🌱 Ignore irrelevant CVE

[smoshiur1237]

Trivy picks up a CVE that would require a go version bump to fix properly.

=== Symbol Results ===
Vulnerability #1: GO-2025-4175
    Improper application of excluded DNS name constraints when verifying
    wildcard names in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4175
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
      #1: cmd/models-schema/main.go:35:21: models.main calls fmt.Fprintf, which eventually calls x509.Certificate.Verify
Vulnerability #2: GO-2025-4155
    Excessive resource consumption when printing error string for host
    certificate validation in crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2025-4155
  Standard library
    Found in: crypto/[email protected]
    Fixed in: crypto/[email protected]
    Example traces found:
      #1: cmd/models-schema/main.go:35:21: models.main calls fmt.Fprintf, which eventually calls x509.Certificate.Verify
      #2: cmd/models-schema/main.go:35:21: models.main calls fmt.Fprintf, which eventually calls x509.Certificate.VerifyHostname

Your code is affected by 2 vulnerabilities from the Go standard library.
This scan found no other vulnerabilities in packages you import or modules you
require.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name	Link
🔨 Latest commit	21151cf
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-sigs-cluster-api-openstack/deploys/69319aa3ee9cb900083926fb
😎 Deploy Preview	https://deploy-preview-2881--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[lentzi90]

/approve

[smoshiur1237]

/restest

[lentzi90]

/approve cancel
Please don't change PRs so much. It is better to open a new when completely changing what a PR does.

Where do you see that govulncheck says we are not affected? In the description I don't see it. In previous cases we saw this:

Your code is affected by 0 vulnerabilities.
This scan also found 1 vulnerability in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.

We may still have to ignore these if they require a newer go version, but we should not claim we are unaffected unless that is true.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign emilienm for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tuminoid]

You ARE affected by the stdlib issues, if you use certificates, like govulncheck says.

[smoshiur1237]

/retest

[k8s-ci-robot]

@smoshiur1237: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-openstack-test	21151cf	link	true	/test pull-cluster-api-provider-openstack-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.