From 0719e17ca72adb744a20d3f15c0e7bebe5b14de4 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 11 Sep 2023 02:18:13 +0200 Subject: [PATCH 1/3] fix(deps): update osv-scanner minor (#528) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang.org/x/exp | require | digest | `d852ddb` -> `9212866` | | golang.org/x/term | require | minor | `v0.11.0` -> `v0.12.0` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. đŸ‘ģ **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- go.mod | 12 ++++++------ go.sum | 26 +++++++++++++------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/go.mod b/go.mod index 0800cda551..ab939e64c7 100644 --- a/go.mod +++ b/go.mod @@ -15,10 +15,10 @@ require ( github.com/package-url/packageurl-go v0.1.1 github.com/spdx/tools-golang v0.5.3 github.com/urfave/cli/v2 v2.25.7 - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 + golang.org/x/exp v0.0.0-20230905200255-921286631fa9 golang.org/x/mod v0.12.0 golang.org/x/sync v0.3.0 - golang.org/x/term v0.11.0 + golang.org/x/term v0.12.0 golang.org/x/vuln v1.0.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -50,9 +50,9 @@ require ( github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect - golang.org/x/crypto v0.12.0 // indirect - golang.org/x/net v0.14.0 // indirect - golang.org/x/sys v0.11.0 // indirect - golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + golang.org/x/crypto v0.13.0 // indirect + golang.org/x/net v0.15.0 // indirect + golang.org/x/sys v0.12.0 // indirect + golang.org/x/tools v0.13.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index b2764adc36..c93019d299 100644 --- a/go.sum +++ b/go.sum @@ -128,10 +128,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= -golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= +golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= +golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= @@ -145,8 +145,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -166,15 +166,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= -golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= -golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= +golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -184,13 +184,13 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/vuln v1.0.0 h1:tYLAU3jD9LQr98Y+3el06lWyGMCnvzw06PIWP3LIy7g= golang.org/x/vuln v1.0.0/go.mod h1:V0eyhHwaAaHrt42J9bgrN6rd12f6GU4T0Lu0ex2wDg4= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From d332d92851fbc4be77d49732e4db0cd3cf9d8647 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 11 Sep 2023 02:19:58 +0200 Subject: [PATCH 2/3] chore(deps): update workflows (#529) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v3.1.2` -> `v3.1.3` | | [docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action) | action | digest | `4c0219f` -> `885d146` | | gaurav-nelson/github-action-markdown-link-check | action | digest | `46e4421` -> `a996638` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.21.4` -> `v2.21.5` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v4.3.0` -> `v4.6.0` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.8.0` -> `v1.9.0` | --- ### Release Notes
actions/upload-artifact (actions/upload-artifact) ### [`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3) #### What's Changed - chore(github): remove trailing whitespaces by [@​ljmf00](https://togithub.com/ljmf00) in [https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313) - Bump [@​actions/artifact](https://togithub.com/actions/artifact) version to v1.1.2 by [@​bethanyj28](https://togithub.com/bethanyj28) in [https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436) **Full Changelog**: https://github.com/actions/upload-artifact/compare/v3...v3.1.3
github/codeql-action (github/codeql-action) ### [`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)
goreleaser/goreleaser-action (goreleaser/goreleaser-action) ### [`v4.6.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.6.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.5.0...v4.6.0) Reverts the change to `node20` runtime. **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v4.5.0...v4.6.0 ### [`v4.5.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.5.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.4.0...v4.5.0) #### What's Changed - chore(deps): bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/427](https://togithub.com/goreleaser/goreleaser-action/pull/427) - feat: bump to use node20 runtime, actions/checkout to v4 by [@​kbdharun](https://togithub.com/kbdharun) in [https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430) #### New Contributors - [@​kbdharun](https://togithub.com/kbdharun) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430) **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v4.4.0...v4.5.0 ### [`v4.4.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.4.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.3.0...v4.4.0) ##### What's Changed - chore(deps): bump semver from 7.5.0 to 7.5.1 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/417](https://togithub.com/goreleaser/goreleaser-action/pull/417) - feat: support oss nightlies by [@​caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/424](https://togithub.com/goreleaser/goreleaser-action/pull/424) **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v4.3.0...v4.4.0
slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator) ### [`v1.9.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v190) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0) Release \[v1.9.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0). ##### v1.9.0: BYOB framework (beta) - **New**: A [new framework](https://togithub.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md) to turn GitHub Actions into SLSA compliant builders. ##### v1.9.0: Maven builder (beta) - **New**: A [Maven builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven) to build Java projects and publish to Maven central. ##### v1.9.0: Gradle builder (beta) - **New**: A [Gradle builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle) to build Java projects and publish to Maven central. ##### v1.9.0: JReleaser builder - **New**: A [JReleaser builder](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java) that wraps the official [JReleaser Action](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java).
