From 9a51f252d945483139e5f71b0028dadbbff80197 Mon Sep 17 00:00:00 2001 From: Azeem Shaikh Date: Tue, 21 Mar 2023 22:14:55 +0530 Subject: [PATCH 001/316] Remove unused code from changeset creation (#2776) Signed-off-by: Azeem Shaikh --- checks/raw/code_review.go | 14 +- checks/raw/code_review_test.go | 443 ++++++++++++++++----------------- 2 files changed, 214 insertions(+), 243 deletions(-) diff --git a/checks/raw/code_review.go b/checks/raw/code_review.go index bb7992ca97d..55f6a499d27 100644 --- a/checks/raw/code_review.go +++ b/checks/raw/code_review.go @@ -183,19 +183,7 @@ func getChangesets(commits []clients.Commit) []checker.Changeset { // Changesets are returned in map order (i.e. randomized) for ri := range changesetsByRevInfo { - // Ungroup all commits that don't have revision info - cs := changesetsByRevInfo[ri] - missing := revisionInfo{} - if ri == missing { - for i := range cs.Commits { - c := cs.Commits[i] - changesets = append(changesets, checker.Changeset{ - Commits: []clients.Commit{c}, - }) - } - } else { - changesets = append(changesets, cs) - } + changesets = append(changesets, changesetsByRevInfo[ri]) } return changesets diff --git a/checks/raw/code_review_test.go b/checks/raw/code_review_test.go index eace20d3b5e..ac87842e3f1 100644 --- a/checks/raw/code_review_test.go +++ b/checks/raw/code_review_test.go @@ -15,84 +15,91 @@ package raw import ( - "strings" "testing" "time" - "golang.org/x/exp/slices" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/clients" ) -//nolint:gocritic -func assertCommitEq(t *testing.T, actual clients.Commit, expected clients.Commit) { - t.Helper() - - if actual.SHA != expected.SHA { - t.Fatalf("commit shas mismatched\na.sha: %s\nb.sha %s", actual.SHA, expected.SHA) - } -} - -func assertChangesetEq(t *testing.T, actual, expected *checker.Changeset) { - t.Helper() - - if actual.ReviewPlatform != expected.ReviewPlatform { - t.Fatalf( - "changeset review platform mismatched\na.platform: %s\nb.platform: %s", - actual.ReviewPlatform, - expected.ReviewPlatform, - ) - } - - if actual.RevisionID != expected.RevisionID { - t.Fatalf( - "changeset revisionID mismatched\na.revid: %s\nb.revid %s", - actual.RevisionID, - expected.RevisionID, - ) - } - - if len(actual.Commits) != len(expected.Commits) { - t.Fatalf( - "changesets contain different numbers of commits\na:%d\nb:%d", - len(actual.Commits), - len(expected.Commits), - ) - } - - for i := range actual.Commits { - assertCommitEq(t, actual.Commits[i], expected.Commits[i]) - } -} - -//nolint:gocritic -func csless(a, b checker.Changeset) bool { - if cmp := strings.Compare(a.RevisionID, b.RevisionID); cmp != 0 { - return cmp < 0 - } - - return a.ReviewPlatform < b.ReviewPlatform -} - -func assertChangesetArrEq(t *testing.T, actual, expected []checker.Changeset) { - t.Helper() - - if len(actual) != len(expected) { - t.Fatalf("different number of changesets\na:%d\nb:%d", len(actual), len(expected)) - } - - slices.SortFunc(actual, csless) - slices.SortFunc(expected, csless) - - for i := range actual { - assertChangesetEq(t, &actual[i], &expected[i]) - } -} - // TestCodeReviews tests the CodeReviews function. func Test_getChangesets(t *testing.T) { t.Parallel() + var ( + commitC = clients.Commit{ + SHA: "c", + AssociatedMergeRequest: clients.PullRequest{ + Number: 3, + MergedAt: time.Date(2023 /*year*/, time.March, 21, /*day*/ + 13 /*hour*/, 42 /*min*/, 0 /*sec*/, 0 /*nsec*/, time.UTC), + }, + Message: "merge commitSHA c form GitHub", + } + commitB = clients.Commit{ + SHA: "b", + AssociatedMergeRequest: clients.PullRequest{ + Number: 2, + MergedAt: time.Date(2023 /*year*/, time.March, 21, /*day*/ + 13 /*hour*/, 41 /*min*/, 0 /*sec*/, 0 /*nsec*/, time.UTC), + }, + Message: "merge commitSHA b from GitHub", + } + commitBUnsquashed = clients.Commit{ + SHA: "b_unsquashed", + AssociatedMergeRequest: clients.PullRequest{ + Number: 2, + MergedAt: time.Date(2023 /*year*/, time.March, 21, /*day*/ + 13 /*hour*/, 40 /*min*/, 0 /*sec*/, 0 /*nsec*/, time.UTC), + }, + Message: "unsquashed commitSHA b_unsquashed from GitHub", + } + commitA = clients.Commit{ + SHA: "a", + AssociatedMergeRequest: clients.PullRequest{ + Number: 1, + MergedAt: time.Date(2023 /*year*/, time.March, 21, /*day*/ + 13 /*hour*/, 39 /*min*/, 0 /*sec*/, 0 /*nsec*/, time.UTC), + }, + Message: "merge commitSHA a from GitHub", + } + + phabricatorCommitA = clients.Commit{ + Message: "\nDifferential Revision: 123\nReviewed By: user-123", + SHA: "abc", + } + phabricatorCommitAUnsquashed = clients.Commit{ + Message: "\nDifferential Revision: 123\nReviewed By: user-123", + SHA: "adef", + } + phabricatorCommitAUnsquashed2 = clients.Commit{ + Message: "\nDifferential Revision: 123\nReviewed By: user-456", + SHA: "afab", + } + phabricatorCommitB = clients.Commit{ + Message: "\nDifferential Revision: 158\nReviewed By: user-123", + SHA: "def", + } + phabricatorCommitC = clients.Commit{ + Message: "\nDifferential Revision: 2000\nReviewed By: user-456", + SHA: "fab", + } + phabricatorCommitD = clients.Commit{ + Message: "\nDifferential Revision: 2\nReviewed By: user-456", + SHA: "d", + } + + gerritCommitB = clients.Commit{ + Message: "first change\nReviewed-on: server.url \nReviewed-by:user-123", + SHA: "abc", + } + gerritCommitA = clients.Commit{ + Message: "followup\nReviewed-on: server.url \nReviewed-by:user-123", + SHA: "def", + } + ) tests := []struct { name string @@ -100,280 +107,247 @@ func Test_getChangesets(t *testing.T) { expected []checker.Changeset }{ { - name: "commit history squashed during merge", - commits: []clients.Commit{ - { - SHA: "a", - AssociatedMergeRequest: clients.PullRequest{Number: 3, MergedAt: time.Now()}, - }, - { - SHA: "b", - AssociatedMergeRequest: clients.PullRequest{Number: 2, MergedAt: time.Now()}, - }, - { - SHA: "c", - AssociatedMergeRequest: clients.PullRequest{Number: 1, MergedAt: time.Now()}, - }, - }, + name: "github: merge with squash", + commits: []clients.Commit{commitC, commitB, commitA}, expected: []checker.Changeset{ { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "3", - Commits: []clients.Commit{{SHA: "a"}}, + Commits: []clients.Commit{commitC}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "2", - Commits: []clients.Commit{{SHA: "b"}}, + Commits: []clients.Commit{commitB}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "1", - Commits: []clients.Commit{{SHA: "c"}}, + Commits: []clients.Commit{commitA}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, }, }, { - name: "commits in reverse chronological order", - commits: []clients.Commit{ - { - SHA: "a", - AssociatedMergeRequest: clients.PullRequest{Number: 1, MergedAt: time.Now()}, - }, - { - SHA: "b", - AssociatedMergeRequest: clients.PullRequest{Number: 2, MergedAt: time.Now()}, - }, - { - SHA: "c", - AssociatedMergeRequest: clients.PullRequest{Number: 3, MergedAt: time.Now()}, - }, - }, + name: "github: merge with squash reverse chronological order", + commits: []clients.Commit{commitA, commitB, commitC}, expected: []checker.Changeset{ { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "1", - Commits: []clients.Commit{ + Commits: []clients.Commit{commitA}, + Reviews: []clients.Review{ { - SHA: "a", - AssociatedMergeRequest: clients.PullRequest{Number: 1}, + Author: &clients.User{}, + State: "APPROVED", }, }, }, { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "2", - Commits: []clients.Commit{ + Commits: []clients.Commit{commitB}, + Reviews: []clients.Review{ { - SHA: "b", - AssociatedMergeRequest: clients.PullRequest{Number: 2}, + Author: &clients.User{}, + State: "APPROVED", }, }, }, { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "3", - Commits: []clients.Commit{ + Commits: []clients.Commit{commitC}, + Reviews: []clients.Review{ { - SHA: "c", - AssociatedMergeRequest: clients.PullRequest{Number: 3}, + Author: &clients.User{}, + State: "APPROVED", }, }, }, }, }, { - name: "without commit squashing", - commits: []clients.Commit{ - { - SHA: "foo", - AssociatedMergeRequest: clients.PullRequest{Number: 1, MergedAt: time.Now()}, - }, + name: "github: merge without squash", + commits: []clients.Commit{commitC, commitB, commitBUnsquashed}, + expected: []checker.Changeset{ { - SHA: "bar", - AssociatedMergeRequest: clients.PullRequest{Number: 2, MergedAt: time.Now()}, + ReviewPlatform: checker.ReviewPlatformGitHub, + RevisionID: "3", + Commits: []clients.Commit{commitC}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, { - SHA: "baz", - AssociatedMergeRequest: clients.PullRequest{Number: 2, MergedAt: time.Now()}, + ReviewPlatform: checker.ReviewPlatformGitHub, + RevisionID: "2", + Commits: []clients.Commit{commitB, commitBUnsquashed}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, }, + }, + { + name: "github: merge without squash reverse chronological order", + commits: []clients.Commit{commitA, commitBUnsquashed, commitB, commitC}, expected: []checker.Changeset{ { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "1", - Commits: []clients.Commit{ + Commits: []clients.Commit{commitA}, + Reviews: []clients.Review{ { - SHA: "foo", - AssociatedMergeRequest: clients.PullRequest{Number: 1}, + Author: &clients.User{}, + State: "APPROVED", }, }, }, { ReviewPlatform: checker.ReviewPlatformGitHub, RevisionID: "2", - Commits: []clients.Commit{ + Commits: []clients.Commit{commitB, commitBUnsquashed}, + Reviews: []clients.Review{ { - SHA: "bar", - AssociatedMergeRequest: clients.PullRequest{Number: 2}, + Author: &clients.User{}, + State: "APPROVED", }, + }, + }, + { + ReviewPlatform: checker.ReviewPlatformGitHub, + RevisionID: "3", + Commits: []clients.Commit{commitC}, + Reviews: []clients.Review{ { - SHA: "baz", - AssociatedMergeRequest: clients.PullRequest{Number: 2}, + Author: &clients.User{}, + State: "APPROVED", }, }, }, }, }, { - name: "some commits from external scm", - commits: []clients.Commit{ - { - Message: "\nDifferential Revision: 123\nReviewed By: user-123", - SHA: "abc", - }, - { - Message: "\nDifferential Revision: 158\nReviewed By: user-456", - SHA: "def", - }, - { - Message: "this one from github, but unrelated to prev", - AssociatedMergeRequest: clients.PullRequest{Number: 158, MergedAt: time.Now()}, - SHA: "fab", - }, - { - Message: "another from gh", - AssociatedMergeRequest: clients.PullRequest{Number: 158, MergedAt: time.Now()}, - SHA: "dab", - }, - }, + name: "phabricator: merge with squash", + commits: []clients.Commit{phabricatorCommitA, phabricatorCommitB, phabricatorCommitC}, expected: []checker.Changeset{ { - ReviewPlatform: checker.ReviewPlatformPhabricator, RevisionID: "123", - Commits: []clients.Commit{{SHA: "abc"}}, + ReviewPlatform: checker.ReviewPlatformPhabricator, + Commits: []clients.Commit{phabricatorCommitA}, }, { - ReviewPlatform: checker.ReviewPlatformPhabricator, RevisionID: "158", - Commits: []clients.Commit{{SHA: "def"}}, + ReviewPlatform: checker.ReviewPlatformPhabricator, + Commits: []clients.Commit{phabricatorCommitB}, }, { - ReviewPlatform: checker.ReviewPlatformGitHub, - RevisionID: "158", - Commits: []clients.Commit{ - {SHA: "fab"}, - {SHA: "dab"}, - }, + RevisionID: "2000", + ReviewPlatform: checker.ReviewPlatformPhabricator, + Commits: []clients.Commit{phabricatorCommitC}, }, }, }, { - name: "some commits from external scm with no revision id", - commits: []clients.Commit{ - { - Message: "first change\nReviewed-on: server.url \nReviewed-by:user-123", - SHA: "abc", - }, - { - Message: "followup\nReviewed-on: server.url \nReviewed-by:user-123", - SHA: "def", - }, + name: "phabricator: merge without squash", + commits: []clients.Commit{phabricatorCommitA, phabricatorCommitAUnsquashed, phabricatorCommitAUnsquashed2}, + expected: []checker.Changeset{ { - Message: "commit thru gh", - AssociatedMergeRequest: clients.PullRequest{Number: 3, MergedAt: time.Now()}, - SHA: "fab", + RevisionID: "123", + ReviewPlatform: checker.ReviewPlatformPhabricator, + Commits: []clients.Commit{phabricatorCommitA, phabricatorCommitAUnsquashed, phabricatorCommitAUnsquashed2}, }, }, + }, + { + name: "gerrit: merge with squash", + commits: []clients.Commit{gerritCommitB, gerritCommitA}, expected: []checker.Changeset{ { ReviewPlatform: checker.ReviewPlatformGerrit, RevisionID: "abc", - Commits: []clients.Commit{{SHA: "abc"}}, + Commits: []clients.Commit{gerritCommitB}, }, { ReviewPlatform: checker.ReviewPlatformGerrit, RevisionID: "def", - Commits: []clients.Commit{{SHA: "def"}}, - }, - { - ReviewPlatform: checker.ReviewPlatformGitHub, - RevisionID: "3", - Commits: []clients.Commit{{SHA: "fab"}}, + Commits: []clients.Commit{gerritCommitA}, }, }, }, { - name: "external scm mirrored to github", - commits: []clients.Commit{ - { - Message: "\nDifferential Revision: 123\nReviewed By: user-123", - SHA: "abc", - }, - { - Message: "\nDifferential Revision: 158\nReviewed By: user-123", - SHA: "def", - }, - { - Message: "\nDifferential Revision: 2000\nReviewed By: user-456", - SHA: "fab", - }, - }, + name: "mixed: phabricator + gh", + commits: []clients.Commit{phabricatorCommitA, phabricatorCommitD, commitB, commitBUnsquashed}, expected: []checker.Changeset{ { - RevisionID: "123", ReviewPlatform: checker.ReviewPlatformPhabricator, - Commits: []clients.Commit{{SHA: "abc"}}, + RevisionID: "123", + Commits: []clients.Commit{phabricatorCommitA}, }, { - RevisionID: "158", ReviewPlatform: checker.ReviewPlatformPhabricator, - Commits: []clients.Commit{{SHA: "def"}}, + RevisionID: "2", + Commits: []clients.Commit{phabricatorCommitD}, }, { - RevisionID: "2000", - ReviewPlatform: checker.ReviewPlatformPhabricator, - Commits: []clients.Commit{{SHA: "fab"}}, + ReviewPlatform: checker.ReviewPlatformGitHub, + RevisionID: "2", + Commits: []clients.Commit{commitB, commitBUnsquashed}, + Reviews: []clients.Review{{ + Author: &clients.User{}, + State: "APPROVED", + }}, }, }, }, { - name: "external scm no squash", - commits: []clients.Commit{ - { - Message: "\nDifferential Revision: 123\nReviewed By: user-123", - SHA: "abc", - }, - { - Message: "\nDifferential Revision: 123\nReviewed By: user-123", - SHA: "def", - }, - { - Message: "\nDifferential Revision: 123\nReviewed By: user-456", - SHA: "fab", - }, - }, + name: "mixed: gerrit + gh", + commits: []clients.Commit{gerritCommitB, gerritCommitA, commitC}, expected: []checker.Changeset{ { - RevisionID: "123", - ReviewPlatform: checker.ReviewPlatformPhabricator, - Commits: []clients.Commit{{SHA: "abc"}, {SHA: "def"}, {SHA: "fab"}}, + ReviewPlatform: checker.ReviewPlatformGerrit, + RevisionID: "abc", + Commits: []clients.Commit{gerritCommitB}, }, - }, - }, - { - name: "single changeset", - commits: []clients.Commit{ { - SHA: "abc", - AssociatedMergeRequest: clients.PullRequest{Number: 1, MergedAt: time.Now()}, + ReviewPlatform: checker.ReviewPlatformGerrit, + RevisionID: "def", + Commits: []clients.Commit{gerritCommitA}, }, - }, - expected: []checker.Changeset{ { ReviewPlatform: checker.ReviewPlatformGitHub, - RevisionID: "1", - Commits: []clients.Commit{{SHA: "abc"}}, + RevisionID: "3", + Commits: []clients.Commit{commitC}, + Reviews: []clients.Review{ + { + Author: &clients.User{}, + State: "APPROVED", + }, + }, }, }, }, @@ -382,6 +356,15 @@ func Test_getChangesets(t *testing.T) { for _, tt := range tests { t.Logf("test: %s", tt.name) changesets := getChangesets(tt.commits) - assertChangesetArrEq(t, changesets, tt.expected) + if !cmp.Equal(tt.expected, changesets, + cmpopts.SortSlices(func(x, y checker.Changeset) bool { + return x.RevisionID < y.RevisionID + }), + cmpopts.SortSlices(func(x, y clients.Commit) bool { + return x.SHA < y.SHA + })) { + t.Log(cmp.Diff(tt.expected, changesets)) + t.Fail() + } } } From 7f2e840746d841dc2f300330b28d7ccaac2e2ea4 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 21 Mar 2023 14:00:33 -0700 Subject: [PATCH 002/316] :bug: Pass proper commit depth to github checkrun handler. (#2777) Signed-off-by: Spencer Schrock --- clients/githubrepo/client.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index b707d01856b..e6680efd8e2 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -72,10 +72,9 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD return sce.WithMessage(sce.ErrRepoUnreachable, err.Error()) } if commitDepth <= 0 { - client.commitDepth = 30 // default - } else { - client.commitDepth = commitDepth + commitDepth = 30 // default } + client.commitDepth = commitDepth client.repo = repo client.repourl = &repoURL{ owner: repo.Owner.GetLogin(), @@ -103,7 +102,7 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD client.workflows.init(client.ctx, client.repourl) // Setup checkrunsHandler. - client.checkruns.init(client.ctx, client.repourl, commitDepth) + client.checkruns.init(client.ctx, client.repourl, client.commitDepth) // Setup statusesHandler. client.statuses.init(client.ctx, client.repourl) From ed556949d800f6ab3dc79c069993cd2d1658e7ac Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Wed, 22 Mar 2023 14:40:00 -0700 Subject: [PATCH 003/316] =?UTF-8?q?=E2=9C=A8=20Support=20for=20GitHub's=20?= =?UTF-8?q?internal=20integration=20(#2773)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon --- cmd/root.go | 2 +- options/options.go | 28 ++++++++++++++++++++++++++++ pkg/sarif.go | 12 +++++++++++- pkg/sarif_test.go | 3 ++- pkg/scorecard_result.go | 2 +- 5 files changed, 43 insertions(+), 4 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 425bdf33dc2..da4cd0610d0 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -113,7 +113,7 @@ func rootCmd(o *options.Options) error { if !strings.EqualFold(o.Commit, clients.HeadSHA) { requiredRequestTypes = append(requiredRequestTypes, checker.CommitBased) } - enabledChecks, err := policy.GetEnabled(pol, o.ChecksToRun, requiredRequestTypes) + enabledChecks, err := policy.GetEnabled(pol, o.Checks(), requiredRequestTypes) if err != nil { return fmt.Errorf("GetEnabled: %w", err) } diff --git a/options/options.go b/options/options.go index 72358684a38..a7d4d4d13c9 100644 --- a/options/options.go +++ b/options/options.go @@ -19,6 +19,7 @@ import ( "errors" "fmt" "os" + "strings" "github.com/caarlos0/env/v6" @@ -205,6 +206,33 @@ func boolSum(bools ...bool) int { // Feature flags. +// GitHub integration support. +// See https://github.com/ossf/scorecard-action/issues/1107. +// NOTE: We don't add a field to to the Option structure to simplify +// integration. If we did, the Action would also need to be aware +// of the integration and pass the relevant values. This +// would add redundancy and complicate maintenance. +func (o *Options) IsInternalGitHubIntegrationEnabled() bool { + return (os.Getenv("CI") == "true") && + (os.Getenv("SCORECARD_INTERNAL_GITHUB_INTEGRATION") == "1") && + (os.Getenv("GITHUB_EVENT_NAME") == "dynamic") +} + +// Checks returns the list of checks and honours the +// GitHub integration. +func (o *Options) Checks() []string { + if o.IsInternalGitHubIntegrationEnabled() { + // Overwrite the list of checks. + s := os.Getenv("SCORECARD_INTERNAL_GITHUB_CHECKS") + l := strings.Split(s, ",") + for i := range l { + l[i] = strings.TrimSpace(l[i]) + } + return l + } + return o.ChecksToRun +} + // isExperimentalEnabled returns true if experimental features were enabled via // environment variable. func (o *Options) isExperimentalEnabled() bool { diff --git a/pkg/sarif.go b/pkg/sarif.go index 2cd2f8cb21c..8977f6d01c0 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -18,6 +18,7 @@ import ( "encoding/json" "fmt" "io" + "os" "sort" "strings" "time" @@ -31,6 +32,7 @@ import ( sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/finding" "github.com/ossf/scorecard/v4/log" + "github.com/ossf/scorecard/v4/options" spol "github.com/ossf/scorecard/v4/policy" ) @@ -606,9 +608,17 @@ func createDefaultLocationMessage(check *checker.CheckResult, score int) string return messageWithScore(check.Reason, score) } +func toolName(opts *options.Options) string { + if opts.IsInternalGitHubIntegrationEnabled() { + return strings.TrimSpace(os.Getenv("SCORECARD_INTERNAL_GITHUB_SARIF_TOOL_NAME")) + } + return "scorecard" +} + // AsSARIF outputs ScorecardResult in SARIF 2.1.0 format. func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level, writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy, + opts *options.Options, ) error { //nolint // https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html. @@ -635,7 +645,7 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level, if err != nil { return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("computeCategory: %v: %s", err, check.Name)) } - run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", "scorecard", + run := getOrCreateSARIFRun(runs, category, "https://github.com/ossf/scorecard", toolName(opts), r.Scorecard.Version, r.Scorecard.CommitSHA, r.Date, "supply-chain") // Always add rules to indicate which checks were run. diff --git a/pkg/sarif_test.go b/pkg/sarif_test.go index 739161fd8ad..1fa37e52362 100644 --- a/pkg/sarif_test.go +++ b/pkg/sarif_test.go @@ -26,6 +26,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/finding" "github.com/ossf/scorecard/v4/log" + "github.com/ossf/scorecard/v4/options" spol "github.com/ossf/scorecard/v4/policy" rules "github.com/ossf/scorecard/v4/rule" ) @@ -847,7 +848,7 @@ func TestSARIFOutput(t *testing.T) { var result bytes.Buffer err = tt.result.AsSARIF(tt.showDetails, tt.logLevel, &result, - checkDocs, &tt.policy) + checkDocs, &tt.policy, &options.Options{}) if err != nil { t.Fatalf("%s: AsSARIF: %v", tt.name, err) } diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index caae7ea5969..1af8a08e143 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -114,7 +114,7 @@ func FormatResults( err = results.AsString(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) case options.FormatSarif: // TODO: support config files and update checker.MaxResultScore. - err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy) + err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy, opts) case options.FormatJSON: err = results.AsJSON2(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) case options.FormatSJSON: From cc54d4279c66a450baaa22267693c845eeb61739 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 22 Mar 2023 17:16:06 -0700 Subject: [PATCH 004/316] =?UTF-8?q?=F0=9F=90=9B=20Add=20tie=20breaker=20wh?= =?UTF-8?q?en=20sorting=20changesets=20by=20RevisionID=20in=20tests.=20(#2?= =?UTF-8?q?781)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove duplicate RevisionID collision from changeset tests. The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal. Signed-off-by: Spencer Schrock * remove any potential sha collisions Signed-off-by: Spencer Schrock * Revert deduplications. Signed-off-by: Spencer Schrock * Use ReviewPlatform as tie breaker. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- checks/raw/code_review_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/checks/raw/code_review_test.go b/checks/raw/code_review_test.go index ac87842e3f1..a400f6a9ac7 100644 --- a/checks/raw/code_review_test.go +++ b/checks/raw/code_review_test.go @@ -358,6 +358,9 @@ func Test_getChangesets(t *testing.T) { changesets := getChangesets(tt.commits) if !cmp.Equal(tt.expected, changesets, cmpopts.SortSlices(func(x, y checker.Changeset) bool { + if x.RevisionID == y.RevisionID { + return x.ReviewPlatform < y.ReviewPlatform + } return x.RevisionID < y.RevisionID }), cmpopts.SortSlices(func(x, y clients.Commit) bool { From ff754c30c88bfaef4a6e4da5c66d938bdb17a665 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 22 Mar 2023 18:43:57 -0700 Subject: [PATCH 005/316] :seedling: enable fuzzing check in cron. (#2780) Signed-off-by: Spencer Schrock --- cron/config/config.yaml | 6 +++--- cron/config/config_test.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cron/config/config.yaml b/cron/config/config.yaml index a9d4017f82a..48be77d5a6f 100644 --- a/cron/config/config.yaml +++ b/cron/config/config.yaml @@ -43,9 +43,9 @@ additional-params: api-results-bucket-url: gs://ossf-scorecard-cron-results # TODO: Temporarily remove SAST and CI-Tests which require lot of GitHub API tokens. # TODO(#859): Re-add Contributors after fixing inconsistencies. - # TODO: Dependency-Update-Tool, Fuzzing, and SAST are search heavy - # TODO: Vulnerabilities is resource intensive, wait until the next osv-scanner release after v1.2.0 - blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,Fuzzing,SAST,Vulnerabilities + # TODO: Dependency-Update-Tool and SAST are search heavy + # TODO: Vulnerabilities is slow on repos with lots of dependencies + blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities cii-data-bucket-url: gs://ossf-scorecard-cii-data # Raw results. raw-bigquery-table: scorecard-rawdata diff --git a/cron/config/config_test.go b/cron/config/config_test.go index d11290cd149..72b8f944377 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -34,7 +34,7 @@ const ( prodCompletionThreshold = 0.99 prodWebhookURL = "" prodCIIDataBucket = "gs://ossf-scorecard-cii-data" - prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool,Fuzzing,SAST,Vulnerabilities" + prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities" prodShardSize int = 10 prodMetricExporter string = "stackdriver" prodMetricStackdriverPrefix string = "scorecard-cron" From 82f1dead197fe7e8fe305a8eb0db5fc0b0a65470 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Mar 2023 05:25:39 -0500 Subject: [PATCH 006/316] :seedling: Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/bd376fbcfae914347656e4c70801e2a3fafed05b...07f86bcdc42639264ec561c7f175fea5f532b6ce) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5ecf456e0c8..691c5e450ad 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@bd376fbcfae914347656e4c70801e2a3fafed05b #v35.7.0 + uses: tj-actions/changed-files@07f86bcdc42639264ec561c7f175fea5f532b6ce #v35.7.6 with: files_ignore: '**.md' - id: docs_only_check From daeb90ec55a0a61fe1a4237e2248d70347edf63e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Mar 2023 15:38:08 +0000 Subject: [PATCH 007/316] :seedling: Bump actions/checkout from 3.3.0 to 3.4.0 (#2767) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/ac593985615ec2ede58e132d2e21d2b1cbd6127c...24cb9080177205b6e8c946b17badbe402adc938f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7460fb3a913..0ace6fe97f8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 762638e8a32..958d9e5a1cd 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f - name: 'Dependency Review' uses: actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 691c5e450ad..53dbad2fd4c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c #v3.3.0 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f #v3.4.0 with: fetch-depth: 2 - id: files @@ -86,7 +86,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 0059a15e81e..fb9b79a937b 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 026988b59ad..262c0aceabc 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -42,7 +42,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 52a0039c286..a25079a839f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -99,7 +99,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -147,7 +147,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -422,7 +422,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -470,7 +470,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -518,7 +518,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -566,7 +566,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -614,7 +614,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -662,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -710,7 +710,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -745,7 +745,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -782,7 +782,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -829,7 +829,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -864,7 +864,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -893,7 +893,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index de6fceae376..e3acab9fb53 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -40,7 +40,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 82299be506a..7d05d0c81b5 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f - name: "Run analysis" uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index e8613250899..718a194cfb3 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -15,7 +15,7 @@ jobs: ldflags: ${{ steps.ldflags.outputs.value }} steps: - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v2.3.4 + uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 with: fetch-depth: 0 - id: ldflags From 27cfe92ed356fdb5a398c919ad480817ea907808 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Thu, 23 Mar 2023 10:25:44 -0700 Subject: [PATCH 008/316] =?UTF-8?q?=F0=9F=8C=B1=20Bump=20golangci-lint=20a?= =?UTF-8?q?nd=20fix=20configuration=20file.=20(#2783)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Bump golangci-lint to v1.52.1 Signed-off-by: Spencer Schrock * Remove deprecated linters. Signed-off-by: Spencer Schrock * Configure errorlint to ignore wrapping multiple errors. We don't use golang 1.20 yet. Signed-off-by: Spencer Schrock * extra go mod tidy to hide linter. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- .golangci.yml | 6 +- go.mod | 2 +- tools/go.mod | 111 ++++++++++---------- tools/go.sum | 275 +++++++++++++++++++++++++------------------------- 4 files changed, 202 insertions(+), 192 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index c5203aaff61..5752e2f2a91 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -18,7 +18,6 @@ linters: disable-all: true enable: - asciicheck - - deadcode - depguard - dogsled - errcheck @@ -56,13 +55,16 @@ linters: - typecheck - unconvert - unused - - varcheck - whitespace - wrapcheck linters-settings: errcheck: check-type-assertions: true check-blank: true + errorlint: + # TODO remove this when project migrates to golang 1.20 + # https://golangci-lint.run/usage/linters/#errorlint + errorf-multi: false exhaustive: # https://golangci-lint.run/usage/linters/#exhaustive default-signifies-exhaustive: true diff --git a/go.mod b/go.mod index c506e2952d6..2abc2d6405c 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( gocloud.dev v0.29.0 golang.org/x/text v0.7.0 golang.org/x/tools v0.6.0 - google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc + google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect google.golang.org/protobuf v1.28.1 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 diff --git a/tools/go.mod b/tools/go.mod index f557f0c83bb..40a996f2d02 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/golang/mock v1.6.0 - github.com/golangci/golangci-lint v1.50.1 + github.com/golangci/golangci-lint v1.52.1 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.14.1 @@ -14,7 +14,8 @@ require ( ) require ( - 4d63.com/gochecknoglobals v0.1.0 // indirect + 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect + 4d63.com/gochecknoglobals v0.2.1 // indirect cloud.google.com/go v0.107.0 // indirect cloud.google.com/go/compute v1.18.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect @@ -22,10 +23,10 @@ require ( cloud.google.com/go/kms v1.8.0 // indirect cloud.google.com/go/storage v1.27.0 // indirect code.gitea.io/sdk/gitea v0.15.1 // indirect - github.com/Abirdcfly/dupword v0.0.7 // indirect + github.com/Abirdcfly/dupword v0.0.11 // indirect github.com/AlekSi/pointer v1.2.0 // indirect - github.com/Antonboom/errname v0.1.7 // indirect - github.com/Antonboom/nilnil v0.1.1 // indirect + github.com/Antonboom/errname v0.1.9 // indirect + github.com/Antonboom/nilnil v0.1.3 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect @@ -57,7 +58,7 @@ require ( github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect - github.com/ashanbrown/forbidigo v1.3.0 // indirect + github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect github.com/aws/aws-sdk-go v1.44.195 // indirect @@ -90,9 +91,9 @@ require ( github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect github.com/blizzy78/varnamelen v0.8.0 // indirect github.com/bmatcuk/doublestar/v4 v4.2.0 // indirect - github.com/bombsimon/wsl/v3 v3.3.0 // indirect - github.com/breml/bidichk v0.2.3 // indirect - github.com/breml/errchkjson v0.3.0 // indirect + github.com/bombsimon/wsl/v3 v3.4.0 // indirect + github.com/breml/bidichk v0.2.4 // indirect + github.com/breml/errchkjson v0.3.1 // indirect github.com/butuzov/ireturn v0.1.1 // indirect github.com/caarlos0/ctrlc v1.2.0 // indirect github.com/caarlos0/env/v6 v6.10.1 // indirect @@ -102,15 +103,15 @@ require ( github.com/cavaliergopher/cpio v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.1.3 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/charithe/durationcheck v0.0.9 // indirect + github.com/charithe/durationcheck v0.0.10 // indirect github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792 // indirect - github.com/chavacava/garif v0.0.0-20220630083739-93517212f375 // indirect + github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 // indirect github.com/cloudflare/circl v1.2.0 // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/curioswitch/go-reassign v0.2.0 // indirect - github.com/daixiang0/gci v0.8.1 // indirect + github.com/daixiang0/gci v0.10.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/denis-tingaikin/go-header v0.4.3 // indirect github.com/dghubble/go-twitter v0.0.0-20220716041154-837915ec2f79 // indirect @@ -132,12 +133,12 @@ require ( github.com/esimonov/ifshort v1.0.4 // indirect github.com/ettle/strcase v0.1.1 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/fatih/color v1.13.0 // indirect + github.com/fatih/color v1.15.0 // indirect github.com/fatih/structtag v1.2.0 // indirect github.com/firefart/nonamedreturns v1.0.4 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect - github.com/go-critic/go-critic v0.6.5 // indirect + github.com/go-critic/go-critic v0.7.0 // indirect github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect github.com/go-git/go-git/v5 v5.4.2 // indirect @@ -154,14 +155,14 @@ require ( github.com/go-openapi/validate v0.22.0 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect - github.com/go-toolsmith/astcast v1.0.0 // indirect - github.com/go-toolsmith/astcopy v1.0.2 // indirect - github.com/go-toolsmith/astequal v1.0.3 // indirect - github.com/go-toolsmith/astfmt v1.0.0 // indirect - github.com/go-toolsmith/astp v1.0.0 // indirect - github.com/go-toolsmith/strparse v1.0.0 // indirect - github.com/go-toolsmith/typep v1.0.2 // indirect - github.com/go-xmlfmt/xmlfmt v0.0.0-20220206211657-0a94163c4677 // indirect + github.com/go-toolsmith/astcast v1.1.0 // indirect + github.com/go-toolsmith/astcopy v1.1.0 // indirect + github.com/go-toolsmith/astequal v1.1.0 // indirect + github.com/go-toolsmith/astfmt v1.1.0 // indirect + github.com/go-toolsmith/astp v1.1.0 // indirect + github.com/go-toolsmith/strparse v1.1.0 // indirect + github.com/go-toolsmith/typep v1.1.0 // indirect + github.com/go-xmlfmt/xmlfmt v1.1.2 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -175,7 +176,7 @@ require ( github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 // indirect github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect - github.com/golangci/misspell v0.3.5 // indirect + github.com/golangci/misspell v0.4.0 // indirect github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect @@ -188,7 +189,7 @@ require ( github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/googleapis/gax-go/v2 v2.7.0 // indirect - github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect + github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect github.com/goreleaser/chglog v0.2.2 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect github.com/goreleaser/nfpm/v2 v2.23.0 // indirect @@ -216,39 +217,40 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/julz/importas v0.1.0 // indirect + github.com/junk1tm/musttag v0.5.