Skip to content

Commit

Permalink
chore: fix dependabot alerts (#1942)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ramkumar Chinchani <[email protected]>
  • Loading branch information
@rchincha
rchincha authored Oct 16, 2023
1 parent 12227b4 commit d60786c
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 53 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/[email protected].1
uses: github/codeql-action/[email protected].3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -64,7 +64,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/[email protected].1
uses: github/codeql-action/[email protected].3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -77,4 +77,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/[email protected].1
uses: github/codeql-action/[email protected].3
2 changes: 1 addition & 1 deletion .github/workflows/publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/[email protected].1
uses: github/codeql-action/[email protected].3
with:
sarif_file: 'trivy-results.sarif'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/[email protected].1 # v1.0.26
uses: github/codeql-action/[email protected].3 # v1.0.26
with:
sarif_file: results.sarif
34 changes: 17 additions & 17 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.20
require (
github.com/99designs/gqlgen v0.17.39
github.com/Masterminds/semver v1.5.0
github.com/aquasecurity/trivy-db v0.0.0-20230831170347-f732860d4917
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
github.com/bmatcuk/doublestar/v4 v4.6.0
github.com/briandowns/spinner v1.23.0
github.com/chartmuseum/auth v0.5.0
Expand Down Expand Up @@ -44,9 +44,9 @@ require (
)

require (
github.com/aquasecurity/trivy v0.45.2-0.20231009110409-91841f59bac1
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.1
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.4
github.com/aquasecurity/trivy v0.46.0
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.2
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.21.5
github.com/aws/aws-secretsmanager-caching-go v1.1.2
github.com/containers/image/v5 v5.28.0
github.com/google/go-github/v52 v52.0.0
Expand All @@ -59,7 +59,7 @@ require (
github.com/project-zot/mockoidc v0.0.0-20230307111146-f607b4b5fb97
github.com/sigstore/cosign/v2 v2.2.0
github.com/swaggo/http-swagger v1.3.4
github.com/zitadel/oidc v1.13.4
github.com/zitadel/oidc v1.13.5
golang.org/x/oauth2 v0.13.0
modernc.org/sqlite v1.26.0
oras.land/oras-go/v2 v2.3.0
Expand Down Expand Up @@ -98,11 +98,11 @@ require (
github.com/aquasecurity/table v1.8.0 // indirect
github.com/aquasecurity/tml v0.6.1 // indirect
github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.6 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.18.1 // indirect
github.com/aws/aws-sdk-go-v2/service/ec2 v1.98.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.36 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.37 // indirect
github.com/buildkite/agent/v3 v3.52.1 // indirect
github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
Expand Down Expand Up @@ -285,20 +285,20 @@ require (
github.com/aliyun/credentials-go v1.2.3 // indirect
github.com/apparentlymart/go-cidr v1.1.0 // indirect
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
github.com/aquasecurity/go-dep-parser v0.0.0-20231005073811-1237b47625e1 // indirect
github.com/aquasecurity/go-dep-parser v0.0.0-20231013060839-6f348921ea39 // indirect
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce // indirect
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 // indirect
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.45.24
github.com/aws/aws-sdk-go-v2 v1.21.1
github.com/aws/aws-sdk-go-v2 v1.21.2
github.com/aws/aws-sdk-go-v2/config v1.18.44
github.com/aws/aws-sdk-go-v2/credentials v1.13.42 // indirect
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.41
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.42
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.12 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.42 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.36 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.44 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.17.18 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
Expand Down Expand Up @@ -369,7 +369,7 @@ require (
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/certificate-transparency-go v1.1.6 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/wire v0.5.0 // indirect
Expand Down Expand Up @@ -451,7 +451,7 @@ require (
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/sigstore/fulcio v1.4.0 // indirect
github.com/sigstore/rekor v1.2.2 // indirect
github.com/sigstore/sigstore v1.7.3
github.com/sigstore/sigstore v1.7.4
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/spf13/afero v1.10.0 // indirect
Expand Down Expand Up @@ -490,14 +490,14 @@ require (
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.16.0 // indirect
golang.org/x/mod v0.13.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.13.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/api v0.143.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20230913181813-007df8e322eb // indirect
google.golang.org/grpc v1.58.2 // indirect
google.golang.org/protobuf v1.31.0 // indirect
Expand Down
Loading

0 comments on commit d60786c

Please sign in to comment.