From d8986c278f32a3e7ad13b8f8314d347463fbc886 Mon Sep 17 00:00:00 2001
From: hectorj2f <hector@chainguard.dev>
Date: Wed, 24 Apr 2024 20:41:38 +0200
Subject: [PATCH] fix GHSA-4v7x-pqxf-cx7m

Signed-off-by: hectorj2f <hector@chainguard.dev>
---
 dagdotdev.yaml       | 6 +++++-
 dgraph.yaml          | 4 ++--
 dive.yaml            | 4 ++--
 eksctl.yaml          | 4 ++--
 envoy-ratelimit.yaml | 4 ++--
 falcosidekick.yaml   | 4 ++--
 flyte.yaml           | 4 ++--
 7 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/dagdotdev.yaml b/dagdotdev.yaml
index f4880787f9..6194892ed5 100644
--- a/dagdotdev.yaml
+++ b/dagdotdev.yaml
@@ -1,7 +1,7 @@
 package:
   name: dagdotdev
   version: 0.0.2
-  epoch: 1
+  epoch: 2
   description: oci and apk explorer
   copyright:
     - license: Apache-2.0
@@ -25,6 +25,10 @@ pipeline:
       repository: https://github.com/jonjohnsonjr/dagdotdev
       tag: v${{package.version}}
 
+  - uses: go/bump
+    with:
+      deps: golang.org/x/net@v0.23.0
+
   - uses: go/build
     with:
       packages: .
diff --git a/dgraph.yaml b/dgraph.yaml
index 95249f8461..6efecf4cf5 100644
--- a/dgraph.yaml
+++ b/dgraph.yaml
@@ -1,7 +1,7 @@
 package:
   name: dgraph
   version: 23.1.0
-  epoch: 7
+  epoch: 8
   description: A distributed graph database
   copyright:
     - license: Apache-2.0
@@ -35,7 +35,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: golang.org/x/net@v0.17.0 golang.org/x/crypto@v0.17.0 google.golang.org/grpc@v1.56.3 google.golang.org/protobuf@v1.33.0
+      deps: google.golang.org/grpc@v1.56.3 google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0
 
   - runs: |
       make install_oss
diff --git a/dive.yaml b/dive.yaml
index ae3057384c..8efb15846a 100644
--- a/dive.yaml
+++ b/dive.yaml
@@ -1,7 +1,7 @@
 package:
   name: dive
   version: 0.12.0
-  epoch: 3
+  epoch: 4
   description: A tool for exploring each layer in a docker image
   copyright:
     - license: MIT
@@ -24,7 +24,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: github.com/docker/docker@v24.0.9
+      deps: github.com/docker/docker@v24.0.9 golang.org/x/net@v0.23.0
 
   - uses: go/build
     with:
diff --git a/eksctl.yaml b/eksctl.yaml
index 491bdd7b3c..81f49f492d 100644
--- a/eksctl.yaml
+++ b/eksctl.yaml
@@ -1,7 +1,7 @@
 package:
   name: eksctl
   version: 0.175.0
-  epoch: 1
+  epoch: 2
   description:
   copyright:
     - license: Apache-2.0
@@ -25,7 +25,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: google.golang.org/protobuf@v1.33.0 github.com/docker/docker@v24.0.9
+      deps: google.golang.org/protobuf@v1.33.0 github.com/docker/docker@v24.0.9 golang.org/x/net@v0.23.0
 
   - runs: |
       make binary
diff --git a/envoy-ratelimit.yaml b/envoy-ratelimit.yaml
index c2fbf182fd..d34e9f3994 100644
--- a/envoy-ratelimit.yaml
+++ b/envoy-ratelimit.yaml
@@ -3,7 +3,7 @@ package:
   # This project doesn't do releases and everything is commit based.
   # This corresponds to commit f3b67307a53c3979783bef4de8bfa655167b0807
   version: 0.0_git20240220
-  epoch: 5
+  epoch: 6
   description: Go/gRPC service designed to enable generic rate limit scenarios from different types of applications.
   copyright:
     - license: Apache-2.0
@@ -25,7 +25,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: google.golang.org/protobuf@v1.33.0
+      deps: google.golang.org/protobuf@v1.33.0 golang.org/x/net@v0.23.0
       modroot: ratelimit
 
   - uses: go/build
diff --git a/falcosidekick.yaml b/falcosidekick.yaml
index 610fb8db36..a145b9595c 100644
--- a/falcosidekick.yaml
+++ b/falcosidekick.yaml
@@ -1,7 +1,7 @@
 package:
   name: falcosidekick
   version: 2.28.0
-  epoch: 4
+  epoch: 5
   description: Connect Falco to your ecosystem
   copyright:
     - license: MIT
@@ -23,7 +23,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: golang.org/x/crypto@v0.17.0 golang.org/x/net@v0.17.0 github.com/nats-io/nkeys@v0.4.7 google.golang.org/grpc@v1.56.3 github.com/cloudevents/sdk-go/v2@v2.15.2 google.golang.org/protobuf@v1.33.0 github.com/jackc/pgx/v5@v5.5.4
+      deps: github.com/nats-io/nkeys@v0.4.7 google.golang.org/grpc@v1.56.3 github.com/cloudevents/sdk-go/v2@v2.15.2 google.golang.org/protobuf@v1.33.0 github.com/jackc/pgx/v5@v5.5.4 golang.org/x/net@v0.23.0
 
   - runs: |
       make falcosidekick RELEASE=${{package.version}}
diff --git a/flyte.yaml b/flyte.yaml
index 254d422006..3954ecbae8 100644
--- a/flyte.yaml
+++ b/flyte.yaml
@@ -1,7 +1,7 @@
 package:
   name: flyte
   version: 1.11.0
-  epoch: 1
+  epoch: 2
   description: Scalable and flexible workflow orchestration platform that seamlessly unifies data, ML and analytics stacks.
   copyright:
     - license: Apache-2.0
@@ -24,7 +24,7 @@ pipeline:
 
   - uses: go/bump
     with:
-      deps: github.com/cloudevents/sdk-go/v2@v2.15.2 github.com/jackc/pgproto3/v2@v2.3.3 github.com/jackc/pgx/v5@v5.5.4 github.com/jackc/pgconn@v1.14.2 golang.org/x/crypto@v0.17.0 google.golang.org/protobuf@v1.33.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/go-jose/go-jose/v3@v3.0.3 github.com/lestrrat-go/jwx@v1.2.29
+      deps: github.com/cloudevents/sdk-go/v2@v2.15.2 github.com/jackc/pgproto3/v2@v2.3.3 github.com/jackc/pgx/v5@v5.5.4 github.com/jackc/pgconn@v1.14.2 golang.org/x/net@v0.23.0 google.golang.org/protobuf@v1.33.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 go.opentelemetry.io/otel/sdk@v1.21.0 github.com/go-jose/go-jose/v3@v3.0.3 github.com/lestrrat-go/jwx@v1.2.29
 
   - uses: go/build
     with: