backport of commit e51aaf6

hashicorp · Jun 7, 2024 · da704c1 · da704c1
1 parent a71f45e
commit da704c1
Show file tree

Hide file tree

Showing 47 changed files with 156 additions and 2,626 deletions.
diff --git a/.changelog/172.txt b/.changelog/172.txt
diff --git a/.changelog/310.txt → .changelog/314.txt b/.changelog/310.txt → .changelog/314.txt
diff --git a/.changelog/372.txt b/.changelog/372.txt
diff --git a/.changelog/373.txt b/.changelog/373.txt
@@ -1,3 +1,3 @@
 ```release-note:security
  Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image.
- ```
+```
diff --git a/.changelog/416.txt → .changelog/421.txt b/.changelog/416.txt → .changelog/421.txt
@@ -1,6 +1,3 @@
-```release-note:improvement
-Update Envoy version from 1.27 to 1.28
-```
 ```release-note:security
-Update Envoy version to 1.28.1 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76)
+Update Envoy version to 1.27.3 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76)
 ```
diff --git a/.changelog/474.txt → .changelog/477.txt b/.changelog/474.txt → .changelog/477.txt
@@ -4,7 +4,7 @@ Upgrade to use Go `1.21.9`. This resolves CVE
 ```
 
 ```release-note:security
-Upgrade to support Envoy `1.28.2`. This resolves CVE
+Upgrade to support Envoy `1.27.4`. This resolves CVE
 [CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`).
 ```
 

diff --git a/.changelog/496.txt → .changelog/497.txt b/.changelog/496.txt → .changelog/497.txt
@@ -1,4 +1,4 @@
 ```release-note:security
-Upgrade to support Envoy `1.28.3`. This resolves CVE
+Upgrade to support Envoy `1.27.5`. This resolves CVE
 [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475).
 ```
diff --git a/.changelog/521.txt b/.changelog/521.txt
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -355,12 +355,10 @@ jobs:
         server:
           - version: v1.15.0-dev
             image: hashicorppreview/consul:1.15-dev
-          - version: v1.18.0-dev
-            image: hashicorppreview/consul:1.18-dev
-          - version: v1.19.0-dev
-            image: hashicorppreview/consul:1.19-dev
-          - version: v1.20.0-dev
-            image: hashicorppreview/consul:1.20-dev
+          - version: v1.16.0-dev
+            image: hashicorppreview/consul:1.16-dev
+          - version: v1.17.0-dev
+            image: hashicorppreview/consul:1.17-dev
         dataplane:
           - image_suffix: ""
             docker_target: "release-default"

diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
@@ -46,6 +46,8 @@ jobs:
           # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve)
           extraFields: '{ "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}",
                           "customfield_10371": { "value": "GitHub" },
+                          "customfield_10535": [{ "value": "Service Mesh" }],
+                          "components": [{ "name": "${{ github.event.repository.name }}" }],
                           "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }'
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}

diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml
@@ -59,6 +59,8 @@ jobs:
           # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve)
           extraFields: '{ "customfield_10089": "${{ github.event.pull_request.html_url }}",
                           "customfield_10371": { "value": "GitHub" },
+                          "customfield_10535": [{ "value": "Service Mesh" }],
+                          "components": [{ "name": "${{ github.event.repository.name }}" }],
                           "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }'
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -40,7 +40,8 @@ jobs:
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           repository: hashicorp/security-scanner
-          token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }}
+          #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned
+          token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
           path: security-scanner
           ref: main
 
@@ -59,4 +60,4 @@ jobs:
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 issues:
   exclude-rules:
     # Allow usage of deprecated values.