From 4d7ec04655170abde0b519bf81eeed5828328a87 Mon Sep 17 00:00:00 2001 From: Taras Drozdovskyi Date: Thu, 14 Dec 2023 09:26:09 +0200 Subject: [PATCH] Update 3rd-party components Signed-off-by: Taras Drozdovskyi --- .github/workflows/build.yml | 4 ++-- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/fossology-check.yml | 4 ++-- .github/workflows/go-fuzz-test.yml | 4 ++-- .../lint-vet-gofmt-staticcheck-analysis.yml | 4 ++-- .github/workflows/publish.yml | 14 +++++++------- .github/workflows/scorecards-analysis.yml | 8 ++++---- .github/workflows/test-suite.yml | 4 ++-- go.mod | 12 ++++++------ 9 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c88d9d9c..d7521f90 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 729650bb..36435b1f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,18 +22,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 + uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 with: languages: ${{ matrix.language }} - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 + uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 diff --git a/.github/workflows/fossology-check.yml b/.github/workflows/fossology-check.yml index 0b7f287e..e0073ca0 100644 --- a/.github/workflows/fossology-check.yml +++ b/.github/workflows/fossology-check.yml @@ -21,7 +21,7 @@ jobs: -e GITHUB_ACTIONS=true \ fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo # Upload artifact - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: scan-fossology-report path: ./results @@ -47,7 +47,7 @@ jobs: -e GITHUB_ACTIONS=true \ fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo copyright keyword # Upload artifact - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: scan-fossology-report path: ./results diff --git a/.github/workflows/go-fuzz-test.yml b/.github/workflows/go-fuzz-test.yml index a59acbd7..4424e759 100644 --- a/.github/workflows/go-fuzz-test.yml +++ b/.github/workflows/go-fuzz-test.yml @@ -13,10 +13,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' diff --git a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml index 660a28f5..bec1aab7 100644 --- a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml +++ b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml @@ -8,10 +8,10 @@ jobs: lintvetanalysis: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 12ab8594..55fa6b01 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,29 +12,29 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Check out the repo - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 with: images: lfedge/edge-home-orchestration-go tags: | type=semver,pattern={{version}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 - name: Log in to Docker Hub - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -45,7 +45,7 @@ jobs: cp configs/defdockerfiles/ubuntu_multistage Dockerfile - name: Build and push - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 with: context: . build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 6eea13b8..a1b3f89f 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -22,12 +22,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 with: results_file: results.sarif results_format: sarif @@ -40,7 +40,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 with: name: SARIF file path: results.sarif @@ -48,6 +48,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 + uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 with: sarif_file: results.sarif diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index 544891fc..caaee053 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -12,10 +12,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Setup Golang - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe with: go-version: '1.19' diff --git a/go.mod b/go.mod index 8bdc8d10..078d48f1 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/eclipse/paho.mqtt.golang v1.4.3 github.com/edgexfoundry/device-sdk-go v1.4.0 github.com/edgexfoundry/go-mod-core-contracts v0.1.115 - github.com/fsnotify/fsnotify v1.6.0 + github.com/fsnotify/fsnotify v1.7.0 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/mock v1.4.4 github.com/gomodule/redigo v1.8.9 @@ -28,10 +28,10 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 github.com/vishvananda/netlink v1.2.1-beta.2 - go.etcd.io/bbolt v1.3.7 + go.etcd.io/bbolt v1.3.8 gopkg.in/ini.v1 v1.67.0 gopkg.in/yaml.v3 v3.0.1 - gotest.tools/v3 v3.5.0 + gotest.tools/v3 v3.5.1 ) require ( @@ -88,10 +88,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect - golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect - golang.org/x/net v0.8.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.6.0 // indirect + golang.org/x/sys v0.13.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect )