diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b4b60af..a0c8083 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -73,7 +73,7 @@ jobs: echo "created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >>$GITHUB_OUTPUT - name: Check out code - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index cc0549e..6c46e5d 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -29,7 +29,7 @@ jobs: id: go - name: Check out code - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Get dependencies run: | @@ -74,7 +74,7 @@ jobs: - name: Create release if: steps.release_details.outputs.valid == 'true' id: release_create - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 323d76c..d444296 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # version check is intentionally not pinned (self reference testing the main branch) - name: Version Check diff --git a/.github/workflows/vulnscans.yml b/.github/workflows/vulnscans.yml index fa56b59..1a3dc97 100644 --- a/.github/workflows/vulnscans.yml +++ b/.github/workflows/vulnscans.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Set up Go" uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 diff --git a/.version-bump.lock b/.version-bump.lock index d432fae..e9f42d2 100644 --- a/.version-bump.lock +++ b/.version-bump.lock @@ -1,30 +1,30 @@ -{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.24.0","version":"sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4"} -{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.24.0"} -{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.26.4-alpine","version":"sha256:7a3e50096189ad57c9f9f865e7e4aa8585ed1585248513dc5cda498e2f41812c"} +{"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.24.1","version":"sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b"} +{"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.24.1"} +{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.26.4-alpine","version":"sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648"} {"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.26.4"} {"name":"gha-golang-release","key":"golang-latest","version":"1.26"} -{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v6.0.3","version":"df4cb1c069e1874edd31b4311f1884172cec0e10"} +{"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v7.0.0","version":"9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"} {"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v6.4.0","version":"4a3601121dd01d1626a1e23e37211e3254c1c06c"} {"name":"gha-uses-commit","key":"https://github.com/actions/upload-artifact.git:v7.0.1","version":"043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"} {"name":"gha-uses-commit","key":"https://github.com/docker/build-push-action.git:v7.2.0","version":"f9f3042f7e2789586610d6e8b85c8f03e5195baf"} {"name":"gha-uses-commit","key":"https://github.com/docker/login-action.git:v4.2.0","version":"650006c6eb7dba73a995cc03b0b2d7f5ca915bee"} {"name":"gha-uses-commit","key":"https://github.com/docker/setup-buildx-action.git:v4.1.0","version":"d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5"} {"name":"gha-uses-commit","key":"https://github.com/sigstore/cosign-installer.git:v4.1.2","version":"6f9f17788090df1f26f669e9d70d6ae9567deba6"} -{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v3.0.0","version":"b4309332981a82ec1c5618f44dd2e27cc8bfbfda"} -{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v6.0.3"} +{"name":"gha-uses-commit","key":"https://github.com/softprops/action-gh-release.git:v3.0.1","version":"718ea10b132b3b2eba29c1007bb80653f286566b"} +{"name":"gha-uses-semver","key":"https://github.com/actions/checkout.git","version":"v7.0.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/setup-go.git","version":"v6.4.0"} {"name":"gha-uses-semver","key":"https://github.com/actions/upload-artifact.git","version":"v7.0.1"} {"name":"gha-uses-semver","key":"https://github.com/docker/build-push-action.git","version":"v7.2.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/login-action.git","version":"v4.2.0"} {"name":"gha-uses-semver","key":"https://github.com/docker/setup-buildx-action.git","version":"v4.1.0"} {"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v4.1.2"} -{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v3.0.0"} +{"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v3.0.1"} {"name":"go-mod-golang-release","key":"golang-latest","version":"1.26"} -{"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.3.0"} +{"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.4.0"} {"name":"makefile-gofumpt","key":"https://github.com/mvdan/gofumpt.git","version":"v0.10.0"} {"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.15.0"} {"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.27.1"} {"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.22.1"} -{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.3.8"} +{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.4.0"} {"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.7.0"} {"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.26.4"} diff --git a/Dockerfile b/Dockerfile index 8aad764..5d27006 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG REGISTRY=docker.io -ARG ALPINE_VER=3.24.0@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 -ARG GO_VER=1.26.4-alpine@sha256:7a3e50096189ad57c9f9f865e7e4aa8585ed1585248513dc5cda498e2f41812c +ARG ALPINE_VER=3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b +ARG GO_VER=1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 FROM ${REGISTRY}/library/golang:${GO_VER} AS build RUN apk add --no-cache \ diff --git a/Dockerfile.buildkit b/Dockerfile.buildkit index dd66679..ae342ce 100644 --- a/Dockerfile.buildkit +++ b/Dockerfile.buildkit @@ -1,6 +1,6 @@ ARG REGISTRY=docker.io -ARG ALPINE_VER=3.24.0@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 -ARG GO_VER=1.26.4-alpine@sha256:7a3e50096189ad57c9f9f865e7e4aa8585ed1585248513dc5cda498e2f41812c +ARG ALPINE_VER=3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b +ARG GO_VER=1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS build RUN apk add --no-cache \ diff --git a/Makefile b/Makefile index f4ac13b..0686834 100644 --- a/Makefile +++ b/Makefile @@ -21,8 +21,8 @@ MARKDOWN_LINT_VER?=v0.22.1 GOFUMPT_VER?=v0.10.0 GOMAJOR_VER?=v0.15.0 GOSEC_VER?=v2.27.1 -GO_VULNCHECK_VER?=v1.3.0 -OSV_SCANNER_VER?=v2.3.8 +GO_VULNCHECK_VER?=v1.4.0 +OSV_SCANNER_VER?=v2.4.0 STATICCHECK_VER?=v0.7.0 .PHONY: .FORCE diff --git a/go.mod b/go.mod index 3b78667..18f40e4 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( dario.cat/mergo v1.0.2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.4.1 // indirect - github.com/cloudflare/circl v1.6.3 // indirect - github.com/cyphar/filepath-securejoin v0.6.1 // indirect + github.com/cloudflare/circl v1.6.4 // indirect + github.com/cyphar/filepath-securejoin v0.7.0 // indirect github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect diff --git a/go.sum b/go.sum index 65aa57e..270912f 100644 --- a/go.sum +++ b/go.sum @@ -11,11 +11,11 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8= -github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= +github.com/cloudflare/circl v1.6.4 h1:pOXuDTCEYyzydgUpQ0CQz3LsinKjiSk6nNP5Lt5K64U= +github.com/cloudflare/circl v1.6.4/go.mod h1:YxarevkLlbaHuWsxG6vmYNWBEsSp4pnp7j+4VljMavY= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/cyphar/filepath-securejoin v0.6.1 h1:5CeZ1jPXEiYt3+Z6zqprSAgSWiggmpVyciv8syjIpVE= -github.com/cyphar/filepath-securejoin v0.6.1/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc= +github.com/cyphar/filepath-securejoin v0.7.0 h1:s0Y3ITPy6sQn5xt54DuYvTF8hu134ooYLUb58DX/HjE= +github.com/cyphar/filepath-securejoin v0.7.0/go.mod h1:ymLGms/u3BYaviIiuKFnUx8EkQEZeK6cInNoAPJA3o4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=