security: fine-tune release scanner and bump coredns (#21038)

* security: bump coredns * add changelog * Revert "security: bump coredns" This reverts commit dcca09d83e. * security: bump coredns * fine-tune security scanner on release * dismiss changelog
7 months ago · 8209b3ff86
3 changed files with 289 additions and 258 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -42,6 +42,13 @@ container {
 				"CVE-2023-46219", # curl@8.4.0-r0
 				"CVE-2023-5678",  # openssl@3.1.4-r0
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
@ -76,6 +83,13 @@ binary {
 			vulnerabilites = [
 				"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
--- a/test/integration/connect/envoy/test-sds-server/go.mod
+++ b/test/integration/connect/envoy/test-sds-server/go.mod
@ -4,11 +4,9 @@ go 1.16

 require (
 	github.com/envoyproxy/go-control-plane v0.12.0
-	github.com/fatih/color v1.14.1 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/hashicorp/consul v1.15.2
+	github.com/hashicorp/consul v1.18.1
+	github.com/hashicorp/consul/sdk v0.16.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	google.golang.org/grpc v1.58.3
 )
--- a/test/integration/connect/envoy/test-sds-server/go.sum
+++ b/test/integration/connect/envoy/test-sds-server/go.sum