From 2d771f0f103f0ce9e4c1dc73066b32c1856a7097 Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Tue, 12 Aug 2025 15:46:33 -0400
Subject: [PATCH] security: bypass scan for GO-2025-3829 (#26505)

* security: bypass scan for GO-2025-3829

This report is unverified by upstream and has no release fixing it. In any case,
this problem with firewalld doesn't impact Nomad's use of the dependency as a
library, only the uses of it in `dockerd`. Bypass it from our scans for now.

Ref: https://github.com/moby/moby/releases/tag/v28.3.3
Ref: https://pkg.go.dev/vuln/GO-2025-3829

* Update .release/security-scan.hcl

Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>

---------

Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
---
 .release/security-scan.hcl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index ccfeb3a27..bd67a6cb1 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -31,6 +31,7 @@ binary {
       vulnerabilities = [
         "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.
         "GO-2025-3543", // github.com/opencontainers/runc    TODO(jrasell): remove once withdrawn from DBs.
+        "GO-2025-3829", // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829
       ]
     }
   }