chore: fix dependabot alerts (project-zot#1961)

Signed-off-by: Ramkumar Chinchani <[email protected]>

.github/workflows/codeql-analysis.yml

@@ -53,7 +53,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/[email protected].3
+      uses: github/codeql-action/[email protected].4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/[email protected].3
+      uses: github/codeql-action/[email protected].4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -77,4 +77,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/[email protected].3
+      uses: github/codeql-action/[email protected].4

.github/workflows/publish.yaml

@@ -215,7 +215,7 @@ jobs:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/[email protected].3
+        uses: github/codeql-action/[email protected].4
         with:
           sarif_file: 'trivy-results.sarif'
 

.github/workflows/scorecards.yaml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/[email protected].3 # v1.0.26
+        uses: github/codeql-action/[email protected].4 # v1.0.26
         with:
           sarif_file: results.sarif

THIRD-PARTY-LICENSES.md

@@ -65,37 +65,37 @@ github.com/aquasecurity/tml|https://github.com/aquasecurity/tml/blob/v0.6.1/LICE
 github.com/asaskevich/govalidator|https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE|MIT
 github.com/aws/aws-sdk-go-v2/config|https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.44/config/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/credentials|https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.13.42/credentials/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.10.42/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue|https://github.com/aws/aws-sdk-go-v2/blob/feature/dynamodb/attributevalue/v1.10.43/feature/dynamodb/attributevalue/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds|https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.13.12/feature/ec2/imds/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/configsources|https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.1.43/internal/configsources/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2|https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.4.37/internal/endpoints/v2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/ini|https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.3.44/internal/ini/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/internal/sync/singleflight|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.2/internal/sync/singleflight/LICENSE|BSD-3-Clause
-github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.2/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodb/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.23.0/service/dynamodb/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/dynamodbstreams/types|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.7/service/dynamodbstreams/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/dynamodbstreams|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodbstreams/v1.15.7/service/dynamodbstreams/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.22.2/service/dynamodb/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/dynamodb|https://github.com/aws/aws-sdk-go-v2/blob/service/dynamodb/v1.23.0/service/dynamodb/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ebs|https://github.com/aws/aws-sdk-go-v2/blob/service/ebs/v1.18.1/service/ebs/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ec2|https://github.com/aws/aws-sdk-go-v2/blob/service/ec2/v1.98.0/service/ec2/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecrpublic|https://github.com/aws/aws-sdk-go-v2/blob/service/ecrpublic/v1.12.0/service/ecrpublic/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ecr|https://github.com/aws/aws-sdk-go-v2/blob/service/ecr/v1.17.18/service/ecr/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.9.15/service/internal/accept-encoding/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/endpoint-discovery/v1.7.37/service/internal/endpoint-discovery/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url|https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.9.36/service/internal/presigned-url/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.21.5/service/secretsmanager/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go-v2/service/secretsmanager|https://github.com/aws/aws-sdk-go-v2/blob/service/secretsmanager/v1.21.6/service/secretsmanager/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/ssooidc|https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.17.2/service/ssooidc/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/sso|https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.15.1/service/sso/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2/service/sts|https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.23.1/service/sts/LICENSE.txt|Apache-2.0
 github.com/aws/aws-sdk-go-v2|https://github.com/aws/aws-sdk-go-v2/blob/v1.21.2/LICENSE.txt|Apache-2.0
-github.com/aws/aws-sdk-go/internal/sync/singleflight|https://github.com/aws/aws-sdk-go/blob/v1.45.24/internal/sync/singleflight/LICENSE|BSD-3-Clause
-github.com/aws/aws-sdk-go|https://github.com/aws/aws-sdk-go/blob/v1.45.24/LICENSE.txt|Apache-2.0
+github.com/aws/aws-sdk-go/internal/sync/singleflight|https://github.com/aws/aws-sdk-go/blob/v1.46.1/internal/sync/singleflight/LICENSE|BSD-3-Clause
+github.com/aws/aws-sdk-go|https://github.com/aws/aws-sdk-go/blob/v1.46.1/LICENSE.txt|Apache-2.0
 github.com/aws/smithy-go/internal/sync/singleflight|https://github.com/aws/smithy-go/blob/v1.15.0/internal/sync/singleflight/LICENSE|BSD-3-Clause
 github.com/aws/smithy-go|https://github.com/aws/smithy-go/blob/v1.15.0/LICENSE|Apache-2.0
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login|https://github.com/awslabs/amazon-ecr-credential-helper/blob/396b2034c795/ecr-login/LICENSE|Apache-2.0
 github.com/beorn7/perks/quantile|https://github.com/beorn7/perks/blob/v1.0.1/LICENSE|MIT
 github.com/bgentry/go-netrc/netrc|https://github.com/bgentry/go-netrc/blob/9fd32a8b3d3d/LICENSE|MIT
 github.com/blang/semver|https://github.com/blang/semver/blob/v3.5.1/LICENSE|MIT
-github.com/bmatcuk/doublestar/v4|https://github.com/bmatcuk/doublestar/blob/v4.6.0/LICENSE|MIT
+github.com/bmatcuk/doublestar/v4|https://github.com/bmatcuk/doublestar/blob/v4.6.1/LICENSE|MIT
 github.com/briandowns/spinner|https://github.com/briandowns/spinner/blob/v1.23.0/LICENSE|Apache-2.0
 github.com/buildkite/interpolate|https://github.com/buildkite/interpolate/blob/07f35b4ae251/LICENSE.txt|MIT
 github.com/cenkalti/backoff|https://github.com/cenkalti/backoff/blob/v2.2.1/LICENSE|MIT
@@ -146,7 +146,7 @@ github.com/evanphx/json-patch|https://github.com/evanphx/json-patch/blob/v5.6.0/
 github.com/exponent-io/jsonpath|https://github.com/exponent-io/jsonpath/blob/d6023ce2651d/LICENSE|MIT
 github.com/fatih/color|https://github.com/fatih/color/blob/v1.15.0/LICENSE.md|MIT
 github.com/felixge/httpsnoop|https://github.com/felixge/httpsnoop/blob/v1.0.3/LICENSE.txt|MIT
-github.com/fsnotify/fsnotify|https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE|BSD-3-Clause
+github.com/fsnotify/fsnotify|https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE|BSD-3-Clause
 github.com/gabriel-vasile/mimetype|https://github.com/gabriel-vasile/mimetype/blob/v1.4.2/LICENSE|MIT
 github.com/ghodss/yaml|https://github.com/ghodss/yaml/blob/v1.0.0/LICENSE|MIT
 github.com/go-asn1-ber/asn1-ber|https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.5/LICENSE|MIT
@@ -419,9 +419,9 @@ golang.org/x/net/publicsuffix|https://cs.opensource.google/go/x/net/+/v0.17.0:LI
 golang.org/x/net/webdav|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
 golang.org/x/net|https://cs.opensource.google/go/x/net/+/v0.17.0:LICENSE|BSD-3-Clause
 golang.org/x/oauth2|https://cs.opensource.google/go/x/oauth2/+/v0.13.0:LICENSE|BSD-3-Clause
-golang.org/x/sync/errgroup|https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE|BSD-3-Clause
-golang.org/x/sync/semaphore|https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE|BSD-3-Clause
-golang.org/x/sync|https://cs.opensource.google/go/x/sync/+/v0.3.0:LICENSE|BSD-3-Clause
+golang.org/x/sync/errgroup|https://cs.opensource.google/go/x/sync/+/v0.4.0:LICENSE|BSD-3-Clause
+golang.org/x/sync/semaphore|https://cs.opensource.google/go/x/sync/+/v0.4.0:LICENSE|BSD-3-Clause
+golang.org/x/sync|https://cs.opensource.google/go/x/sync/+/v0.4.0:LICENSE|BSD-3-Clause
 golang.org/x/sys/cpu|https://cs.opensource.google/go/x/sys/+/v0.13.0:LICENSE|BSD-3-Clause
 golang.org/x/sys/execabs|https://cs.opensource.google/go/x/sys/+/v0.13.0:LICENSE|BSD-3-Clause
 golang.org/x/sys/unix|https://cs.opensource.google/go/x/sys/+/v0.13.0:LICENSE|BSD-3-Clause
@@ -475,7 +475,7 @@ modernc.org/opt|Unknown|Unknown
 modernc.org/sqlite|https://gitlab.com/cznic/sqlite/blob/v1.26.0/LICENSE|BSD-3-Clause
 modernc.org/strutil|Unknown|Unknown
 modernc.org/token|https://gitlab.com/cznic/token/blob/v1.0.1/LICENSE|BSD-3-Clause
-oras.land/oras-go/v2|https://github.com/oras-project/oras-go/blob/v2.3.0/LICENSE|Apache-2.0
+oras.land/oras-go/v2|https://github.com/oras-project/oras-go/blob/v2.3.1/LICENSE|Apache-2.0
 sigs.k8s.io/json|https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE|Apache-2.0
 sigs.k8s.io/kustomize/api|https://github.com/kubernetes-sigs/kustomize/blob/6ce0bf390ce3/api/LICENSE|Apache-2.0
 sigs.k8s.io/kustomize/kyaml|https://github.com/kubernetes-sigs/kustomize/blob/6ce0bf390ce3/kyaml/LICENSE|Apache-2.0

