Backport of security: fine-tune release scanner and bump coredns into…

… release/1.18.x (#21042) security: fine-tune release scanner and bump coredns Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
hashicorp · May 4, 2024 · a08bcba · a08bcba
1 parent e263a09
commit a08bcba
Show file tree

Hide file tree

Showing 3 changed files with 329 additions and 262 deletions.
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -42,6 +42,13 @@ container {
 				"CVE-2023-46219", # curl@8.4.0-r0
 				"CVE-2023-5678",  # openssl@3.1.4-r0
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
@@ -76,6 +83,13 @@ binary {
 			vulnerabilites = [
 				"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
 			]
+			paths = [
+				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
+				"test/integration/connect/envoy/test-sds-server/*",
+				"test/integration/consul-container/*",
+				"testing/deployer/*",
+				"test-integ/*",
+			]
 		}
 	}
 }
diff --git a/test/integration/connect/envoy/test-sds-server/go.mod b/test/integration/connect/envoy/test-sds-server/go.mod
@@ -4,11 +4,9 @@ go 1.16
 
 require (
 	github.com/envoyproxy/go-control-plane v0.11.1
-	github.com/fatih/color v1.14.1 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/hashicorp/consul v1.15.2
+	github.com/hashicorp/consul v1.18.1
+	github.com/hashicorp/consul/sdk v0.16.0 // indirect
 	github.com/hashicorp/go-hclog v1.5.0
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	google.golang.org/grpc v1.56.3
 )