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/kisielk/errcheck v1.6.2 // indirect + github.com/kisielk/errcheck v1.6.3 // indirect github.com/kisielk/gotool v1.0.0 // indirect - github.com/kkHAIKE/contextcheck v1.1.3 // indirect + github.com/kkHAIKE/contextcheck v1.1.4 // indirect github.com/klauspost/compress v1.16.0 // indirect github.com/klauspost/pgzip v1.2.5 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.6 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/kyoh86/exportloopref v0.1.8 // indirect + github.com/kyoh86/exportloopref v0.1.11 // indirect github.com/ldez/gomoddirectives v0.2.3 // indirect - github.com/ldez/tagliatelle v0.3.1 // indirect - github.com/leonklingele/grouper v1.1.0 // indirect + github.com/ldez/tagliatelle v0.4.0 // indirect + github.com/leonklingele/grouper v1.1.1 // indirect github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/lufeee/execinquery v1.2.1 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/maratori/testableexamples v1.0.0 // indirect - github.com/maratori/testpackage v1.1.0 // indirect - github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect + github.com/maratori/testpackage v1.1.1 // indirect + github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-mastodon v0.0.6 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mbilski/exhaustivestruct v1.2.0 // indirect - github.com/mgechev/revive v1.2.4 // indirect + github.com/mgechev/revive v1.3.1 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moricho/tparallel v0.2.1 // indirect + github.com/moricho/tparallel v0.3.0 // indirect github.com/muesli/mango v0.1.0 // indirect github.com/muesli/mango-cobra v1.2.0 // indirect github.com/muesli/mango-pflag v0.1.0 // indirect @@ -257,36 +259,36 @@ require ( github.com/muesli/termenv v0.13.0 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect - github.com/nishanths/exhaustive v0.8.3 // indirect + github.com/nishanths/exhaustive v0.9.5 // indirect github.com/nishanths/predeclared v0.2.2 // indirect + github.com/nunnatsa/ginkgolinter v0.9.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc2 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.6 // indirect - github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/polyfloyd/go-errorlint v1.0.5 // indirect + github.com/polyfloyd/go-errorlint v1.4.0 // indirect github.com/prometheus/client_golang v1.14.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect github.com/prometheus/common v0.39.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect - github.com/quasilyte/go-ruleguard v0.3.18 // indirect - github.com/quasilyte/gogrep v0.0.0-20220828223005-86e4605de09f // indirect + github.com/quasilyte/go-ruleguard v0.3.19 // indirect + github.com/quasilyte/gogrep v0.5.0 // indirect github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect github.com/rivo/uniseg v0.4.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/ryancurrah/gomodguard v1.2.4 // indirect - github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect + github.com/ryancurrah/gomodguard v1.3.0 // indirect + github.com/ryanrolds/sqlclosecheck v0.4.0 // indirect github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b // indirect github.com/sashamelentyev/interfacebloat v1.1.0 // indirect - github.com/sashamelentyev/usestdlibvars v1.20.0 // indirect - github.com/securego/gosec/v2 v2.13.1 // indirect + github.com/sashamelentyev/usestdlibvars v1.23.0 // indirect + github.com/securego/gosec/v2 v2.15.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sigstore/cosign/v2 v2.0.0 // indirect @@ -295,10 +297,10 @@ require ( github.com/sirupsen/logrus v1.9.0 // indirect github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect - github.com/sivchari/tenv v1.7.0 // indirect + github.com/sivchari/tenv v1.7.1 // indirect github.com/slack-go/slack v0.12.1 // indirect - github.com/sonatard/noctx v0.0.1 // indirect - github.com/sourcegraph/go-diff v0.6.1 // indirect + github.com/sonatard/noctx v0.0.2 // indirect + github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.9.3 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/cobra v1.6.1 // indirect @@ -308,16 +310,17 @@ require ( github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect github.com/stretchr/objx v0.5.0 // indirect - github.com/stretchr/testify v1.8.1 // indirect + github.com/stretchr/testify v1.8.2 // indirect github.com/subosito/gotenv v1.4.2 // indirect - github.com/tdakkota/asciicheck v0.1.1 // indirect + github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect + github.com/tdakkota/asciicheck v0.2.0 // indirect github.com/technoweenie/multipartstreamer v1.0.1 // indirect github.com/tetafro/godot v1.4.11 // indirect github.com/theupdateframework/go-tuf v0.5.2 // indirect - github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 // indirect - github.com/timonwong/loggercheck v0.9.3 // indirect + github.com/timakin/bodyclose v0.0.0-20221125081123-e39cf3fc478e // indirect + github.com/timonwong/loggercheck v0.9.4 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect - github.com/tomarrell/wrapcheck/v2 v2.7.0 // indirect + github.com/tomarrell/wrapcheck/v2 v2.8.1 // indirect github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect github.com/ulikunitz/xz v0.5.11 // indirect @@ -341,7 +344,7 @@ require ( gocloud.dev v0.27.0 // indirect golang.org/x/crypto v0.6.0 // indirect golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect - golang.org/x/exp/typeparams v0.0.0-20220827204233-334a2380cb91 // indirect + golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.9.0 // indirect golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.6.0 // indirect @@ -364,14 +367,14 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/v3 v3.1.0 // indirect - honnef.co/go/tools v0.3.3 // indirect + honnef.co/go/tools v0.4.3 // indirect k8s.io/apimachinery v0.26.2 // indirect k8s.io/klog/v2 v2.90.0 // indirect k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect mvdan.cc/gofumpt v0.4.0 // indirect mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect - mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 // indirect + mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d // indirect sigs.k8s.io/kind v0.17.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/tools/go.sum b/tools/go.sum index 1ec319ca367..4e7f54a6b04 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1,5 +1,7 @@ -4d63.com/gochecknoglobals v0.1.0 h1:zeZSRqj5yCg28tCkIV/z/lWbwvNm5qnKVS15PI8nhD0= -4d63.com/gochecknoglobals v0.1.0/go.mod h1:wfdC5ZjKSPr7CybKEcgJhUOgeAQW1+7WcyK8OvUilfo= +4d63.com/gocheckcompilerdirectives v1.2.1 h1:AHcMYuw56NPjq/2y615IGg2kYkBdTvOaojYCBcRE7MA= +4d63.com/gocheckcompilerdirectives v1.2.1/go.mod h1:yjDJSxmDTtIHHCqX0ufRYZDL6vQtMG7tJdKVeWwsqvs= +4d63.com/gochecknoglobals v0.2.1 h1:1eiorGsgHOFOuoOiJDy2psSrQbRdIHrlge0IJIkUgDc= +4d63.com/gochecknoglobals v0.2.1/go.mod h1:KRE8wtJB3CXCsb1xy421JfTHIIbmT3U5ruxw2Qu8fSU= bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -97,15 +99,15 @@ contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod contrib.go.opencensus.io/exporter/stackdriver v0.13.13/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/Abirdcfly/dupword v0.0.7 h1:z14n0yytA3wNO2gpCD/jVtp/acEXPGmYu0esewpBt6Q= -github.com/Abirdcfly/dupword v0.0.7/go.mod h1:K/4M1kj+Zh39d2aotRwypvasonOyAMH1c/IZJzE0dmk= +github.com/Abirdcfly/dupword v0.0.11 h1:z6v8rMETchZXUIuHxYNmlUAuKuB21PeaSymTed16wgU= +github.com/Abirdcfly/dupword v0.0.11/go.mod h1:wH8mVGuf3CP5fsBTkfWwwwKTjDnVVCxtU8d8rgeVYXA= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AlekSi/pointer v1.2.0 h1:glcy/gc4h8HnG2Z3ZECSzZ1IX1x2JxRVuDzaJwQE0+w= github.com/AlekSi/pointer v1.2.0/go.mod h1:gZGfd3dpW4vEc/UlyfKKi1roIqcCgwOIvb0tSNSBle0= -github.com/Antonboom/errname v0.1.7 h1:mBBDKvEYwPl4WFFNwec1CZO096G6vzK9vvDQzAwkako= -github.com/Antonboom/errname v0.1.7/go.mod h1:g0ONh16msHIPgJSGsecu1G/dcF2hlYR/0SddnIAGavU= -github.com/Antonboom/nilnil v0.1.1 h1:PHhrh5ANKFWRBh7TdYmyyq2gyT2lotnvFvvFbylF81Q= -github.com/Antonboom/nilnil v0.1.1/go.mod h1:L1jBqoWM7AOeTD+tSquifKSesRHs4ZdaxvZR+xdJEaI= +github.com/Antonboom/errname v0.1.9 h1:BZDX4r3l4TBZxZ2o2LNrlGxSHran4d1u4veZdoORTT4= +github.com/Antonboom/errname v0.1.9/go.mod h1:nLTcJzevREuAsgTbG85UsuiWpMpAqbKD1HNZ29OzE58= +github.com/Antonboom/nilnil v0.1.3 h1:6RTbx3d2mcEu3Zwq9TowQpQMVpP75zugwOtqY1RTtcE= +github.com/Antonboom/nilnil v0.1.3/go.mod h1:iOov/7gRcXkeEU+EMGpBu2ORih3iyVEiWjeste1SJm8= github.com/Azure/azure-amqp-common-go/v3 v3.2.3/go.mod h1:7rPmbSfszeovxGfc5fSAXE4ehlXQZHpMja2OtxC2Tas= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -273,8 +275,8 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/ashanbrown/forbidigo v1.3.0 h1:VkYIwb/xxdireGAdJNZoo24O4lmnEWkactplBlWTShc= -github.com/ashanbrown/forbidigo v1.3.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI= +github.com/ashanbrown/forbidigo v1.5.1 h1:WXhzLjOlnuDYPYQo/eFlcFMi8X/kLfvWLYu6CSoebis= +github.com/ashanbrown/forbidigo v1.5.1/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU= github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= github.com/atc0005/go-teams-notify/v2 v2.7.0 h1:yRKblRTM/v+FnbibPAQiBcgT+aUBn/8zj9E/UxBdIRg= @@ -403,12 +405,12 @@ github.com/bmatcuk/doublestar/v4 v4.0.2/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS github.com/bmatcuk/doublestar/v4 v4.2.0 h1:Qu+u9wR3Vd89LnlLMHvnZ5coJMWKQamqdz9/p5GNthA= github.com/bmatcuk/doublestar/v4 v4.2.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/bombsimon/wsl/v3 v3.3.0 h1:Mka/+kRLoQJq7g2rggtgQsjuI/K5Efd87WX96EWFxjM= -github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= -github.com/breml/bidichk v0.2.3 h1:qe6ggxpTfA8E75hdjWPZ581sY3a2lnl0IRxLQFelECI= -github.com/breml/bidichk v0.2.3/go.mod h1:8u2C6DnAy0g2cEq+k/A2+tr9O1s+vHGxWn0LTc70T2A= -github.com/breml/errchkjson v0.3.0 h1:YdDqhfqMT+I1vIxPSas44P+9Z9HzJwCeAzjB8PxP1xw= -github.com/breml/errchkjson v0.3.0/go.mod h1:9Cogkyv9gcT8HREpzi3TiqBxCqDzo8awa92zSDFcofU= +github.com/bombsimon/wsl/v3 v3.4.0 h1:RkSxjT3tmlptwfgEgTgU+KYKLI35p/tviNXNXiL2aNU= +github.com/bombsimon/wsl/v3 v3.4.0/go.mod h1:KkIB+TXkqy6MvK9BDZVbZxKNYsE1/oLRJbIFtf14qqo= +github.com/breml/bidichk v0.2.4 h1:i3yedFWWQ7YzjdZJHnPo9d/xURinSq3OM+gyM43K4/8= +github.com/breml/bidichk v0.2.4/go.mod h1:7Zk0kRFt1LIZxtQdl9W9JwGAcLTTkOs+tN7wuEYGJ3s= +github.com/breml/errchkjson v0.3.1 h1:hlIeXuspTyt8Y/UmP5qy1JocGNR00KQHgfaNtRAjoxQ= +github.com/breml/errchkjson v0.3.1/go.mod h1:XroxrzKjdiutFyW3nWhw34VGg7kiMsDQox73yWCGI2U= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -450,13 +452,13 @@ github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/charithe/durationcheck v0.0.9 h1:mPP4ucLrf/rKZiIG/a9IPXHGlh8p4CzgpyTy6EEutYk= -github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg= +github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4= +github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ= github.com/charmbracelet/keygen v0.3.0 h1:mXpsQcH7DDlST5TddmXNXjS0L7ECk4/kLQYyBcsan2Y= github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792 h1:VfX981snWr7d4yvFAJYCN3S2sOsweiM6BsqZgFPY65c= github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792/go.mod h1:sOPE4igPEyZ5Q75T0PYIMqA40cL+r0NrLlMJxr01aiE= -github.com/chavacava/garif v0.0.0-20220630083739-93517212f375 h1:E7LT642ysztPWE0dfz43cWOvMiF42DyTRC+eZIaO4yI= -github.com/chavacava/garif v0.0.0-20220630083739-93517212f375/go.mod h1:4m1Rv7xfuwWPNKXlThldNuJvutYM6J95wNuuVmn55To= +github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 h1:W9o46d2kbNL06lq7UNDPV0zYLzkrde/bjIqO02eoll0= +github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8/go.mod h1:gakxgyXaaPkxvLw1XQxNGK4I37ys9iBRzNUx/B7pUCo= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= @@ -623,7 +625,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/cristalhq/acmd v0.8.1/go.mod h1:LG5oa43pE/BbxtfMoImHCQN++0Su7dzipdgBjMCBVDQ= github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo= github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= @@ -632,8 +633,8 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= -github.com/daixiang0/gci v0.8.1 h1:T4xpSC+hmsi4CSyuYfIJdMZAr9o7xZmHpQVygMghGZ4= -github.com/daixiang0/gci v0.8.1/go.mod h1:EpVfrztufwVgQRXjnX4zuNinEpLj5OmMjtu/+MB0V0c= +github.com/daixiang0/gci v0.10.1 h1:eheNA3ljF6SxnPD/vE4lCBusVHmV3Rs3dkKvFrJ7MR0= +github.com/daixiang0/gci v0.10.1/go.mod h1:xtHP9N7AHdNvtRNfcx9gwTDfw7FRJx4bZUsiEfiNNAI= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -744,8 +745,9 @@ github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGF github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= @@ -781,8 +783,8 @@ github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwv github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= -github.com/go-critic/go-critic v0.6.5 h1:fDaR/5GWURljXwF8Eh31T2GZNz9X4jeboS912mWF8Uo= -github.com/go-critic/go-critic v0.6.5/go.mod h1:ezfP/Lh7MA6dBNn4c6ab5ALv3sKnZVLx37tr00uuaOY= +github.com/go-critic/go-critic v0.7.0 h1:tqbKzB8pqi0NsRZ+1pyU4aweAF7A7QN0Pi4Q02+rYnQ= +github.com/go-critic/go-critic v0.7.0/go.mod h1:moYzd7GdVXE2C2hYTwd7h0CPcqlUeclsyBRwMa38v64= github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= @@ -880,27 +882,25 @@ github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaEL github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= -github.com/go-toolsmith/astcast v1.0.0 h1:JojxlmI6STnFVG9yOImLeGREv8W2ocNUM+iOhR6jE7g= -github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4= -github.com/go-toolsmith/astcopy v1.0.2 h1:YnWf5Rnh1hUudj11kei53kI57quN/VH6Hp1n+erozn0= -github.com/go-toolsmith/astcopy v1.0.2/go.mod h1:4TcEdbElGc9twQEYpVo/aieIXfHhiuLh4aLAck6dO7Y= -github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY= -github.com/go-toolsmith/astequal v1.0.2/go.mod h1:9Ai4UglvtR+4up+bAD4+hCj7iTo4m/OXVTSLnCyTAx4= -github.com/go-toolsmith/astequal v1.0.3 h1:+LVdyRatFS+XO78SGV4I3TCEA0AC7fKEGma+fH+674o= +github.com/go-toolsmith/astcast v1.1.0 h1:+JN9xZV1A+Re+95pgnMgDboWNVnIMMQXwfBwLRPgSC8= +github.com/go-toolsmith/astcast v1.1.0/go.mod h1:qdcuFWeGGS2xX5bLM/c3U9lewg7+Zu4mr+xPwZIB4ZU= +github.com/go-toolsmith/astcopy v1.1.0 h1:YGwBN0WM+ekI/6SS6+52zLDEf8Yvp3n2seZITCUBt5s= +github.com/go-toolsmith/astcopy v1.1.0/go.mod h1:hXM6gan18VA1T/daUEHCFcYiW8Ai1tIwIzHY6srfEAw= github.com/go-toolsmith/astequal v1.0.3/go.mod h1:9Ai4UglvtR+4up+bAD4+hCj7iTo4m/OXVTSLnCyTAx4= -github.com/go-toolsmith/astfmt v1.0.0 h1:A0vDDXt+vsvLEdbMFJAUBI/uTbRw1ffOPnxsILnFL6k= -github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw= -github.com/go-toolsmith/astp v1.0.0 h1:alXE75TXgcmupDsMK1fRAy0YUzLzqPVvBKoyWV+KPXg= -github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI= -github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5 h1:eD9POs68PHkwrx7hAB78z1cb6PfGq/jyWn3wJywsH1o= -github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5/go.mod h1:3NAwwmD4uY/yggRxoEjk/S00MIV3A+H7rrE3i87eYxM= -github.com/go-toolsmith/strparse v1.0.0 h1:Vcw78DnpCAKlM20kSbAyO4mPfJn/lyYA4BJUDxe2Jb4= +github.com/go-toolsmith/astequal v1.1.0 h1:kHKm1AWqClYn15R0K1KKE4RG614D46n+nqUQ06E1dTw= +github.com/go-toolsmith/astequal v1.1.0/go.mod h1:sedf7VIdCL22LD8qIvv7Nn9MuWJruQA/ysswh64lffQ= +github.com/go-toolsmith/astfmt v1.1.0 h1:iJVPDPp6/7AaeLJEruMsBUlOYCmvg0MoCfJprsOmcco= +github.com/go-toolsmith/astfmt v1.1.0/go.mod h1:OrcLlRwu0CuiIBp/8b5PYF9ktGVZUjlNMV634mhwuQ4= +github.com/go-toolsmith/astp v1.1.0 h1:dXPuCl6u2llURjdPLLDxJeZInAeZ0/eZwFJmqZMnpQA= +github.com/go-toolsmith/astp v1.1.0/go.mod h1:0T1xFGz9hicKs8Z5MfAqSUitoUYS30pDMsRVIDHs8CA= +github.com/go-toolsmith/pkgload v1.2.2 h1:0CtmHq/02QhxcF7E9N5LIFcYFsMR5rdovfqTtRKkgIk= github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8= -github.com/go-toolsmith/typep v1.0.2 h1:8xdsa1+FSIH/RhEkgnD1j2CJOy5mNllW1Q9tRiYwvlk= -github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU= -github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= -github.com/go-xmlfmt/xmlfmt v0.0.0-20220206211657-0a94163c4677 h1:+k/R5MXzpgWkdqHjiuirfHk6QzzTToFxlKVrvkSR/ek= -github.com/go-xmlfmt/xmlfmt v0.0.0-20220206211657-0a94163c4677/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= +github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQiyP2Bvw= +github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ= +github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus= +github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig= +github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= +github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= @@ -1013,14 +1013,14 @@ github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe h1:6RGUuS7EGotKx6 github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe/go.mod h1:gjqyPShc/m8pEMpk0a3SeagVb0kaqvhscv+i9jI5ZhQ= github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 h1:amWTbTGqOZ71ruzrdA+Nx5WA3tV1N0goTspwmKCQvBY= github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2/go.mod h1:9wOXstvyDRshQ9LggQuzBCGysxs3b6Uo/1MvYCR2NMs= -github.com/golangci/golangci-lint v1.50.1 h1:C829clMcZXEORakZlwpk7M4iDw2XiwxxKaG504SZ9zY= -github.com/golangci/golangci-lint v1.50.1/go.mod h1:AQjHBopYS//oB8xs0y0M/dtxdKHkdhl0RvmjUct0/4w= +github.com/golangci/golangci-lint v1.52.1 h1:TwQtQi5dGE/uFOxYGKwddJo7T9sHsRfTUN00HZMl5Jo= +github.com/golangci/golangci-lint v1.52.1/go.mod h1:wlTh+d/oVlgZC2yCe6nlxrxNAnuhEQC0Zdygoh72Uak= github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 h1:MfyDlzVjl1hoaPzPD4Gpb/QgoRfSBR0jdhwGyAWwMSA= github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA= github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o= -github.com/golangci/misspell v0.3.5 h1:pLzmVdl3VxTOncgzHcvLOKirdvcx/TydsClUQXTehjo= -github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA= +github.com/golangci/misspell v0.4.0 h1:KtVB/hTK4bbL/S6bs64rYyk8adjmh1BygbBiaAiX+a0= +github.com/golangci/misspell v0.4.0/go.mod h1:W6O/bwV6lGDxUCChm2ykw9NQdd5bYd1Xkjo88UcWyJc= github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 h1:DIPQnGy2Gv2FSA4B/hh8Q7xx3B7AIDk3DAMeHclH1vQ= github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6/go.mod h1:0AKcRCkMoKvUvlf89F6O7H2LYdhr1zBh736mBItOdRs= github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 h1:zwtduBRr5SSWhqsYNgcuWO2kFlpdOZbP0+yRjmvPGys= @@ -1128,8 +1128,8 @@ github.com/gophercloud/gophercloud v0.24.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41 github.com/gophercloud/gophercloud v0.25.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 h1:PVRE9d4AQKmbelZ7emNig1+NT27DUmKZn5qXxfio54U= -github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0= +github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 h1:9alfqbrhuD+9fLZ4iaAVwhlp5PEhmnBt7yvK2Oy5C1U= +github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0= github.com/goreleaser/chglog v0.2.2 h1:V7nf07baXtGAgGevvqgW2MM4kZ6gOr12vKNSAU3VIZ0= github.com/goreleaser/chglog v0.2.2/go.mod h1:2s5JwtCOWjZa8AIneL+xdUl9SRuigCjRHNHsX30dupE= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= @@ -1150,12 +1150,8 @@ github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= -github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= -github.com/gostaticanalysis/analysisutil v0.1.0/go.mod h1:dMhHRU9KTiDcuLGdy87/2gTR8WruwYZrKdRq9m1O6uw= github.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk= github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc= -github.com/gostaticanalysis/comment v1.3.0/go.mod h1:xMicKDx7XRXYdVwY9f9wQpDJVnqWxw9wCauCMKp+IBI= github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado= github.com/gostaticanalysis/comment v1.4.2 h1:hlnx5+S2fY9Zo9ePo4AhgYsYHbM2+eAv8m/s1JiCd6Q= github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM= @@ -1328,7 +1324,6 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548 h1:dYTbLf4m0a5u0KLmPfB6mgxbcV7588bOCx79hxa5Sr4= -github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= @@ -1351,6 +1346,8 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= +github.com/junk1tm/musttag v0.5.0 h1:bV1DTdi38Hi4pG4OVWa7Kap0hi0o7EczuK6wQt9zPOM= +github.com/junk1tm/musttag v0.5.0/go.mod h1:PcR7BA+oREQYvHwgjIDmw3exJeds5JzRcvEJTfjrA0M= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= @@ -1359,12 +1356,12 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/errcheck v1.6.2 h1:uGQ9xI8/pgc9iOoCe7kWQgRE6SBTrCGmTSf0LrEtY7c= -github.com/kisielk/errcheck v1.6.2/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw= +github.com/kisielk/errcheck v1.6.3 h1:dEKh+GLHcWm2oN34nMvDzn1sqI0i0WxPvrgiJA5JuM8= +github.com/kisielk/errcheck v1.6.3/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw= github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kkHAIKE/contextcheck v1.1.3 h1:l4pNvrb8JSwRd51ojtcOxOeHJzHek+MtOyXbaR0uvmw= -github.com/kkHAIKE/contextcheck v1.1.3/go.mod h1:PG/cwd6c0705/LM0KTr1acO2gORUxkSVWyLJOFW5qoo= +github.com/kkHAIKE/contextcheck v1.1.4 h1:B6zAaLhOEEcjvUgIYEqystmnFk1Oemn8bvJhbt0GMb8= +github.com/kkHAIKE/contextcheck v1.1.4/go.mod h1:1+i/gWqokIa+dm31mqGLZhZJ7Uh44DJGZVmr6QRBNJg= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= @@ -1398,15 +1395,15 @@ github.com/kunwardeep/paralleltest v1.0.6/go.mod h1:Y0Y0XISdZM5IKm3TREQMZ6iteqn1 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/kyoh86/exportloopref v0.1.8 h1:5Ry/at+eFdkX9Vsdw3qU4YkvGtzuVfzT4X7S77LoN/M= -github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg= +github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ymEyhQ= +github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA= github.com/ldez/gomoddirectives v0.2.3 h1:y7MBaisZVDYmKvt9/l1mjNCiSA1BVn34U0ObUcJwlhA= github.com/ldez/gomoddirectives v0.2.3/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0= -github.com/ldez/tagliatelle v0.3.1 h1:3BqVVlReVUZwafJUwQ+oxbx2BEX2vUG4Yu/NOfMiKiM= -github.com/ldez/tagliatelle v0.3.1/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88= +github.com/ldez/tagliatelle v0.4.0 h1:sylp7d9kh6AdXN2DpVGHBRb5guTVAgOxqNGhbqc4b1c= +github.com/ldez/tagliatelle v0.4.0/go.mod h1:mNtTfrHy2haaBAw+VT7IBV6VXBThS7TCreYWbBcJ87I= github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= -github.com/leonklingele/grouper v1.1.0 h1:tC2y/ygPbMFSBOs3DcyaEMKnnwH7eYKzohOtRrf0SAg= -github.com/leonklingele/grouper v1.1.0/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY= +github.com/leonklingele/grouper v1.1.1 h1:suWXRU57D4/Enn6pXR0QVqqWWrnJ9Osrz+5rjt8ivzU= +github.com/leonklingele/grouper v1.1.1/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY= github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf h1:ndns1qx/5dL43g16EQkPV/i8+b3l5bYQwLeoSBe7tS8= github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf/go.mod h1:aGkAgvWY/IUcVFfuly53REpfv5edu25oij+qHRFaraA= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= @@ -1438,13 +1435,13 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/maratori/testableexamples v1.0.0 h1:dU5alXRrD8WKSjOUnmJZuzdxWOEQ57+7s93SLMxb2vI= github.com/maratori/testableexamples v1.0.0/go.mod h1:4rhjL1n20TUTT4vdh3RDqSizKLyXp7K2u6HgraZCGzE= -github.com/maratori/testpackage v1.1.0 h1:GJY4wlzQhuBusMF1oahQCBtUV/AQ/k69IZ68vxaac2Q= -github.com/maratori/testpackage v1.1.0/go.mod h1:PeAhzU8qkCwdGEMTEupsHJNlQu2gZopMC6RjbhmHeDc= +github.com/maratori/testpackage v1.1.1 h1:S58XVV5AD7HADMmD0fNnziNHqKvSdDuEKdPD1rNTU04= +github.com/maratori/testpackage v1.1.1/go.mod h1:s4gRK/ym6AMrqpOa/kEbQTV4Q4jb7WeLZzVhVVVOQMc= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= -github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 h1:pWxk9e//NbPwfxat7RXkts09K+dEBJWakUWwICVqYbA= -github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= +github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 h1:gWg6ZQ4JhDfJPqlo2srm/LN17lpybq15AryXIRcWYLE= +github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= @@ -1466,8 +1463,9 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-mastodon v0.0.6 h1:lqU1sOeeIapaDsDUL6udDZIzMb2Wqapo347VZlaOzf0= github.com/mattn/go-mastodon v0.0.6/go.mod h1:cg7RFk2pcUfHZw/IvKe1FUzmlq5KnLFqs7eV2PHplV8= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1480,7 +1478,6 @@ github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= -github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= @@ -1488,8 +1485,8 @@ github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfr github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo= github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc= -github.com/mgechev/revive v1.2.4 h1:+2Hd/S8oO2H0Ikq2+egtNwQsVhAeELHjxjIUFX5ajLI= -github.com/mgechev/revive v1.2.4/go.mod h1:iAWlQishqCuj4yhV24FTnKSXGpbAA+0SckXB8GQMX/Q= +github.com/mgechev/revive v1.3.1 h1:OlQkcH40IB2cGuprTPcjB0iIUddgVZgGmDX3IAMR8D4= +github.com/mgechev/revive v1.3.1/go.mod h1:YlD6TTWl2B8A103R9KWJSPVI9DrEf+oqr15q21Ld+5I= github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= @@ -1540,8 +1537,8 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/moricho/tparallel v0.2.1 h1:95FytivzT6rYzdJLdtfn6m1bfFJylOJK41+lgv/EHf4= -github.com/moricho/tparallel v0.2.1/go.mod h1:fXEIZxG2vdfl0ZF8b42f5a78EhjjD5mX8qUplsoSU4k= +github.com/moricho/tparallel v0.3.0 h1:8dDx3S3e+jA+xiQXC7O3dvfRTe/J+FYlTDDW01Y7z/Q= +github.com/moricho/tparallel v0.3.0/go.mod h1:leENX2cUv7Sv2qDgdi0D0fCftN8fRC67Bcn8pqzeYNI= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= @@ -1579,10 +1576,12 @@ github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 h1:4kuARK6Y6Fx github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= -github.com/nishanths/exhaustive v0.8.3 h1:pw5O09vwg8ZaditDp/nQRqVnrMczSJDxRDJMowvhsrM= -github.com/nishanths/exhaustive v0.8.3/go.mod h1:qj+zJJUgJ76tR92+25+03oYUhzF4R7/2Wk7fGTfCHmg= +github.com/nishanths/exhaustive v0.9.5 h1:TzssWan6orBiLYVqewCG8faud9qlFntJE30ACpzmGME= +github.com/nishanths/exhaustive v0.9.5/go.mod h1:IbwrGdVMizvDcIxPYGVdQn5BqWJaOwpCvg4RGb8r/TA= github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk= github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c= +github.com/nunnatsa/ginkgolinter v0.9.0 h1:Sm0zX5QfjJzkeCjEp+t6d3Ha0jwvoDjleP9XCsrEzOA= +github.com/nunnatsa/ginkgolinter v0.9.0/go.mod h1:FHaMLURXP7qImeH6bvxWJUpyH+2tuqe5j4rW1gxJRmI= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= @@ -1689,8 +1688,6 @@ github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvI github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d h1:CdDQnGF8Nq9ocOS/xlSptM1N3BbrA6/kmaep5ggwaIA= -github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= @@ -1707,8 +1704,8 @@ github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZ github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/polyfloyd/go-errorlint v1.0.5 h1:AHB5JRCjlmelh9RrLxT9sgzpalIwwq4hqE8EkwIwKdY= -github.com/polyfloyd/go-errorlint v1.0.5/go.mod h1:APVvOesVSAnne5SClsPxPdfvZTVDojXh1/G3qb5wjGI= +github.com/polyfloyd/go-errorlint v1.4.0 h1:b+sQ5HibPIAjEZwtuwU8Wz/u0dMZ7YL+bk+9yWyHVJk= +github.com/polyfloyd/go-errorlint v1.4.0/go.mod h1:qJCkPeBn+0EXkdKTrUCcuFStM2xrDKfxI3MGLXPexUs= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= @@ -1777,16 +1774,10 @@ github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY= github.com/prometheus/prometheus v0.37.0/go.mod h1:egARUgz+K93zwqsVIAneFlLZefyGOON44WyAp4Xqbbk= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/quasilyte/go-ruleguard v0.3.1-0.20210203134552-1b5a410e1cc8/go.mod h1:KsAh3x0e7Fkpgs+Q9pNLS5XpFSvYCEVl5gP9Pp1xp30= -github.com/quasilyte/go-ruleguard v0.3.18 h1:sd+abO1PEI9fkYennwzHn9kl3nqP6M5vE7FiOzZ+5CE= -github.com/quasilyte/go-ruleguard v0.3.18/go.mod h1:lOIzcYlgxrQ2sGJ735EHXmf/e9MJ516j16K/Ifcttvs= -github.com/quasilyte/go-ruleguard/dsl v0.3.0/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU= -github.com/quasilyte/go-ruleguard/dsl v0.3.21/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU= -github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc= -github.com/quasilyte/go-ruleguard/rules v0.0.0-20211022131956-028d6511ab71/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50= -github.com/quasilyte/gogrep v0.0.0-20220828223005-86e4605de09f h1:6Gtn2i04RD0gVyYf2/IUMTIs+qYleBt4zxDqkLTcu4U= -github.com/quasilyte/gogrep v0.0.0-20220828223005-86e4605de09f/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng= -github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= +github.com/quasilyte/go-ruleguard v0.3.19 h1:tfMnabXle/HzOb5Xe9CUZYWXKfkS1KwRmZyPmD9nVcc= +github.com/quasilyte/go-ruleguard v0.3.19/go.mod h1:lHSn69Scl48I7Gt9cX3VrbsZYvYiBYszZOZW4A+oTEw= +github.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo= +github.com/quasilyte/gogrep v0.5.0/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng= github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl980XxGFEZSS6KlBGIV0diGdySzxATTWoqaU= github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs= @@ -1811,10 +1802,10 @@ github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThC github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryancurrah/gomodguard v1.2.4 h1:CpMSDKan0LtNGGhPrvupAoLeObRFjND8/tU1rEOtBp4= -github.com/ryancurrah/gomodguard v1.2.4/go.mod h1:+Kem4VjWwvFpUJRJSwa16s1tBJe+vbv02+naTow2f6M= -github.com/ryanrolds/sqlclosecheck v0.3.0 h1:AZx+Bixh8zdUBxUA1NxbxVAS78vTPq4rCb8OUZI9xFw= -github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA= +github.com/ryancurrah/gomodguard v1.3.0 h1:q15RT/pd6UggBXVBuLps8BXRvl5GPBcwVA7BJHMLuTw= +github.com/ryancurrah/gomodguard v1.3.0/go.mod h1:ggBxb3luypPEzqVtq33ee7YSN35V28XeGnid8dnni50= +github.com/ryanrolds/sqlclosecheck v0.4.0 h1:i8SX60Rppc1wRuyQjMciLqIzV3xnoHB7/tXbr6RGYNI= +github.com/ryanrolds/sqlclosecheck v0.4.0/go.mod h1:TBRRjzL31JONc9i4XMinicuo+s+E8yKZ5FN8X3G6CKQ= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= @@ -1826,8 +1817,8 @@ github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b h1:qYTY2tN72LhgDj github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b/go.mod h1:/pA7k3zsXKdjjAiUhB5CjuKib9KJGCaLvZwtxGC8U0s= github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw= github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= -github.com/sashamelentyev/usestdlibvars v1.20.0 h1:K6CXjqqtSYSsuyRDDC7Sjn6vTMLiSJa4ZmDkiokoqtw= -github.com/sashamelentyev/usestdlibvars v1.20.0/go.mod h1:0GaP+ecfZMXShS0A94CJn6aEuPRILv8h/VuWI9n1ygg= +github.com/sashamelentyev/usestdlibvars v1.23.0 h1:01h+/2Kd+NblNItNeux0veSL5cBF1jbEOPrEhDzGYq0= +github.com/sashamelentyev/usestdlibvars v1.23.0/go.mod h1:YPwr/Y1LATzHI93CqoPUN/2BzGQ/6N/cl/KwgR0B/aU= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= @@ -1836,8 +1827,8 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/secure-systems-lab/go-securesystemslib v0.3.1/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U= -github.com/securego/gosec/v2 v2.13.1 h1:7mU32qn2dyC81MH9L2kefnQyRMUarfDER3iQyMHcjYM= -github.com/securego/gosec/v2 v2.13.1/go.mod h1:EO1sImBMBWFjOTFzMWfTRrZW6M15gm60ljzrmy/wtHo= +github.com/securego/gosec/v2 v2.15.0 h1:v4Ym7FF58/jlykYmmhZ7mTm7FQvN/setNm++0fgIAtw= +github.com/securego/gosec/v2 v2.15.0/go.mod h1:VOjTrZOkUtSDt2QLSJmQBMWnvwiQPEjg0l+5juIqGk8= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= @@ -1871,8 +1862,8 @@ github.com/sivchari/containedctx v1.0.2 h1:0hLQKpgC53OVF1VT7CeoFHk9YKstur1XOgfYI github.com/sivchari/containedctx v1.0.2/go.mod h1:PwZOeqm4/DLoJOqMSIJs3aKqXRX4YO+uXww087KZ7Bw= github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt95do8= github.com/sivchari/nosnakecase v1.7.0/go.mod h1:CwDzrzPea40/GB6uynrNLiorAlgFRvRbFSgJx2Gs+QY= -github.com/sivchari/tenv v1.7.0 h1:d4laZMBK6jpe5PWepxlV9S+LC0yXqvYHiq8E6ceoVVE= -github.com/sivchari/tenv v1.7.0/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= +github.com/sivchari/tenv v1.7.1 h1:PSpuD4bu6fSmtWMxSGWcvqUUgIn7k3yOJhOIzVWn8Ak= +github.com/sivchari/tenv v1.7.1/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= github.com/slack-go/slack v0.12.1/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -1882,11 +1873,11 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sonatard/noctx v0.0.1 h1:VC1Qhl6Oxx9vvWo3UDgrGXYCeKCe3Wbw7qAWL6FrmTY= -github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI= +github.com/sonatard/noctx v0.0.2 h1:L7Dz4De2zDQhW8S0t+KUjY0MAQJd6SgVwhzNIc4ok00= +github.com/sonatard/noctx v0.0.2/go.mod h1:kzFz+CzWSjQ2OzIm46uJZoXuBpa2+0y3T36U18dWqIo= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/sourcegraph/go-diff v0.6.1 h1:hmA1LzxW0n1c3Q4YbrFgg4P99GSnebYa3x8gr0HZqLQ= -github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= +github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0= +github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -1946,8 +1937,9 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= @@ -1955,9 +1947,11 @@ github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc= +github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c h1:+aPplBwWcHBo6q9xrfWdMrT9o4kltkmmvpemgIjep/8= +github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c/go.mod h1:SbErYREK7xXdsRiigaQiQkI9McGRzYMvlKYaP3Nimdk= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= -github.com/tdakkota/asciicheck v0.1.1 h1:PKzG7JUTUmVspQTDqtkX9eSiLGossXTybutHwTXuO0A= -github.com/tdakkota/asciicheck v0.1.1/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM= +github.com/tdakkota/asciicheck v0.2.0 h1:o8jvnUANo0qXtnslk2d3nMKTFNlOnJjRrNcj0j9qkHM= +github.com/tdakkota/asciicheck v0.2.0/go.mod h1:Qb7Y9EgjCLJGup51gDHFzbI08/gbGhL/UVhYIPWG2rg= github.com/technoweenie/multipartstreamer v1.0.1 h1:XRztA5MXiR1TIRHxH2uNxXxaIkKQDeX7m2XsSOlQEnM= github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog= github.com/tedsuo/ifrit v0.0.0-20180802180643-bea94bb476cc/go.mod h1:eyZnKCc955uh98WQvzOm0dgAeLnf2O0Rz0LPoC5ze+0= @@ -1971,17 +1965,17 @@ github.com/theupdateframework/go-tuf v0.3.0 h1:od2sc5+BSkKZhmUG2o2rmruy0BGSmhrbD github.com/theupdateframework/go-tuf v0.3.0/go.mod h1:E5XP0wXitrFUHe4b8cUcAAdxBW4LbfnqF4WXXGLgWNo= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= -github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 h1:kl4KhGNsJIbDHS9/4U9yQo1UcPQM0kOMJHn29EoH/Ro= -github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk= -github.com/timonwong/loggercheck v0.9.3 h1:ecACo9fNiHxX4/Bc02rW2+kaJIAMAes7qJ7JKxt0EZI= -github.com/timonwong/loggercheck v0.9.3/go.mod h1:wUqnk9yAOIKtGA39l1KLE9Iz0QiTocu/YZoOf+OzFdw= +github.com/timakin/bodyclose v0.0.0-20221125081123-e39cf3fc478e h1:MV6KaVu/hzByHP0UvJ4HcMGE/8a6A4Rggc/0wx2AvJo= +github.com/timakin/bodyclose v0.0.0-20221125081123-e39cf3fc478e/go.mod h1:27bSVNWSBOHm+qRp1T9qzaIpsWEP6TbUnei/43HK+PQ= +github.com/timonwong/loggercheck v0.9.4 h1:HKKhqrjcVj8sxL7K77beXh0adEm6DLjV/QOGeMXEVi4= +github.com/timonwong/loggercheck v0.9.4/go.mod h1:caz4zlPcgvpEkXgVnAJGowHAMW2NwHaNlpS8xDbVhTg= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/tomarrell/wrapcheck/v2 v2.7.0 h1:J/F8DbSKJC83bAvC6FoZaRjZiZ/iKoueSdrEkmGeacA= -github.com/tomarrell/wrapcheck/v2 v2.7.0/go.mod h1:ao7l5p0aOlUNJKI0qVwB4Yjlqutd0IvAB9Rdwyilxvg= +github.com/tomarrell/wrapcheck/v2 v2.8.1 h1:HxSqDSN0sAt0yJYsrcYVoEeyM4aI9yAm3KQpIXDJRhQ= +github.com/tomarrell/wrapcheck/v2 v2.8.1/go.mod h1:/n2Q3NZ4XFT50ho6Hbxg+RV1uyo2Uow/Vdm9NQcl5SE= github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw= github.