Skip to content

Commit

Permalink
chore: fix dependabot alerts (#2810)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
  • Loading branch information
@rchincha
rchincha authored Dec 6, 2024
1 parent 5e30fec commit 72c6e8a
Show file tree
Hide file tree
Showing 8 changed files with 89 additions and 85 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3.27.4
uses: github/codeql-action/init@v3.27.5
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -64,7 +64,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3.27.4
uses: github/codeql-action/autobuild@v3.27.5

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -77,4 +77,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3.27.4
uses: github/codeql-action/analyze@v3.27.5
4 changes: 2 additions & 2 deletions .github/workflows/publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3.27.4
uses: github/codeql-action/upload-sarif@v3.27.5
with:
sarif_file: 'trivy-results.sarif'

Expand Down Expand Up @@ -274,7 +274,7 @@ jobs:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3.27.4
uses: github/codeql-action/upload-sarif@v3.27.5
with:
sarif_file: 'trivy-results.sarif'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@v3.27.4
uses: github/codeql-action/upload-sarif@v3.27.5
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/web-scan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
env:
FLAVOR: ${{ matrix.flavor }}
- name: ZAP Scan Rest API
uses: zaproxy/action-baseline@v0.13.0
uses: zaproxy/action-baseline@v0.14.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
Expand Down
45 changes: 23 additions & 22 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,22 +3,22 @@ module zotregistry.dev/zot
go 1.23.2

require (
github.com/99designs/gqlgen v0.17.55
github.com/99designs/gqlgen v0.17.57
github.com/Masterminds/semver v1.5.0
github.com/aquasecurity/trivy v0.57.1
github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1
github.com/aws/aws-sdk-go v1.55.5
github.com/aws/aws-sdk-go-v2 v1.32.5
github.com/aws/aws-sdk-go-v2/config v1.28.5
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.17
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.1
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.6
github.com/aws/aws-sdk-go-v2 v1.32.6
github.com/aws/aws-sdk-go-v2/config v1.28.6
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.18
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.37.2
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.7
github.com/aws/aws-secretsmanager-caching-go v1.2.0
github.com/aws/smithy-go v1.22.1
github.com/bmatcuk/doublestar/v4 v4.7.1
github.com/briandowns/spinner v1.23.1
github.com/chartmuseum/auth v0.5.0
github.com/containers/common v0.60.4
github.com/containers/common v0.61.0
github.com/containers/image/v5 v5.33.0
github.com/dchest/siphash v1.2.3
github.com/didip/tollbooth/v7 v7.0.2
Expand Down Expand Up @@ -54,10 +54,10 @@ require (
github.com/smartystreets/goconvey v1.8.1
github.com/spf13/cobra v1.8.1
github.com/spf13/viper v1.19.0
github.com/stretchr/testify v1.9.0
github.com/stretchr/testify v1.10.0
github.com/swaggo/http-swagger v1.3.4
github.com/swaggo/swag v1.16.4
github.com/vektah/gqlparser/v2 v2.5.19
github.com/vektah/gqlparser/v2 v2.5.20
github.com/zitadel/oidc/v3 v3.33.1
go.etcd.io/bbolt v1.3.11
golang.org/x/crypto v0.29.0
Expand All @@ -66,7 +66,7 @@ require (
google.golang.org/protobuf v1.35.2
gopkg.in/resty.v1 v1.12.0
gopkg.in/yaml.v3 v3.0.1
modernc.org/sqlite v1.33.1
modernc.org/sqlite v1.34.2
oras.land/oras-go/v2 v2.5.0
)

Expand Down Expand Up @@ -124,7 +124,7 @@ require (
github.com/VividCortex/ewma v1.2.0 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
github.com/agext/levenshtein v1.2.3 // indirect
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/agnivade/levenshtein v1.2.0 // indirect
github.com/alecthomas/chroma v0.10.0 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
Expand All @@ -150,23 +150,23 @@ require (
github.com/aquasecurity/trivy-checks v1.2.2 // indirect
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.46 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.47 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.6 // indirect
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.24.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ebs v1.25.3 // indirect
github.com/aws/aws-sdk-go-v2/service/ec2 v1.179.1 // indirect
github.com/aws/aws-sdk-go-v2/service/ecr v1.35.2 // indirect
github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.25.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.6 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
github.com/aws/aws-sdk-go-v2/service/s3 v1.63.2 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect
github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240730143543-a8d7d3c42ca1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
Expand Down Expand Up @@ -258,6 +258,7 @@ require (
github.com/go-piv/piv-go v1.11.0 // indirect
github.com/go-pkgz/expirable-cache/v3 v3.0.0 // indirect
github.com/go-redis/redis/v8 v8.11.5 // indirect
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
Expand Down Expand Up @@ -440,7 +441,7 @@ require (
github.com/transparency-dev/merkle v0.0.2 // indirect
github.com/twitchtv/twirp v8.1.3+incompatible // indirect
github.com/ulikunitz/xz v0.5.12 // indirect
github.com/urfave/cli/v2 v2.27.4 // indirect
github.com/urfave/cli/v2 v2.27.5 // indirect
github.com/vbatts/tar-split v0.11.6 // indirect
github.com/vbauerster/mpb/v8 v8.8.3 // indirect
github.com/veraison/go-cose v1.2.1 // indirect
Expand Down
Loading

0 comments on commit 72c6e8a

Please sign in to comment.