build(deps): Bump Go to 1.22.

.github/workflows/go-dep-submission.yml

@@ -22,7 +22,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -32,7 +36,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Run snapshot action

.github/workflows/golangci-lint.yml

@@ -28,7 +28,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -38,7 +42,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: golangci-lint

.github/workflows/govulncheck.yml

@@ -27,16 +27,20 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - id: govulncheck
         uses: golang/govulncheck-action@3a32958c2706f7048305d5a2e53633d7e37e97d0 # v1.0.2
         with:
-          go-version-input: '>= 1.21'
+          go-version-input: ">= 1.21"
           check-latest: true

.github/workflows/osv-scanner.yml

@@ -27,7 +27,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/pr-dep-review.yml

@@ -19,7 +19,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/release.yml

@@ -7,7 +7,7 @@ name: Release
 on:
   push:
     tags:
-      - '*'
+      - "*"
 
 permissions: read-all
 
@@ -21,7 +21,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -31,7 +35,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.22'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Import GPG Signing Key

.github/workflows/scorecard.yml

@@ -39,7 +39,11 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
 
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/terratest.yml

@@ -22,7 +22,7 @@ jobs:
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
-          egress-policy: block #audit
+          egress-policy: block
           allowed-endpoints: >
             api.github.com:443
             checkpoint-api.hashicorp.com:443
@@ -38,7 +38,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Install Terraform

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           disable-sudo: true
-          egress-policy: block #audit
+          egress-policy: block
           allowed-endpoints: >
             github.com:443
             proxy.golang.org:443
@@ -42,7 +42,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Run mutation tests
@@ -71,7 +71,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Run unit tests
@@ -86,14 +86,14 @@ jobs:
       fail-fast: false
       matrix:
         terraform_version:
-          - '1.0'
-          - '1.1'
-          - '1.2'
-          - '1.3'
-          - '1.4'
-          - '1.5'
-          - '1.6'
-          - '1.7'
+          - "1.0"
+          - "1.1"
+          - "1.2"
+          - "1.3"
+          - "1.4"
+          - "1.5"
+          - "1.6"
+          - "1.7"
 
     steps:
       - name: Harden Runner
@@ -117,7 +117,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Install Terraform ${{ matrix.terraform_version }}
@@ -140,7 +140,7 @@ jobs:
       fail-fast: false
       matrix:
         opentofu_version:
-          - '1.6'
+          - "1.6"
 
     steps:
       - name: Harden Runner
@@ -166,7 +166,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          go-version: '>= 1.21'
+          go-version: ">= 1.22"
           cache: true
 
       - name: Install OpenTofu ${{ matrix.opentofu_version }}

.github/workflows/trufflehog.yml

@@ -28,7 +28,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.cloudflare.com:443
+            ghcr.io:443
+            github.com:443
+            pkg-containers.githubusercontent.com:443
 
       - name: Checkout Source
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

.github/workflows/update-on-push.yml

@@ -27,12 +27,17 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            github.com:443
+            objects.githubusercontent.com:443
+            registry.npmjs.org:443
 
       - name: Install Node.js
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
-          node-version: '20'
+          node-version: "20"
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout Source

Makefile

@@ -114,7 +114,7 @@ install-hooks:
 tidy:
 	@ $(ECHO) " "
 	@ $(ECHO) "\033[1;33m=====> Tidy and download the Go dependencies...\033[0m"
-	$(GO) mod tidy -go=1.21 -v
+	$(GO) mod tidy -go=1.22 -v
 
 .PHONY: godeps
 ## godeps: [build] Updates go.mod and downloads dependencies.