Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update all non-major dependencies #1430

Merged
merged 7 commits into from
Mar 22, 2023
Merged

fix(deps): update all non-major dependencies #1430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1b7b418
fix(deps): update all non-major dependencies
renovate[bot] Mar 20, 2023
43ce4ae
Merge branch 'main' into renovate/all-minor-patch
Racer159 Mar 20, 2023
53475d3
Update go deps
Racer159 Mar 20, 2023
2f74391
Update go mod/go sum
Racer159 Mar 22, 2023
e301597
Merge branch 'main' into renovate/all-minor-patch
Racer159 Mar 22, 2023
acd18ac
Update grype.yaml for protobuf finding
Racer159 Mar 22, 2023
6b67b9d
Merge branch 'main' into renovate/all-minor-patch
Racer159 Mar 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
persist-credentials: false

Expand Down
12 changes: 3 additions & 9 deletions .grype.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,11 @@
# Ignore file for false positives from protobuf, see the following for more information:
# https://github.com/anchore/grype/issues/558
ignore:
# False positive from CPE confusion of NPM vs Rust Crates (https://github.com/anchore/grype/issues/931)
- vulnerability: CVE-2017-18589

# False positive from CPE confusion of an NPM package vs a website (https://github.com/anchore/grype/issues/446)
- vulnerability: CVE-2002-1647

# False positive from CPE confusion of svelte and svelte's extension
- vulnerability: CVE-2021-29261

# False positive from CPE confusion of a php vulnerability , https://nvd.nist.gov/vuln/detail/CVE-2018-25076
- vulnerability: CVE-2018-25076

# From rouille - The Zarf injector does not expose endpoints that use multipart form data
- vulnerability: GHSA-mc8h-8q98-g5hr

# From sigs.k8s.io/kustomize/api/krusty - This is a low vulnerability that does not impact Zarf as we do not marshall/unmarshall from protocol buffers
- vulnerability: GHSA-hw7c-3rfg-p46j
50 changes: 25 additions & 25 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,34 +18,34 @@ require (
github.com/anchore/syft v0.75.0
github.com/derailed/k9s v0.27.3
github.com/distribution/distribution v2.8.1+incompatible
github.com/docker/cli v20.10.22+incompatible
github.com/docker/cli v23.0.1+incompatible
github.com/fatih/color v1.15.0
github.com/fluxcd/helm-controller/api v0.31.1
github.com/fluxcd/source-controller/api v0.36.0
github.com/go-chi/chi/v5 v5.0.8
github.com/go-git/go-git/v5 v5.6.0
github.com/go-git/go-git/v5 v5.6.1
github.com/go-logr/logr v1.2.3
github.com/goccy/go-yaml v1.10.0
github.com/google/go-containerregistry v0.13.0
github.com/google/go-containerregistry v0.14.0
github.com/mholt/archiver/v3 v3.5.1
github.com/moby/moby v23.0.1+incompatible
github.com/opencontainers/image-spec v1.1.0-rc2
github.com/otiai10/copy v1.9.0
github.com/pkg/errors v0.9.1
github.com/pterm/pterm v0.12.55
github.com/pterm/pterm v0.12.56
github.com/sigstore/cosign v1.13.1
github.com/spf13/cobra v1.6.1
github.com/spf13/viper v1.15.0
github.com/stretchr/testify v1.8.2
golang.org/x/crypto v0.7.0
helm.sh/helm/v3 v3.11.2
k8s.io/api v0.26.2
k8s.io/apimachinery v0.26.2
k8s.io/client-go v0.26.2
k8s.io/component-base v0.26.2
k8s.io/api v0.26.3
k8s.io/apimachinery v0.26.3
k8s.io/client-go v0.26.3
k8s.io/component-base v0.26.3
k8s.io/klog/v2 v2.90.1
k8s.io/kubectl v0.26.2
oras.land/oras-go/v2 v2.0.0
k8s.io/kubectl v0.26.3
oras.land/oras-go/v2 v2.0.2
sigs.k8s.io/kustomize/api v0.12.1
sigs.k8s.io/kustomize/kyaml v0.13.9
sigs.k8s.io/yaml v1.3.0
Expand All @@ -55,7 +55,7 @@ require (
atomicgo.dev/cursor v0.1.1 // indirect
atomicgo.dev/keyboard v0.2.9 // indirect
bitbucket.org/creachadair/shell v0.0.7 // indirect
cloud.google.com/go/compute v1.14.0 // indirect
cloud.google.com/go/compute v1.18.0 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect
Expand All @@ -77,10 +77,10 @@ require (
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Masterminds/squirrel v1.5.3 // indirect
github.com/Microsoft/go-winio v0.6.0 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
github.com/acobaugh/osrelease v0.1.0 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/adrg/xdg v0.4.0 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
Expand Down Expand Up @@ -136,7 +136,7 @@ require (
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/containerd v1.6.18 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/coreos/go-oidc/v3 v3.4.0 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534 // indirect
Expand Down Expand Up @@ -176,7 +176,7 @@ require (
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-git/gcfg v1.5.0 // indirect
github.com/go-git/go-billy/v5 v5.4.0 // indirect
github.com/go-git/go-billy/v5 v5.4.1 // indirect
github.com/go-gorp/gorp/v3 v3.0.5 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
Expand All @@ -200,7 +200,7 @@ require (
github.com/golang/glog v1.0.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/certificate-transparency-go v1.1.3 // indirect
Expand Down Expand Up @@ -230,7 +230,7 @@ require (
github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/in-toto/in-toto-golang v0.3.4-0.20220709202702-fa494aaa0add // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
github.com/jhump/protoreflect v1.13.0 // indirect
Expand All @@ -242,7 +242,7 @@ require (
github.com/json-iterator/go v1.1.12 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/klauspost/compress v1.15.11 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/klauspost/pgzip v1.2.5 // indirect
github.com/knqyf263/go-rpmdb v0.0.0-20221030135625-4082a22221ce // indirect
github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
Expand Down Expand Up @@ -379,18 +379,18 @@ require (
golang.org/x/exp v0.0.0-20230202163644-54bba9f4231b // indirect
golang.org/x/mod v0.9.0 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/oauth2 v0.1.0 // indirect
golang.org/x/oauth2 v0.6.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.6.0 // indirect
golang.org/x/term v0.6.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.6.0 // indirect
golang.org/x/tools v0.7.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2 // indirect
google.golang.org/grpc v1.52.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
google.golang.org/protobuf v1.29.0 // indirect
gopkg.in/cheggaaa/pb.v1 v1.0.28 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
Expand All @@ -401,10 +401,10 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.26.2 // indirect
k8s.io/apiserver v0.26.2 // indirect
k8s.io/cli-runtime v0.26.2 // indirect
k8s.io/component-helpers v0.26.2 // indirect
k8s.io/cli-runtime v0.26.3 // indirect
k8s.io/component-helpers v0.26.3 // indirect
k8s.io/kube-openapi v0.0.0-20230109183929-3758b55a6596 // indirect
k8s.io/metrics v0.26.2 // indirect
k8s.io/metrics v0.26.3 // indirect
k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect
lukechampine.com/uint128 v1.1.1 // indirect
modernc.org/cc/v3 v3.36.0 // indirect
Expand Down
Loading