🐛 Prevent CVE-2023-44487

.github/env

@@ -0,0 +1 @@
+golang-version=1.21.3

.github/workflows/go.yml

@@ -13,10 +13,13 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
+    - name: Import environment variables from file
+      run: cat ".github/env" >> $GITHUB_ENV
+
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: 1.18
+        go-version: ">=${{ env.golang-version }}"
 
     - name: Build
       run: go build -v ./...

.github/workflows/goreleaser.yml

@@ -13,10 +13,12 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - name: Import environment variables from file
+        run: cat ".github/env" >> $GITHUB_ENV
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: 1.18
+          go-version: ">=${{ env.golang-version }}"
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:

go.mod

@@ -1,50 +1,52 @@
 module go.mondoo.com/ranger-rpc
 
-go 1.18
+go 1.21
 
 require (
-	github.com/cockroachdb/errors v1.9.0
+	github.com/cockroachdb/errors v1.11.1
 	github.com/go-openapi/spec v0.20.6
 	github.com/google/go-cmp v0.5.9
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.3.1
 	github.com/lyft/protoc-gen-star v0.6.2
-	github.com/rs/zerolog v1.27.0
-	github.com/stretchr/testify v1.8.0
-	go.opentelemetry.io/otel v1.10.0
-	golang.org/x/crypto v0.0.0-20220919173607-35f4265a4bc0
-	google.golang.org/genproto v0.0.0-20220715211116-798f69b842b9
-	google.golang.org/protobuf v1.28.0
+	github.com/rs/zerolog v1.31.0
+	github.com/stretchr/testify v1.8.4
+	go.opentelemetry.io/otel v1.19.0
+	golang.org/x/crypto v0.14.0
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97
+	google.golang.org/protobuf v1.31.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 	moul.io/http2curl v1.0.0
 )
 
 require (
-	github.com/cockroachdb/logtags v0.0.0-20211118104740-dabe8e521a4f // indirect
-	github.com/cockroachdb/redact v1.1.3 // indirect
+	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
+	github.com/cockroachdb/redact v1.1.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/getsentry/sentry-go v0.13.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/getsentry/sentry-go v0.18.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/swag v0.21.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rogpeppe/go-internal v1.8.1 // indirect
+	github.com/rogpeppe/go-internal v1.9.0 // indirect
+	github.com/smartystreets/goconvey v1.8.1 // indirect
 	github.com/spf13/afero v1.9.0 // indirect
-	go.opentelemetry.io/otel/trace v1.10.0 // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
-	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
-	golang.org/x/text v0.3.8 // indirect
-	golang.org/x/tools v0.1.12 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
+	golang.org/x/mod v0.9.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/tools v0.7.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )