feat(build): add regex disable for packages in security update

[slonka]

aws-sdk is released daily and this bug https://osv.dev/vulnerability/GO-2022-0646 has no fix since Feb 2022. This might be a bug in osv or an actuall bug on aws-sdk. Let's disable it for now and if dependabot detects a bug on master we will update manually release branches.

Signed-off-by: slonka [email protected]

Action output here: https://github.com/kumahq/kuma/actions/runs/3966613586. No PRs were created because there were no changes.

Checklist prior to review

• Link to docs PR or issue --
• Link to UI issue or PR --
• Is the issue worked on linked? --
• The PR does not hardcode values that might break projects that depend on kuma (e.g. "kumahq" as a image registry) --
• The PR will work for both Linux and Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
• Unit Tests --
• E2E Tests --
• Manual Universal Tests --
• Manual Kubernetes Tests --
• Do you need to update UPGRADE.md? --
• Does it need to be backported according to the backporting policy? --
• Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

Changelog: feat(security): add dependabot security updates to release branches

[jakubdyszkiewicz]

We are not affected by this CVE, right?

[slonka]

We are not affected by this CVE, right?

I don't think so, we don't use aws-sdk directly, I'll check what uses it. Also: even if we are, there is no fix for it :(

[slonka]

We are using golang-migrate which uses aws-sdk.

[jakubdyszkiewicz]

yeah, but we only do migrations on postgres, so we don't use it