From 96ce68d381cc2ef346bae041cc31355516539700 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Wed, 17 Dec 2025 11:19:51 +0000
Subject: [PATCH 1/3] verticadb-operator/25.4.0.0-r1: fix GHSA-cfpf-hrx2-8rv6
 <!--ci-cve-scan:must-fix: GHSA-cfpf-hrx2-8rv6-->

---
 verticadb-operator.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/verticadb-operator.yaml b/verticadb-operator.yaml
index 88a80d9498a..67ecb16296e 100644
--- a/verticadb-operator.yaml
+++ b/verticadb-operator.yaml
@@ -1,7 +1,7 @@
 package:
   name: verticadb-operator
   version: "25.4.0.0"
-  epoch: 1
+  epoch: 2 # GHSA-cfpf-hrx2-8rv6
   description: Simple, fast container image builder for Go applications.
   copyright:
     - license: Apache-2.0
@@ -25,6 +25,11 @@ pipeline:
       repository: https://github.com/vertica/vertica-kubernetes
       tag: v${{vars.mangled-package-version}}
 
+  - uses: go/bump
+    with:
+      deps: |-
+        github.com/expr-lang/expr@v1.17.7
+
   - name: Setup go modroot
     runs: |
       make manifests generate fmt vet

From 30c60648a94d1b5f993fb7f3ab94cf40562922af Mon Sep 17 00:00:00 2001
From: David Negreira <david.negreira@chainguard.dev>
Date: Thu, 18 Dec 2025 15:02:34 +0100
Subject: [PATCH 2/3] add go-version: 1.24 to expr bump

Signed-off-by: David Negreira <david.negreira@chainguard.dev>
---
 verticadb-operator.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/verticadb-operator.yaml b/verticadb-operator.yaml
index 67ecb16296e..66975cb578e 100644
--- a/verticadb-operator.yaml
+++ b/verticadb-operator.yaml
@@ -29,6 +29,7 @@ pipeline:
     with:
       deps: |-
         github.com/expr-lang/expr@v1.17.7
+      go-version: 1.24
 
   - name: Setup go modroot
     runs: |

From cc8e93b7cc57c415987d5acaaf7e46019630cf32 Mon Sep 17 00:00:00 2001
From: David Negreira <david.negreira@chainguard.dev>
Date: Thu, 18 Dec 2025 15:10:48 +0100
Subject: [PATCH 3/3] Remove unused bump

Signed-off-by: David Negreira <david.negreira@chainguard.dev>
---
 verticadb-operator.yaml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/verticadb-operator.yaml b/verticadb-operator.yaml
index 66975cb578e..86af60bd59c 100644
--- a/verticadb-operator.yaml
+++ b/verticadb-operator.yaml
@@ -42,13 +42,6 @@ pipeline:
       cp -r pkg workspace-verticadb-operator/
       cp -r local-libs workspace-verticadb-operator/
 
-  - uses: go/bump
-    with:
-      deps: |-
-        github.com/expr-lang/expr@v1.17.0
-      modroot: workspace-verticadb-operator
-      go-version: 1.24
-
   - uses: go/build
     with:
       modroot: workspace-verticadb-operator/