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw= github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 h1:nrZ3ySNYwJbSpD6ce9duiP+QkD3JuLCcWkdaehUS/3Y= @@ -2206,6 +2200,7 @@ golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2221,8 +2216,9 @@ golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMk golang.org/x/exp v0.0.0-20220823124025-807a23277127 h1:S4NrSKDfihhl3+4jSTgwoIevKxX9p7Iv9x++OEIptDo= golang.org/x/exp v0.0.0-20220823124025-807a23277127/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= -golang.org/x/exp/typeparams v0.0.0-20220827204233-334a2380cb91 h1:Ic/qN6TEifvObMGQy72k0n1LlJr7DjWWEi+MOsDOiSk= -golang.org/x/exp/typeparams v0.0.0-20220827204233-334a2380cb91/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 h1:J74nGeMgeFnYQJN59eFwh06jX/V8g0lB7LWpjSLxtgU= +golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2252,6 +2248,9 @@ golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2334,6 +2333,10 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2531,6 +2534,10 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2539,6 +2546,10 @@ golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2551,6 +2562,9 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2575,13 +2589,10 @@ golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190307163923-6a08e3108db3/go.mod h1:25r3+/G6/xytQM8iWZKq3Hn0kr0rgFKPUNVEL/dr3z4= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190321232350-e250d351ecad/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -2603,7 +2614,6 @@ golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190916130336-e45ffcd953cc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2618,7 +2628,6 @@ golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= @@ -2632,7 +2641,6 @@ golang.org/x/tools v0.0.0-20200324003944-a576cf524670/go.mod h1:Sl4aGygMT6LrqrWc golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2640,26 +2648,19 @@ golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200624225443-88f3c62a19ff/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200625211823-6506e20df31f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200831203904-5a2aa26beb65/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= -golang.org/x/tools v0.0.0-20201002184944-ecd9fd270d5d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201230224404-63754364767c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -2672,11 +2673,15 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.9-0.20211228192929-ee1ca4ffc4da/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= +golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= +golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2982,8 +2987,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.3.3 h1:oDx7VAwstgpYpb3wv0oxiZlxY+foCpRAwY7Vk6XpAgA= -honnef.co/go/tools v0.3.3/go.mod h1:jzwdWgg7Jdq75wlfblQxO4neNaFFSvgc1tD5Wv8U0Yw= +honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw= +honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= @@ -3055,8 +3060,8 @@ mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wp mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= -mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 h1:seuXWbRB1qPrS3NQnHmFKLJLtskWyueeIzmLXghMGgk= -mvdan.cc/unparam v0.0.0-20220706161116-678bad134442/go.mod h1:F/Cxw/6mVrNKqrR2YjFf5CaW0Bw4RL8RfbEf4GRggJk= +mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d h1:3rvTIIM22r9pvXk+q3swxUQAQOxksVMGK7sml4nG57w= +mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d/go.mod h1:IeHQjmn6TOD+e4Z3RFiZMMsLVL+A96Nvptar8Fj71is= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= From eb57e04ac487a76f4dd71aa3cdfc2806c5cd5076 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Mar 2023 15:39:11 -0500 Subject: [PATCH 009/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.0...v2.9.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 4 ++-- tools/go.sum | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 40a996f2d02..7cc6d19a992 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.14.1 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.0 + github.com/onsi/ginkgo/v2 v2.9.2 google.golang.org/protobuf v1.29.0 ) @@ -153,7 +153,7 @@ require ( github.com/go-openapi/strfmt v0.21.3 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-openapi/validate v0.22.0 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect github.com/go-toolsmith/astcopy v1.1.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 4e7f54a6b04..e56b7c0cb9f 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -876,8 +876,9 @@ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible h1:2cauKuaELYAEARXRkq2LrJ0yDDv1rW7+wrTEdVL3uaU= github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -1609,8 +1610,8 @@ github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= -github.com/onsi/ginkgo/v2 v2.9.0 h1:Tugw2BKlNHTMfG+CheOITkYvk4LAh6MFOvikhGVnhE8= -github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= +github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -1624,7 +1625,7 @@ github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+t github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= -github.com/onsi/gomega v1.27.1 h1:rfztXRbg6nv/5f+Raen9RcGoSecHIFgBBLQK3Wdj754= +github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From ffdca54779b2f3bbe0ebce22f0786912c598a2ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 26 Mar 2023 16:54:10 +0000 Subject: [PATCH 010/316] :seedling: Bump github/codeql-action from 2.2.7 to 2.2.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/168b99b3c22180941ae7dbdd5f5c9678ede476ba...67a35a08586135a9573f4327e904ecbf517a882d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0ace6fe97f8..96e98041178 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v1 + uses: github/codeql-action/init@67a35a08586135a9573f4327e904ecbf517a882d # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v1 + uses: github/codeql-action/autobuild@67a35a08586135a9573f4327e904ecbf517a882d # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v1 + uses: github/codeql-action/analyze@67a35a08586135a9573f4327e904ecbf517a882d # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 7d05d0c81b5..78dee04f770 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v1 + uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d # v1 with: sarif_file: results.sarif From dde9aa1aefb9e26196c03ef7401287ff2fd35b01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Mar 2023 10:45:32 -0500 Subject: [PATCH 011/316] :seedling: Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/c090f4e553673e6e505ea70d6a95362ee12adb94...f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 958d9e5a1cd..da9507b5359 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f - name: 'Dependency Review' - uses: actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94 + uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e From 0564af089f86934cab79a96ff9a5992a471b934c Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Mon, 27 Mar 2023 12:08:54 -0700 Subject: [PATCH 012/316] :bug: Restore upload of existing raw result Big Query data (#2795) Signed-off-by: Spencer Schrock --- cron/internal/format/bq.raw.schema | 96 ++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/cron/internal/format/bq.raw.schema b/cron/internal/format/bq.raw.schema index 7f519f41ee2..04c756642c3 100644 --- a/cron/internal/format/bq.raw.schema +++ b/cron/internal/format/bq.raw.schema @@ -331,6 +331,102 @@ "mode": "REPEATED", "name": "defaultBranchCommits", "type": "RECORD" + }, + { + "description": "", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "number", + "type": "STRING" + }, + { + "description": "", + "mode": "NULLABLE", + "name": "platform", + "type": "STRING" + }, + { + "description": "", + "mode": "REPEATED", + "name": "reviews", + "type": "RECORD", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "reviewer", + "type": "RECORD", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "login", + "type": "STRING" + } + ] + }, + { + "description": "", + "mode": "NULLABLE", + "name": "state", + "type": "STRING" + } + ] + }, + { + "description": "", + "mode": "REPEATED", + "name": "authors", + "type": "RECORD", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "login", + "type": "STRING" + } + ] + }, + { + "description": "", + "mode": "REPEATED", + "name": "commits", + "type": "RECORD", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "committer", + "type": "RECORD", + "fields": [ + { + "description": "", + "mode": "NULLABLE", + "name": "login", + "type": "STRING" + } + ] + }, + { + "description": "", + "mode": "NULLABLE", + "name": "message", + "type": "STRING" + }, + { + "description": "", + "mode": "NULLABLE", + "name": "sha", + "type": "STRING" + } + ] + } + ], + "mode": "REPEATED", + "name": "defaultBranchChangesets", + "type": "RECORD" } ], "mode": "NULLABLE", From 9358843a7f1b85617aa222c17acde2536bf3da8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:40:41 -0500 Subject: [PATCH 013/316] :seedling: Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/07f86bcdc42639264ec561c7f175fea5f532b6ce...db5dd7c176cf59a19ef6561bf1936f059dee4b74) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 53dbad2fd4c..4142a55d81f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@07f86bcdc42639264ec561c7f175fea5f532b6ce #v35.7.6 + uses: tj-actions/changed-files@db5dd7c176cf59a19ef6561bf1936f059dee4b74 #v35.7.7 with: files_ignore: '**.md' - id: docs_only_check From 27b6358a48ed0f77d2e585d091173b18ff4667c0 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 28 Mar 2023 14:40:42 -0700 Subject: [PATCH 014/316] =?UTF-8?q?=F0=9F=8C=B1=20Restore=20API=20quota=20?= =?UTF-8?q?metrics=20for=20the=20weekly=20cron=20job.=20(#2799)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Spencer Schrock --- clients/githubrepo/roundtripper/rate_limit.go | 6 ++++++ clients/githubrepo/roundtripper/transport.go | 11 ----------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/clients/githubrepo/roundtripper/rate_limit.go b/clients/githubrepo/roundtripper/rate_limit.go index 9730616d1f1..950e8f8aa8b 100644 --- a/clients/githubrepo/roundtripper/rate_limit.go +++ b/clients/githubrepo/roundtripper/rate_limit.go @@ -21,6 +21,7 @@ import ( "time" "go.opencensus.io/stats" + "go.opencensus.io/tag" githubstats "github.com/ossf/scorecard/v4/clients/githubrepo/stats" sce "github.com/ossf/scorecard/v4/errors" @@ -63,6 +64,11 @@ func (gh *rateLimitTransport) RoundTrip(r *http.Request) (*http.Response, error) if err != nil { return resp, nil } + ctx, err := tag.New(r.Context(), tag.Upsert(githubstats.ResourceType, resp.Header.Get("X-RateLimit-Resource"))) + if err != nil { + return nil, fmt.Errorf("error updating context: %w", err) + } + stats.Record(ctx, githubstats.RemainingTokens.M(int64(remaining))) if remaining <= 0 { reset, err := strconv.Atoi(resp.Header.Get("X-RateLimit-Reset")) diff --git a/clients/githubrepo/roundtripper/transport.go b/clients/githubrepo/roundtripper/transport.go index fa606979459..d8c577ed168 100644 --- a/clients/githubrepo/roundtripper/transport.go +++ b/clients/githubrepo/roundtripper/transport.go @@ -17,9 +17,7 @@ package roundtripper import ( "fmt" "net/http" - "strconv" - "go.opencensus.io/stats" "go.opencensus.io/tag" "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens" @@ -56,14 +54,5 @@ func (gt *githubTransport) RoundTrip(r *http.Request) (*http.Response, error) { return nil, fmt.Errorf("error in HTTP: %w", err) } - ctx, err = tag.New(r.Context(), tag.Upsert(githubstats.ResourceType, resp.Header.Get("X-RateLimit-Resource"))) - if err != nil { - return nil, fmt.Errorf("error updating context: %w", err) - } - remaining, err := strconv.Atoi(resp.Header.Get("X-RateLimit-Remaining")) - if err == nil { - stats.Record(ctx, githubstats.RemainingTokens.M(int64(remaining))) - } - return resp, nil } From 45048c559df23bbd2f2c507f8ef65599d041fe5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 16:38:45 -0700 Subject: [PATCH 015/316] :seedling: Bump github.com/golangci/golangci-lint in /tools (#2794) Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.52.1...v1.52.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 4 ++-- tools/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 7cc6d19a992..b1414feb14e 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/golang/mock v1.6.0 - github.com/golangci/golangci-lint v1.52.1 + github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.14.1 @@ -250,7 +250,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moricho/tparallel v0.3.0 // indirect + github.com/moricho/tparallel v0.3.1 // indirect github.com/muesli/mango v0.1.0 // indirect github.com/muesli/mango-cobra v1.2.0 // indirect github.com/muesli/mango-pflag v0.1.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index e56b7c0cb9f..f12ecc3cb9a 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1014,8 +1014,8 @@ github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe h1:6RGUuS7EGotKx6 github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe/go.mod h1:gjqyPShc/m8pEMpk0a3SeagVb0kaqvhscv+i9jI5ZhQ= github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 h1:amWTbTGqOZ71ruzrdA+Nx5WA3tV1N0goTspwmKCQvBY= github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2/go.mod h1:9wOXstvyDRshQ9LggQuzBCGysxs3b6Uo/1MvYCR2NMs= -github.com/golangci/golangci-lint v1.52.1 h1:TwQtQi5dGE/uFOxYGKwddJo7T9sHsRfTUN00HZMl5Jo= -github.com/golangci/golangci-lint v1.52.1/go.mod h1:wlTh+d/oVlgZC2yCe6nlxrxNAnuhEQC0Zdygoh72Uak= +github.com/golangci/golangci-lint v1.52.2 h1:FrPElUUI5rrHXg1mQ7KxI1MXPAw5lBVskiz7U7a8a1A= +github.com/golangci/golangci-lint v1.52.2/go.mod h1:S5fhC5sHM5kE22/HcATKd1XLWQxX+y7mHj8B5H91Q/0= github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 h1:MfyDlzVjl1hoaPzPD4Gpb/QgoRfSBR0jdhwGyAWwMSA= github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg= github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA= @@ -1538,8 +1538,8 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/moricho/tparallel v0.3.0 h1:8dDx3S3e+jA+xiQXC7O3dvfRTe/J+FYlTDDW01Y7z/Q= -github.com/moricho/tparallel v0.3.0/go.mod h1:leENX2cUv7Sv2qDgdi0D0fCftN8fRC67Bcn8pqzeYNI= +github.com/moricho/tparallel v0.3.1 h1:fQKD4U1wRMAYNngDonW5XupoB/ZGJHdpzrWqgyg9krA= +github.com/moricho/tparallel v0.3.1/go.mod h1:leENX2cUv7Sv2qDgdi0D0fCftN8fRC67Bcn8pqzeYNI= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= From 355174a48b94c089a71f27b6ec503050855670a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 23:56:27 +0000 Subject: [PATCH 016/316] :seedling: Bump google.golang.org/protobuf in /tools (#2759) --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index b1414feb14e..100780c72f6 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -10,7 +10,7 @@ require ( github.com/goreleaser/goreleaser v1.14.1 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.2 - google.golang.org/protobuf v1.29.0 + google.golang.org/protobuf v1.30.0 ) require ( diff --git a/tools/go.sum b/tools/go.sum index f12ecc3cb9a..d4b15e5b1f7 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -2917,8 +2917,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0= -google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= From dd86ce8df8eea9cb649ee13ed6a5233acbae3b8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 00:22:33 +0000 Subject: [PATCH 017/316] :seedling: Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769) --- go.mod | 12 ++++++------ go.sum | 21 ++++++++++++--------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 2abc2d6405c..5f93739b88a 100644 --- a/go.mod +++ b/go.mod @@ -34,8 +34,8 @@ require ( github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f go.opencensus.io v0.24.0 gocloud.dev v0.29.0 - golang.org/x/text v0.7.0 - golang.org/x/tools v0.6.0 + golang.org/x/text v0.8.0 + golang.org/x/tools v0.7.0 google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect google.golang.org/protobuf v1.28.1 gopkg.in/yaml.v2 v2.4.0 @@ -86,8 +86,8 @@ require ( github.com/skeema/knownhosts v1.1.0 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.4.0 // indirect - golang.org/x/mod v0.8.0 // indirect - golang.org/x/term v0.5.0 // indirect + golang.org/x/mod v0.9.0 // indirect + golang.org/x/term v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -157,10 +157,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.6.0 // indirect golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 - golang.org/x/net v0.7.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.5.0 // indirect + golang.org/x/sys v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.110.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index ea81c0e4ad6..a784f19c963 100644 --- a/go.sum +++ b/go.sum @@ -2165,8 +2165,8 @@ golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2256,8 +2256,8 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2461,8 +2461,9 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2474,8 +2475,9 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2490,8 +2492,9 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2594,8 +2597,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 h1:XZD8apnMaMVuqE3ZEzf5JJncKMlOsMnnov7U+JRT/d4= golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6/go.mod h1:cBP4HMKv0X+x96j8IJWCKk0eqpakBmmHjKGSSC0NaYE= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From d2a3caa3d805925c467ea730904c1ebfca81917d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 19:41:09 -0700 Subject: [PATCH 018/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737) * :seedling: Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis. Signed-off-by: Spencer Schrock --------- Signed-off-by: dependabot[bot] Signed-off-by: Spencer Schrock Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock --- go.mod | 10 +++++----- go.sum | 16 ++++++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 5f93739b88a..5f7991085b7 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( golang.org/x/text v0.8.0 golang.org/x/tools v0.7.0 google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect - google.golang.org/protobuf v1.28.1 + google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 mvdan.cc/sh/v3 v3.6.0 @@ -72,7 +72,7 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.1 // indirect + github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/jedib0t/go-pretty/v6 v6.4.4 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect @@ -126,7 +126,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.4.3 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/protobuf v1.5.3 // indirect github.com/google/go-github/v45 v45.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/uuid v1.3.0 // indirect @@ -151,14 +151,14 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xanzy/go-gitlab v0.78.0 + github.com/xanzy/go-gitlab v0.81.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.6.0 // indirect golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 golang.org/x/net v0.8.0 // indirect - golang.org/x/oauth2 v0.5.0 // indirect + golang.org/x/oauth2 v0.6.0 // indirect golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index a784f19c963..c74a3d8055f 100644 --- a/go.sum +++ b/go.sum @@ -1124,8 +1124,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= @@ -1299,8 +1300,9 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= +github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= @@ -1930,8 +1932,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.78.0 h1:8jUHfQVAprG04Av5g0PxVd3CNsZ5hCbojIax7Hba1mE= -github.com/xanzy/go-gitlab v0.78.0/go.mod h1:DlByVTSXhPsJMYL6+cm8e8fTJjeBmhrXdC/yvkKKt6M= +github.com/xanzy/go-gitlab v0.81.0 h1:ofbhZ5ZY9AjHATWQie4qd2JfncdUmvcSA/zfQB767Dk= +github.com/xanzy/go-gitlab v0.81.0/go.mod h1:VMbY3JIWdZ/ckvHbQqkyd3iYk2aViKrNIQ23IbFMQDo= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= @@ -2288,8 +2290,9 @@ golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= +golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2884,8 +2887,9 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 497815daa8980e77398a1e727dee6974a9309b74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 20:33:32 -0700 Subject: [PATCH 019/316] :seedling: Bump actions/stale from 6.0.1 to 8.0.0 (#2793) Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/5ebf00ea0e4c1561e9b43a292ed34424fb1d4578...1160a2240286f5da8ec72b1c0816ce2481aabf84) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 34b5c9faf13..7dcde49cb79 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -31,7 +31,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # v3.0.18 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v3.0.18 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Stale issue message' From ed26d9b110a2d82348599873c2c96d78e63d1b32 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 21:15:21 -0700 Subject: [PATCH 020/316] :seedling: Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/6edd4406fa81c3da01a34fa6f6343087c207a568...4d34df0c2316fe8122ab82dc22947d607c0c91f9) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 14 +++++------ .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 +++++++++++++++--------------- .github/workflows/publishimage.yml | 2 +- 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4142a55d81f..09ad1263b4d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -90,7 +90,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -138,7 +138,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index fb9b79a937b..d9eecb497f7 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -40,7 +40,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: 1.19 check-latest: true diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 262c0aceabc..2d59fd81ad5 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -47,7 +47,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: setup-go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a25079a839f..42f217e01b3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,7 +58,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -103,7 +103,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -151,7 +151,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -426,7 +426,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -474,7 +474,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -522,7 +522,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -570,7 +570,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -618,7 +618,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -666,7 +666,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -714,7 +714,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -749,7 +749,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -786,7 +786,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -833,7 +833,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -868,7 +868,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -894,7 +894,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v2.2.0 + - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index e3acab9fb53..8363b06dc4e 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -44,7 +44,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 with: go-version: ${{ env.GO_VERSION }} check-latest: true From c219f04edc4ed4fd1623f52ab762b14e46d96091 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Mar 2023 22:26:43 -0700 Subject: [PATCH 021/316] :seedling: Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/8f67e590f2d095516493f017008adc464e63adb1...f82d6c1c344bcacabba2c841718984797f664a6b) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index d9eecb497f7..1f0e039fcab 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -49,7 +49,7 @@ jobs: run: echo "version_flags=$(./scripts/version-ldflags)" >> "$GITHUB_OUTPUT" - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@8f67e590f2d095516493f017008adc464e63adb1 # v2.5.0 + uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v2.5.0 with: version: latest args: release --rm-dist From 92a07f55135b1e5bda11ca9b586cbb351d3036c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 11:41:56 -0700 Subject: [PATCH 022/316] :seedling: Bump github.com/google/osv-scanner (#2803) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 37 +++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 5f7991085b7..026556dc216 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 - github.com/go-git/go-git/v5 v5.5.2 + github.com/go-git/go-git/v5 v5.6.1 github.com/go-logr/logr v1.2.3 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b + github.com/google/osv-scanner v1.3.0 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.8.3 github.com/otiai10/copy v1.9.0 @@ -73,7 +73,7 @@ require ( github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect - github.com/jedib0t/go-pretty/v6 v6.4.4 // indirect + github.com/jedib0t/go-pretty/v6 v6.4.6 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -81,7 +81,7 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect - github.com/pjbgf/sha1cd v0.2.3 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/prometheus/prometheus v0.42.0 // indirect github.com/skeema/knownhosts v1.1.0 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect @@ -89,7 +89,7 @@ require ( golang.org/x/mod v0.9.0 // indirect golang.org/x/term v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 // indirect + golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect k8s.io/api v0.26.1 // indirect k8s.io/apimachinery v0.26.1 // indirect @@ -108,8 +108,8 @@ require ( cloud.google.com/go/iam v0.10.0 // indirect cloud.google.com/go/storage v1.29.0 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect + github.com/acomagu/bufpipe v1.0.4 // indirect github.com/aws/aws-sdk-go v1.44.200 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect @@ -156,7 +156,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.6.0 // indirect - golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 + golang.org/x/exp v0.0.0-20230321023759-10a507213a29 golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.6.0 // indirect golang.org/x/sync v0.1.0 // indirect diff --git a/go.sum b/go.sum index c74a3d8055f..dbfa7ab275a 100644 --- a/go.sum +++ b/go.sum @@ -533,8 +533,8 @@ github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:m github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 h1:ra2OtmuW0AE5csawV4YXMNGNQQXvLRps3z2Z59OPO+I= -github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= +github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= +github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= @@ -542,8 +542,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= +github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -940,13 +940,12 @@ github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4x github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.4.0/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.5.2 h1:v8lgZa5k9ylUw+OR/roJHTxR4QItsNFI5nKtAXFuynw= -github.com/go-git/go-git/v5 v5.5.2/go.mod h1:BE5hUJ5yaV2YMxhmaP4l6RBQ08kMxKSPD4BlxtH7OjI= +github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= +github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1180,8 +1179,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b h1:i51oNIa4JdwBAKDnZjvxGq9jOHKZ3OPZtLrTz8aHaAA= -github.com/google/osv-scanner v1.2.1-0.20230302232134-592acbc2539b/go.mod h1:bzlupbn+xUEuPbu4cuCN4HlpD2eMPmMNj8Qqwu8s9vM= +github.com/google/osv-scanner v1.3.0 h1:6oNZXtL9zSvkRm2SVtuTZz3UzFZhJAcEiWmBVrPD5kc= +github.com/google/osv-scanner v1.3.0/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1405,8 +1404,8 @@ github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/U github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= -github.com/jedib0t/go-pretty/v6 v6.4.4 h1:N+gz6UngBPF4M288kiMURPHELDMIhF/Em35aYuKrsSc= -github.com/jedib0t/go-pretty/v6 v6.4.4/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= +github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1Rjl9Jw= +github.com/jedib0t/go-pretty/v6 v6.4.6/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -1558,6 +1557,7 @@ github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= github.com/moby/buildkit v0.11.4 h1:mleVHr+n7HUD65QNUkgkT3d8muTzhYUoHE9FM3Ej05s= github.com/moby/buildkit v0.11.4/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= @@ -1696,8 +1696,8 @@ github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaF github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pjbgf/sha1cd v0.2.3 h1:uKQP/7QOzNtKYH7UTohZLcjF5/55EnTw0jO/Ru4jZwI= -github.com/pjbgf/sha1cd v0.2.3/go.mod h1:HOK9QrgzdHpbc2Kzip0Q1yi3M2MFGPADtR6HjG65m5M= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= @@ -2067,6 +2067,7 @@ go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= gocloud.dev v0.29.0 h1:fBy0jwJSmxs0IjT0fE32MO+Mj+307VZQwyHaTyFZbC4= gocloud.dev v0.29.0/go.mod h1:E3dAjji80g+lIkq4CQeF/BTWqv1CBeTftmOb+gpyapQ= +golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2114,7 +2115,6 @@ golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2133,8 +2133,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 h1:Jvc7gsqn21cJHCmAWx0LiimpP18LZmUxkT5Mp7EZ1mI= -golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -2258,6 +2258,7 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2602,8 +2603,8 @@ golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6 h1:XZD8apnMaMVuqE3ZEzf5JJncKMlOsMnnov7U+JRT/d4= -golang.org/x/vuln v0.0.0-20230118164824-4ec8867cc0e6/go.mod h1:cBP4HMKv0X+x96j8IJWCKk0eqpakBmmHjKGSSC0NaYE= +golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= +golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 4626c278de03f40d33ca5bb2efbe6c45d451c412 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 18:37:45 -0700 Subject: [PATCH 023/316] :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 026556dc216..1cb9bb0cbf1 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( cloud.google.com/go/trace v1.8.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 github.com/go-git/go-git/v5 v5.6.1 github.com/go-logr/logr v1.2.3 github.com/golang/mock v1.6.0 @@ -69,6 +69,7 @@ require ( github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect github.com/golang/glog v1.0.0 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -124,10 +125,9 @@ require ( github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.4.3 // indirect + github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-github/v45 v45.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect diff --git a/go.sum b/go.sum index dbfa7ab275a..951ac54866f 100644 --- a/go.sum +++ b/go.sum @@ -641,8 +641,8 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 h1:5+NghM1Zred9Z078QEZtm28G/kfDfZN/92gkDlLwGVA= -github.com/bradleyfalzon/ghinstallation/v2 v2.1.0/go.mod h1:Xg3xPRN5Mcq6GDqeUVhFbjEWMb4JHCyWEeeBGEYQoTU= +github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 h1:AVvVU33rE8wdTS1aNnenwpigEBA9mvzI5OhjhZfH/LU= +github.com/bradleyfalzon/ghinstallation/v2 v2.2.0/go.mod h1:xo3iIfK0lDKECe0s19nbxT0KKvk7LsrGc4NxR5ckKMA= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -1079,10 +1079,10 @@ github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1157,8 +1157,8 @@ github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6K github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-github/v45 v45.2.0 h1:5oRLszbrkvxDDqBCNj2hjDZMKmvexaZ1xw/FCD+K3FI= -github.com/google/go-github/v45 v45.2.0/go.mod h1:FObaZJEDSTa/WGCzZ2Z3eoCDXWJKMenWWTrd8jrta28= +github.com/google/go-github/v50 v50.1.0 h1:hMUpkZjklC5GJ+c3GquSqOP/T4BNsB7XohaPhtMOzRk= +github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= From ef16fd8ae05f4b93b3ef13893d116ef2595967bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 19:15:39 -0700 Subject: [PATCH 024/316] :seedling: Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.28.0...pubsub/v1.30.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 32 ++++++++++++++++++++---------- go.sum | 61 ++++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 71 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index 1cb9bb0cbf1..01eea3b5d04 100644 --- a/go.mod +++ b/go.mod @@ -8,9 +8,9 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.44.0 + cloud.google.com/go/bigquery v1.48.0 cloud.google.com/go/monitoring v1.12.0 // indirect - cloud.google.com/go/pubsub v1.28.0 + cloud.google.com/go/pubsub v1.30.0 cloud.google.com/go/trace v1.8.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 @@ -36,7 +36,7 @@ require ( gocloud.dev v0.29.0 golang.org/x/text v0.8.0 golang.org/x/tools v0.7.0 - google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect + google.golang.org/genproto v0.0.0-20230320184635-7606e756e683 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -56,10 +56,13 @@ require ( require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/containeranalysis v0.6.0 // indirect - cloud.google.com/go/kms v1.8.0 // indirect + cloud.google.com/go/containeranalysis v0.7.0 // indirect + cloud.google.com/go/kms v1.9.0 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect + github.com/andybalholm/brotli v1.0.4 // indirect + github.com/apache/arrow/go/v10 v10.0.1 // indirect + github.com/apache/thrift v0.16.0 // indirect github.com/cloudflare/circl v1.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect @@ -67,7 +70,10 @@ require ( github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect + github.com/goccy/go-json v0.9.11 // indirect github.com/golang/glog v1.0.0 // indirect + github.com/golang/snappy v0.0.4 // indirect + github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -77,16 +83,22 @@ require ( github.com/jedib0t/go-pretty/v6 v6.4.6 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/asmfmt v1.3.2 // indirect + github.com/klauspost/cpuid/v2 v2.0.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 // indirect + github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect + github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/prometheus/prometheus v0.42.0 // indirect github.com/skeema/knownhosts v1.1.0 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.4.0 // indirect + github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.9.0 // indirect golang.org/x/term v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect @@ -104,9 +116,9 @@ require ( ) require ( - cloud.google.com/go v0.109.0 // indirect + cloud.google.com/go v0.110.0 // indirect cloud.google.com/go/compute v1.18.0 // indirect - cloud.google.com/go/iam v0.10.0 // indirect + cloud.google.com/go/iam v0.12.0 // indirect cloud.google.com/go/storage v1.29.0 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect @@ -132,7 +144,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.7.0 // indirect + github.com/googleapis/gax-go/v2 v2.7.1 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -140,7 +152,7 @@ require ( github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.15.12 // indirect github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.14 // indirect + github.com/mattn/go-isatty v0.0.16 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect @@ -162,7 +174,7 @@ require ( golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.6.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.110.0 // indirect + google.golang.org/api v0.114.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/grpc v1.53.