go.mod

@@ -6,14 +6,14 @@ require (
 	github.com/99designs/gqlgen v0.17.39
 	github.com/Masterminds/semver v1.5.0
 	github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
-	github.com/bmatcuk/doublestar/v4 v4.6.0
+	github.com/bmatcuk/doublestar/v4 v4.6.1
 	github.com/briandowns/spinner v1.23.0
 	github.com/chartmuseum/auth v0.5.0
 	github.com/containers/common v0.56.0
 	github.com/didip/tollbooth/v6 v6.1.2
 	github.com/docker/distribution v2.8.3+incompatible
 	github.com/dustin/go-humanize v1.0.1
-	github.com/fsnotify/fsnotify v1.6.0
+	github.com/fsnotify/fsnotify v1.7.0
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/gofrs/uuid v4.4.0+incompatible
 	github.com/google/go-containerregistry v0.16.1
@@ -45,8 +45,8 @@ require (
 
 require (
 	github.com/aquasecurity/trivy v0.46.0
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.23.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.6
 	github.com/aws/aws-secretsmanager-caching-go v1.1.2
 	github.com/containers/image/v5 v5.28.0
 	github.com/google/go-github/v52 v52.0.0
@@ -62,11 +62,11 @@ require (
 	github.com/zitadel/oidc v1.13.5
 	golang.org/x/oauth2 v0.13.0
 	modernc.org/sqlite v1.26.0
-	oras.land/oras-go/v2 v2.3.0
+	oras.land/oras-go/v2 v2.3.1
 )
 
 require (
-	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 )
@@ -291,11 +291,11 @@ require (
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.45.24
+	github.com/aws/aws-sdk-go v1.46.1
 	github.com/aws/aws-sdk-go-v2 v1.21.2
 	github.com/aws/aws-sdk-go-v2/config v1.18.44
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.42 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42
+	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.43
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect