diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ffd0c5161d6..37ae68dd4d7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -65,7 +65,7 @@ jobs: # don't use the default version of Go from GitHub runners # https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -73,7 +73,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: languages: ${{ matrix.language }} queries: +security-extended @@ -85,7 +85,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -99,4 +99,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 32088efd02c..06e6b4f2b95 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -80,7 +80,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go # needed for some of the Makefile evaluations, even if building happens in Docker if: (needs.docs_only_check.outputs.docs_only != 'true') - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index ccde27e090a..79a3641eead 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -41,7 +41,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha || github.sha }} # head SHA if PR, else fallback to push SHA - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -86,7 +86,7 @@ jobs: command: make e2e-gitlab-token - name: codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # 5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # 5.3.1 with: files: "*e2e-coverage.out" verbose: true diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 5d647bbad51..0bb62e7ef05 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -43,7 +43,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index e43c18bfcc0..80408a564ae 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -52,7 +52,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -87,7 +87,7 @@ jobs: command: make e2e-gh-token - name: codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # 5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # 5.3.1 with: files: "*e2e-coverage.out" verbose: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4973069090d..09a66232c50 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} cache: false # golangci-lint maintains its own cache diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f0072c1da87..fac7fd82b95 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,7 +43,7 @@ jobs: - name: Clone the code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -68,7 +68,7 @@ jobs: - name: Run unit-tests run: make unit-test - name: Upload codecoverage - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # 5.1.2 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # 5.3.1 with: files: ./unit-coverage.out verbose: true @@ -83,7 +83,7 @@ jobs: timeout_minutes: 30 command: make e2e-pat - name: codecov - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # 2.1.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # 2.1.0 if: ${{ github.event_name != 'pull_request' || github.actor != 'dependabot[bot]' }} with: files: "*e2e-coverage.out" @@ -121,7 +121,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -149,7 +149,7 @@ jobs: - name: Clone the code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -239,7 +239,7 @@ jobs: - name: Clone the code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -281,7 +281,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -308,7 +308,7 @@ jobs: - name: Clone the code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -344,7 +344,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -370,7 +370,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 771e1171520..f147f5efdae 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -45,7 +45,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/scdiff.yml b/.github/workflows/scdiff.yml index 225182e8334..88414e97094 100644 --- a/.github/workflows/scdiff.yml +++ b/.github/workflows/scdiff.yml @@ -93,7 +93,7 @@ jobs: with: ref: ${{ steps.config.outputs.base }} - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 41de6246e74..0a0d7271c0a 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -51,6 +51,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 0cc420b73f2..8a95902cb1d 100644 --- a/go.mod +++ b/go.mod @@ -88,7 +88,7 @@ require ( github.com/go-openapi/swag v0.22.9 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.2 // indirect - github.com/golang/glog v1.2.2 // indirect + github.com/golang/glog v1.2.4 // indirect github.com/google/flatbuffers v23.5.26+incompatible // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-github/v68 v68.0.0 // indirect diff --git a/go.sum b/go.sum index 7aab225f300..f4312743d59 100644 --- a/go.sum +++ b/go.sum @@ -359,8 +359,8 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc= +github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=