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index 951ac54866f..078c3b81479 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,9 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.109.0 h1:38CZoKGlCnPZjGdyj0ZfpoGae0/wgNfy5F0byyxg0Gk= cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= +cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= +cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= @@ -89,8 +90,9 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= -cloud.google.com/go/bigquery v1.44.0 h1:Wi4dITi+cf9VYp4VH2T9O41w0kCW0uQTELq2Z6tukN0= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/bigquery v1.48.0 h1:u+fhS1jJOkPO9vdM84M8HO5VznTfVUicBeoXNKD26ho= +cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -136,14 +138,15 @@ cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJo cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= -cloud.google.com/go/containeranalysis v0.6.0 h1:2824iym832ljKdVpCBnpqm5K94YT/uHTVhNF+dRTXPI= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/containeranalysis v0.7.0 h1:kw0dDRJPIN8L50Nwm8qa5VuGKPrbVup5lM3ULrvuWrg= +cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= -cloud.google.com/go/datacatalog v1.8.0 h1:6kZ4RIOW/uT7QWC5SfPfq/G8sYzr/v+UOmOAxy4Z1TE= cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/datacatalog v1.12.0 h1:3uaYULZRLByPdbuUvacGeqneudztEM4xqKQsBcxbDnY= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= @@ -218,8 +221,9 @@ cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3Q cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.10.0 h1:fpP/gByFs6US1ma53v7VxhvbJpO2Aapng6wabJ99MuI= cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= +cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE= +cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -229,8 +233,9 @@ cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0 cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.8.0 h1:VrJLOsMRzW7IqTTYn+OYupqF3iKSE060Nrn+PECrYjg= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= +cloud.google.com/go/kms v1.9.0 h1:b0votJQa/9DSsxgHwN33/tTLA7ZHVzfWhDCrfiXijSo= +cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -240,8 +245,8 @@ cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6 cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.0 h1:v+X4EwhHl6xE+TG1XgXj4T1XpKKs7ZevcAJ3FOu0YmY= cloud.google.com/go/longrunning v0.4.0/go.mod h1:eF3Qsw58iX/bkKtVjMTYpH0LRjQ2goDkjkNQTlzq/ZM= +cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= @@ -298,8 +303,9 @@ cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIA cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= -cloud.google.com/go/pubsub v1.28.0 h1:XzabfdPx/+eNrsVVGLFgeUnQQKPGkMb8klRCeYK52is= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= +cloud.google.com/go/pubsub v1.30.0 h1:vCge8m7aUKBJYOgrZp7EsNDf6QMd2CAlXZqWTn3yq6s= +cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= @@ -501,6 +507,7 @@ github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.2/go.mod h1:uqoR4sJc63p7ugW8 github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= +github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c h1:RGWPOewvKIROun94nF7v2cua9qP+thov/7M50KEoeSU= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= @@ -554,9 +561,15 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= +github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/apache/arrow/go/v10 v10.0.1 h1:n9dERvixoC/1JjDmBcs9FPaEryoANa2sCgVFo6ez9cI= +github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= +github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY= +github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -1055,6 +1068,8 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= +github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= +github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -1129,10 +1144,13 @@ github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -1226,8 +1244,9 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= +github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A= +github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -1447,6 +1466,8 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/asmfmt v1.3.2 h1:4Ri7ox3EwapiOjCki+hw14RyKk201CN4rzyCJRFLpK4= +github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= @@ -1455,6 +1476,8 @@ github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47e github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM= github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1517,8 +1540,9 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= @@ -1537,6 +1561,10 @@ github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3E github.com/microsoft/go-mssqldb v0.18.0/go.mod h1:ukJCBnnzLzpVF0qYRT+eg1e+eSwjeQ7IvenUv8QPook= github.com/miekg/dns v1.1.25-0.20191211073109-8ebf2e419df7/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 h1:AMFGa4R4MiIpspGNG7Z948v4n35fFGB3RR3G/ry4FWs= +github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= +github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3 h1:+n/aFZefKZp7spd8DFdX7uMikMLXX4oubIzJF4kv/wI= +github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= @@ -1696,6 +1724,8 @@ github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaF github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0= +github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= @@ -1958,6 +1988,9 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= +github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -2458,6 +2491,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2619,6 +2653,7 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNq gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/gonum v0.11.0 h1:f1IJhK4Km5tBJmaiJXtk/PkL4cdVX6J+tGiM187uT5E= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= @@ -2682,8 +2717,9 @@ google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqA google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= +google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE= +google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2827,8 +2863,9 @@ google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230320184635-7606e756e683 h1:khxVcsk/FhnzxMKOyD+TDGwjbEOpcPuIpmafPGFmhMA= +google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 81678a47efdab28dbf68a6121542b4b0976b28f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 19:44:01 -0700 Subject: [PATCH 025/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2770) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.14.1...v1.16.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 90 ++--- tools/go.sum | 949 +++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 747 insertions(+), 292 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 100780c72f6..e9cae5aa299 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.14.1 + github.com/goreleaser/goreleaser v1.16.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.2 google.golang.org/protobuf v1.30.0 @@ -16,33 +16,34 @@ require ( require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect - cloud.google.com/go v0.107.0 // indirect + cloud.google.com/go v0.109.0 // indirect cloud.google.com/go/compute v1.18.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v0.8.0 // indirect + cloud.google.com/go/iam v0.10.0 // indirect cloud.google.com/go/kms v1.8.0 // indirect - cloud.google.com/go/storage v1.27.0 // indirect + cloud.google.com/go/storage v1.29.0 // indirect code.gitea.io/sdk/gitea v0.15.1 // indirect github.com/Abirdcfly/dupword v0.0.11 // indirect github.com/AlekSi/pointer v1.2.0 // indirect github.com/Antonboom/errname v0.1.9 // indirect github.com/Antonboom/nilnil v0.1.3 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.28 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect - github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect @@ -61,28 +62,28 @@ require ( github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect - github.com/aws/aws-sdk-go v1.44.195 // indirect - github.com/aws/aws-sdk-go-v2 v1.17.3 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.8 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.8 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.25 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.9 // indirect + github.com/aws/aws-sdk-go v1.44.200 // indirect + github.com/aws/aws-sdk-go-v2 v1.17.4 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.12 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.12 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.13 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.12 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.20.0 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.27.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect github.com/aymanbagabas/go-osc52 v1.2.1 // indirect @@ -96,12 +97,12 @@ require ( github.com/breml/errchkjson v0.3.1 // indirect github.com/butuzov/ireturn v0.1.1 // indirect github.com/caarlos0/ctrlc v1.2.0 // indirect - github.com/caarlos0/env/v6 v6.10.1 // indirect + github.com/caarlos0/env/v7 v7.0.0 // indirect github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect github.com/caarlos0/go-shellwords v1.0.12 // indirect github.com/caarlos0/log v0.2.1 // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect - github.com/cenkalti/backoff/v4 v4.1.3 // indirect + github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/charithe/durationcheck v0.0.10 // indirect github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792 // indirect @@ -118,7 +119,7 @@ require ( github.com/dghubble/oauth1 v0.7.2 // indirect github.com/dghubble/sling v1.4.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/disgoorg/disgo v0.14.1 // indirect + github.com/disgoorg/disgo v0.15.2 // indirect github.com/disgoorg/json v1.0.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect @@ -166,8 +167,7 @@ require ( github.com/gobwas/glob v0.2.3 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect - github.com/golang-jwt/jwt/v4 v4.4.2 // indirect + github.com/golang-jwt/jwt/v4 v4.4.3 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect @@ -181,18 +181,18 @@ require ( github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d // indirect - github.com/google/go-github/v48 v48.2.0 // indirect + github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1 // indirect + github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/googleapis/gax-go/v2 v2.7.0 // indirect github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect - github.com/goreleaser/chglog v0.2.2 // indirect + github.com/goreleaser/chglog v0.4.1 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect - github.com/goreleaser/nfpm/v2 v2.23.0 // indirect + github.com/goreleaser/nfpm/v2 v2.26.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect @@ -256,7 +256,7 @@ require ( github.com/muesli/mango-pflag v0.1.0 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/roff v0.1.0 // indirect - github.com/muesli/termenv v0.13.0 // indirect + github.com/muesli/termenv v0.14.0 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect github.com/nishanths/exhaustive v0.9.5 // indirect @@ -335,15 +335,15 @@ require ( github.com/yeya24/promlinter v0.2.0 // indirect gitlab.com/bosi/decorder v0.2.3 // indirect gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect - go.mongodb.org/mongo-driver v1.10.2 // indirect + go.mongodb.org/mongo-driver v1.11.0 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/automaxprocs v1.5.1 // indirect go.uber.org/multierr v1.9.0 // indirect go.uber.org/zap v1.24.0 // indirect - gocloud.dev v0.27.0 // indirect - golang.org/x/crypto v0.6.0 // indirect - golang.org/x/exp v0.0.0-20220823124025-807a23277127 // indirect + gocloud.dev v0.29.0 // indirect + golang.org/x/crypto v0.7.0 // indirect + golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.9.0 // indirect golang.org/x/net v0.8.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index d4b15e5b1f7..c4a49af2930 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -39,45 +39,327 @@ cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= -cloud.google.com/go v0.103.0/go.mod h1:vwLx1nqLrzLX/fpwSMOXmFIqBOyHsvHbnAdbGSJ+mKk= -cloud.google.com/go v0.107.0 h1:qkj22L7bgkl6vIeZDlOY2po43Mx/TIa2Wsa7VR+PEww= +cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= +cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= +cloud.google.com/go v0.109.0 h1:38CZoKGlCnPZjGdyj0ZfpoGae0/wgNfy5F0byyxg0Gk= +cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= +cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= +cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= +cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= +cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= +cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= +cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= +cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= +cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= +cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= +cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= +cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= +cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= +cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= +cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= +cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= +cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= +cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= +cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= +cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= +cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= +cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= +cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= +cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= +cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= +cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= +cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= +cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= +cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= +cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= +cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= +cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= +cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= +cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= +cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= +cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= +cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= +cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= +cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= +cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= +cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= +cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= +cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= +cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= +cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= +cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= +cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= +cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= +cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= +cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= +cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= +cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= +cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= +cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= +cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= +cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= +cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= +cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= +cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= +cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= +cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= +cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= +cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= +cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= +cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= +cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= +cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= +cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= +cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= +cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= +cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= +cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= +cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= +cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= +cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= +cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= +cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= +cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= +cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= +cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= +cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= +cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= +cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= +cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= +cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= +cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= +cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= +cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= +cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= +cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= +cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= +cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= +cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= +cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= +cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= +cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= +cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= +cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= +cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= +cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= +cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= +cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= +cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= +cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= +cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= +cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= +cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= +cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= +cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= +cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= +cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= +cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= +cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= +cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= +cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= +cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= +cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= +cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= +cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= +cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= +cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= +cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= +cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= +cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= +cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= +cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= +cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= +cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= +cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= +cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= -cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk= +cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= +cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= +cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= +cloud.google.com/go/iam v0.10.0 h1:fpP/gByFs6US1ma53v7VxhvbJpO2Aapng6wabJ99MuI= +cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= +cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= +cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= +cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= +cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= +cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= +cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= +cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= +cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0 h1:VrJLOsMRzW7IqTTYn+OYupqF3iKSE060Nrn+PECrYjg= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/longrunning v0.3.0 h1:NjljC+FYPV3uh5/OwWT6pVU+doBqMg2x/rZlE+CamDs= +cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= +cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= +cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= +cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= +cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= +cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= +cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= +cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= +cloud.google.com/go/longrunning v0.4.0 h1:v+X4EwhHl6xE+TG1XgXj4T1XpKKs7ZevcAJ3FOu0YmY= +cloud.google.com/go/longrunning v0.4.0/go.mod h1:eF3Qsw58iX/bkKtVjMTYpH0LRjQ2goDkjkNQTlzq/ZM= +cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= +cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= +cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= +cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= +cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= +cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= +cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= +cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= +cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= +cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= +cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= +cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= -cloud.google.com/go/monitoring v1.5.0/go.mod h1:/o9y8NYX5j91JjD/JvGLYbi86kL11OjyJXq2XziLJu4= +cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= +cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= +cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= +cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= +cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= +cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= +cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= +cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= +cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= +cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= +cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= +cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= +cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= +cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= +cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= +cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= +cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= +cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= +cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= +cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= +cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= +cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= +cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= +cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= +cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= +cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= +cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= +cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= +cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= +cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= +cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= +cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= +cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/pubsub v1.24.0/go.mod h1:rWv09Te1SsRpRGPiWOMDKraMQTJyJps4MkUCoMGUgqw= -cloud.google.com/go/secretmanager v1.5.0/go.mod h1:5C9kM+RwSpkURNovKySkNvGQLUaOgyoR5W0RUx2SyHQ= +cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= +cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= +cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= +cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= +cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= +cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= +cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= +cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= +cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= +cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= +cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= +cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= +cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= +cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= +cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= +cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= +cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= +cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= +cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= +cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= +cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= +cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= +cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= +cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= +cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= +cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= +cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= +cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= +cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= +cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= +cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= +cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= +cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= +cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= +cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= +cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= +cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= +cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= +cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= +cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= +cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= +cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= +cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= +cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= +cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= +cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= +cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= +cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= +cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= +cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= +cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= +cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= +cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= +cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= +cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= +cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= +cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= +cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= +cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= +cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= +cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= +cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= +cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -86,17 +368,58 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= -cloud.google.com/go/storage v1.24.0/go.mod h1:3xrJEFMXBsQLgxwThyjuD3aYlroL0TMRec1ypGUQ0KE= -cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= +cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= +cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI= +cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= +cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= +cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= +cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= +cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= +cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= +cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= +cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= +cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= +cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= -cloud.google.com/go/trace v1.2.0/go.mod h1:Wc8y/uYyOhPy12KEnXG9XGrvfMz5F5SrYecQlbW1rwM= +cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= +cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= +cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= +cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= +cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= +cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= +cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= +cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= +cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= +cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= +cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= +cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= +cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= +cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= +cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= +cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= +cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= +cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= +cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= +cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= +cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= +cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= +cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= +cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= +cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= +cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= +cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= +cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= +cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= +cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= +cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= -contrib.go.opencensus.io/exporter/stackdriver v0.13.13/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= +contrib.go.opencensus.io/exporter/stackdriver v0.13.14/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Abirdcfly/dupword v0.0.11 h1:z6v8rMETchZXUIuHxYNmlUAuKuB21PeaSymTed16wgU= @@ -115,21 +438,30 @@ github.com/Azure/azure-sdk-for-go v65.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 h1:Yoicul8bnVdQrhDMTHxdEckRGX01XvwXDHUT9zYZ3k0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.2/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.0/go.mod h1:tZoQYdDZNOiIjdSn0dVWVfl0NEPGOJqVLzSrcFk4Is0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1 h1:gVXuXcWd1i4C2Ruxe321aU+IKGaStvGB/S90PUPB/W8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1/go.mod h1:DffdKW9RFqa5VgmsjUOsS7UE7eiA5iAvYUs63bhKQ0M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM= -github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 h1:T8quHYlUGyb/oqtSTwqlCr1ilJHrDv+ZtpSfo+hm1BU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1/go.mod h1:gLa1CL2RNE4s7M3yopJ/p0iq5DdY6Yv5ZUt9MTRZOQM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= -github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.0.2/go.mod h1:LH9XQnMr2ZYxQdVdCrzLO9mxeDyrDFa6wbSI3x5zCZk= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2 h1:+5VZ72z0Qan5Bog5C+ZkgSqUbeVUd9wgtHOrIKuc5b8= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 h1:TOFrNxfjslms5nLLIMjW7N0+zSALX4KiGsptmpb16AA= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.2.0/go.mod h1:R6+0udeRV8iYSTVuT5RT7If4sc46K5Bz3ZKrmvZQF7U= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4Qufg58y+qElGOt5qv0z1mURkRY= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag= github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= -github.com/Azure/go-amqp v0.17.5/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= +github.com/Azure/go-amqp v0.18.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= @@ -141,17 +473,14 @@ github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKn github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest v0.11.25/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.21 h1:jjQnVFXPfekaqb8vIsv2G1lxshoW+oGv4MDlhRtnYZk= -github.com/Azure/go-autorest/autorest/adal v0.9.21/go.mod h1:zua7mBUaCc5YnSLKYgGJR/w5ePdMDA6H56upLsHzA9U= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.11/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= +github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= @@ -165,15 +494,16 @@ github.com/Azure/go-autorest/autorest/mocks v0.4.2 h1:PGN4EDXnuQbojHbU0UWoNvmu9A github.com/Azure/go-autorest/autorest/mocks v0.4.2/go.mod h1:Vy7OitM9Kei0i1Oj+LvyAWMXJHeKH1MVlzFugfVrmyU= github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= -github.com/Azure/go-autorest/autorest/validation v0.3.1 h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac= github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 h1:WVsrXCnHlDDX8ls+tootqRE87/hL9S/g4ewig9RsD/c= github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= +github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= +github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 h1:oPdPEZFSbl7oSPEAIPMPBMUmiL+mqgzBJwM/9qYcwNg= +github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1/go.mod h1:4qFor3D/HDsvBME35Xy9rwW9DecL+M2sNw1ybjPtwA0= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= @@ -185,7 +515,9 @@ github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rW github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 h1:+r1rSv4gvYn0wmRjC8X7IAzX8QezqtFV9m0MUHFJgts= github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0/go.mod h1:b3g59n2Y+T5xmcxJL+UEG2f8cQploZm1mR/v6BW0mU0= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.31.2/go.mod h1:qR6jVnZTKDCW3j+fC9mOEPHm++1nKDMkqbbkD6KNsfo= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.2/go.mod h1:uqoR4sJc63p7ugW8a/vsEspOsNuehbi7ptS2CHCyOnY= +github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= +github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -230,7 +562,7 @@ github.com/OpenPeeDeeP/depguard v1.1.1/go.mod h1:JtAMzWkmFEzDPyAd+W0NHl1lvpQKTvT github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066 h1:RhBLDn2Z5h+f6yo9DZD6bpFSVc7UsB8S/LqFYDhxm9I= github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= -github.com/ProtonMail/go-mime v0.0.0-20220302105931-303f85f7fe0f h1:CGq7OieOz3wyQJ1fO8S0eO9TCW1JyvLrf8fhzz1i8ko= +github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a h1:W6RrgN/sTxg1msqzFFb+G80MFmpjMw61IU+slm+wln4= github.com/ProtonMail/gopenpgp/v2 v2.2.2 h1:u2m7xt+CZWj88qK1UUNBoXeJCFJwJCZ/Ff4ymGoxEXs= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -243,6 +575,7 @@ github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/ github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -260,17 +593,16 @@ github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqr github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= -github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.3/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= @@ -281,97 +613,83 @@ github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5Fc github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= github.com/atc0005/go-teams-notify/v2 v2.7.0 h1:yRKblRTM/v+FnbibPAQiBcgT+aUBn/8zj9E/UxBdIRg= github.com/atc0005/go-teams-notify/v2 v2.7.0/go.mod h1:nJeYAr8U1KtT376MUHHiy47nqy/4Mn0UR8veVQxdMcM= -github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= -github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.45/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.68/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.195 h1:d5xFL0N83Fpsq2LFiHgtBUHknCRUPGHdOlCWt/jtOJs= -github.com/aws/aws-sdk-go v1.44.195/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= +github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.200 h1:JcFf/BnOaMWe9ObjaklgbbF0bGXI4XbYJwYn2eFNVyQ= +github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.11/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo= -github.com/aws/aws-sdk-go-v2 v1.17.3 h1:shN7NlnVzvDUgPQ+1rLMSxY8OWRNDRYtiqe0p/PgrhY= -github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.3/go.mod h1:gNsR5CaXKmQSSzrmGxmwmct/r+ZBfbxorAuXYsj/M5Y= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 h1:zfT11pa7ifu/VlLDpmc5OY2W4nYmnKkFDGeMVnmqAI0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4/go.mod h1:ES0I1GBs+YYgcDS1ek47Erbn4TOL811JKqBXtgzqyZ8= +github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY= +github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= github.com/aws/aws-sdk-go-v2/config v1.15.15/go.mod h1:A1Lzyy/o21I5/s2FbyX5AevQfSVXpvvIDCoVFD0BC4E= -github.com/aws/aws-sdk-go-v2/config v1.16.1/go.mod h1:4SKzBMiB8lV0fw2w7eDBo/LjQyHFITN4vUUuqpurFmI= -github.com/aws/aws-sdk-go-v2/config v1.18.8 h1:lDpy0WM8AHsywOnVrOHaSMfpaiV2igOw8D7svkFkXVA= -github.com/aws/aws-sdk-go-v2/config v1.18.8/go.mod h1:5XCmmyutmzzgkpk/6NYTjeWb6lgo9N170m1j6pQkIBs= +github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw= +github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8= github.com/aws/aws-sdk-go-v2/credentials v1.12.10/go.mod h1:g5eIM5XRs/OzIIK81QMBl+dAuDyoLN0VYaLP+tBqEOk= -github.com/aws/aws-sdk-go-v2/credentials v1.12.13/go.mod h1:9fDEemXizwXrxPU1MTzv69LP/9D8HVl5qHAQO9A9ikY= -github.com/aws/aws-sdk-go-v2/credentials v1.13.8 h1:vTrwTvv5qAwjWIGhZDSBH/oQHuIQjGmD232k01FUh6A= -github.com/aws/aws-sdk-go-v2/credentials v1.13.8/go.mod