 +83,13 @@ binary {
 			vulnerabilites = [
 				"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
--- a/test/integration/connect/envoy/test-sds-server/go.mod
+++ b/test/integration/connect/envoy/test-sds-server/go.mod
@ -4,11 +4,9 @@ go 1.16

 require (
 	github.com/envoyproxy/go-control-plane v0.11.1
-	github.com/fatih/color v1.14.1 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/hashicorp/consul v1.15.2
+	github.com/hashicorp/consul v1.18.1
+	github.com/hashicorp/consul/sdk v0.16.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	google.golang.org/grpc v1.56.3
 )
--- a/test/integration/connect/envoy/test-sds-server/go.sum
+++ b/test/integration/connect/envoy/test-sds-server/go.sum