diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fcab7c8..081dca1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,13 +35,13 @@ jobs: steps: - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ matrix.go-version }} check-latest: true - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7438e13..a29d3ae 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,31 +33,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 - - - name: Set up Go 1.19 - uses: actions/setup-go@v4 - with: - go-version: '1.19' - check-latest: true + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: languages: ${{ matrix.language }} + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 0ec246b..37d77fa 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -16,13 +16,12 @@ jobs: contents: read steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 2 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: '1.20' check-latest: true - name: Get dependencies @@ -35,7 +34,7 @@ jobs: run: go test -timeout 180m -race -coverprofile=coverage.txt -covermode=atomic - name: Upload coverage report to Codecov - uses: codecov/codecov-action@v3.1.4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 with: files: ./coverage.txt fail_ci_if_error: false # we can set this to true after "Could not find a repository" upload error is fixed diff --git a/.github/workflows/safer-golangci-lint.yml b/.github/workflows/safer-golangci-lint.yml index 6722fa8..5acdaa4 100644 --- a/.github/workflows/safer-golangci-lint.yml +++ b/.github/workflows/safer-golangci-lint.yml @@ -4,38 +4,6 @@ # Safer GitHub Actions Workflow for golangci-lint. # https://github.com/x448/safer-golangci-lint # -# safer-golangci-lint.yml -# -# This workflow downloads, verifies, and runs golangci-lint in a -# deterministic, reviewable, and safe manner. -# -# To use: -# Step 1. Copy this file into [your_github_repo]/.github/workflows/ -# Step 2. There's no step 2 if you like the default settings. -# -# See golangci-lint docs for more info at -# https://github.com/golangci/golangci-lint -# -# 100% of the script for downloading, installing, and running golangci-lint -# is embedded in this file. The embedded SHA-256 digest is used to verify the -# downloaded golangci-lint tarball (golangci-lint-1.xx.x-linux-amd64.tar.gz). -# -# The embedded SHA-256 digest matches golangci-lint-1.xx.x-checksums.txt at -# https://github.com/golangci/golangci-lint/releases -# -# To use a newer version of golangci-lint, change these values: -# 1. GOLINTERS_VERSION -# 2. GOLINTERS_TGZ_DGST -# -# Release v1.52.2 (May 14, 2023) -# - Bump Go to 1.20 -# - Bump actions/setup-go to v4 -# - Bump golangci-lint to 1.52.2 -# - Hash of golangci-lint-1.52.2-linux-amd64.tar.gz -# - SHA-256: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501 -# This SHA-256 digest matches golangci-lint-1.52.2-checksums.txt at -# https://github.com/golangci/golangci-lint/releases -# name: linters # Remove default permissions and grant only what is required in each job. @@ -48,10 +16,10 @@ on: branches: [main, master] env: - GO_VERSION: '1.20' - GOLINTERS_VERSION: 1.52.2 + GO_VERSION: '1.22' + GOLINTERS_VERSION: 1.56.2 GOLINTERS_ARCH: linux-amd64 - GOLINTERS_TGZ_DGST: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501 + GOLINTERS_TGZ_DGST: e1c313fb5fc85a33890fdee5dbb1777d1f5829c84d655a47a55688f3aad5e501 GOLINTERS_TIMEOUT: 15m OPENSSL_DGST_CMD: openssl dgst -sha256 -r CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail @@ -64,12 +32,12 @@ jobs: contents: read steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/go.mod b/go.mod index ce006a9..4fb8a51 100644 --- a/go.mod +++ b/go.mod @@ -5,16 +5,16 @@ go 1.17 require ( github.com/fxamacker/cbor/v2 v2.4.1-0.20220515183430-ad2eae63303f github.com/fxamacker/circlehash v0.3.0 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/zeebo/blake3 v0.2.3 - lukechampine.com/blake3 v1.2.1 + lukechampine.com/blake3 v1.3.0 ) require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/klauspost/cpuid/v2 v2.0.12 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/stretchr/objx v0.5.0 // indirect + github.com/stretchr/objx v0.5.2 // indirect github.com/x448/float16 v0.8.4 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 49dd88e..9aedc5b 100644 --- a/go.sum +++ b/go.sum @@ -12,12 +12,14 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY= @@ -31,5 +33,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI= -lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= +lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE= +lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k=