h1:lVa4OHbvgjVot4gmh1uouF1ubgexSCN92P6CJQpT0t8= +github.com/aws/aws-sdk-go-v2/credentials v1.13.12 h1:Cb+HhuEnV19zHRaYYVglwvdHGMJWbdsyP4oHhw04xws= +github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9/go.mod h1:KDCCm4ONIdHtUloDcFvK2+vshZvx4Zmj7UMDfusuz5s= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.12/go.mod h1:aZ4vZnyUuxedC7eD4JyEHpGnCz+O2sHQEx3VvAwklSE= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21 h1:j9wi1kQ8b+e0FBVHxCqCGo4kxDU175hoDHcWAi0sauU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.21/go.mod h1:ugwW57Z5Z48bpvUyZuaPy4Kv+vEfJWnIrky7RmkBvJg= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.21/go.mod h1:iIYPrQ2rYfZiB/iADYlhj9HHZ9TTi6PqKQPAqygohbE= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.25 h1:ShUxLkMxarXylGxfYwg8p+xEKY+C1y54oUU3wFsUMFo= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.25/go.mod h1:cam5wV1ebd3ZVuh2r2CA8FtSAA/eUMtRH4owk0ygfFs= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 h1:iTFYCAdKzSAjGnVIUe88Hxvix0uaBqr0Rv7qJEOX5hE= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51/go.mod h1:7Grl2gV+dx9SWrUIgwwlUvU40t7+lOSbx34XwfmsTkY= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15/go.mod h1:pWrr2OoHlT7M/Pd2y4HV3gJyPb3qj5qMmnPkKSNPYK4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18/go.mod h1:348MLhzV1GSlZSMusdwQpXKbhD7X2gbI/TxwAPKkYZQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27 h1:I3cakv2Uy1vNmmhRQmFptYDxOvBnwCdNwyw63N0RaRU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.27/go.mod h1:a1/UpzeyBBerajpnP5nGZa9mGzsBn5cOKxm6NWQsvoI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.9/go.mod h1:08tUpeSGN33QKSO7fwxXczNfiwCpbj+GxK6XKwqWVv0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12/go.mod h1:ckaCVTEdGAxO6KwTGzgskxR1xM+iJW4lxMyDFVda2Fc= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21 h1:5NbbMrIzmUn/TXFqAle6mgrH5m9cOvMLRGL7pnG8tRE= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.21/go.mod h1:+Gxn8jYn5k9ebfHEqlhrMirFjSW0v0C9fI+KN5vk2kE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16/go.mod h1:CYmI+7x03jjJih8kBEEFKRQc40UjUokT0k7GbvrhhTc= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.19/go.mod h1:cVHo8KTuHjShb9V8/VjH3S/8+xPu16qx8fdGwmotJhE= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28 h1:KeTxcGdNnQudb46oOl4d90f2I33DF/c6q3RnZAmvQdQ= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.28/go.mod h1:yRZVr/iT0AqyHeep00SZ4YfBAKojXz08w3XMBscdi0c= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.6/go.mod h1:O7Oc4peGZDEKlddivslfYFvAbgzvl/GH3J8j3JIGBXc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.9 h1:agLpf3vtYX1rtKTrOGpevdP3iC2W0hKDmzmhhxJzL+A= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.9/go.mod h1:cv+n1mdyh+0B8tAtlEBzTYFA2Uv15SISEn6kabYhIgE= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 h1:FGvpyTg2LKEmMrLlpjOgkoNp9XF5CGeyAyo33LdqZW8= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19/go.mod h1:8W88sW3PjamQpKFUQvHWWKay6ARsNvZnzU7+a4apubw= +github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= github.com/aws/aws-sdk-go-v2/service/ecr v1.17.9/go.mod h1:fkIc4qe3SfQhPt/HAmDG7DJMjMBHElHV44axRyUSojA= github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 h1:qBuF6exFzbKurzWqBR+7ptvnuKuWipm9LclsB7A/AUo= github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12/go.mod h1:/RTlDxrZR6VPGpVCydun5SbxzDciIJKiQUYF/EOpvXA= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.8/go.mod h1:nPSH6Ebmb3OkKl7+CLSjx+SMBaoFKbOe9mZhTAd352k= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 h1:JfDKV54iJuX2YE1NzzHMQ97LmC10ifgaW7BpqaNKzAg= github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12/go.mod h1:Hcfe3RBksYrl0fgSxZ4wvhSt6IiZBh+VlkaTKQLu9PE= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.3/go.mod h1:gkb2qADY+OHaGLKNTYxMaQNacfeyQpZ4csDTQMeFmcw= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.5 h1:g1ITJ9i9ixa+/WVggLNK20KyliAA8ltnuxfZEDfo2hM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.5/go.mod h1:oehQLbMQkppKLXvpx/1Eo0X47Fe+0971DXC9UjGnKcI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.10/go.mod h1:Qks+dxK3O+Z2deAhNo6cJ8ls1bam3tUGUAcgxQP1c70= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.13 h1:3GamN8jcdz/a3nvL/ZVtoH/6xxeshfsiXj5O+6GW4Rg= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.13/go.mod h1:89CSPn69UECDLVn0H6FwKNgbtirksl8C8i3aBeeeihw= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 h1:c5+bNdV8E4fIPteWx4HZSkqI07oY9exbfQ7JH7Yx4PI= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23/go.mod h1:1jcUfF+FAOEwtIcNiHPaV4TSoZqkUIPzrohmD7fb95c= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9/go.mod h1:yQowTpvdZkFVuHrLBXmczat4W+WJKg/PafBZnGBLga0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.12/go.mod h1:1TODGhheLWjpQWSuhYuAUWYTCKwEjx2iblIFKDHjeTc= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21 h1:5C6XgTViSb0bunmU57b3CT+MhxULqHH2721FVA+/kDM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.21/go.mod h1:lRToEJsn+DRA9lW4O9L9+/3hjTkUzlzyzHqn8MTds5k= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.9/go.mod h1:Rc5+wn2k8gFSi3V1Ch4mhxOzjMh+bYSXVFfVaqowQOY= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.12 h1:QFjSOmHSb77qRTv7KI9UFon9X5wLWY5/M+6la3dTcZc= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.12/go.mod h1:MADjAN0GHFDuc5lRa5Y5ki+oIO/w7X4qczHy+OUx0IA= -github.com/aws/aws-sdk-go-v2/service/kms v1.18.1/go.mod h1:4PZMUkc9rXHWGVB5J9vKaZy3D7Nai79ORworQ3ASMiM= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.0 h1:1mEQ1BVRfxU2KzcUUIzqDQ8p6yPkhzHrHT++sjtLJts= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.0/go.mod h1:13sjgMH7Xu4e46+0BEDhSnNh+cImHSYS5PpBjV3oXcU= -github.com/aws/aws-sdk-go-v2/service/s3 v1.27.2/go.mod h1:u+566cosFI+d+motIz3USXEh6sN8Nq4GrNXSg2RXVMo= -github.com/aws/aws-sdk-go-v2/service/s3 v1.27.5 h1:h9qqTedYnA9JcWjKyLV6UYIMSdp91ExLCUbjbpDLH7A= -github.com/aws/aws-sdk-go-v2/service/s3 v1.27.5/go.mod h1:J8SS5Tp/zeLxaubB0xGfKnVrvssNBNLwTipreTKLhjQ= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.14/go.mod h1:xakbH8KMsQQKqzX87uyyzTHshc/0/Df8bsTneTS5pFU= -github.com/aws/aws-sdk-go-v2/service/sns v1.17.10/go.mod h1:uITsRNVMeCB3MkWpXxXw0eDz8pW4TYLzj+eyQtbhSxM= -github.com/aws/aws-sdk-go-v2/service/sqs v1.19.1/go.mod h1:A94o564Gj+Yn+7QO1eLFeI7UVv3riy/YBFOfICVqFvU= -github.com/aws/aws-sdk-go-v2/service/ssm v1.27.6/go.mod h1:fiFzQgj4xNOg4/wqmAiPvzgDMXPD+cUEplX/CYn+0j0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFuMO22HkV5VWGLBvmCLBCLPivUAmpdpnp4Vs= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 h1:ISLJ2BKXe4zzyZ7mp5ewKECiw0U7KpLgS3S6OxY9Cm0= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22/go.mod h1:QFVbqK54XArazLvn2wvWMRBi/jGrWii46qbr5DyPGjc= +github.com/aws/aws-sdk-go-v2/service/kms v1.20.2 h1:uXi+MMt+ce01sbj1eq4K0qusMpSNzwPreODYKSfNKiU= +github.com/aws/aws-sdk-go-v2/service/kms v1.20.2/go.mod h1:vdqtUOdVuf5ooy+hJ2GnzqNo94xiAA9s1xbZ1hQgRE0= +github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 h1:5EQWIFO+Hc8E2hFcXQJ1vm6ufl/PMt/6RVRDZRju2vM= +github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2/go.mod h1:SXDHd6fI2RhqB7vmAzyYQCTQnpZrIprVJvYxpzW3JAM= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog= +github.com/aws/aws-sdk-go-v2/service/sns v1.20.2/go.mod h1:VN2n9SOMS1lNbh5YD7o+ho0/rgfifSrK//YYNiVVF5E= +github.com/aws/aws-sdk-go-v2/service/sqs v1.20.2/go.mod h1:1ttxGjUHZliCQMpPss1sU5+Ph/5NvdMFRzr96bv8gm0= +github.com/aws/aws-sdk-go-v2/service/ssm v1.35.2/go.mod h1:VLSz2SHUKYFSOlXB/GlXoLU6KPYQJAbw7I20TDJdyws= github.com/aws/aws-sdk-go-v2/service/sso v1.11.13/go.mod h1:d7ptRksDDgvXaUvxyHZ9SYh+iMDymm94JbVcgvSYSzU= -github.com/aws/aws-sdk-go-v2/service/sso v1.11.16/go.mod h1:mS5xqLZc/6kc06IpXn5vRxdLaED+jEuaSRv5BxtnsiY= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.0 h1:/2gzjhQowRLarkkBOGPXSRnb8sQ2RVsjdG1C/UliK/c= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.0/go.mod h1:wo/B7uUm/7zw/dWhBJ4FXuw1sySU5lyIhVg1Bu2yL9A= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0 h1:Jfly6mRxk2ZOSlbCvZfKNS7TukSx1mIzhSsqZ/IGSZI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.0/go.mod h1:TZSH7xLO7+phDtViY/KUp9WGCJMQkLJ/VpgkTFd5gh8= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k= github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmclSfl4l7cySoay8vz7p/ce0E= -github.com/aws/aws-sdk-go-v2/service/sts v1.16.13/go.mod h1:Ru3QVMLygVs/07UQ3YDur1AQZZp2tUNje8wfloFttC0= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.0 h1:kOO++CYo50RcTFISESluhWEi5Prhg+gaSs4whWabiZU= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.0/go.mod h1:+lGbb3+1ugwKrNTWcf2RT05Xmp543B06zDFTwiTLp7I= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU= +github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= @@ -382,8 +700,9 @@ github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZ github.com/aymanbagabas/go-osc52 v1.2.1 h1:q2sWUyDcozPLcLabEMd+a+7Ea2DitxZVN9hTxab9L4E= github.com/aymanbagabas/go-osc52 v1.2.1/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -423,8 +742,8 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/caarlos0/ctrlc v1.2.0 h1:AtbThhmbeYx1WW3WXdWrd94EHKi+0NPRGS4/4pzrjwk= github.com/caarlos0/ctrlc v1.2.0/go.mod h1:n3gDlSjsXZ7rbD9/RprIR040b7oaLfNStikPd4gFago= -github.com/caarlos0/env/v6 v6.10.1 h1:t1mPSxNpei6M5yAeu1qtRdPAK29Nbcf/n3G7x+b3/II= -github.com/caarlos0/env/v6 v6.10.1/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc= +github.com/caarlos0/env/v7 v7.0.0 h1:cyczlTd/zREwSr9ch/mwaDl7Hse7kJuUY8hvHfXu5WI= +github.com/caarlos0/env/v7 v7.0.0/go.mod h1:LPPWniDUq4JaO6Q41vtlyikhMknqymCLBw0eX4dcH1E= github.com/caarlos0/go-reddit/v3 v3.0.1 h1:w8ugvsrHhaE/m4ez0BO/sTBOBWI9WZTjG7VTecHnql4= github.com/caarlos0/go-reddit/v3 v3.0.1/go.mod h1:QlwgmG5SAqxMeQvg/A2dD1x9cIZCO56BMnMdjXLoisI= github.com/caarlos0/go-rpmutils v0.2.1-0.20211112020245-2cd62ff89b11 h1:IRrDwVlWQr6kS1U8/EtyA1+EHcc4yl8pndcqXWrEamg= @@ -435,16 +754,16 @@ github.com/caarlos0/log v0.2.1/go.mod h1:BLxpdZKXvWBjB6fshua4c8d7ApdYjypEDok6ibt github.com/caarlos0/sshmarshal v0.0.0-20220308164159-9ddb9f83c6b3 h1:w2ANoiT4ubmh4Nssa3/QW1M7lj3FZkma8f8V5aBDxXM= github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= -github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= +github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= github.com/cavaliergopher/cpio v1.0.1 h1:KQFSeKmZhv0cr+kawA3a0xTQCU4QxXF1vhU7P7av2KM= github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI16PX4xejRQc= -github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= -github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4= -github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= +github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4= +github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= @@ -478,7 +797,7 @@ github.com/cilium/ebpf v0.6.2/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJ github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= -github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= +github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec= @@ -487,18 +806,19 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= -github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= @@ -615,6 +935,8 @@ github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7 github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= @@ -641,7 +963,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denis-tingaikin/go-header v0.4.3 h1:tEaZKAlqql6SKCY++utLmkPLd6K8IBM20Ha7UVm+mtU= github.com/denis-tingaikin/go-header v0.4.3/go.mod h1:0wOCWuN71D5qIgE2nz9KrKmuYBAC2Mra5RassOIQ2/c= -github.com/denisenkom/go-mssqldb v0.12.2/go.mod h1:lnIw1mZukFRZDJYQ0Pb833QS2IaC3l5HkEfra2LJ+sk= github.com/dennwc/varint v1.0.0/go.mod h1:hnItb35rvZvJrbTALZtY/iQfDs48JKRG1RPpgziApxA= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= @@ -656,17 +977,18 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/go-sip13 v0.0.0-20200911182023-62edffca9245/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs= -github.com/digitalocean/godo v1.81.0/go.mod h1:BPCqvwbjbGqxuUnIKB4EvS/AX7IDnNmt5fwvIkWo+ew= +github.com/digitalocean/godo v1.95.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/disgoorg/disgo v0.14.1 h1:J1GoRZfbCPFcNd3OH+W3XbAVEdvV3kVAoNqJrPjzY1I= -github.com/disgoorg/disgo v0.14.1/go.mod h1:YiVpXSmyXLRalYQHTHUFWEQvolCNzw0zh6nfug07b/M= +github.com/disgoorg/disgo v0.15.2 h1:cmdMCHBL17GgkYOJl6d2Btc3MbQiIdzwF6D8lwdJ7L8= +github.com/disgoorg/disgo v0.15.2/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= github.com/disgoorg/json v1.0.0 h1:kDhSM661fgIuNoZF3BO5/odaR5NSq80AWb937DH+Pdo= github.com/disgoorg/json v1.0.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= github.com/disgoorg/log v1.2.0 h1:sqlXnu/ZKAlIlHV9IO+dbMto7/hCQ474vlIdMWk8QKo= github.com/disgoorg/log v1.2.0/go.mod h1:3x1KDG6DI1CE2pDwi3qlwT3wlXpeHW/5rVay+1qDqOo= github.com/disgoorg/snowflake/v2 v2.0.1 h1:CuUxGLwggUxEswZOmZ+mZ5i0xSumQdXW9tXW7uGqe+0= github.com/disgoorg/snowflake/v2 v2.0.1/go.mod h1:SPU9c2CNn5DSyb86QcKtdZgix9osEtKrHLW4rMhfLCs= +github.com/distribution/distribution/v3 v3.0.0-20221021092657-c47a966fded8 h1:zuxvqNfQKyGNH3a1yFh1ofD4Y7ycgdwQhHX6QRH+Cwo= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= @@ -681,7 +1003,7 @@ github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY= github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= @@ -693,8 +1015,8 @@ github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5Xh github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= +github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= -github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= @@ -713,10 +1035,11 @@ github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8E github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -730,6 +1053,7 @@ github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go. github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= +github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStBA= github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0= github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw= @@ -745,6 +1069,7 @@ github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGF github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= +github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= @@ -757,13 +1082,15 @@ github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phm github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI= github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= +github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= -github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= +github.com/franela/goblin v0.0.0-20210519012713-85d372ac71e2/go.mod h1:VzmDKDJVZI3aJmnRI9VjAn9nJ8qPPsN1fqzr9dqInIo= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -800,7 +1127,7 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= +github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEaizzs= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= @@ -872,8 +1199,7 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+ github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8= -github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -903,6 +1229,7 @@ github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCs github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U= github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= +github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= @@ -944,11 +1271,10 @@ github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14j github.com/gofrs/uuid v3.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= -github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= +github.com/gofrs/uuid v4.3.1+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= @@ -956,14 +1282,15 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= +github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= +github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1051,8 +1378,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d h1:CCIY9UBJWlj8MoDN9TQV8qtifAbhZqkzYqx1Jl+telo= github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= -github.com/google/go-github/v48 v48.2.0 h1:68puzySE6WqUY9KWmpOsDEQfDZsso98rT6pZcz9HqcE= -github.com/google/go-github/v48 v48.2.0/go.mod h1:dDlehKBDo850ZPvCTK0sEqTCVWcrGl2LcDiajkYi89Y= +github.com/google/go-github/v50 v50.1.0 h1:hMUpkZjklC5GJ+c3GquSqOP/T4BNsB7XohaPhtMOzRk= +github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -1091,9 +1418,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= -github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3/go.mod h1:gSuNB+gJaOiQKLEZ+q+PK9Mq3SOzhRcw2GsGS/FhYDk= -github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1 h1:8pyqKJvrJqUYaKS851Ule26pwWvey6IDMiczaBLDKLQ= -github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1/go.mod h1:gSuNB+gJaOiQKLEZ+q+PK9Mq3SOzhRcw2GsGS/FhYDk= +github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= +github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= @@ -1109,6 +1435,8 @@ github.com/google/wire v0.5.0 h1:I7ELFeVBr3yfPIcc8+MWvrjk+3VjbcSzoXm3JVa+jD8= github.com/google/wire v0.5.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= +github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= @@ -1118,6 +1446,8 @@ github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0 github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= +github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= @@ -1126,25 +1456,28 @@ github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97Dwqy github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gophercloud/gophercloud v0.24.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= -github.com/gophercloud/gophercloud v0.25.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= +github.com/gophercloud/gophercloud v1.1.1/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 h1:9alfqbrhuD+9fLZ4iaAVwhlp5PEhmnBt7yvK2Oy5C1U= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0= -github.com/goreleaser/chglog v0.2.2 h1:V7nf07baXtGAgGevvqgW2MM4kZ6gOr12vKNSAU3VIZ0= -github.com/goreleaser/chglog v0.2.2/go.mod h1:2s5JwtCOWjZa8AIneL+xdUl9SRuigCjRHNHsX30dupE= +github.com/goreleaser/chglog v0.4.1 h1:6IAduyHpR58u3OFBdTrg8I/qAaBAmYYZ4Wq1Fz30QUY= +github.com/goreleaser/chglog v0.4.1/go.mod h1:85xT/GTwDCzLdjysP9aj+x6hQ+IxAv8SXx9MTrgcY2Y= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.14.1 h1:b+cW4BSDL5Ii32scSX8IoXrnpwHIItXgZyMskBhNK8s= -github.com/goreleaser/goreleaser v1.14.1/go.mod h1:Fy+WdlEubGsR0VqAEqQhmdowIRM10mQ0uB1/Pfhqdng= -github.com/goreleaser/nfpm/v2 v2.23.0 h1:ZcurGlXkaaY2XFHP7XvstjiJ+aGBGsYfKufxwYZnjkk= -github.com/goreleaser/nfpm/v2 v2.23.0/go.mod h1:Tpqen33Ol5R31AY1uYBJv/dinpifuoMtvp3V0eqDpbU= +github.com/goreleaser/goreleaser v1.16.2 h1:usMTxv8JXDNUUmVo0VSTExYBwCmLOuqa1l6hkmE/diA= +github.com/goreleaser/goreleaser v1.16.2/go.mod h1:RqqTiOY1SLmNcdGV7qYCGmDSgTgRSBTNfsN1AtubCOs= +github.com/goreleaser/nfpm/v2 v2.26.0 h1:nL7sXwsMLsc+NWE4Eddev+ZZomRaucT0WSnWkLwuxBM= +github.com/goreleaser/nfpm/v2 v2.26.0/go.mod h1:AQAOZ89rL4rHbv6ZdwyCWkjMam3LrHi9QIq56TnjUQk= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -1163,6 +1496,7 @@ github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M= github.com/gostaticanalysis/testutil v0.4.0 h1:nhdCmubdmDF6VEatUNjgUZBJKWRqugoISdUv3PPQgHY= github.com/grafana/regexp v0.0.0-20220304095617-2e8d9baf4ac2/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= +github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -1172,16 +1506,16 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.10.2/go.mod h1:chrfS3YoLAlKTRE5cFWvCbt8uGAjshktT4PveTUpsFQ= -github.com/hanwen/go-fuse v1.0.0/go.mod h1:unqXarDXqzAk0rt98O2tVndEPIpUgLD9+rwFisZH3Ok= -github.com/hanwen/go-fuse/v2 v2.1.0/go.mod h1:oRyA5eK+pvJyv5otpO/DgccS8y/RvYMaO00GgRLGryc= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.1/go.mod h1:G+WkljZi4mflcqVxYSgvt8MNctRQHjEH8ubKtt1Ka3w= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= +github.com/hanwen/go-fuse/v2 v2.2.0/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= +github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= -github.com/hashicorp/consul/api v1.13.0/go.mod h1:ZlVrynguJKcYr54zGaDbaL3fOvKC9m72FhPvA8T35KQ= +github.com/hashicorp/consul/api v1.18.0/go.mod h1:owRRGJ9M5xReDC5nfT8FTJrNAPbT4NM6p/k+d03q2v4= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= +github.com/hashicorp/consul/sdk v0.13.0/go.mod h1:0hs/l5fOVhJy/VdcoaNqUSi2AUs95eF5WKtv+EYIQqE= github.com/hashicorp/cronexpr v1.1.1/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -1194,9 +1528,12 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.12.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.2.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= @@ -1213,7 +1550,7 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= @@ -1221,19 +1558,26 @@ github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY= github.com/hashicorp/mdns v1.0.4/go.mod h1:mtBihi+LeNXGtG8L9dX59gAEa12BDtBQSp4v/YAJqrc= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= -github.com/hashicorp/nomad/api v0.0.0-20220629141207-c2428e1673ec/go.mod h1:jP79oXjopTyH6E8LF0CEMq67STgrlmBRIyijA0tuR5o= +github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= +github.com/hashicorp/nomad/api v0.0.0-20230124213148-69fd1a0e4bf7/go.mod h1:xYYd4dybIhRhhzDemKx7Ddt8CvCosgrEek8YM7/cF0A= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= +github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= +github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hetznercloud/hcloud-go v1.33.1/go.mod h1:XX/TQub3ge0yWR2yHWmnDVIrB+MQbda1pHxkUmDlUME= -github.com/hetznercloud/hcloud-go v1.35.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= +github.com/hetznercloud/hcloud-go v1.39.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc= @@ -1241,7 +1585,7 @@ github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvz github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= +github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo= github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/iancoleman/orderedmap v0.2.0 h1:sq1N/TFpYH++aViPcaKjys3bDClUEU7s5B+z6jq8pNA= github.com/iancoleman/orderedmap v0.2.0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= @@ -1251,6 +1595,7 @@ github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -1261,11 +1606,11 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/invopop/jsonschema v0.7.0 h1:2vgQcBz1n256N+FpX3Jq7Y17AjYt46Ig3zIWyy770So= github.com/invopop/jsonschema v0.7.0/go.mod h1:O9uiLokuu0+MGFlyiaqtWxwqJm41/+8Nj0lD7A36YH0= -github.com/ionos-cloud/sdk-go/v6 v6.1.0/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= +github.com/ionos-cloud/sdk-go/v6 v6.1.3/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= @@ -1277,7 +1622,7 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.12.1/go.mod h1:ZkhRC59Llhrq3oSfrikvwQ5NaxYExr6twkdkMLaKono= +github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= @@ -1290,25 +1635,31 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.3.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.11.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.16.1/go.mod h1:SIhx0D5hoADaiXZVyv+3gSm3LCIIINTVO0PficsvWGQ= +github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jackc/puddle v1.2.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/jarcoal/httpmock v1.2.0 h1:gSvTxxFR/MEMfsGrvRbdfpRUMBStovlSRLw0Ep1bwwc= +github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.0.0/go.mod h1:MK8+TM0La+2rjBD4jE12Kj1pCCxK7d2LK/UM3ncEo0o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aWNYyvBVK62bc= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= github.com/jgautheron/goconst v1.5.1 h1:HxVbL1MhydKs8R8n/HE5NPvzfaYmQJA3o879lE4+WcM= @@ -1319,7 +1670,6 @@ github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9B github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -1334,7 +1684,6 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -1347,6 +1696,7 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= +github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/junk1tm/musttag v0.5.0 h1:bV1DTdi38Hi4pG4OVWa7Kap0hi0o7EczuK6wQt9zPOM= github.com/junk1tm/musttag v0.5.0/go.mod h1:PcR7BA+oREQYvHwgjIDmw3exJeds5JzRcvEJTfjrA0M= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= @@ -1366,6 +1716,7 @@ github.com/kkHAIKE/contextcheck v1.1.4/go.mod h1:1+i/gWqokIa+dm31mqGLZhZJ7Uh44DJ github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= @@ -1373,6 +1724,7 @@ github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQs github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= +github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1381,8 +1733,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= @@ -1411,20 +1764,19 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= -github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= +github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/linode/linodego v1.4.0/go.mod h1:PVsRxSlOiJyvG4/scTszpmZDTdgS+to3X6eS8pRrWI8= -github.com/linode/linodego v1.8.0/go.mod h1:heqhl91D8QTPVm2k9qZHP78zzbOdTFLXE9NJc3bcc50= +github.com/linode/linodego v1.12.0/go.mod h1:NJlzvlNtdMRRkXb0oN6UWzUkj6t+IBsyveHgZ5Ppjyk= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM= github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= +github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -1481,6 +1833,7 @@ github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= @@ -1489,12 +1842,16 @@ github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aks github.com/mgechev/revive v1.3.1 h1:OlQkcH40IB2cGuprTPcjB0iIUddgVZgGmDX3IAMR8D4= github.com/mgechev/revive v1.3.1/go.mod h1:YlD6TTWl2B8A103R9KWJSPVI9DrEf+oqr15q21Ld+5I= github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U= +github.com/microsoft/go-mssqldb v0.18.0/go.mod h1:ukJCBnnzLzpVF0qYRT+eg1e+eSwjeQ7IvenUv8QPook= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= +github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.48/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= +github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= @@ -1512,6 +1869,7 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -1555,8 +1913,8 @@ github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKt github.com/muesli/roff v0.1.0 h1:YD0lalCotmYuF5HhZliKWlIx7IEhiXeSfq7hNjFqGF8= github.com/muesli/roff v0.1.0/go.mod h1:pjAHQM9hdUUwm/krAfrLGgJkXJ+YuhtsfZ42kieB2Ig= github.com/muesli/termenv v0.12.1-0.20220901123159-d729275e0977/go.mod h1:bN6sPNtkiahdhHv2Xm6RGU16LSCxfbIZvMfqjOCfrR4= -github.com/muesli/termenv v0.13.0 h1:wK20DRpJdDX8b7Ek2QfhvqhRQFZ237RGRO0RQ/Iqdy0= -github.com/muesli/termenv v0.13.0/go.mod h1:sP1+uffeLaEYpyOTb8pLCUctGcGLnoFjSn4YJK5e2bc= +github.com/muesli/termenv v0.14.0 h1:8x9NFfOe8lmIWK4pgy3IfVEy47f+ppe3tUqdPZG2Uy0= +github.com/muesli/termenv v0.14.0/go.mod h1:kG/pF1E7fh949Xhe156crRUrHNyK221IuGO7Ez60Uc8= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -1564,12 +1922,12 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U= github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE= -github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= -github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/jwt v1.2.2/go.mod h1:/xX356yQA6LuXI9xWW7mZNpxgF2mBmGecH+Fj34sP5Q= +github.com/nats-io/jwt/v2 v2.0.3/go.mod h1:VRP+deawSXyhNjXmxPCHskrR6Mq50BqpEI5SEcNiGlY= +github.com/nats-io/nats-server/v2 v2.5.0/go.mod h1:Kj86UtrXAL6LwYRA6H4RqzkHhK0Vcv2ZnKD5WbQ1t3g= +github.com/nats-io/nats.go v1.12.1/go.mod h1:BPko4oXsySz4aSWeFgOHLZs3G4Jq4ZAyE6/zMCxRT6w= +github.com/nats-io/nkeys v0.2.0/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= +github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/naveensrinivasan/stunning-tribble v0.4.2 h1:JD4DSLi9JoRbgxfsBZXE9lnc830TA4/sTQzq1WwR4eU= github.com/naveensrinivasan/stunning-tribble v0.4.2/go.mod h1:r2dbvNDqCzDSNmw9OjE6u2R5sIwLqnMBuLnpVQrhycI= @@ -1586,8 +1944,6 @@ github.com/nunnatsa/ginkgolinter v0.9.0/go.mod h1:FHaMLURXP7qImeH6bvxWJUpyH+2tuq github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= -github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= @@ -1606,10 +1962,15 @@ github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= +github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= +github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= +github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -1621,10 +1982,15 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je41yGY= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= +github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= +github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= +github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1658,15 +2024,9 @@ github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqi github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= -github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= -github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= -github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= -github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= -github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= +github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= github.com/ory/dockertest/v3 v3.9.1 h1:v4dkG+dlu76goxMiTT2j8zV7s4oPPEppKT8K8p2f1kY= github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= @@ -1674,10 +2034,9 @@ github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJ github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= @@ -1685,16 +2044,16 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= +github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU= github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= -github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= +github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= -github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1713,36 +2072,32 @@ github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prY github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/alertmanager v0.24.0/go.mod h1:r6fy/D7FRuZh5YbnX6J3MBY0eI4Pb5yPYS7/bPSXXqI= +github.com/prometheus/alertmanager v0.25.0/go.mod h1:MEZ3rFVHqKZsw7IcNS/m4AWZeXThmJhumpiWR4eHU/w= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= -github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= +github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= @@ -1751,15 +2106,16 @@ github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= +github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec= github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= +github.com/prometheus/exporter-toolkit v0.8.2/go.mod h1:00shzmJL7KxcsabLWcONwpyNEuWhREOnFqZW7vadFS0= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1770,10 +2126,11 @@ github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= +github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY= -github.com/prometheus/prometheus v0.37.0/go.mod h1:egARUgz+K93zwqsVIAneFlLZefyGOON44WyAp4Xqbbk= +github.com/prometheus/prometheus v0.42.0/go.mod h1:Pfqb/MLnnR2KK+0vchiaH39jXxvLMBk+3lnIGP4N7Vk= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-ruleguard v0.3.19 h1:tfMnabXle/HzOb5Xe9CUZYWXKfkS1KwRmZyPmD9nVcc= github.com/quasilyte/go-ruleguard v0.3.19/go.mod h1:lHSn69Scl48I7Gt9cX3VrbsZYvYiBYszZOZW4A+oTEw= @@ -1796,6 +2153,7 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -1811,7 +2169,7 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= -github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= +github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8= github.com/sanposhiho/wastedassign/v2 v2.0.7 h1:J+6nrY4VW+gC9xFzUc+XjPD3g3wF3je/NsJFwFK7Uxc= github.com/sanposhiho/wastedassign/v2 v2.0.7/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI= github.com/sasha-s/go-csync v0.0.0-20210812194225-61421b77c44b h1:qYTY2tN72LhgDj2rtWG+LI6TXFl2ygFQQ4YezfVaGQE= @@ -1822,6 +2180,7 @@ github.com/sashamelentyev/usestdlibvars v1.23.0 h1:01h+/2Kd+NblNItNeux0veSL5cBF1 github.com/sashamelentyev/usestdlibvars v1.23.0/go.mod h1:YPwr/Y1LATzHI93CqoPUN/2BzGQ/6N/cl/KwgR0B/aU= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.12/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -1835,6 +2194,7 @@ github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= +github.com/shoenig/test v0.6.0/go.mod h1:xYtyGBC5Q3kzCNyJg/SjgNpfAa2kvmgA0i5+lQso8x0= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= @@ -1884,6 +2244,8 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= +github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk= github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -1908,6 +2270,7 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= +github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0= @@ -1917,8 +2280,8 @@ github.com/stbenjam/no-sprintf-host-port v0.1.1/go.mod h1:TLhvtIvONRzdmkFiio4O8L github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= -github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= +github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/streadway/handy v0.0.0-20200128134331-0f66f006fb2e/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -1942,6 +2305,7 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= +github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -2060,12 +2424,15 @@ go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= +go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= +go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= +go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+DHwTGEbU= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= +go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= @@ -2073,12 +2440,10 @@ go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R7 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.10.2 h1:4Wk3cnqOrQCn0P92L3/mmurMxzdvWWs5J9jinAVKD+k= -go.mongodb.org/mongo-driver v1.10.2/go.mod h1:z4XpeoU6w+9Vht+jAFyLgVrD+jGSQQe0+CBWFHNiHt8= +go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE= +go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= -go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= -go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -2093,45 +2458,48 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.31.0/go.mod h1:PFmBsWbldL1kiWZk9+0LBZz2brhByaGsvp6pRICMlPE= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0/go.mod h1:+ARmXlUlc51J7sZeCBkBJNdHGySrdOzgzxp6VWRWM1U= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= go.opentelemetry.io/otel v1.6.0/go.mod h1:bfJD2DZVw0LBxghOTlgnlI0CV3hLDu9XF/QKOUXMTQQ= go.opentelemetry.io/otel v1.6.1/go.mod h1:blzUabWHkX6LJewxvadmzafgh/wnvBSDBdOuwkAtrWQ= -go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk= +go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE= +go.opentelemetry.io/otel v1.11.2/go.mod h1:7p4EUV+AqgdlNV9gL97IgUZiVR3yrFXYo53f9BM3tRI= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.1/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2/go.mod h1:rqbht/LlhVBgn5+k3M5QK96K5Xb0DvXpMJ5SFQpY6uw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.1/go.mod h1:YJ/JbY5ag/tSQFXzH3mtDmHqzF3aFn3DI/aB1n7pt4w= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.2/go.mod h1:5Qn6qvgkMsLDX+sYK64rHb1FPhpn0UtxF+ouX1uhyJE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.6.1/go.mod h1:UJJXJj0rltNIemDMwkOJyggsvyMG9QHfJeFH0HS5JjM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.2/go.mod h1:jWZUM2MWhWCJ9J9xVbRx7tzK1mXKpAlze4CeulycwVY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.1/go.mod h1:DAKwdo06hFLc0U88O10x4xnb5sc7dDRDqRuiN+io8JE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.7.0/go.mod h1:aFXT9Ng2seM9eizF+LfKiyPBGy8xIZKwhusC1gIu3hA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.11.2/go.mod h1:GZWSQQky8AgdJj50r1KJm8oiQiIPaAX7uZCFQX9GzC8= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.28.0/go.mod h1:TrzsfQAmQaB1PDcdhBauLMk7nyyg9hm+GoQq/ekE9Iw= -go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= +go.opentelemetry.io/otel/metric v0.34.0/go.mod h1:ZFuI4yQGNCupurTXCwkeD/zHBt+C2bR7bw5JqUm/AP8= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk v1.6.1/go.mod h1:IVYrddmFZ+eJqu2k38qD3WezFR2pymCzm8tdxyh3R4E= -go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= +go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys= +go.opentelemetry.io/otel/sdk v1.11.2/go.mod h1:wZ1WxImwpq+lVRo4vsmSOxdd+xwoUJ6rqyLc3SyX9aU= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= go.opentelemetry.io/otel/trace v1.6.0/go.mod h1:qs7BrU5cZ8dXQHBGxHMOxwME/27YH2qEp4/+tZLLwJE= go.opentelemetry.io/otel/trace v1.6.1/go.mod h1:RkFRM1m0puWIq10oxImnGEduNBzxiN7TXluRBtE+5j0= -go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU= +go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= +go.opentelemetry.io/otel/trace v1.11.2/go.mod h1:4N+yC7QEz7TTsG9BSRLNAa63eg5E06ObSbKPmxQ/pKA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.12.1/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= @@ -2143,14 +2511,16 @@ go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0 go.uber.org/automaxprocs v1.5.1 h1:e1YG66Lrk73dn4qhg8WFSvhF0JuFQF0ERIp4rpuV8Qk= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= +go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= +go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= +go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= @@ -2158,11 +2528,11 @@ go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= -go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= +go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -gocloud.dev v0.27.0 h1:j0WTUsnKTxCsWO7y8T+YCiBZUmLl9w/WIowqAY3yo0g= -gocloud.dev v0.27.0/go.mod h1:YlYKhYsY5/1JdHGWQDkAuqkezVKowu7qbe9aIeUF6p0= +gocloud.dev v0.29.0 h1:fBy0jwJSmxs0IjT0fE32MO+Mj+307VZQwyHaTyFZbC4= +gocloud.dev v0.29.0/go.mod h1:E3dAjji80g+lIkq4CQeF/BTWqv1CBeTftmOb+gpyapQ= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2179,32 +2549,41 @@ golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210915214749-c084706c2272/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= @@ -2214,12 +2593,14 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20220823124025-807a23277127 h1:S4NrSKDfihhl3+4jSTgwoIevKxX9p7Iv9x++OEIptDo= -golang.org/x/exp v0.0.0-20220823124025-807a23277127/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 h1:kWC3b7j6Fu09SnEBr7P4PuQyM0R6sqyH9R+EjIvT1nQ= +golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 h1:J74nGeMgeFnYQJN59eFwh06jX/V8g0lB7LWpjSLxtgU= golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2263,7 +2644,6 @@ golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -2315,10 +2695,11 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2328,14 +2709,21 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20220921155015-db77216a4ee9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= @@ -2363,8 +2751,14 @@ golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= -golang.org/x/oauth2 v0.0.0-20220628200809-02e64fa58f26/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= +golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= +golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2379,8 +2773,10 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2390,7 +2786,7 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2427,7 +2823,6 @@ golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2514,18 +2909,20 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2534,6 +2931,7 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2562,6 +2960,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -2578,17 +2977,17 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220609170525-579cf78fd858/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -2696,8 +3095,11 @@ golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNq golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= +gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= -google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -2737,17 +3139,29 @@ google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/S google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.81.0/go.mod h1:FA6Mb/bZxj706H2j+j2d6mHEEaHBmbbWnkfvmorOCko= google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= -google.golang.org/api v0.86.