Skip to content

Commit

Permalink
chore: fix dependabot alerts (#2462)
Browse files Browse the repository at this point in the history
* chore: fix dependabot alerts

#2451
#2452
#2453
#2454
#2455
#2456
#2457
#2458
#2459
#2460
#2461
#2463

Signed-off-by: Ramkumar Chinchani <[email protected]>

* chore: mockoidc has moved to github.com/go-jose/go-jose/v3

Signed-off-by: Ramkumar Chinchani <[email protected]>

* chore: quiet aws/s3 golang api deprecations

These need to be addressed in a separate PR.

Signed-off-by: Ramkumar Chinchani <[email protected]>

---------

Signed-off-by: Ramkumar Chinchani <[email protected]>
  • Loading branch information
rchincha authored Jun 13, 2024
1 parent a4b6892 commit f5fef23
Show file tree
Hide file tree
Showing 10 changed files with 121 additions and 122 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -64,7 +64,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -77,4 +77,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8
4 changes: 2 additions & 2 deletions .github/workflows/publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8
with:
sarif_file: 'trivy-results.sarif'

Expand Down Expand Up @@ -274,7 +274,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8
with:
sarif_file: 'trivy-results.sarif'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/[email protected].7
uses: github/codeql-action/[email protected].8
with:
sarif_file: results.sarif
58 changes: 29 additions & 29 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/bmatcuk/doublestar/v4 v4.6.1
github.com/briandowns/spinner v1.23.0
github.com/chartmuseum/auth v0.5.0
github.com/containers/common v0.58.2
github.com/containers/common v0.59.1
github.com/didip/tollbooth/v6 v6.1.2
github.com/docker/distribution v2.8.3+incompatible
github.com/dustin/go-humanize v1.0.1
Expand All @@ -29,25 +29,25 @@ require (
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
github.com/prometheus/client_golang v1.19.0
github.com/prometheus/client_golang v1.19.1
github.com/prometheus/client_model v0.6.1
github.com/rs/zerolog v1.32.0
github.com/rs/zerolog v1.33.0
github.com/smartystreets/goconvey v1.8.1
github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.19.0
github.com/stretchr/testify v1.9.0
github.com/swaggo/swag v1.16.3
github.com/vektah/gqlparser/v2 v2.5.12
go.etcd.io/bbolt v1.3.10
golang.org/x/crypto v0.23.0
golang.org/x/crypto v0.24.0
gopkg.in/resty.v1 v1.12.0
gopkg.in/yaml.v2 v2.4.0
)

require (
github.com/aquasecurity/trivy v0.52.0
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.32.6
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.29.1
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.32.8
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.29.3
github.com/aws/aws-secretsmanager-caching-go v1.1.3
github.com/containers/image/v5 v5.31.0
github.com/dchest/siphash v1.2.3
Expand All @@ -57,19 +57,19 @@ require (
github.com/migueleliasweb/go-github-mock v0.0.23
github.com/notaryproject/notation-go v1.1.1
github.com/opencontainers/distribution-spec/specs-go v0.0.0-20240201174943-0f98d91a0afe
github.com/project-zot/mockoidc v0.0.0-20230307111146-f607b4b5fb97
github.com/project-zot/mockoidc v0.0.0-20240610203808-d69d9e02020a
github.com/sigstore/cosign/v2 v2.2.4
github.com/swaggo/http-swagger v1.3.4
github.com/zitadel/oidc v1.13.5
golang.org/x/oauth2 v0.20.0
golang.org/x/oauth2 v0.21.0
modernc.org/sqlite v1.30.0
oras.land/oras-go/v2 v2.5.0
)

require (
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/text v0.15.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
)

require (
Expand All @@ -78,8 +78,8 @@ require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
Expand All @@ -100,12 +100,12 @@ require (
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.20 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.7 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.20.8 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.20.10 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.21.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ec2 v1.161.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.9 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.8 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.10 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.7 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.54.2 // indirect
github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c // indirect
Expand Down Expand Up @@ -288,21 +288,21 @@ require (
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.53.14
github.com/aws/aws-sdk-go-v2 v1.27.0
github.com/aws/aws-sdk-go-v2/config v1.27.16
github.com/aws/aws-sdk-go-v2/credentials v1.17.16 // indirect
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.13.20
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect
github.com/aws/aws-sdk-go v1.53.19
github.com/aws/aws-sdk-go-v2 v1.27.2
github.com/aws/aws-sdk-go-v2/config v1.27.18
github.com/aws/aws-sdk-go-v2/credentials v1.17.18 // indirect
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.14.1
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.5 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.9 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.9 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.28.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.20.9 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.3 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.28.10 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.11 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.20.11 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.28.12 // indirect
github.com/aws/smithy-go v1.20.2
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
github.com/beorn7/perks v1.0.1 // indirect
Expand Down Expand Up @@ -476,10 +476,10 @@ require (
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
golang.org/x/mod v0.17.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.21.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/api v0.172.0 // indirect
google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
Expand Down
Loading

0 comments on commit f5fef23

Please sign in to comment.