[3.4] [3.5] CI is not configured to run Go vulnerability check

[ivanvc]

Bug report criteria

• This bug report is not security related, security issues should be disclosed privately via [email protected].
• This is not a support request or question, support requests or questions should be raised in the etcd discussion forums.
• You have read the etcd bug reporting guidelines.
• Existing open issues along with etcd frequently asked questions have been checked and this is not a duplicate.

What happened?

Early this week, multiple CVEs were disclosed, and there was a Go version update, along with a release of google.golang.org/protobuf. The main branch has the Go vulnerability check configured. But release-3.4 and release-3.5 don't. While the main branch had CI failures (i.e. https://github.com/etcd-io/etcd/actions/runs/8190871384/job/22398801424). The others didn't.

What did you expect to happen?

Both branches should have failed CI runs.

How can we reproduce it (as minimally and precisely as possible)?

Review release-3.4 and release-3.5 branches' .github/workflows, to reveal that there's no such check.

Anything else we need to know?

No response

Etcd version (please run commands below)

$ etcd --version
# paste output here

$ etcdctl version
# paste output here

Etcd configuration (command line flags or environment variables)

paste your configuration here

Etcd debug information (please run commands below, feel free to obfuscate the IP address or FQDN in the output)

$ etcdctl member list -w table
# paste output here

$ etcdctl --endpoints=<member list> endpoint status -w table
# paste output here

Relevant log output

No response

[ivanvc]

Follow up from #17543 (comment).

[ivanvc]

/assign

[ivanvc]

/close

😂 I think prow bot doesn't run on issues. This issue can be closed now ;)