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= -google.golang.org/api v0.91.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= +google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08= +google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= +google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= +google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= +google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqAED5U= +google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= @@ -2762,7 +3176,6 @@ google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= -google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= @@ -2846,6 +3259,7 @@ google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= @@ -2855,17 +3269,48 @@ google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljW google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= -google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= +google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= +google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= +google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= +google.golang.org/genproto v0.0.0-20221205194025-8222ab48f5fc/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= +google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= +google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= -google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA= @@ -2899,6 +3344,11 @@ google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -2940,12 +3390,14 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk= gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce/go.mod h1:5AcXVHNjg+BDxry382+8OKon8SEWiKktQR07RKPsv1c= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -2953,6 +3405,7 @@ gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/telebot.v3 v3.0.0/go.mod h1:7rExV8/0mDDNu9epSrDm/8j22KLaActH1Tbee6YjzWg= +gopkg.in/telebot.v3 v3.1.2/go.mod h1:GJKwwWqp9nSkIVN51eRKU78aB5f5OnQuWdwiIZfPbko= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= @@ -2980,7 +3433,6 @@ gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= gotest.tools/v3 v3.1.0 h1:rVV8Tcg/8jHUkPUorwjaMTtemIMVXfIPKiOqnhEhakk= gotest.tools/v3 v3.1.0/go.mod h1:fHy7eyTmJFO5bQbUsEGQ1v4m2J3Jz9eWL54TP2/ZuYQ= -honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2995,14 +3447,14 @@ k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= +k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.24.2/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= +k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= @@ -3014,7 +3466,7 @@ k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.24.2/go.mod h1:zg4Xaoo+umDsfCWr4fCnmLEtQXyCNXCvJuSsglNcV30= +k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= @@ -3036,8 +3488,7 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.70.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= @@ -3045,14 +3496,16 @@ k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAG k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= -k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE= k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= mvdan.cc/gofumpt v0.4.0 h1:JVf4NN1mIpHogBj7ABpgOyZc65/UUOkKQFkoURsz4MM= @@ -3065,13 +3518,15 @@ mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d h1:3rvTIIM22r9pvXk+q3swxUQAQ mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d/go.mod h1:IeHQjmn6TOD+e4Z3RFiZMMsLVL+A96Nvptar8Fj71is= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= -sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= @@ -3079,8 +3534,8 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= +sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= -sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= From 22e9419159c73fbf2c55685c1afbd56e774d9df0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Mar 2023 03:04:06 +0000 Subject: [PATCH 026/316] :seedling: Bump actions/checkout from 3.4.0 to 3.5.0 (#2800) --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 96e98041178..95df314560e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index da9507b5359..790cdb42eea 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: 'Dependency Review' uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 09ad1263b4d..eaef6c8faf7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f #v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 #v3.5.0 with: fetch-depth: 2 - id: files @@ -86,7 +86,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 1f0e039fcab..6fed6d380dc 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 2d59fd81ad5..8d5c5e41a59 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -42,7 +42,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 42f217e01b3..c8834bdb2b8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -99,7 +99,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -147,7 +147,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -422,7 +422,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -470,7 +470,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -518,7 +518,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -566,7 +566,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -614,7 +614,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -662,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -710,7 +710,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -745,7 +745,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -782,7 +782,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -829,7 +829,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -864,7 +864,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -893,7 +893,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 8363b06dc4e..24c314c8095 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -40,7 +40,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 78dee04f770..634bafc01d8 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: "Run analysis" uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 718a194cfb3..c7a2a051280 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -15,7 +15,7 @@ jobs: ldflags: ${{ steps.ldflags.outputs.value }} steps: - id: checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v2.3.4 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 with: fetch-depth: 0 - id: ldflags From a394c13c3fe3157ea84ce7454930281758d8200c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Mar 2023 05:16:35 +0000 Subject: [PATCH 027/316] :seedling: Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802) --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 95df314560e..7ac8893cf4d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@67a35a08586135a9573f4327e904ecbf517a882d # v1 + uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@67a35a08586135a9573f4327e904ecbf517a882d # v1 + uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@67a35a08586135a9573f4327e904ecbf517a882d # v1 + uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 634bafc01d8..6089532d15d 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@67a35a08586135a9573f4327e904ecbf517a882d # v1 + uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 with: sarif_file: results.sarif From 3411949faf24748746967d334829ea2014a908da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Mar 2023 05:32:30 +0000 Subject: [PATCH 028/316] :seedling: Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801) --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index eaef6c8faf7..1179d62a89b 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@db5dd7c176cf59a19ef6561bf1936f059dee4b74 #v35.7.7 + uses: tj-actions/changed-files@e9b5807e928fc8eea705c90da5524fd44b183ba1 #v35.7.8 with: files_ignore: '**.md' - id: docs_only_check From 727d7e8d27b6989b5a7bd765671cfa9fe69f3666 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Mar 2023 16:47:31 -0700 Subject: [PATCH 029/316] :seedling: Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 01eea3b5d04..ebca570c8f6 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/grafeas/kritis v0.2.3-0.20210120183821-faeba81c520c github.com/h2non/filetype v1.1.3 github.com/jszwec/csvutil v1.8.0 - github.com/moby/buildkit v0.11.4 + github.com/moby/buildkit v0.11.5 github.com/olekukonko/tablewriter v0.0.5 github.com/onsi/gomega v1.27.0 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa diff --git a/go.sum b/go.sum index 078c3b81479..b77d9458f51 100644 --- a/go.sum +++ b/go.sum @@ -1586,8 +1586,8 @@ github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= -github.com/moby/buildkit v0.11.4 h1:mleVHr+n7HUD65QNUkgkT3d8muTzhYUoHE9FM3Ej05s= -github.com/moby/buildkit v0.11.4/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= +github.com/moby/buildkit v0.11.5 h1:S6YrFJ0bfBT2w9e8kOxqsDV8Bw+HtfqdB6eHL17BXRI= +github.com/moby/buildkit v0.11.5/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= From 41d4c1b39ab346cb1a1252242ecf7d331716b545 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Mar 2023 22:51:58 -0700 Subject: [PATCH 030/316] :seedling: Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 6089532d15d..96a6e07559a 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 with: results_file: results.sarif results_format: sarif From ce916313b42cac14988573c8e9a8441a938751df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Mar 2023 09:02:56 -0500 Subject: [PATCH 031/316] :seedling: Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ebca570c8f6..3ddd7382ad4 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.0 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.0 + github.com/google/osv-scanner v1.3.1 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.8.3 github.com/otiai10/copy v1.9.0 diff --git a/go.sum b/go.sum index b77d9458f51..365ba4b2f02 100644 --- a/go.sum +++ b/go.sum @@ -1197,8 +1197,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.0 h1:6oNZXtL9zSvkRm2SVtuTZz3UzFZhJAcEiWmBVrPD5kc= -github.com/google/osv-scanner v1.3.0/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= +github.com/google/osv-scanner v1.3.1 h1:wNbKwX/H1SbpecBV1zHbQJ/VreRpOd+w5ATiaQpOjyU= +github.com/google/osv-scanner v1.3.1/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= From cba58b32b26de2c13be392c80ecacba805f5a4ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Mar 2023 23:03:52 +0000 Subject: [PATCH 032/316] :seedling: Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807) --- go.mod | 6 +++--- go.sum | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 3ddd7382ad4..2f4c361fd79 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/jszwec/csvutil v1.8.0 github.com/moby/buildkit v0.11.5 github.com/olekukonko/tablewriter v0.0.5 - github.com/onsi/gomega v1.27.0 + github.com/onsi/gomega v1.27.6 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sirupsen/logrus v1.9.0 @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.1 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.8.3 + github.com/onsi/ginkgo/v2 v2.9.2 github.com/otiai10/copy v1.9.0 sigs.k8s.io/release-utils v0.6.0 ) @@ -69,7 +69,7 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/golang/glog v1.0.0 // indirect github.com/golang/snappy v0.0.4 // indirect diff --git a/go.sum b/go.sum index 365ba4b2f02..e8d02177650 100644 --- a/go.sum +++ b/go.sum @@ -1035,8 +1035,9 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= @@ -1653,8 +1654,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.8.3 h1:RpbK1G8nWPNaCVFBWsOGnEQQGgASi6b8fxcWBvDYjxQ= -github.com/onsi/ginkgo/v2 v2.8.3/go.mod h1:6OaUA8BCi0aZfmzYT/q9AacwTzDpNbxILUT+TlBq6MY= +github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= +github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -1672,8 +1673,8 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.0 h1:QLidEla4bXUuZVFa4KX6JHCsuGgbi85LC/pCHrt/O08= -github.com/onsi/gomega v1.27.0/go.mod h1:i189pavgK95OSIipFBa74gC2V4qrQuvjuyGEr3GmbXA= +github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From 6c65ffbb1944cf47b010a6480f521e2677fd0e5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 2 Apr 2023 17:37:33 +0000 Subject: [PATCH 033/316] :seedling: Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.48.0...bigquery/v1.49.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 2f4c361fd79..c37e9ca5917 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.48.0 + cloud.google.com/go/bigquery v1.49.0 cloud.google.com/go/monitoring v1.12.0 // indirect cloud.google.com/go/pubsub v1.30.0 cloud.google.com/go/trace v1.8.0 // indirect @@ -61,7 +61,7 @@ require ( github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect github.com/andybalholm/brotli v1.0.4 // indirect - github.com/apache/arrow/go/v10 v10.0.1 // indirect + github.com/apache/arrow/go/v11 v11.0.0 // indirect github.com/apache/thrift v0.16.0 // indirect github.com/cloudflare/circl v1.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect diff --git a/go.sum b/go.sum index e8d02177650..f649875eb24 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.48.0 h1:u+fhS1jJOkPO9vdM84M8HO5VznTfVUicBeoXNKD26ho= -cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= +cloud.google.com/go/bigquery v1.49.0 h1:yE+MpeFaRX9L3rYJrIxl1zCDnTU2kyTA2FkrFd6kVT8= +cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -566,8 +566,8 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/arrow/go/v10 v10.0.1 h1:n9dERvixoC/1JjDmBcs9FPaEryoANa2sCgVFo6ez9cI= -github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= +github.com/apache/arrow/go/v11 v11.0.0 h1:hqauxvFQxww+0mEU/2XHG6LT7eZternCZq+A5Yly2uM= +github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= From b6362b14ee0bc2dd2d6d3fbc7ccff7fbd7cd57ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Apr 2023 10:28:25 -0500 Subject: [PATCH 034/316] :seedling: Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index c37e9ca5917..b96263e7e1e 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 github.com/go-git/go-git/v5 v5.6.1 - github.com/go-logr/logr v1.2.3 + github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 github.com/google/go-containerregistry v0.12.1 diff --git a/go.sum b/go.sum index f649875eb24..361649b3302 100644 --- a/go.sum +++ b/go.sum @@ -980,8 +980,9 @@ github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= From b81a70e0ea098a7cd6e3672e314cb95b2230e8db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Apr 2023 13:59:10 -0500 Subject: [PATCH 035/316] :seedling: Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.49.0...bigquery/v1.50.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 18 +++++++++--------- go.sum | 34 +++++++++++++++++++--------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index b96263e7e1e..9863eaf6163 100644 --- a/go.mod +++ b/go.mod @@ -8,10 +8,10 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.49.0 - cloud.google.com/go/monitoring v1.12.0 // indirect + cloud.google.com/go/bigquery v1.50.0 + cloud.google.com/go/monitoring v1.13.0 // indirect cloud.google.com/go/pubsub v1.30.0 - cloud.google.com/go/trace v1.8.0 // indirect + cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 @@ -36,7 +36,7 @@ require ( gocloud.dev v0.29.0 golang.org/x/text v0.8.0 golang.org/x/tools v0.7.0 - google.golang.org/genproto v0.0.0-20230320184635-7606e756e683 // indirect + google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -56,8 +56,8 @@ require ( require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/containeranalysis v0.7.0 // indirect - cloud.google.com/go/kms v1.9.0 // indirect + cloud.google.com/go/containeranalysis v0.9.0 // indirect + cloud.google.com/go/kms v1.10.0 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect github.com/andybalholm/brotli v1.0.4 // indirect @@ -117,8 +117,8 @@ require ( require ( cloud.google.com/go v0.110.0 // indirect - cloud.google.com/go/compute v1.18.0 // indirect - cloud.google.com/go/iam v0.12.0 // indirect + cloud.google.com/go/compute v1.19.0 // indirect + cloud.google.com/go/iam v0.13.0 // indirect cloud.google.com/go/storage v1.29.0 // indirect github.com/Microsoft/go-winio v0.6.0 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect @@ -176,7 +176,7 @@ require ( golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.114.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/grpc v1.53.0 // indirect + google.golang.org/grpc v1.54.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index 361649b3302..022eece67b7 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.49.0 h1:yE+MpeFaRX9L3rYJrIxl1zCDnTU2kyTA2FkrFd6kVT8= -cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= +cloud.google.com/go/bigquery v1.50.0 h1:RscMV6LbnAmhAzD893Lv9nXXy2WCaJmbxYPWDLbGqNQ= +cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -125,8 +125,9 @@ cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= -cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= +cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -139,14 +140,14 @@ cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBT cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= -cloud.google.com/go/containeranalysis v0.7.0 h1:kw0dDRJPIN8L50Nwm8qa5VuGKPrbVup5lM3ULrvuWrg= -cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= +cloud.google.com/go/containeranalysis v0.9.0 h1:EQ4FFxNaEAg8PqQCO7bVQfWz9NVwZCUKaM1b3ycfx3U= +cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= -cloud.google.com/go/datacatalog v1.12.0 h1:3uaYULZRLByPdbuUvacGeqneudztEM4xqKQsBcxbDnY= +cloud.google.com/go/datacatalog v1.13.0 h1:4H5IJiyUE0X6ShQBqgFFZvGGcrwGVndTwUSLP4c52gw= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= @@ -222,8 +223,8 @@ cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHD cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= -cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE= -cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= +cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= +cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -234,8 +235,8 @@ cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxs cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.9.0 h1:b0votJQa/9DSsxgHwN33/tTLA7ZHVzfWhDCrfiXijSo= -cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= +cloud.google.com/go/kms v1.10.0 h1:Imrtp8792uqNP9bdfPrjtUkjjqOMBcAJ2bdFaAnLhnk= +cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -263,8 +264,9 @@ cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= -cloud.google.com/go/monitoring v1.12.0 h1:+X79DyOP/Ny23XIqSIb37AvFWSxDN15w/ktklVvPLso= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= +cloud.google.com/go/monitoring v1.13.0 h1:2qsrgXGVoRXpP7otZ14eE1I568zAa92sJSDPyOJvwjM= +cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= @@ -392,8 +394,9 @@ cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227 cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= -cloud.google.com/go/trace v1.8.0 h1:GFPLxbp5/FzdgTzor3nlNYNxMd6hLmzkE7sA9F0qQcA= cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= +cloud.google.com/go/trace v1.9.0 h1:olxC0QHC59zgJVALtgqfD9tGk0lfeCP5/AGXL3Px/no= +cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= @@ -2866,8 +2869,8 @@ google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230320184635-7606e756e683 h1:khxVcsk/FhnzxMKOyD+TDGwjbEOpcPuIpmafPGFmhMA= -google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea h1:yJv4O9/Q178wILoVkpoaERo7wMSIAqftxsa4y/5nP+8= +google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2910,8 +2913,9 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= -google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 73e857ecdf1bb817a6496b443fc3f3980245a7b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Apr 2023 10:41:09 -0500 Subject: [PATCH 036/316] :seedling: Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/1f99358870fe1c846a3ccba386cc2b2246836776...03bee3930647ebbf994244c21ddbc0d4933aab4f) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 14 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 4 +-- .github/workflows/main.yml | 40 +++++++++++++-------------- .github/workflows/publishimage.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 8 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7ac8893cf4d..21fb1fee95a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1179d62a89b..4ffcab3f3be 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 6fed6d380dc..d5e1a404d01 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8d5c5e41a59..06872f65f61 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c8834bdb2b8..4bb9671b178 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 24c314c8095..8c864cd6124 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 7dcde49cb79..f8e006107de 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index d3730877a05..27474ae31da 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776 # v1 + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs From 038c7028b3b7305499e28db8f0955b7c5ce382af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Apr 2023 10:22:23 -0700 Subject: [PATCH 037/316] :seedling: Bump github.com/docker/docker in /tools (#2825) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index e9cae5aa299..8c19caf54fc 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -125,7 +125,7 @@ require ( github.com/disgoorg/snowflake/v2 v2.0.1 // indirect github.com/docker/cli v23.0.1+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect - github.com/docker/docker v23.0.1+incompatible // indirect + github.com/docker/docker v23.0.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index c4a49af2930..1e4ed1ff7f1 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1004,8 +1004,8 @@ github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY= -github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= +github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= From fade79ba6b60232f6ac38070f9f4a388f7580d90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Apr 2023 12:56:14 -0500 Subject: [PATCH 038/316] :seedling: Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...d186a2a36cc67bfa1b860e6170d37fb9634742c7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 21fb1fee95a..af95c5268c2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 + uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 + uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 + uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 96a6e07559a..ff636d2b490 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v1 + uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 with: sarif_file: results.sarif From cf0533a0a2825a0ba001e2f78debe7e51829ac85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Apr 2023 14:41:24 +0000 Subject: [PATCH 039/316] :seedling: Bump tj-actions/changed-files from 35.7.8 to 35.7.12 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/e9b5807e928fc8eea705c90da5524fd44b183ba1...b109d83a62e94cf7c522bf6c15cb25c175850b16) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4ffcab3f3be..de9ce555e71 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@e9b5807e928fc8eea705c90da5524fd44b183ba1 #v35.7.8 + uses: tj-actions/changed-files@b109d83a62e94cf7c522bf6c15cb25c175850b16 #v35.7.12 with: files_ignore: '**.md' - id: docs_only_check From e8cf5d4e002d17d87a8ac4f4cbd31058077c799f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 10:00:03 -0500 Subject: [PATCH 040/316] :seedling: Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c3667d99424e7e6047999fb6246c0da843953c65...9e9de2292db7abb3f51b7f4808d98f0d347a8919) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 8c864cd6124..aaa6573791f 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -61,7 +61,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 + uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 - name: Sign image run: | cosign sign ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From 2f0e8d971f40e1fdb318f17b297edf9552ce0e58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 15:15:57 +0000 Subject: [PATCH 041/316] :seedling: Bump github.com/xeipuuv/gojsonschema Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0. - [Release notes](https://github.com/xeipuuv/gojsonschema/releases) - [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/xeipuuv/gojsonschema dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 9863eaf6163..949658b430c 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.6.1 - github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f + github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.8.0 diff --git a/go.sum b/go.sum index 022eece67b7..b5692c2cef5 100644 --- a/go.sum +++ b/go.sum @@ -1980,8 +1980,9 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f h1:mvXjJIHRZyhNuGassLTcXTwjiWq7NmjdavZsUnmFybQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= From 964bbd9dcb950292bdf3dfd6466764585c391542 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 10 Apr 2023 14:18:27 -0500 Subject: [PATCH 042/316] :seedling: Unit tests for checker result and request (#2844) Included tests for checker result and request Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .golangci.yml | 6 + checker/check_request_test.go | 122 +++++++++ checker/check_result.go | 22 +- checker/check_result_test.go | 470 ++++++++++++++++++++++++++++++++++ 4 files changed, 606 insertions(+), 14 deletions(-) create mode 100644 checker/check_request_test.go create mode 100644 checker/check_result_test.go diff --git a/.golangci.yml b/.golangci.yml index 5752e2f2a91..80a62880379 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -12,6 +12,12 @@ issues: # Default: 3 max-same-issues: 0 new-from-rev: "" + exclude-rules: + - path: '(.+)_test\.go' + linters: + - funlen + - goconst + - gocyclo skip-files: - cron/data/request.pb.go # autogenerated linters: diff --git a/checker/check_request_test.go b/checker/check_request_test.go new file mode 100644 index 00000000000..0db006cc7ec --- /dev/null +++ b/checker/check_request_test.go @@ -0,0 +1,122 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package checker + +import ( + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestListUnsupported(t *testing.T) { + t.Parallel() + type args struct { + required []RequestType + supported []RequestType + } + tests := []struct { + name string + args args + want []RequestType + }{ + { + name: "empty", + args: args{ + required: []RequestType{}, + supported: []RequestType{}, + }, + want: []RequestType{FileBased}, + }, + { + name: "empty required", + args: args{ + required: []RequestType{}, + supported: []RequestType{FileBased}, + }, + want: []RequestType{}, + }, + { + name: "supported", + args: args{ + required: []RequestType{FileBased}, + supported: []RequestType{FileBased}, + }, + want: []RequestType{FileBased}, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := ListUnsupported(tt.args.required, tt.args.supported); cmp.Equal(got, tt.want) { + t.Errorf("ListUnsupported() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} + +func Test_contains(t *testing.T) { + t.Parallel() + type args struct { + in []RequestType + exists RequestType + } + tests := []struct { + name string + args args + want bool + }{ + { + name: "empty", + args: args{ + in: []RequestType{}, + exists: FileBased, + }, + want: false, + }, + { + name: "empty exists", + args: args{ + in: []RequestType{FileBased}, + exists: FileBased, + }, + want: true, + }, + { + name: "empty exists", + args: args{ + in: []RequestType{FileBased}, + exists: CommitBased, + }, + want: false, + }, + { + name: "empty exists", + args: args{ + in: []RequestType{FileBased, CommitBased}, + exists: CommitBased, + }, + want: true, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := contains(tt.args.in, tt.args.exists); got != tt.want { + t.Errorf("contains() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/checker/check_result.go b/checker/check_result.go index d49ac02a542..8491bdd394b 100644 --- a/checker/check_result.go +++ b/checker/check_result.go @@ -44,7 +44,7 @@ const ( const ( // DetailInfo is info-level log. DetailInfo DetailType = iota - // DetailWarn is warn log. + // DetailWarn is warned log. DetailWarn // DetailDebug is debug log. DetailDebug @@ -75,7 +75,7 @@ type CheckDetail struct { // //nolint:govet type LogMessage struct { - // Structured resuts. + // Structured results. Finding *finding.Finding // Non-structured results. @@ -127,13 +127,11 @@ func NormalizeReason(reason string, score int) string { } // CreateResultWithScore is used when -// the check runs without runtime errors and we want to assign a +// the check runs without runtime errors, and we want to assign a // specific score. func CreateResultWithScore(name, reason string, score int) CheckResult { return CheckResult{ - Name: name, - // Old structure. - // New structure. + Name: name, Version: 2, Error: nil, Score: score, @@ -144,8 +142,8 @@ func CreateResultWithScore(name, reason string, score int) CheckResult { // CreateProportionalScoreResult is used when // the check runs without runtime errors and we assign a // proportional score. This may be used if a check contains -// multiple tests and we want to assign a score proportional -// the the number of tests that succeeded. +// multiple tests, and we want to assign a score proportional +// the number of tests that succeeded. func CreateProportionalScoreResult(name, reason string, b, t int) CheckResult { score := CreateProportionalScore(b, t) return CheckResult{ @@ -178,9 +176,7 @@ func CreateMinScoreResult(name, reason string) CheckResult { // have enough evidence to set a score. func CreateInconclusiveResult(name, reason string) CheckResult { return CheckResult{ - Name: name, - // Old structure. - // New structure. + Name: name, Version: 2, Score: InconclusiveResultScore, Reason: reason, @@ -190,9 +186,7 @@ func CreateInconclusiveResult(name, reason string) CheckResult { // CreateRuntimeErrorResult is used when the check fails to run because of a runtime error. func CreateRuntimeErrorResult(name string, e error) CheckResult { return CheckResult{ - Name: name, - // Old structure. - // New structure. + Name: name, Version: 2, Error: e, Score: InconclusiveResultScore, diff --git a/checker/check_result_test.go b/checker/check_result_test.go new file mode 100644 index 00000000000..291f0696cde --- /dev/null +++ b/checker/check_result_test.go @@ -0,0 +1,470 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package checker + +import ( + "errors" + "reflect" + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestAggregateScores(t *testing.T) { + t.Parallel() + type args struct { + scores []int + } + tests := []struct { + name string + args args + want int + }{ + { + name: "single", + args: args{ + scores: []int{1}, + }, + want: 1, + }, + { + name: "multiple", + args: args{ + scores: []int{1, 2, 3}, + }, + want: 2, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := AggregateScores(tt.args.scores...); got != tt.want { //nolint:govet + t.Errorf("AggregateScores() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestAggregateScoresWithWeight(t *testing.T) { + t.Parallel() + type args struct { + scores map[int]int + } + tests := []struct { //nolint:govet + name string + args args + want int + }{ + { + name: "single", + args: args{ + scores: map[int]int{1: 1}, + }, + want: 1, + }, + { + name: "multiple", + args: args{ + scores: map[int]int{1: 1, 2: 2, 3: 3}, + }, + want: 2, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := AggregateScoresWithWeight(tt.args.scores); got != tt.want { //nolint:govet + t.Errorf("AggregateScoresWithWeight() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestCreateProportionalScore(t *testing.T) { + t.Parallel() + type args struct { + success int + total int + } + tests := []struct { + name string + args args + want int + }{ + { + name: "empty", + args: args{ + success: 0, + }, + want: 0, + }, + { + name: "single", + args: args{ + success: 1, + total: 1, + }, + want: 10, + }, + { + name: "multiple", + args: args{ + success: 1, + total: 2, + }, + want: 5, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateProportionalScore(tt.args.success, tt.args.total); got != tt.want { //nolint:govet + t.Errorf("CreateProportionalScore() = %v, want %v", got, tt.want) //nolint:govet + } + }) + } +} + +func TestNormalizeReason(t *testing.T) { + t.Parallel() + type args struct { + reason string + score int + } + tests := []struct { //nolint:govet + name string + args args + want string + }{ + { + name: "empty", + args: args{ + reason: "", + }, + want: " -- score normalized to 0", + }, + { + name: "a reason", + args: args{ + reason: "reason", + score: 1, + }, + want: "reason -- score normalized to 1", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := NormalizeReason(tt.args.reason, tt.args.score); got != tt.want { //nolint:govet + t.Errorf("NormalizeReason() = %v, want %v", got, tt.want) //nolint:govet + } + }) + } +} + +func TestCreateResultWithScore(t *testing.T) { + t.Parallel() + type args struct { + name string + reason string + score int + } + tests := []struct { + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + reason: "", + score: 0, + }, + want: CheckResult{ + Name: "", + Reason: "", + Score: 0, + Version: 2, + }, + }, + { + name: "a reason", + args: args{ + name: "name", + reason: "reason", + score: 1, + }, + want: CheckResult{ + Name: "name", + Reason: "reason", + Version: 2, + Score: 1, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateResultWithScore(tt.args.name, tt.args.reason, tt.args.score); !cmp.Equal(got, tt.want) { //nolint:lll,govet + t.Errorf("CreateResultWithScore() = %v, want %v", got, cmp.Diff(got, tt.want)) //nolint:govet + } + }) + } +} + +func TestCreateProportionalScoreResult(t *testing.T) { + t.Parallel() + type args struct { + name string + reason string + b int + t int + } + tests := []struct { //nolint:govet + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + reason: "", + b: 0, + t: 0, + }, + want: CheckResult{ + Name: "", + Reason: " -- score normalized to 0", + Score: 0, + Version: 2, + }, + }, + { + name: "a reason", + args: args{ + name: "name", + reason: "reason", + b: 1, + t: 1, + }, + want: CheckResult{ + Name: "name", + Reason: "reason -- score normalized to 10", + Score: 10, + Version: 2, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateProportionalScoreResult(tt.args.name, tt.args.reason, tt.args.b, tt.args.t); !cmp.Equal(got, tt.want) { //nolint:govet,lll + t.Errorf("CreateProportionalScoreResult() = %v, want %v", got, cmp.Diff(got, tt.want)) //nolint:govet + } + }) + } +} + +func TestCreateMaxScoreResult(t *testing.T) { + t.Parallel() + type args struct { + name string + reason string + } + tests := []struct { + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + reason: "", + }, + want: CheckResult{ + Name: "", + Reason: "", + Score: 10, + Version: 2, + }, + }, + { + name: "a reason", + args: args{ + name: "name", + reason: "reason", + }, + want: CheckResult{ + Name: "name", + Reason: "reason", + Score: 10, + Version: 2, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateMaxScoreResult(tt.args.name, tt.args.reason); !cmp.Equal(got, tt.want) { //nolint:govet + t.Errorf("CreateMaxScoreResult() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} + +func TestCreateMinScoreResult(t *testing.T) { + t.Parallel() + type args struct { + name string + reason string + } + tests := []struct { + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + reason: "", + }, + want: CheckResult{ + Name: "", + Reason: "", + Score: 0, + Version: 2, + }, + }, + { + name: "a reason", + args: args{ + name: "name", + reason: "reason", + }, + want: CheckResult{ + Name: "name", + Reason: "reason", + Score: 0, + Version: 2, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateMinScoreResult(tt.args.name, tt.args.reason); !cmp.Equal(got, tt.want) { //nolint:govet + t.Errorf("CreateMinScoreResult() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} + +func TestCreateInconclusiveResult(t *testing.T) { + t.Parallel() + type args struct { + name string + reason string + } + tests := []struct { + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + reason: "", + }, + want: CheckResult{ + Name: "", + Reason: "", + Score: -1, + Version: 2, + }, + }, + { + name: "a reason", + args: args{ + name: "name", + reason: "reason", + }, + want: CheckResult{ + Name: "name", + Reason: "reason", + Score: -1, + Version: 2, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateInconclusiveResult(tt.args.name, tt.args.reason); !cmp.Equal(got, tt.want) { + t.Errorf("CreateInconclusiveResult() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} + +func TestCreateRuntimeErrorResult(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + name string + e error + } + tests := []struct { + name string + args args + want CheckResult + }{ + { + name: "empty", + args: args{ + name: "", + e: errors.New("runtime error"), //nolint:goerr113 + }, + want: CheckResult{ + Name: "", + Reason: "runtime error", + Score: -1, + Version: 2, + Error: errors.New("runtime error"), //nolint:goerr113 + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CreateRuntimeErrorResult(tt.args.name, tt.args.e); !reflect.DeepEqual(got, tt.want) { + t.Errorf("CreateRuntimeErrorResult() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} From 5cd79595876d308ddf1b52bd37973daa003708cf Mon Sep 17 00:00:00 2001 From: Yoo Chung Date: Mon, 10 Apr 2023 20:12:22 -0400 Subject: [PATCH 043/316] :sparkles: Consider haskell-actions/hlint-scan a code scanning action (#2846) * Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF. Signed-off-by: Yoo Chung * Test security-events permissions with actions known to upload SARIF. Signed-off-by: Yoo Chung --------- Signed-off-by: Yoo Chung --- checks/permissions_test.go | 11 +++++ checks/raw/permissions.go | 4 ++ ...ow-permissions-secevent-known-actions.yaml | 48 +++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 checks/testdata/.github/workflows/github-workflow-permissions-secevent-known-actions.yaml diff --git a/checks/permissions_test.go b/checks/permissions_test.go index 40affa16220..23a4b83bbd5 100644 --- a/checks/permissions_test.go +++ b/checks/permissions_test.go @@ -312,6 +312,17 @@ func TestGithubTokenPermissions(t *testing.T) { NumberOfDebug: 4, }, }, + { + name: "security-events write, known actions", + filenames: []string{"./testdata/.github/workflows/github-workflow-permissions-secevent-known-actions.yaml"}, + expected: scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 2, // This is constant. + NumberOfDebug: 8, // This is 4 + (number of actions) + }, + }, { name: "two files mix run-level and top-level", filenames: []string{ diff --git a/checks/raw/permissions.go b/checks/raw/permissions.go index e2415625a32..c2004ec89cd 100644 --- a/checks/raw/permissions.go +++ b/checks/raw/permissions.go @@ -372,6 +372,10 @@ func isAllowedWorkflow(workflow *actionlint.Workflow, fp string, pdata *permissi // allow our own action, which writes sarif files // https://github.com/ossf/scorecard-action "ossf/scorecard-action": true, + + // Code scanning with HLint uploads a SARIF file to GitHub. + // https://github.com/haskell-actions/hlint-scan + "haskell-actions/hlint-scan": true, } tokenPermissions := checker.TokenPermission{ diff --git a/checks/testdata/.github/workflows/github-workflow-permissions-secevent-known-actions.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-secevent-known-actions.yaml new file mode 100644 index 00000000000..6b72f9ec7b6 --- /dev/null +++ b/checks/testdata/.github/workflows/github-workflow-permissions-secevent-known-actions.yaml @@ -0,0 +1,48 @@ +# Copyright 2021 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: write-and-read workflow +on: [push] +permissions: read-all + +# All of the actions below are known to upload SARIF. +# They should not trigger a warning about the security-events +# write permission being enabled. +jobs: + codeql-analyze: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: github/codeql-action/analyze@v1 + + codeql-upload: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: github/codeql-action/upload-sarif@v1 + + scorecard: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: ossf/scorecard-action@v1 + + haskell-hlint: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: haskell-actions/hlint-scan@v1 From b17f83a71e3ce73b148927550ec0ca6bcdc325b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Apr 2023 10:12:31 -0500 Subject: [PATCH 044/316] :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 13 ++++++++----- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 949658b430c..c82d1c870ea 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.3.0 github.com/go-git/go-git/v5 v5.6.1 github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 @@ -75,7 +75,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-github/v50 v50.1.0 // indirect + github.com/google/go-github/v50 v50.2.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -167,7 +167,7 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - golang.org/x/crypto v0.6.0 // indirect + golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.6.0 // indirect diff --git a/go.sum b/go.sum index b5692c2cef5..0bcebb3c7a8 100644 --- a/go.sum +++ b/go.sum @@ -657,8 +657,8 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.2.0 h1:AVvVU33rE8wdTS1aNnenwpigEBA9mvzI5OhjhZfH/LU= -github.com/bradleyfalzon/ghinstallation/v2 v2.2.0/go.mod h1:xo3iIfK0lDKECe0s19nbxT0KKvk7LsrGc4NxR5ckKMA= +github.com/bradleyfalzon/ghinstallation/v2 v2.3.0 h1:RRGTqFWOe++1YmvYmO0PvMGzYTaZ6f8X3Su8WKmM+Ds= +github.com/bradleyfalzon/ghinstallation/v2 v2.3.0/go.mod h1:8rdGt82ERhM7sjY5FLx2gV4aPhxn6YUE8XlDMKG1z/Y= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -1180,8 +1180,8 @@ github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6K github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-github/v50 v50.1.0 h1:hMUpkZjklC5GJ+c3GquSqOP/T4BNsB7XohaPhtMOzRk= -github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= +github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk= +github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -2154,8 +2154,9 @@ golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2206,6 +2207,7 @@ golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2641,6 +2643,7 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= From 4898b5c47424763f9d1b74a26320db7317263310 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Apr 2023 15:17:04 +0000 Subject: [PATCH 045/316] :seedling: Bump github.com/otiai10/copy from 1.9.0 to 1.10.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 10 +++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index c82d1c870ea..f5169bd7cd4 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( github.com/google/osv-scanner v1.3.1 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.2 - github.com/otiai10/copy v1.9.0 + github.com/otiai10/copy v1.10.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 0bcebb3c7a8..b45bde9c3d5 100644 --- a/go.sum +++ b/go.sum @@ -1708,13 +1708,9 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= -github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4= -github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.4.0 h1:umwcf7gbpEwf7WFzqmWwSv0CzbeMsae2u9ZvpP8j2q4= -github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI= +github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= +github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= +github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= From df8b33146dcf64de4e63ced2eddbff837b4f02df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Apr 2023 15:33:12 +0000 Subject: [PATCH 046/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.16.2...v1.17.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tools/go.mod | 48 +++++++++++------------ tools/go.sum | 106 ++++++++++++++++++++++++--------------------------- 2 files changed, 74 insertions(+), 80 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 8c19caf54fc..9c00d779a08 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.16.2 + github.com/goreleaser/goreleaser v1.17.0 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.2 google.golang.org/protobuf v1.30.0 @@ -86,7 +86,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect - github.com/aymanbagabas/go-osc52 v1.2.1 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bkielbasa/cyclop v1.2.0 // indirect github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect @@ -97,15 +97,15 @@ require ( github.com/breml/errchkjson v0.3.1 // indirect github.com/butuzov/ireturn v0.1.1 // indirect github.com/caarlos0/ctrlc v1.2.0 // indirect - github.com/caarlos0/env/v7 v7.0.0 // indirect + github.com/caarlos0/env/v8 v8.0.0 // indirect github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect github.com/caarlos0/go-shellwords v1.0.12 // indirect - github.com/caarlos0/log v0.2.1 // indirect + github.com/caarlos0/log v0.2.2 // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/charithe/durationcheck v0.0.10 // indirect - github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792 // indirect + github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 // indirect github.com/cloudflare/circl v1.2.0 // indirect @@ -119,7 +119,7 @@ require ( github.com/dghubble/oauth1 v0.7.2 // indirect github.com/dghubble/sling v1.4.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/disgoorg/disgo v0.15.2 // indirect + github.com/disgoorg/disgo v0.16.1 // indirect github.com/disgoorg/json v1.0.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect @@ -180,7 +180,7 @@ require ( github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d // indirect + github.com/google/go-containerregistry v0.14.0 // indirect github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect @@ -190,9 +190,9 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/googleapis/gax-go/v2 v2.7.0 // indirect github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect - github.com/goreleaser/chglog v0.4.1 // indirect + github.com/goreleaser/chglog v0.4.2 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect - github.com/goreleaser/nfpm/v2 v2.26.0 // indirect + github.com/goreleaser/nfpm/v2 v2.28.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect @@ -201,13 +201,13 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.1 // indirect + github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hexops/gotextdiff v1.0.3 // indirect github.com/huandu/xstrings v1.3.2 // indirect github.com/iancoleman/orderedmap v0.2.0 // indirect - github.com/imdario/mergo v0.3.13 // indirect + github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/invopop/jsonschema v0.7.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -222,7 +222,7 @@ require ( github.com/kisielk/errcheck v1.6.3 // indirect github.com/kisielk/gotool v1.0.0 // indirect github.com/kkHAIKE/contextcheck v1.1.4 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.16.3 // indirect github.com/klauspost/pgzip v1.2.5 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.6 // indirect @@ -256,7 +256,7 @@ require ( github.com/muesli/mango-pflag v0.1.0 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/roff v0.1.0 // indirect - github.com/muesli/termenv v0.14.0 // indirect + github.com/muesli/termenv v0.15.1 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect github.com/nishanths/exhaustive v0.9.5 // indirect @@ -303,7 +303,7 @@ require ( github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.9.3 // indirect github.com/spf13/cast v1.5.0 // indirect - github.com/spf13/cobra v1.6.1 // indirect + github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.15.0 // indirect @@ -329,7 +329,7 @@ require ( github.com/uudashr/gocognit v1.0.6 // indirect github.com/vbatts/tar-split v0.11.2 // indirect github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect - github.com/xanzy/go-gitlab v0.80.2 // indirect + github.com/xanzy/go-gitlab v0.82.0 // indirect github.com/xanzy/ssh-agent v0.3.1 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.2.0 // indirect @@ -338,22 +338,22 @@ require ( go.mongodb.org/mongo-driver v1.11.0 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.10.0 // indirect - go.uber.org/automaxprocs v1.5.1 // indirect + go.uber.org/automaxprocs v1.5.2 // indirect go.uber.org/multierr v1.9.0 // indirect go.uber.org/zap v1.24.0 // indirect gocloud.dev v0.29.0 // indirect - golang.org/x/crypto v0.7.0 // indirect + golang.org/x/crypto v0.8.0 // indirect golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect - golang.org/x/mod v0.9.0 // indirect - golang.org/x/net v0.8.0 // indirect - golang.org/x/oauth2 v0.6.0 // indirect + golang.org/x/mod v0.10.0 // indirect + golang.org/x/net v0.9.0 // indirect + golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.6.0 // indirect - golang.org/x/term v0.6.0 // indirect - golang.org/x/text v0.8.0 // indirect + golang.org/x/sys v0.7.0 // indirect + golang.org/x/term v0.7.0 // indirect + golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.7.0 // indirect + golang.org/x/tools v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.110.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/tools/go.sum b/tools/go.sum index 1e4ed1ff7f1..5a3db811086 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -696,9 +696,8 @@ github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea h1:iWMTuQdgBQj66IRzxSuxPIrCuxvI2MK3co+E3bdmNys= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea/go.mod h1:nIK6sJEuVZZUoMkOm3A8uU4UD82DDMJLu7pp1AtbyXs= -github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4= -github.com/aymanbagabas/go-osc52 v1.2.1 h1:q2sWUyDcozPLcLabEMd+a+7Ea2DitxZVN9hTxab9L4E= -github.com/aymanbagabas/go-osc52 v1.2.1/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= @@ -742,15 +741,15 @@ github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/caarlos0/ctrlc v1.2.0 h1:AtbThhmbeYx1WW3WXdWrd94EHKi+0NPRGS4/4pzrjwk= github.com/caarlos0/ctrlc v1.2.0/go.mod h1:n3gDlSjsXZ7rbD9/RprIR040b7oaLfNStikPd4gFago= -github.com/caarlos0/env/v7 v7.0.0 h1:cyczlTd/zREwSr9ch/mwaDl7Hse7kJuUY8hvHfXu5WI= -github.com/caarlos0/env/v7 v7.0.0/go.mod h1:LPPWniDUq4JaO6Q41vtlyikhMknqymCLBw0eX4dcH1E= +github.com/caarlos0/env/v8 v8.0.0 h1:POhxHhSpuxrLMIdvTGARuZqR4Jjm8AYmoi/JKlcScs0= +github.com/caarlos0/env/v8 v8.0.0/go.mod h1:7K4wMY9bH0esiXSSHlfHLX5xKGQMnkH5Fk4TDSSSzfo= github.com/caarlos0/go-reddit/v3 v3.0.1 h1:w8ugvsrHhaE/m4ez0BO/sTBOBWI9WZTjG7VTecHnql4= github.com/caarlos0/go-reddit/v3 v3.0.1/go.mod h1:QlwgmG5SAqxMeQvg/A2dD1x9cIZCO56BMnMdjXLoisI= github.com/caarlos0/go-rpmutils v0.2.1-0.20211112020245-2cd62ff89b11 h1:IRrDwVlWQr6kS1U8/EtyA1+EHcc4yl8pndcqXWrEamg= github.com/caarlos0/go-shellwords v1.0.12 h1:HWrUnu6lGbWfrDcFiHcZiwOLzHWjjrPVehULaTFgPp8= github.com/caarlos0/go-shellwords v1.0.12/go.mod h1:bYeeX1GrTLPl5cAMYEzdm272qdsQAZiaHgeF0KTk1Gw= -github.com/caarlos0/log v0.2.1 h1:E5vf0Sg24tUbrGanknDu2UH0CZq6cCColThb8gTQnHQ= -github.com/caarlos0/log v0.2.1/go.mod h1:BLxpdZKXvWBjB6fshua4c8d7ApdYjypEDok6ibt+pXk= +github.com/caarlos0/log v0.2.2 h1:Rier7889+dTKHjvwf0cMNu8DjMF+/wCYC7wrPj9fXFk= +github.com/caarlos0/log v0.2.2/go.mod h1:IbSeDN+hKHdOwE6t2z9i2rcraz+r6N1XZkRHE4BAKm0= github.com/caarlos0/sshmarshal v0.0.0-20220308164159-9ddb9f83c6b3 h1:w2ANoiT4ubmh4Nssa3/QW1M7lj3FZkma8f8V5aBDxXM= github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= @@ -774,8 +773,8 @@ github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4= github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ= github.com/charmbracelet/keygen v0.3.0 h1:mXpsQcH7DDlST5TddmXNXjS0L7ECk4/kLQYyBcsan2Y= -github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792 h1:VfX981snWr7d4yvFAJYCN3S2sOsweiM6BsqZgFPY65c= -github.com/charmbracelet/lipgloss v0.6.1-0.20220911181249-6304a734e792/go.mod h1:sOPE4igPEyZ5Q75T0PYIMqA40cL+r0NrLlMJxr01aiE= +github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= +github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 h1:W9o46d2kbNL06lq7UNDPV0zYLzkrde/bjIqO02eoll0= github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8/go.mod h1:gakxgyXaaPkxvLw1XQxNGK4I37ys9iBRzNUx/B7pUCo= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= @@ -980,8 +979,8 @@ github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm github.com/digitalocean/godo v1.95.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/disgoorg/disgo v0.15.2 h1:cmdMCHBL17GgkYOJl6d2Btc3MbQiIdzwF6D8lwdJ7L8= -github.com/disgoorg/disgo v0.15.2/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= +github.com/disgoorg/disgo v0.16.1 h1:9uZeFzVJ9xR95ZEGwsKNbUyxqTsXEPqipZbdvSif0w4= +github.com/disgoorg/disgo v0.16.1/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= github.com/disgoorg/json v1.0.0 h1:kDhSM661fgIuNoZF3BO5/odaR5NSq80AWb937DH+Pdo= github.com/disgoorg/json v1.0.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= github.com/disgoorg/log v1.2.0 h1:sqlXnu/ZKAlIlHV9IO+dbMto7/hCQ474vlIdMWk8QKo= @@ -1376,8 +1375,8 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= -github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d h1:CCIY9UBJWlj8MoDN9TQV8qtifAbhZqkzYqx1Jl+telo= -github.com/google/go-containerregistry v0.13.1-0.20230310164735-e94d40893b2d/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= +github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw= +github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= github.com/google/go-github/v50 v50.1.0 h1:hMUpkZjklC5GJ+c3GquSqOP/T4BNsB7XohaPhtMOzRk= github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= @@ -1461,14 +1460,14 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGa github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 h1:9alfqbrhuD+9fLZ4iaAVwhlp5PEhmnBt7yvK2Oy5C1U= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0= -github.com/goreleaser/chglog v0.4.1 h1:6IAduyHpR58u3OFBdTrg8I/qAaBAmYYZ4Wq1Fz30QUY= -github.com/goreleaser/chglog v0.4.1/go.mod h1:85xT/GTwDCzLdjysP9aj+x6hQ+IxAv8SXx9MTrgcY2Y= +github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6mI= +github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.16.2 h1:usMTxv8JXDNUUmVo0VSTExYBwCmLOuqa1l6hkmE/diA= -github.com/goreleaser/goreleaser v1.16.2/go.mod h1:RqqTiOY1SLmNcdGV7qYCGmDSgTgRSBTNfsN1AtubCOs= -github.com/goreleaser/nfpm/v2 v2.26.0 h1:nL7sXwsMLsc+NWE4Eddev+ZZomRaucT0WSnWkLwuxBM= -github.com/goreleaser/nfpm/v2 v2.26.0/go.mod h1:AQAOZ89rL4rHbv6ZdwyCWkjMam3LrHi9QIq56TnjUQk= +github.com/goreleaser/goreleaser v1.17.0 h1:CcA7EOcljdYhpEY2MUI1je6swCTCAlubxZk1VCbPKBY= +github.com/goreleaser/goreleaser v1.17.0/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= +github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= +github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -1541,8 +1540,9 @@ github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= +github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= @@ -1600,10 +1600,9 @@ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= +github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= @@ -1719,8 +1718,8 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY= +github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= @@ -1796,8 +1795,8 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 h1:gWg6ZQ4JhDfJPqlo2srm/LN17lpybq15AryXIRcWYLE= github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= -github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/matryer/is v1.4.1 h1:55ehd8zaGABKLXQUe2awZ99BD/PTc2ls+KV/dXphgEQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -1823,9 +1822,7 @@ github.com/mattn/go-mastodon v0.0.6 h1:lqU1sOeeIapaDsDUL6udDZIzMb2Wqapo347VZlaOz github.com/mattn/go-mastodon v0.0.6/go.mod h1:cg7RFk2pcUfHZw/IvKe1FUzmlq5KnLFqs7eV2PHplV8= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= -github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= @@ -1907,14 +1904,12 @@ github.com/muesli/mango-cobra v1.2.0 h1:DQvjzAM0PMZr85Iv9LIMaYISpTOliMEg+uMFtNbY github.com/muesli/mango-cobra v1.2.0/go.mod h1:vMJL54QytZAJhCT13LPVDfkvCUJ5/4jNUKF/8NC2UjA= github.com/muesli/mango-pflag v0.1.0 h1:UADqbYgpUyRoBja3g6LUL+3LErjpsOwaC9ywvBWe7Sg= github.com/muesli/mango-pflag v0.1.0/go.mod h1:YEQomTxaCUp8PrbhFh10UfbhbQrM/xJ4i2PB8VTLLW0= -github.com/muesli/reflow v0.2.1-0.20210115123740-9e1d0d53df68/go.mod h1:Xk+z4oIWdQqJzsxyjgl3P22oYZnHdZ8FFTHAQQt5BMQ= github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/roff v0.1.0 h1:YD0lalCotmYuF5HhZliKWlIx7IEhiXeSfq7hNjFqGF8= github.com/muesli/roff v0.1.0/go.mod h1:pjAHQM9hdUUwm/krAfrLGgJkXJ+YuhtsfZ42kieB2Ig= -github.com/muesli/termenv v0.12.1-0.20220901123159-d729275e0977/go.mod h1:bN6sPNtkiahdhHv2Xm6RGU16LSCxfbIZvMfqjOCfrR4= -github.com/muesli/termenv v0.14.0 h1:8x9NFfOe8lmIWK4pgy3IfVEy47f+ppe3tUqdPZG2Uy0= -github.com/muesli/termenv v0.14.0/go.mod h1:kG/pF1E7fh949Xhe156crRUrHNyK221IuGO7Ez60Uc8= +github.com/muesli/termenv v0.15.1 h1:UzuTb/+hhlBugQz28rpzey4ZuKcZ03MeKsoG7IJZIxs= +github.com/muesli/termenv v0.15.1/go.mod h1:HeAQPTzpfs016yGtA4g00CsdYnVLJvxsS4ANqrZs2sQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -2012,7 +2007,7 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0= github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= -github.com/opencontainers/runc v1.1.2 h1:2VSZwLx5k/BfsBxMMipG/LYUnmqOD/BPkIVgQUcTlLw= +github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -2257,8 +2252,8 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= @@ -2380,8 +2375,8 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 h1:+dBg5k7nuTE38VVdoroRsT0Z88fmvdYrI2EjzJst35I= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySobZb4kFgFy6BptpXp/BBw+xFSyvVPP6auoJB4k= -github.com/xanzy/go-gitlab v0.80.2 h1:CH1Q7NDklqZllox4ICVF4PwlhQGfPtE+w08Jsb74ZX0= -github.com/xanzy/go-gitlab v0.80.2/go.mod h1:DlByVTSXhPsJMYL6+cm8e8fTJjeBmhrXdC/yvkKKt6M= +github.com/xanzy/go-gitlab v0.82.0 h1:WUAqZqNj/VGsXvFM9mYC0MEpPpmK4sHoOAryRQJARp4= +github.com/xanzy/go-gitlab v0.82.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo= github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w= @@ -2508,8 +2503,9 @@ go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= -go.uber.org/automaxprocs v1.5.1 h1:e1YG66Lrk73dn4qhg8WFSvhF0JuFQF0ERIp4rpuV8Qk= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= +go.uber.org/automaxprocs v1.5.2 h1:2LxUOGiR3O6tw8ui5sZa2LAaHnsviZdVOUZw4fvbnME= +go.uber.org/automaxprocs v1.5.2/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= @@ -2578,8 +2574,8 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= +golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2633,8 +2629,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2726,8 +2722,8 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2759,8 +2755,8 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2930,15 +2926,14 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2949,8 +2944,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2965,8 +2960,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -3082,8 +3077,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -3425,7 +3420,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= From 1fb59608bd73a5bfc0c1821bb1b36c7a4afcad29 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 11 Apr 2023 14:52:56 -0700 Subject: [PATCH 047/316] =?UTF-8?q?=F0=9F=8C=B1=20Add=20instructions=20to?= =?UTF-8?q?=20test=20cron=20controller=20+=20worker=20locally=20(#2817)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add GitLab test repos. Signed-off-by: Spencer Schrock * Add test GitLab projects to release controller. Signed-off-by: Spencer Schrock * worker gitlab WIP Signed-off-by: Spencer Schrock * Read config in worker. Signed-off-by: Spencer Schrock * Use UTC time for shards. This avoids issues when the controller and worker timezones differ. Signed-off-by: Spencer Schrock * update directions for gcs fake Signed-off-by: Spencer Schrock * update readme Signed-off-by: Spencer Schrock * Undo gitlab parts, which will be its own PR. Signed-off-by: Spencer Schrock * Clarify project and config files are placeholders. Signed-off-by: Spencer Schrock * remove accidentally added whitespace Signed-off-by: Spencer Schrock * clarify code change with comment. Signed-off-by: Spencer Schrock * Minor edits. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- cron/internal/controller/main.go | 2 +- cron/internal/emulator/README.md | 91 +++++++++++++++++++ cron/internal/emulator/config.yaml | 47 ++++++++++ .../ossf-scorecard-cii-data/.gitignore | 2 + .../ossf-scorecard-cron-results/.gitignore | 2 + .../fakegcs/ossf-scorecard-data2/.gitignore | 2 + .../fakegcs/ossf-scorecard-rawdata/.gitignore | 2 + cron/internal/emulator/projects.csv | 4 + cron/internal/pubsub/subscriber.go | 5 + cron/internal/worker/main.go | 3 + cron/worker/worker.go | 2 +- 11 files changed, 160 insertions(+), 2 deletions(-) create mode 100644 cron/internal/emulator/README.md create mode 100644 cron/internal/emulator/config.yaml create mode 100644 cron/internal/emulator/fakegcs/ossf-scorecard-cii-data/.gitignore create mode 100644 cron/internal/emulator/fakegcs/ossf-scorecard-cron-results/.gitignore create mode 100644 cron/internal/emulator/fakegcs/ossf-scorecard-data2/.gitignore create mode 100644 cron/internal/emulator/fakegcs/ossf-scorecard-rawdata/.gitignore create mode 100644 cron/internal/emulator/projects.csv diff --git a/cron/internal/controller/main.go b/cron/internal/controller/main.go index cc66ba805d2..ee3f532cd54 100644 --- a/cron/internal/controller/main.go +++ b/cron/internal/controller/main.go @@ -105,7 +105,7 @@ func localFiles(filenames []string) (data.Iterator, error) { func main() { ctx := context.Background() - t := time.Now() + t := time.Now().UTC() flag.Parse() if err := config.ReadConfig(); err != nil { diff --git a/cron/internal/emulator/README.md b/cron/internal/emulator/README.md new file mode 100644 index 00000000000..09174774e4f --- /dev/null +++ b/cron/internal/emulator/README.md @@ -0,0 +1,91 @@ +# Configuring a local environment to test the Scorecard Cron Job + +This emulator focuses on being able to test the `worker`, which pulls messages from a pubsub, processes them, and writes the results to a Google Cloud Storage (GCS) bucket. +It's necessary to support pubsub, gcs, and the `controller` to get the `worker` working. + +In general, you'll need 4-5 terminals (or tmux) to run everything needed. + +## GCS emulator + +[fake-gcs-server](https://github.com/fsouza/fake-gcs-server) meets our needs and is written in Go. +We may be able to use it as a library for unit tests in the future. + +For now, the binary is good enough, so install it from source (or [Releases](https://github.com/fsouza/fake-gcs-server/releases)): + +``` +go install github.com/fsouza/fake-gcs-server@latest +``` + +Now you can run the fake from the root of the Scorecard repo in your first window: +``` +fake-gcs-server -scheme http -public-host 0.0.0.0:4443 \ + -backend filesystem -filesystem-root cron/internal/emulator/fakegcs +``` + +## pubsub emulator: +Google Cloud has a [pubsub emulator](https://cloud.google.com/pubsub/docs/emulator) with complete install ininstructions. +I've summarized some of them below. + + +### One time setup + +``` +gcloud components install pubsub-emulator +gcloud components update +``` + +Anywhere outside your scorecard repo: +``` +git clone https://github.com/googleapis/python-pubsub +cd python-pubsub/samples/snippet +pip install -r requirements.txt +``` + +### Running the pubsub emulator (needed to do everytime) + +In a second window from any directory, run the emulator itself: + +``` +export PUBSUB_PROJECT_ID=test +gcloud beta emulators pubsub start --project=$PUBSUB_PROJECT_ID +``` + +In a third window (from the `samples/snippet` directory wherever you cloned `python-pubsub`) create the topic and subscription: + +``` +export PUBSUB_PROJECT_ID=test +export TOPIC_ID=scorecard-batch-requests +export SUBSCRIPTION_ID=scorecard-batch-worker +$(gcloud beta emulators pubsub env-init) +python3 publisher.py $PUBSUB_PROJECT_ID create $TOPIC_ID +python3 subscriber.py $PUBSUB_PROJECT_ID create $TOPIC_ID $SUBSCRIPTION_ID +alias drain-pubsub="python3 subscriber.py $PUBSUB_PROJECT_ID receive $SUBSCRIPTION_ID" +``` + +At any point you can drain the queue by running the following in the same window. Make sure to stop the command when testing the `worker`: +``` +drain-pubsub +``` + +## run Scorecard cron components + +Commands intended to be run from the base of the Scorecard repo. Since this is intended to be used during development, `go run` is used but there's no reason you can't use `go build`. +The repos in `cron/internal/emulator/projects.csv` and the `cron/internal/emulator/config.yaml` file can be changed as needed. + +### controller +``` +$(gcloud beta emulators pubsub env-init) +export STORAGE_EMULATOR_HOST=0.0.0.0:4443 +go run $(ls cron/internal/controller/*.go | grep -v _test.go) \ + --config cron/internal/emulator/config.yaml \ + cron/internal/emulator/projects.csv +``` + +### worker +``` +$(gcloud beta emulators pubsub env-init) +export STORAGE_EMULATOR_HOST=0.0.0.0:4443 +go run $(ls cron/internal/worker/*.go | grep -v _test.go) \ + --ignoreRuntimeErrors=true \ + --config cron/internal/emulator/config.yaml +``` diff --git a/cron/internal/emulator/config.yaml b/cron/internal/emulator/config.yaml new file mode 100644 index 00000000000..5569d6b43ca --- /dev/null +++ b/cron/internal/emulator/config.yaml @@ -0,0 +1,47 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project-id: test +request-topic-url: gcppubsub://projects/test/topics/scorecard-batch-requests +request-subscription-url: gcppubsub://projects/test/subscriptions/scorecard-batch-worker +bigquery-dataset: scorecardcron +bigquery-table: scorecard-v2 +completion-threshold: 0.99 +shard-size: 10 +webhook-url: +metric-exporter: printer +metric-stackdriver-prefix: scorecard-cron +result-data-bucket-url: gs://ossf-scorecard-data2 + +additional-params: + input-bucket: + url: gs://ossf-scorecard-input-projects + # Optional prefix to limit files used as input files within a bucket (e.g. a specific file or directory) + prefix: + # Optional file to read a prefix from, instead of statically defining prefix above (note: prefix must be blank to use this option) + # This is good in situations where the prefix changes frequently (e.g. always using the most recent folder in a bucket) + prefix-file: + + scorecard: + # API results bucket + api-results-bucket-url: gs://ossf-scorecard-cron-results + # TODO: Temporarily remove SAST and CI-Tests which require lot of GitHub API tokens. + # TODO(#859): Re-add Contributors after fixing inconsistencies. + # TODO: Dependency-Update-Tool and SAST are search heavy + # TODO: Vulnerabilities is slow on repos with lots of dependencies + blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities + cii-data-bucket-url: gs://ossf-scorecard-cii-data + # Raw results. + raw-bigquery-table: scorecard-rawdata + raw-result-data-bucket-url: gs://ossf-scorecard-rawdata diff --git a/cron/internal/emulator/fakegcs/ossf-scorecard-cii-data/.gitignore b/cron/internal/emulator/fakegcs/ossf-scorecard-cii-data/.gitignore new file mode 100644 index 00000000000..d6b7ef32c84 --- /dev/null +++ b/cron/internal/emulator/fakegcs/ossf-scorecard-cii-data/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/cron/internal/emulator/fakegcs/ossf-scorecard-cron-results/.gitignore b/cron/internal/emulator/fakegcs/ossf-scorecard-cron-results/.gitignore new file mode 100644 index 00000000000..d6b7ef32c84 --- /dev/null +++ b/cron/internal/emulator/fakegcs/ossf-scorecard-cron-results/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/cron/internal/emulator/fakegcs/ossf-scorecard-data2/.gitignore b/cron/internal/emulator/fakegcs/ossf-scorecard-data2/.gitignore new file mode 100644 index 00000000000..d6b7ef32c84 --- /dev/null +++ b/cron/internal/emulator/fakegcs/ossf-scorecard-data2/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/cron/internal/emulator/fakegcs/ossf-scorecard-rawdata/.gitignore b/cron/internal/emulator/fakegcs/ossf-scorecard-rawdata/.gitignore new file mode 100644 index 00000000000..d6b7ef32c84 --- /dev/null +++ b/cron/internal/emulator/fakegcs/ossf-scorecard-rawdata/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/cron/internal/emulator/projects.csv b/cron/internal/emulator/projects.csv new file mode 100644 index 00000000000..0f02e6d056e --- /dev/null +++ b/cron/internal/emulator/projects.csv @@ -0,0 +1,4 @@ +repo,metadata +github.com/ossf/scorecard, +github.com/ossf/scorecard-action, +github.com/ossf/scorecard-webapp, diff --git a/cron/internal/pubsub/subscriber.go b/cron/internal/pubsub/subscriber.go index 3dba81f102a..693721e4a86 100644 --- a/cron/internal/pubsub/subscriber.go +++ b/cron/internal/pubsub/subscriber.go @@ -18,6 +18,7 @@ import ( "context" "errors" "fmt" + "os" "google.golang.org/protobuf/encoding/protojson" @@ -38,6 +39,10 @@ type Subscriber interface { // CreateSubscriber returns an implementation of Subscriber interface. // Currently returns an instance of gcsSubscriber. func CreateSubscriber(ctx context.Context, subscriptionURL string) (Subscriber, error) { + // the gocloud clients respect PUBSUB_EMULATOR_HOST, but our custom GCS subscriber does not + if os.Getenv("PUBSUB_EMULATOR_HOST") != "" { + return createGocloudSubscriber(ctx, subscriptionURL) + } return createGCSSubscriber(ctx, subscriptionURL) } diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index 422d4da2792..6ed479dc3fb 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -266,6 +266,9 @@ func startMetricsExporter() (monitoring.Exporter, error) { func main() { flag.Parse() + if err := config.ReadConfig(); err != nil { + panic(err) + } sw, err := newScorecardWorker() if err != nil { panic(err) diff --git a/cron/worker/worker.go b/cron/worker/worker.go index a1720778242..d91b6c38582 100644 --- a/cron/worker/worker.go +++ b/cron/worker/worker.go @@ -151,7 +151,7 @@ func ResultFilename(sbr *data.ScorecardBatchRequest) string { } func hasMetadataFile(ctx context.Context, req *data.ScorecardBatchRequest, bucketURL string) (bool, error) { - filename := data.GetShardMetadataFilename(req.GetJobTime().AsTime()) + filename := data.GetShardMetadataFilename(req.GetJobTime().AsTime().UTC()) exists, err := data.BlobExists(ctx, bucketURL, filename) if err != nil { return false, fmt.Errorf("data.BlobExists: %w", err) From 192d704d49485eabea9d194f185f87d116ea22f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Apr 2023 06:36:50 -0500 Subject: [PATCH 048/316] :seedling: Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 20 ++++++++++++-------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index f5169bd7cd4..9144e332624 100644 --- a/go.mod +++ b/go.mod @@ -34,8 +34,8 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 gocloud.dev v0.29.0 - golang.org/x/text v0.8.0 - golang.org/x/tools v0.7.0 + golang.org/x/text v0.9.0 + golang.org/x/tools v0.8.0 google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 @@ -99,8 +99,8 @@ require ( github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.4.0 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect - golang.org/x/mod v0.9.0 // indirect - golang.org/x/term v0.6.0 // indirect + golang.org/x/mod v0.10.0 // indirect + golang.org/x/term v0.7.