From df2eba510371de45047e0dad1c6d48c5fa2c1a10 Mon Sep 17 00:00:00 2001 From: Taras Drozdovskyi Date: Mon, 22 Apr 2024 15:44:35 +0300 Subject: [PATCH] ci: Update 3rd-party components Signed-off-by: Taras Drozdovskyi --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/fossology-check.yml | 4 ++-- .github/workflows/go-fuzz-test.yml | 2 +- .../workflows/lint-vet-gofmt-staticcheck-analysis.yml | 2 +- .github/workflows/publish.yml | 10 +++++----- .github/workflows/scorecards-analysis.yml | 4 ++-- .github/workflows/test-suite.yml | 2 +- go.mod | 8 ++++---- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6d5c28d8..db09e1b5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,7 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Setup Golang uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c6bf8009..1d0041c6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,11 +22,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 + uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 with: languages: ${{ matrix.language }} @@ -36,4 +36,4 @@ jobs: go-version: '1.19' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 + uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 diff --git a/.github/workflows/fossology-check.yml b/.github/workflows/fossology-check.yml index 87ac4fa0..6a709409 100644 --- a/.github/workflows/fossology-check.yml +++ b/.github/workflows/fossology-check.yml @@ -9,7 +9,7 @@ jobs: name: Check license, copyright, keyword runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - run: | docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \ -e GITHUB_TOKEN=${{ github.token }} \ @@ -27,6 +27,6 @@ jobs: path: ./results # Artifact download - - uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 + - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 with: name: scan-fossology-report diff --git a/.github/workflows/go-fuzz-test.yml b/.github/workflows/go-fuzz-test.yml index 6f6ac6f2..6b0c0511 100644 --- a/.github/workflows/go-fuzz-test.yml +++ b/.github/workflows/go-fuzz-test.yml @@ -13,7 +13,7 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Setup Golang uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 diff --git a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml index b12f5569..33e52cae 100644 --- a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml +++ b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml @@ -8,7 +8,7 @@ jobs: lintvetanalysis: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Setup Golang uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 28fab701..2c642018 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Check out the repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Setup Golang uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 @@ -31,10 +31,10 @@ jobs: type=semver,pattern={{version}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 - name: Log in to Docker Hub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -45,7 +45,7 @@ jobs: cp configs/defdockerfiles/ubuntu_multistage Dockerfile - name: Build and push - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 with: context: . build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} @@ -103,7 +103,7 @@ jobs: id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.generate_hashes.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index e7cdf84d..726f32f2 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -37,7 +37,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f with: persist-credentials: false @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index 010bdf2f..782a1b7b 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -12,7 +12,7 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Setup Golang uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 diff --git a/go.mod b/go.mod index 8035bf94..e3556900 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 github.com/spf13/cast v1.4.1 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/vishvananda/netlink v1.2.1-beta.2 go.etcd.io/bbolt v1.3.9 gopkg.in/ini.v1 v1.67.0 @@ -88,10 +88,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.17.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.13.0 // indirect + golang.org/x/sys v0.18.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect )