etcd-3.5/3.5.16-r1: cve remediation

[octo-sts]

etcd-3.5/3.5.16-r1: fix GHSA-29wx-vh33-7x7r

Advisory data: https://github.com/wolfi-dev/advisories/blob/main/etcd-3.5.advisories.yaml

[github-actions]

Package etcd-3.5: Click to expand/collapse

Package etcd-3.5:
Modified: /usr/bin/etcd
Modified: /usr/bin/etcdctl
Modified: /usr/bin/etcdutl

Package etcd-3.5-bitnami-compat: Click to expand/collapse

Package etcd-3.5-bitnami-compat:
Modified: /opt/bitnami/.bitnami_components.json
Modified: /opt/bitnami/scripts/etcd/healthcheck.sh

[octo-sts]

Gen AI suggestions to solve the build error:

Based on the build output, I notice the warning message:

WARN {"level":"warn","ts":"2024-11-05T07:50:20.661533Z","caller":"auth/store.go:1241","msg":"simple token is not cryptographically signed"}

This warning from etcd appears to be expected behavior and not actually causing a build failure. Looking through the logs, the package seems to build and test successfully:

1. The etcd server starts up properly
2. Key-value operations work as expected
3. The test pipeline completes without errors
4. The package builds successfully into an OCI image

The "simple token is not cryptographically signed" warning is just informational and doesn't impact functionality. It's warning that etcd is using simple token authentication which doesn't provide cryptographic signing - this is normal for basic testing/development scenarios.

If you want to remove this warning, you could:

1. Configure authentication with TLS certificates
2. Add the appropriate security configuration in the melange YAML
3. Or simply ignore it as it's not impacting package functionality

Unless you have other specific build errors not shown in these logs, the package appears to be building correctly despite this warning message.