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. đŸ‘ģ **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/goreleaser.yml | 6 +++--- .github/workflows/link-check-on-push.yml | 2 +- .github/workflows/link-check.yml | 2 +- .github/workflows/osv-scanner-reusable-pr.yml | 8 ++++---- .github/workflows/osv-scanner-reusable-scheduled.yml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b4e7b3d4ee..ad843d39e4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -55,7 +55,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -69,4 +69,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index e2a3b34a21..8521d83d71 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -34,7 +34,7 @@ jobs: - name: Run Lints uses: ./.github/workflows/lint-action - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2 + - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2 - name: ghcr-login uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: @@ -43,7 +43,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 + uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0 with: version: latest args: release --rm-dist @@ -63,7 +63,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.8.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/link-check-on-push.yml b/.github/workflows/link-check-on-push.yml index 8a50f84e9c..2826c09b53 100644 --- a/.github/workflows/link-check-on-push.yml +++ b/.github/workflows/link-check-on-push.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad + - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154 with: use-quiet-mode: "yes" base-branch: "main" diff --git a/.github/workflows/link-check.yml b/.github/workflows/link-check.yml index ca7f594f2a..8988a5751e 100644 --- a/.github/workflows/link-check.yml +++ b/.github/workflows/link-check.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad + - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154 with: use-quiet-mode: "yes" # Documentation available here: https://github.com/marketplace/actions/markdown-link-check \ No newline at end of file diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml index 8fa08c98dc..65beeccbd3 100644 --- a/.github/workflows/osv-scanner-reusable-pr.yml +++ b/.github/workflows/osv-scanner-reusable-pr.yml @@ -54,21 +54,21 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: '!cancelled()' - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: final-results.sarif retention-days: 5 - name: "Upload old scan json results" if: '!cancelled()' - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: old-json-results path: old-results.json retention-days: 5 - name: "Upload new scan json results" if: '!cancelled()' - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: new-json-results path: new-results.json @@ -76,7 +76,7 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: '!cancelled()' - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 with: sarif_file: final-results.sarif diff --git a/.github/workflows/osv-scanner-reusable-scheduled.yml b/.github/workflows/osv-scanner-reusable-scheduled.yml index 07da4d452a..de3f220116 100644 --- a/.github/workflows/osv-scanner-reusable-scheduled.yml +++ b/.github/workflows/osv-scanner-reusable-scheduled.yml @@ -33,7 +33,7 @@ jobs: # format to the repository Actions tab. - name: "Upload artifact" if: '!cancelled()' - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif @@ -41,7 +41,7 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: '!cancelled()' - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 with: sarif_file: results.sarif diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 9f38ec638a..c7a59be514 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5 with: sarif_file: results.sarif From 9048ba6c5e4e041841ccc26527cefe4eca6b3936 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 11 Sep 2023 02:20:36 +0200 Subject: [PATCH 3/3] chore(deps): update golang:alpine docker digest to 96634e5 (#527) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang | stage | digest | `445f340` -> `96634e5` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- Dockerfile | 2 +- action.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2058da3ec2..a8dd6bf30c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:alpine@sha256:445f34008a77b0b98bf1821bf7ef5e37bb63cc42d22ee7c21cc17041070d134f AS builder +FROM golang:alpine@sha256:96634e55b363cb93d39f78fb18aa64abc7f96d372c176660d7b8b6118939d97b AS builder WORKDIR /src COPY ./go.mod ./go.sum ./ diff --git a/action.dockerfile b/action.dockerfile index 84f422c1a8..b4337def73 100644 --- a/action.dockerfile +++ b/action.dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:alpine@sha256:445f34008a77b0b98bf1821bf7ef5e37bb63cc42d22ee7c21cc17041070d134f +FROM golang:alpine@sha256:96634e55b363cb93d39f78fb18aa64abc7f96d372c176660d7b8b6118939d97b RUN mkdir /src WORKDIR /src