chore: fix dependabot alerts (#2551)

#2535 Signed-off-by: Ramkumar Chinchani <[email protected]>
project-zot · Jul 15, 2024 · e68baa4 · e68baa4
1 parent 8262c46
commit e68baa4
Show file tree

Hide file tree

Showing 6 changed files with 85 additions and 85 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -53,7 +53,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/[email protected].11
+      uses: github/codeql-action/[email protected].12
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/[email protected].11
+      uses: github/codeql-action/[email protected].12
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -77,4 +77,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/[email protected].11
+      uses: github/codeql-action/[email protected].12
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -237,7 +237,7 @@ jobs:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/[email protected].11
+        uses: github/codeql-action/[email protected].12
         with:
           sarif_file: 'trivy-results.sarif'
 
@@ -274,7 +274,7 @@ jobs:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/[email protected].11
+        uses: github/codeql-action/[email protected].12
         with:
           sarif_file: 'trivy-results.sarif'
 

diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/[email protected].11
+        uses: github/codeql-action/[email protected].12
         with:
           sarif_file: results.sarif
diff --git a/THIRD-PARTY-LICENSES.md b/THIRD-PARTY-LICENSES.md
@@ -63,32 +63,32 @@ github.com/aquasecurity/table|https://github.com/aquasecurity/table/blob/v1.8.0/
 github.com/aquasecurity/tml|https://github.com/aquasecurity/tml/blob/v0.6.1/LICENSE|Unlicense
 github.com/aquasecurity/trivy-checks|https://github.com/aquasecurity/trivy-checks/blob/v0.13.0/LICENSE|MIT
 github.com/asaskevich/govalidator|https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE|MIT
-github.com/aws/aws-sdk-go-v2/config|https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.24/config/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/credentials|https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.24/credentials/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.14.7/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds|https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.16.9/feature/ec2/imds/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/configsources|https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.13/internal/configsources/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2|https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.13/internal/endpoints/v2/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/config|https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.26/config/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/credentials|https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.26/credentials/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.14.9/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds|https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.16.11/feature/ec2/imds/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/configsources|https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.15/internal/configsources/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2|https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.15/internal/endpoints/v2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/ini|https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.8.0/internal/ini/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/internal/sync/singleflight|https://github.com/aws/aws-sdk-go-v2/blob/v1.30.1/internal/sync/singleflight/LICENSE|BSD-3-Clause
-github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.34.1/service/dynamodb/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.22.1/service/dynamodbstreams/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodbstreams|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.22.1/service/dynamodbstreams/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.34.1/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/internal/sync/singleflight|https://github.com/aws/aws-sdk-go-v2/blob/v1.30.3/internal/sync/singleflight/LICENSE|BSD-3-Clause
+github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.34.3/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.22.3/service/dynamodbstreams/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodbstreams|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.22.3/service/dynamodbstreams/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.34.3/service/dynamodb/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ebs|https://github.com/aws/aws-sdk-go-v2/blob/service/ebs/v1.21.7/service/ebs/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ec2|https://github.com/aws/aws-sdk-go-v2/blob/service/ec2/v1.163.1/service/ec2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecrpublic|https://github.com/aws/aws-sdk-go-v2/blob/service/ecrpublic/v1.18.2/service/ecrpublic/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecr|https://github.com/aws/aws-sdk-go-v2/blob/service/ecr/v1.28.5/service/ecr/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.3/service/internal/accept-encoding/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/endpoint-discovery/v1.9.14/service/internal/endpoint-discovery/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.15/service/internal/presigned-url/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.32.1/service/secretsmanager/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/ssooidc|https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.26.2/service/ssooidc/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/sso|https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.22.1/service/sso/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/sts|https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.30.1/service/sts/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2|https://github.com/aws/aws-sdk-go-v2/blob/v1.30.1/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go/internal/sync/singleflight|https://github.com/aws/aws-sdk-go/blob/v1.54.15/internal/sync/singleflight/LICENSE|BSD-3-Clause
-github.com/aws/aws-sdk-go|https://github.com/aws/aws-sdk-go/blob/v1.54.15/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/endpoint-discovery/v1.9.16/service/internal/endpoint-discovery/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.17/service/internal/presigned-url/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.32.3/service/secretsmanager/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/ssooidc|https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.26.4/service/ssooidc/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sso|https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.22.3/service/sso/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/sts|https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.30.3/service/sts/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2|https://github.com/aws/aws-sdk-go-v2/blob/v1.30.3/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go/internal/sync/singleflight|https://github.com/aws/aws-sdk-go/blob/v1.54.19/internal/sync/singleflight/LICENSE|BSD-3-Clause
+github.com/aws/aws-sdk-go|https://github.com/aws/aws-sdk-go/blob/v1.54.19/LICENSE.txt|Apache-2.0
 github.com/aws/smithy-go/internal/sync/singleflight|https://github.com/aws/smithy-go/blob/v1.20.3/internal/sync/singleflight/LICENSE|BSD-3-Clause
 github.com/aws/smithy-go|https://github.com/aws/smithy-go/blob/v1.20.3/LICENSE|Apache-2.0
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login|https://github.com/awslabs/amazon-ecr-credential-helper/blob/8841054dbdb8/ecr-login/LICENSE|Apache-2.0
@@ -415,7 +415,7 @@ google.golang.org/genproto/googleapis/rpc|https://github.com/googleapis/go-genpr
 google.golang.org/genproto/googleapis/type/expr|https://github.com/googleapis/go-genproto/blob/c811ad7063a7/LICENSE|Apache-2.0
 google.golang.org/genproto/googleapis/type|https://github.com/googleapis/go-genproto/blob/c811ad7063a7/LICENSE|Apache-2.0
 google.golang.org/genproto/protobuf/field_mask|https://github.com/googleapis/go-genproto/blob/c811ad7063a7/LICENSE|Apache-2.0
-google.golang.org/grpc|https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE|Apache-2.0
+google.golang.org/grpc|https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE|Apache-2.0
 google.golang.org/protobuf|https://github.com/protocolbuffers/protobuf-go/blob/v1.34.2/LICENSE|BSD-3-Clause
 gopkg.in/cheggaaa/pb.v1|https://github.com/cheggaaa/pb/blob/v1.0.28/LICENSE|BSD-3-Clause
 gopkg.in/go-jose/go-jose.v2/json|https://github.com/go-jose/go-jose/blob/v2.6.3/json/LICENSE|BSD-3-Clause
@@ -440,7 +440,7 @@ modernc.org/gc/v3|https://gitlab.com/cznic/gc/blob/573471604cb6/v3/LICENSE|BSD-3
 modernc.org/libc|https://gitlab.com/cznic/libc/blob/v1.52.1/LICENSE-GO|BSD-3-Clause
 modernc.org/mathutil|Unknown|Unknown
 modernc.org/memory|https://gitlab.com/cznic/memory/blob/v1.8.0/LICENSE-GO|BSD-3-Clause
-modernc.org/sqlite|https://gitlab.com/cznic/sqlite/blob/v1.30.1/LICENSE|BSD-3-Clause
+modernc.org/sqlite|https://gitlab.com/cznic/sqlite/blob/v1.30.2/LICENSE|BSD-3-Clause
 modernc.org/strutil|Unknown|Unknown
 modernc.org/token|https://gitlab.com/cznic/token/blob/v1.1.0/LICENSE|BSD-3-Clause
 oras.land/oras-go/v2|https://github.com/oras-project/oras-go/blob/v2.5.0/LICENSE|Apache-2.0

diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/bmatcuk/doublestar/v4 v4.6.1
 	github.com/briandowns/spinner v1.23.1
 	github.com/chartmuseum/auth v0.5.0
-	github.com/containers/common v0.59.1
+	github.com/containers/common v0.59.2
 	github.com/didip/tollbooth/v6 v6.1.2
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/dustin/go-humanize v1.0.1
@@ -46,8 +46,8 @@ require (
 
 require (
 	github.com/aquasecurity/trivy v0.53.0
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.34.1
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.34.3
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.3
 	github.com/aws/aws-secretsmanager-caching-go v1.2.0
 	github.com/containers/image/v5 v5.31.1
 	github.com/dchest/siphash v1.2.3
@@ -62,7 +62,7 @@ require (
 	github.com/swaggo/http-swagger v1.3.4
 	github.com/zitadel/oidc v1.13.5
 	golang.org/x/oauth2 v0.21.0
-	modernc.org/sqlite v1.30.1
+	modernc.org/sqlite v1.30.2
 	oras.land/oras-go/v2 v2.5.0
 )
 
@@ -97,11 +97,11 @@ require (
 	github.com/aquasecurity/tml v0.6.1 // indirect
 	github.com/aquasecurity/trivy-checks v0.13.0 // indirect
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 // indirect
-	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.22.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.22.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ebs v1.21.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.163.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.16 // indirect
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.55.1 // indirect
 	github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c // indirect
 	github.com/buildkite/agent/v3 v3.62.0 // indirect
@@ -283,21 +283,21 @@ require (
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20240603093900-cf8a8d29271d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.54.15
-	github.com/aws/aws-sdk-go-v2 v1.30.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.24
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.24 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.14.7
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect
+	github.com/aws/aws-sdk-go v1.54.19
+	github.com/aws/aws-sdk-go-v2 v1.30.3
+	github.com/aws/aws-sdk-go-v2/config v1.27.26
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.26 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.14.9
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.28.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
 	github.com/aws/smithy-go v1.20.3
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -478,7 +478,7 @@ require (
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/api v0.172.0 // indirect
 	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
-	google.golang.org/grpc v1.64.0 // indirect
+	google.golang.org/grpc v1.64.1 // indirect
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect