From 27fcdb59c975e8ffb66c6f1ee313bc26f1463bcb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 01:25:08 +0000 Subject: [PATCH] Update all dependencies --- .github/workflows/build-push-chart.yml | 10 +++++----- .github/workflows/codeql.yml | 6 +++--- .github/workflows/mega-linter.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- Dockerfile | 4 ++-- go.mod | 2 +- go.sum | 2 ++ 7 files changed, 17 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-push-chart.yml b/.github/workflows/build-push-chart.yml index 333e220..2331024 100644 --- a/.github/workflows/build-push-chart.yml +++ b/.github/workflows/build-push-chart.yml @@ -15,7 +15,7 @@ name: Build/Push Image and Release Charts permissions: read-all jobs: setenv: - uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@b8742370cb1539c1edb9ad5b8f479f121980587f + uses: ortelius/workflow-toolkit/.github/workflows/env-config-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158 with: gh_head_ref: ${{ github.head_ref }} gh_ref_name: ${{ github.ref_name }} @@ -27,7 +27,7 @@ jobs: permissions: id-token: write contents: write - uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@b8742370cb1539c1edb9ad5b8f479f121980587f + uses: ortelius/workflow-toolkit/.github/workflows/container-release-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158 needs: setenv with: gh_repository_owner: ${{ github.repository_owner }} @@ -44,7 +44,7 @@ jobs: permissions: security-events: write statuses: write - uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@b8742370cb1539c1edb9ad5b8f479f121980587f + uses: ortelius/workflow-toolkit/.github/workflows/trivy-scan-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158 needs: - setenv - release @@ -56,7 +56,7 @@ jobs: helm: permissions: contents: write - uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@b8742370cb1539c1edb9ad5b8f479f121980587f + uses: ortelius/workflow-toolkit/.github/workflows/helm-release-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158 needs: - setenv - release @@ -76,7 +76,7 @@ jobs: GPG_KEY: ${{ secrets.GPG_KEY }} gh_token: ${{ secrets.HELM_INDEXER_TOKEN }} sbom: - uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@b8742370cb1539c1edb9ad5b8f479f121980587f + uses: ortelius/workflow-toolkit/.github/workflows/sbom-generation-workflow.yml@f4838576b2f6cc71062002313e23e7be5c636158 needs: - setenv - release diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0a6f6bf..dc7c60c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,14 +26,14 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: "go" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: category: "/language:go" diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 0fb6e42..ee1276b 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -25,7 +25,7 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances @@ -46,7 +46,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ success() || failure() }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: MegaLinter reports path: | diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c78cd4b..e4c1908 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -44,6 +44,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index acdabb8..ceaf8ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM cgr.dev/chainguard/go@sha256:2dbbaf104d1e38c4f456ccc5684fcd04e589393b2ab0e1def7d373eec1439751 AS builder +FROM cgr.dev/chainguard/go@sha256:72775522192e3c2fb356ce74759f1de29a67d22f64fdf3660d923ec75d842634 AS builder WORKDIR /app COPY . /app @@ -6,7 +6,7 @@ COPY . /app RUN go mod tidy; \ go build -o main . -FROM cgr.dev/chainguard/glibc-dynamic@sha256:cabf47ee4e6e339b32a82cb84b6779e128bb9e1f2441b0d8883ffbf1f8b54dd2 +FROM cgr.dev/chainguard/glibc-dynamic@sha256:d000aed862c42a81317eccd6aa10a5ad3eadd29b3483d7340e1b44ae1de81641 WORKDIR /app diff --git a/go.mod b/go.mod index 799f175..1423bb8 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/gofiber/fiber/v2 v2.52.5 github.com/ortelius/scec-commons v0.1.46 github.com/package-url/packageurl-go v0.1.3 - github.com/swaggo/swag v1.16.3 + github.com/swaggo/swag v1.16.4 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 ) diff --git a/go.sum b/go.sum index d0f4b79..70c48ae 100644 --- a/go.sum +++ b/go.sum @@ -105,6 +105,8 @@ github.com/swaggo/files/v2 v2.0.1 h1:XCVJO/i/VosCDsJu1YLpdejGsGnBE9deRMpjN4pJLHk github.com/swaggo/files/v2 v2.0.1/go.mod h1:24kk2Y9NYEJ5lHuCra6iVwkMjIekMCaFq/0JQj66kyM= github.com/swaggo/swag v1.16.3 h1:PnCYjPCah8FK4I26l2F/KQ4yz3sILcVUN3cTlBFA9Pg= github.com/swaggo/swag v1.16.3/go.mod h1:DImHIuOFXKpMFAQjcC7FG4m3Dg4+QuUgUzJmKjI/gRk= +github.com/swaggo/swag v1.16.4 h1:clWJtd9LStiG3VeijiCfOVODP6VpHtKdQy9ELFG3s1A= +github.com/swaggo/swag v1.16.4/go.mod h1:VBsHJRsDvfYvqoiMKnsdwhNV9LEMHgEDZcyVYX0sxPg= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.56.0 h1:bEZdJev/6LCBlpdORfrLu/WOZXXxvrUQSiyniuaoW8U=