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -169,10 +169,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 - golang.org/x/net v0.8.0 // indirect + golang.org/x/net v0.9.0 // indirect golang.org/x/oauth2 v0.6.0 // indirect golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.6.0 // indirect + golang.org/x/sys v0.7.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.114.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index b45bde9c3d5..dc744822d7a 100644 --- a/go.sum +++ b/go.sum @@ -2204,8 +2204,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2296,8 +2296,9 @@ golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2504,8 +2505,9 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2518,8 +2520,9 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2535,8 +2538,9 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2640,8 +2644,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 862bfc6ed7355eafc1a58eaf686d5f474c981598 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Apr 2023 11:38:49 +0000 Subject: [PATCH 049/316] :seedling: Bump codecov/codecov-action from 3.1.0 to 3.1.2 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/81cd2dc8148241f03f5839d295e000b8f761e378...40a12dcee2df644d47232dde008099a3e9e4f865) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/integration.yml | 4 ++-- .github/workflows/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 06872f65f61..b526a783697 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -67,7 +67,7 @@ jobs: command: make e2e-gh-token - name: codecov - uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0 + uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 with: files: ./e2e-coverage.out verbose: true @@ -81,7 +81,7 @@ jobs: command: make e2e-gitlab - name: codecov - uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0 + uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 with: files: ./e2e-coverage.out verbose: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bb9671b178..585a7195f05 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -66,7 +66,7 @@ jobs: - name: Run unit-tests run: make unit-test - name: Upload codecoverage - uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # 2.1.0 + uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 with: files: ./unit-coverage.out verbose: true From 358de6bda007c7eff9e1825956489ffb3b89e9a5 Mon Sep 17 00:00:00 2001 From: Yoo Chung Date: Wed, 12 Apr 2023 13:05:00 -0400 Subject: [PATCH 050/316] :book: Fix broken links. (#2858) Signed-off-by: Yoo Chung --- docs/faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index b53c7c90048..0555d838031 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -64,18 +64,18 @@ For more information, see the [Fuzzing check description](https://github.com/oss ### Pinned-Dependencies: Will Scorecard detect unpinned dependencies in tests with Dockerfiles? -Scorecard can show the dependencies that are referred to in tests like Dockerfiles, so it could be a great way for you to fix those dependencies and avoid the vulnerabilities related to version pinning dependencies. To see more about the benefits of hash pinning instead of version pinning, please see the [Pinned-Dependencies check description](/checks.md#pinned-dependencies) +Scorecard can show the dependencies that are referred to in tests like Dockerfiles, so it could be a great way for you to fix those dependencies and avoid the vulnerabilities related to version pinning dependencies. To see more about the benefits of hash pinning instead of version pinning, please see the [Pinned-Dependencies check description](checks.md#pinned-dependencies) ### Pinned-Dependencies: Can I use version pinning instead of hash pinning? Version pinning is a significant improvement over not pinning your dependencies. However, it still leaves your project vulnerable to tag-renaming attacks (where a dependency's tags are deleted and recreated to point to a malicious commit). The OpenSSF therefore recommends hash pinning instead of version pinning, along with the use of dependency update tools such as dependabot to keep your dependencies up-to-date. -Please see the [Pinned-Dependencies check description](/checks.md#pinned-dependencies) for a better understanding of the benefits of the Hash Pinning. +Please see the [Pinned-Dependencies check description](checks.md#pinned-dependencies) for a better understanding of the benefits of the Hash Pinning. ### Signed-Releases: Why sign releases? -Currently, the main benefit of [signed releases](/checks.md#signed-releases) is the guarantee that a specific artifact was released by a source that you approve or attest is reliable. +Currently, the main benefit of [signed releases](checks.md#signed-releases) is the guarantee that a specific artifact was released by a source that you approve or attest is reliable. However, there are already moves to make it even more relevant. For example, the OpenSSF is working on [implementing signature verification for NPM packages](https://github.blog/2022-08-08-new-request-for-comments-on-improving-npm-security-with-sigstore-is-now-open/) which would allow a consumer to automatically verify if the package they are downloading was generated through a reliable builder and if it is correctly signed. From 71eda75a0d7a57f439477bfc49183806235f42d0 Mon Sep 17 00:00:00 2001 From: Yoo Chung Date: Wed, 12 Apr 2023 13:29:29 -0400 Subject: [PATCH 051/316] :sparkles: Detect fuzzing in Haskell by the presence of property tests. (#2843) * Add Haskell as a language. Signed-off-by: Yoo Chung * Detect fuzzing in Haskell using presence of property-based testing. Signed-off-by: Yoo Chung * Mention fuzzing detection for Haskell in documentation. Signed-off-by: Yoo Chung * Fix pattern and test. Add test case. Signed-off-by: Yoo Chung --------- Signed-off-by: Yoo Chung --- checks/raw/fuzzing.go | 40 ++++++++++-- checks/raw/fuzzing_test.go | 103 ++++++++++++++++++++++++++++++- checks/write.md | 2 +- clients/languages.go | 3 + docs/checks.md | 3 +- docs/checks/internal/checks.yaml | 3 +- 6 files changed, 142 insertions(+), 12 deletions(-) diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index e76ba04f3ee..8f01595881b 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -28,10 +28,11 @@ import ( ) const ( - fuzzerOSSFuzz = "OSSFuzz" - fuzzerClusterFuzzLite = "ClusterFuzzLite" - oneFuzz = "OneFuzz" - fuzzerBuiltInGo = "GoBuiltInFuzzer" + fuzzerOSSFuzz = "OSSFuzz" + fuzzerClusterFuzzLite = "ClusterFuzzLite" + oneFuzz = "OneFuzz" + fuzzerBuiltInGo = "GoBuiltInFuzzer" + fuzzerPropertyBasedHaskell = "HaskellPropertyBasedTesting" // TODO: add more fuzzing check supports. ) @@ -42,8 +43,12 @@ type filesWithPatternStr struct { // Configurations for language-specified fuzzers. type languageFuzzConfig struct { - URL, Desc *string - filePattern, funcPattern, Name string + URL, Desc *string + + // Pattern is according to path.Match. + filePattern string + + funcPattern, Name string // TODO: add more language fuzzing-related fields. } @@ -59,6 +64,29 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{ Desc: asPointer( "Go fuzzing intelligently walks through the source code to report failures and find vulnerabilities."), }, + // Fuzz patterns for Haskell based on property-based testing. + // + // Based on the import of one of these packages: + // * https://hackage.haskell.org/package/QuickCheck + // * https://hedgehog.qa/ + // * https://github.com/NorfairKing/validity + // * https://hackage.haskell.org/package/smallcheck + // + // They can also be imported indirectly through these test frameworks: + // * https://hspec.github.io/ + // * https://hackage.haskell.org/package/tasty + // + // This is not an exhaustive list. + clients.Haskell: { + filePattern: "*.hs", + // Look for direct imports of QuickCheck, Hedgehog, validity, or SmallCheck, + // or their indirect imports through the higher-level Hspec or Tasty testing frameworks. + funcPattern: `import\s+(qualified\s+)?Test\.((Hspec|Tasty)\.)?(QuickCheck|Hedgehog|Validity|SmallCheck)`, + Name: fuzzerPropertyBasedHaskell, + Desc: asPointer( + "Property-based testing in Haskell generates test instances randomly or exhaustively " + + "and test that specific properties are satisfied."), + }, // TODO: add more language-specific fuzz patterns & configs. } diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index b6d2ccc4740..5804a30c62a 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -316,6 +316,103 @@ func Test_checkFuzzFunc(t *testing.T) { }, fileContent: "func TestFoo (t *testing.T)", }, + { + name: "Haskell QuickCheck", + want: true, + fileName: []string{"ModuleSpec.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.QuickCheck", + }, + { + name: "Haskell Hedgehog", + want: true, + fileName: []string{"TestSpec.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.Hedgehog", + }, + { + name: "Haskell Validity", + want: true, + fileName: []string{"validity_test.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.Validity", + }, + { + name: "Haskell SmallCheck", + want: true, + fileName: []string{"SmallSpec.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.SmallCheck", + }, + { + name: "Haskell QuickCheck with qualified import", + want: true, + fileName: []string{"QualifiedSpec.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import qualified Test.QuickCheck", + }, + { + name: "Haskell QuickCheck through Hspec", + want: true, + fileName: []string{"ArrowSpec.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.Hspec.QuickCheck", + }, + { + name: "Haskell QuickCheck through Tasty", + want: true, + fileName: []string{"test.hs"}, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.Tasty.QuickCheck", + }, + { + name: "Haskell with no property-based testing", + want: false, + fileName: []string{"PropertySpec.hs"}, + wantErr: true, + langs: []clients.Language{ + { + Name: clients.Haskell, + NumLines: 50, + }, + }, + fileContent: "import Test.Hspec", + }, } for _, tt := range tests { tt := tt @@ -325,12 +422,12 @@ func Test_checkFuzzFunc(t *testing.T) { defer ctrl.Finish() mockClient := mockrepo.NewMockRepoClient(ctrl) mockClient.EXPECT().ListFiles(gomock.Any()).Return(tt.fileName, nil).AnyTimes() - mockClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) (string, error) { + mockClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(f string) ([]byte, error) { if tt.wantErr { //nolint - return "", errors.New("error") + return nil, errors.New("error") } - return tt.fileContent, nil + return []byte(tt.fileContent), nil }).AnyTimes() req := checker.CheckRequest{ RepoClient: mockClient, diff --git a/checks/write.md b/checks/write.md index fc0bc9e6c95..2a517daa696 100644 --- a/checks/write.md +++ b/checks/write.md @@ -75,7 +75,7 @@ The steps to writing a check are as follows: 8. Create e2e tests in `e2e/mycheck_test.go`. Use a dedicated repo that will not change over time, so that it's reliable for the tests. -9. Update the `checks/checks.yaml` with a description of your check. +9. Update the `docs/checks/internal/checks.yaml` with a description of your check. 10. Generate `docs/check.md` using `make generate-docs`. This will validate and generate `docs/check.md`. diff --git a/clients/languages.go b/clients/languages.go index c9778b04648..5009e6775c2 100644 --- a/clients/languages.go +++ b/clients/languages.go @@ -71,6 +71,9 @@ const ( // Dockerfile: https://docs.docker.com/engine/reference/builder/ Dockerfile LanguageName = "dockerfile" + // Haskell: https://www.haskell.org/ + Haskell LanguageName = "haskell" + // Other indicates other languages not listed by the GitHub API. Other LanguageName = "other" diff --git a/docs/checks.md b/docs/checks.md index 3d744a660e1..2883446a91e 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -336,7 +336,8 @@ This check tries to determine if the project uses [fuzzing](https://owasp.org/www-community/Fuzzing) by checking: 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; -3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. +3. if there are user-defined language-specified fuzzing functions in the repository. + - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/) and a limited set of property-based testing libraries for Haskell. 4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz); Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index a8ba343a069..f8709cd6559 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -396,7 +396,8 @@ checks: [fuzzing](https://owasp.org/www-community/Fuzzing) by checking: 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; - 3. if there are user-defined language-specified fuzzing functions (currently only supports [Go fuzzing](https://go.dev/doc/fuzz/)) in the repository. + 3. if there are user-defined language-specified fuzzing functions in the repository. + - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/) and a limited set of property-based testing libraries for Haskell. 4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz); Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data From d180088c7542df9a968f05a768343dab7ff761a1 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 12 Apr 2023 13:32:22 -0500 Subject: [PATCH 052/316] :seedling: Unit tests for attestor policy (#2857) - Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults` - Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review [attestor/policy/attestation_policy_test.go] - Add `github.com/google/go-cmp/cmp` to imports - Add a test for `GetRequiredChecksForPolicy` - Add a test for `EvaluateResults` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .codecov.yml | 1 + attestor/policy/attestation_policy.go | 9 +- attestor/policy/attestation_policy_test.go | 164 +++++++++++++++++++++ 3 files changed, 169 insertions(+), 5 deletions(-) diff --git a/.codecov.yml b/.codecov.yml index 51c0e9691f3..f5e0d5c0d57 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -7,6 +7,7 @@ codecov: ignore: - "cron/**/*" - "clients/mockclients/**/*" + - "attestor/command/**/*" coverage: precision: 2 round: down diff --git a/attestor/policy/attestation_policy.go b/attestor/policy/attestation_policy.go index 6af48d44240..1052bbad948 100644 --- a/attestor/policy/attestation_policy.go +++ b/attestor/policy/attestation_policy.go @@ -71,8 +71,7 @@ type Dependency struct { Version string `yaml:"version"` } -// Allows us to run fewer scorecard checks if some policy values -// are don't-cares. +// GetRequiredChecksForPolicy Allows us to run fewer scorecard checks if some policy values are don't-cares. func (ap *AttestationPolicy) GetRequiredChecksForPolicy() map[string]bool { requiredChecks := make(map[string]bool) @@ -95,7 +94,7 @@ func (ap *AttestationPolicy) GetRequiredChecksForPolicy() map[string]bool { return requiredChecks } -// Run attestation policy checks on raw data. +// EvaluateResults Run attestation policy checks on raw data. func (ap *AttestationPolicy) EvaluateResults(raw *checker.RawResults) (PolicyResult, error) { logger := sclog.NewLogger(sclog.DefaultLevel) if ap.PreventBinaryArtifacts { @@ -291,7 +290,7 @@ func isUnpinnedDependencyAllowed(d checker.Dependency, allowed []Dependency) boo return false } -// ParseFromFile takes a policy file and returns an AttestationPolicy. +// ParseAttestationPolicyFromFile takes a policy file and returns an AttestationPolicy. func ParseAttestationPolicyFromFile(policyFile string) (*AttestationPolicy, error) { if policyFile != "" { data, err := os.ReadFile(policyFile) @@ -315,7 +314,7 @@ func ParseAttestationPolicyFromFile(policyFile string) (*AttestationPolicy, erro return nil, nil } -// Parses a policy file and returns a AttestationPolicy. +// ParseAttestationPolicyFromYAML parses a policy file and returns a AttestationPolicy. func ParseAttestationPolicyFromYAML(b []byte) (*AttestationPolicy, error) { ap := AttestationPolicy{} diff --git a/attestor/policy/attestation_policy_test.go b/attestor/policy/attestation_policy_test.go index bc9cc8c4f07..61e222b906d 100644 --- a/attestor/policy/attestation_policy_test.go +++ b/attestor/policy/attestation_policy_test.go @@ -20,6 +20,8 @@ import ( "fmt" "testing" + "github.com/google/go-cmp/cmp" + "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/clients" sce "github.com/ossf/scorecard/v4/errors" @@ -538,3 +540,165 @@ func TestAttestationPolicyRead(t *testing.T) { }) } } + +func TestAttestationPolicy_GetRequiredChecksForPolicy(t *testing.T) { + t.Parallel() + type fields struct { //nolint:govet + PreventBinaryArtifacts bool + AllowedBinaryArtifacts []string + PreventKnownVulnerabilities bool + PreventUnpinnedDependencies bool + AllowedUnpinnedDependencies []Dependency + EnsureCodeReviewed bool + CodeReviewRequirements CodeReviewRequirements + } + tests := []struct { //nolint:govet + name string + fields fields + want map[string]bool + }{ + { + name: "all checks", + fields: fields{ + PreventBinaryArtifacts: true, + AllowedBinaryArtifacts: []string{}, + PreventKnownVulnerabilities: true, + PreventUnpinnedDependencies: true, + AllowedUnpinnedDependencies: []Dependency{}, + EnsureCodeReviewed: true, + CodeReviewRequirements: CodeReviewRequirements{MinReviewers: 1}, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ap := &AttestationPolicy{ + PreventBinaryArtifacts: tt.fields.PreventBinaryArtifacts, + AllowedBinaryArtifacts: tt.fields.AllowedBinaryArtifacts, + PreventKnownVulnerabilities: tt.fields.PreventKnownVulnerabilities, + PreventUnpinnedDependencies: tt.fields.PreventUnpinnedDependencies, + AllowedUnpinnedDependencies: tt.fields.AllowedUnpinnedDependencies, + EnsureCodeReviewed: tt.fields.EnsureCodeReviewed, + CodeReviewRequirements: tt.fields.CodeReviewRequirements, + } + if got := ap.GetRequiredChecksForPolicy(); cmp.Equal(got, tt.want) { + t.Errorf("GetRequiredChecksForPolicy() %v, want %v", cmp.Diff(got, tt.want), tt.want) + } + }) + } +} + +func TestAttestationPolicy_EvaluateResults(t *testing.T) { + t.Parallel() + type fields struct { //nolint:govet + PreventBinaryArtifacts bool + AllowedBinaryArtifacts []string + PreventKnownVulnerabilities bool + PreventUnpinnedDependencies bool + AllowedUnpinnedDependencies []Dependency + EnsureCodeReviewed bool + CodeReviewRequirements CodeReviewRequirements + } + type args struct { + raw *checker.RawResults + } + tests := []struct { //nolint:govet + name string + fields fields + args args + want PolicyResult + wantErr bool + }{ + { + name: "vulnerabilities", + fields: fields{ + PreventKnownVulnerabilities: true, + }, + args: args{ + raw: &checker.RawResults{ + VulnerabilitiesResults: checker.VulnerabilitiesData{ + Vulnerabilities: []clients.Vulnerability{ + {ID: "foo"}, + }, + }, + }, + }, + want: false, + }, + { + name: "binary artifacts", + fields: fields{ + PreventBinaryArtifacts: true, + }, + args: args{ + raw: &checker.RawResults{ + BinaryArtifactResults: checker.BinaryArtifactData{Files: []checker.File{ + {Path: "a"}, + {Path: "b"}, + }}, + }, + }, + want: false, + }, + { + name: "unpinned dependencies", + fields: fields{ + PreventUnpinnedDependencies: true, + }, + args: args{ + raw: &checker.RawResults{ + PinningDependenciesResults: checker.PinningDependenciesData{ + Dependencies: []checker.Dependency{ + {Name: asPointer("foo"), PinnedAt: asPointer("abcdef")}, + }, + }, + }, + }, + want: true, + }, + { + name: "code review", + fields: fields{ + EnsureCodeReviewed: true, + }, + args: args{ + raw: &checker.RawResults{ + CodeReviewResults: checker.CodeReviewData{ + DefaultBranchChangesets: []checker.Changeset{ + { + RevisionID: "1", + Commits: []clients.Commit{{SHA: "a"}}, + }, + }, + }, + }, + }, + want: false, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ap := &AttestationPolicy{ + PreventBinaryArtifacts: tt.fields.PreventBinaryArtifacts, + AllowedBinaryArtifacts: tt.fields.AllowedBinaryArtifacts, + PreventKnownVulnerabilities: tt.fields.PreventKnownVulnerabilities, + PreventUnpinnedDependencies: tt.fields.PreventUnpinnedDependencies, + AllowedUnpinnedDependencies: tt.fields.AllowedUnpinnedDependencies, + EnsureCodeReviewed: tt.fields.EnsureCodeReviewed, + CodeReviewRequirements: tt.fields.CodeReviewRequirements, + } + got, err := ap.EvaluateResults(tt.args.raw) + if (err != nil) != tt.wantErr { + t.Errorf("EvaluateResults() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("EvaluateResults() got = %v, want %v", got, tt.want) + } + }) + } +} From 4809b20cbfebb29be3c4a1ff840aeb67a1bc872c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Apr 2023 19:19:02 +0000 Subject: [PATCH 053/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9144e332624..74d54961220 100644 --- a/go.mod +++ b/go.mod @@ -163,7 +163,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xanzy/go-gitlab v0.81.0 + github.com/xanzy/go-gitlab v0.82.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index dc744822d7a..a05634fea5d 100644 --- a/go.sum +++ b/go.sum @@ -1963,8 +1963,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.81.0 h1:ofbhZ5ZY9AjHATWQie4qd2JfncdUmvcSA/zfQB767Dk= -github.com/xanzy/go-gitlab v0.81.0/go.mod h1:VMbY3JIWdZ/ckvHbQqkyd3iYk2aViKrNIQ23IbFMQDo= +github.com/xanzy/go-gitlab v0.82.0 h1:WUAqZqNj/VGsXvFM9mYC0MEpPpmK4sHoOAryRQJARp4= +github.com/xanzy/go-gitlab v0.82.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From b16c74bd16a7aba296227115ca0110b9e0a87742 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 12 Apr 2023 15:50:36 -0700 Subject: [PATCH 054/316] =?UTF-8?q?=E2=9C=A8=20Use=20local=20files=20inste?= =?UTF-8?q?ad=20of=20search=20for=20SAST=20CodeQL=20check=20(#2839)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Look for codeQL action use with local files instead of search. Signed-off-by: Spencer Schrock * Switch SAST mocks to using local file contents. Signed-off-by: Spencer Schrock * Update e2e test Signed-off-by: Spencer Schrock * Remove unneeded code. The tests deleted here were merged with another test in an earlier commit. Signed-off-by: Spencer Schrock * update Signed-off-by: Spencer Schrock * Add tests to get code coverage up. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- checks/sast.go | 65 +++++++++++++++---- checks/sast_test.go | 61 ++++++++++++++--- .../github-workflow-sast-codeql.yaml | 24 +++++++ .../github-workflow-sast-no-codeql.yaml | 38 +++++++++++ e2e/sast_test.go | 8 +-- 5 files changed, 173 insertions(+), 23 deletions(-) create mode 100644 checks/testdata/.github/workflows/github-workflow-sast-codeql.yaml create mode 100644 checks/testdata/.github/workflows/github-workflow-sast-no-codeql.yaml diff --git a/checks/sast.go b/checks/sast.go index 1cedc4e099c..2a433334df4 100644 --- a/checks/sast.go +++ b/checks/sast.go @@ -23,9 +23,10 @@ import ( "regexp" "strings" + "github.com/rhysd/actionlint" + "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" - "github.com/ossf/scorecard/v4/clients" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/finding" ) @@ -187,19 +188,18 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) { } func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) { - searchRequest := clients.SearchRequest{ - Query: "github/codeql-action/analyze", - Path: "/.github/workflows", - } - resp, err := c.RepoClient.Search(searchRequest) + var workflowPaths []string + err := fileparser.OnMatchingFileContentDo(c.RepoClient, fileparser.PathMatcher{ + Pattern: ".github/workflows/*", + CaseSensitive: false, + }, searchGitHubActionWorkflowCodeQL, &workflowPaths) if err != nil { - return checker.InconclusiveResultScore, - sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Search.Code: %v", err)) + return checker.InconclusiveResultScore, err } - for _, result := range resp.Results { + for _, path := range workflowPaths { c.Dlogger.Debug(&checker.LogMessage{ - Path: result.Path, + Path: path, Type: finding.FileTypeSource, Offset: checker.OffsetDefault, Text: "CodeQL detected", @@ -208,7 +208,7 @@ func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) { // TODO: check if it's enabled as cron or presubmit. // TODO: check which branches it is enabled on. We should find main. - if resp.Hits > 0 { + if len(workflowPaths) > 0 { c.Dlogger.Info(&checker.LogMessage{ Text: "SAST tool detected: CodeQL", }) @@ -221,6 +221,49 @@ func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) { return checker.MinResultScore, nil } +// Check file content. +var searchGitHubActionWorkflowCodeQL fileparser.DoWhileTrueOnFileContent = func(path string, + content []byte, + args ...interface{}, +) (bool, error) { + if !fileparser.IsWorkflowFile(path) { + return true, nil + } + + if len(args) != 1 { + return false, fmt.Errorf( + "searchGitHubActionWorkflowCodeQL requires exactly 1 arguments: %w", errInvalid) + } + + // Verify the type of the data. + paths, ok := args[0].(*[]string) + if !ok { + return false, fmt.Errorf( + "searchGitHubActionWorkflowCodeQL expects arg[0] of type *[]string: %w", errInvalid) + } + + workflow, errs := actionlint.Parse(content) + if len(errs) > 0 && workflow == nil { + return false, fileparser.FormatActionlintError(errs) + } + + for _, job := range workflow.Jobs { + for _, step := range job.Steps { + e, ok := step.Exec.(*actionlint.ExecAction) + if !ok { + continue + } + // Parse out repo / SHA. + uses := strings.TrimPrefix(e.Uses.Value, "actions://") + action, _, _ := strings.Cut(uses, "@") + if action == "github/codeql-action/analyze" { + *paths = append(*paths, path) + } + } + } + return true, nil +} + type sonarConfig struct { url string file checker.File diff --git a/checks/sast_test.go b/checks/sast_test.go index 1ed5080fe62..5e653a8e4a4 100644 --- a/checks/sast_test.go +++ b/checks/sast_test.go @@ -19,6 +19,7 @@ import ( "errors" "fmt" "os" + "strings" "testing" "time" @@ -105,9 +106,7 @@ func Test_SAST(t *testing.T) { }, }, }, - searchresult: clients.SearchResponse{Hits: 1, Results: []clients.SearchResult{{ - Path: "test.go", - }}}, + path: ".github/workflows/github-workflow-sast-codeql.yaml", checkRuns: []clients.CheckRun{ { Status: "completed", @@ -144,7 +143,7 @@ func Test_SAST(t *testing.T) { }, }, }, - searchresult: clients.SearchResponse{}, + path: ".github/workflows/github-workflow-sast-no-codeql.yaml", checkRuns: []clients.CheckRun{ { App: clients.CheckRunApp{ @@ -201,14 +200,14 @@ func Test_SAST(t *testing.T) { }, { name: "sonartype config 1 line", - path: "./testdata/pom-1line.xml", + path: "pom-1line.xml", expected: checker.CheckResult{ Score: 10, }, }, { name: "sonartype config 2 lines", - path: "./testdata/pom-2lines.xml", + path: "pom-2lines.xml", expected: checker.CheckResult{ Score: 10, }, @@ -234,13 +233,16 @@ func Test_SAST(t *testing.T) { mockRepoClient.EXPECT().Search(searchRequest).Return(tt.searchresult, nil).AnyTimes() mockRepoClient.EXPECT().ListFiles(gomock.Any()).DoAndReturn( func(predicate func(string) (bool, error)) ([]string, error) { - return []string{"pom.xml"}, nil + if strings.Contains(tt.path, "pom") { + return []string{"pom.xml"}, nil + } + return []string{tt.path}, nil }).AnyTimes() mockRepoClient.EXPECT().GetFileContent(gomock.Any()).DoAndReturn(func(fn string) ([]byte, error) { if tt.path == "" { return nil, nil } - content, err := os.ReadFile(tt.path) + content, err := os.ReadFile("./testdata/" + tt.path) if err != nil { return content, fmt.Errorf("%w", err) } @@ -342,3 +344,46 @@ func Test_validateSonarConfig(t *testing.T) { }) } } + +func Test_searchGitHubActionWorkflowCodeQL_invalid(t *testing.T) { + t.Parallel() + + //nolint: govet + tests := []struct { + name string + path string + args []any + }{ + { + name: "too few arguments", + path: ".github/workflows/github-workflow-sast-codeql.yaml", + args: []any{}, + }, + { + name: "wrong arguments", + path: ".github/workflows/github-workflow-sast-codeql.yaml", + args: []any{ + &[]int{}, + }, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + var content []byte + var err error + if tt.path != "" { + content, err = os.ReadFile("./testdata/" + tt.path) + if err != nil { + t.Errorf("ReadFile: %v", err) + } + } + _, err = searchGitHubActionWorkflowCodeQL(tt.path, content, tt.args...) + if err == nil { + t.Errorf("Expected error but err was nil") + } + }) + } +} diff --git a/checks/testdata/.github/workflows/github-workflow-sast-codeql.yaml b/checks/testdata/.github/workflows/github-workflow-sast-codeql.yaml new file mode 100644 index 00000000000..9758f530da5 --- /dev/null +++ b/checks/testdata/.github/workflows/github-workflow-sast-codeql.yaml @@ -0,0 +1,24 @@ +# Copyright 2021 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: absent workflow +on: [push] + +jobs: + Explore-GitHub-Actions: + runs-on: ubuntu-latest + steps: + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 + - name: some name + uses: docker/build-push-action@1.2.3 diff --git a/checks/testdata/.github/workflows/github-workflow-sast-no-codeql.yaml b/checks/testdata/.github/workflows/github-workflow-sast-no-codeql.yaml new file mode 100644 index 00000000000..9d3b2c4ffe3 --- /dev/null +++ b/checks/testdata/.github/workflows/github-workflow-sast-no-codeql.yaml @@ -0,0 +1,38 @@ +# Copyright 2021 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +on: + push: + paths: + - 'source/common/**' + pull_request: + +jobs: + Some-Build: + + strategy: + fail-fast: false + + # CodeQL runs on ubuntu-latest and windows-latest + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 2 + + - name: Acme CodeQL + uses: acme/codeql-action/init@v2 # some comment + with: + languages: cpp diff --git a/e2e/sast_test.go b/e2e/sast_test.go index 82c48546fa8..2cd7743b7ee 100644 --- a/e2e/sast_test.go +++ b/e2e/sast_test.go @@ -44,10 +44,10 @@ var _ = Describe("E2E TEST:"+checks.CheckSAST, func() { } expected := scut.TestReturn{ Error: nil, - Score: 0, - NumberOfWarn: 2, - NumberOfInfo: 0, - NumberOfDebug: 0, + Score: 10, + NumberOfWarn: 1, + NumberOfInfo: 1, + NumberOfDebug: 1, } result := checks.SAST(&req) // New version. From 973b2d37d6f07ac66251f02dafc32cf1ce91e579 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 08:58:30 +0000 Subject: [PATCH 055/316] :seedling: Bump actions/checkout from 3.5.0 to 3.5.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...83b7061638ee4956cf7545a6f7efe594e5ad0247) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index af95c5268c2..5b35a50fe41 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 790cdb42eea..0349a9f2697 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 - name: 'Dependency Review' uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index de9ce555e71..3061a77cb26 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 #v3.5.0 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 #v3.5.1 with: fetch-depth: 2 - id: files @@ -86,7 +86,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index d5e1a404d01..90090261f44 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index b526a783697..530f3f5a42a 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -42,7 +42,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 585a7195f05..91d160a7dec 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -99,7 +99,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -147,7 +147,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -422,7 +422,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -470,7 +470,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -518,7 +518,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -566,7 +566,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -614,7 +614,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -662,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -710,7 +710,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -745,7 +745,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -782,7 +782,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -829,7 +829,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -864,7 +864,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -893,7 +893,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index aaa6573791f..625ff5bbe7a 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -40,7 +40,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index ff636d2b490..48785f08655 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 - name: "Run analysis" uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index c7a2a051280..926c89508a8 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -15,7 +15,7 @@ jobs: ldflags: ${{ steps.ldflags.outputs.value }} steps: - id: checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v2.3.4 + uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 with: fetch-depth: 0 - id: ldflags From 3704b1f2606db5b0526b7b1f7e0e827b22e2160d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 13:24:12 +0000 Subject: [PATCH 056/316] :seedling: Bump tj-actions/changed-files from 35.7.12 to 35.8.0 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.12 to 35.8.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/b109d83a62e94cf7c522bf6c15cb25c175850b16...7ecfc6730dff8072d1cc5215a24cc9478f55264d) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 3061a77cb26..16b32b388c3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@b109d83a62e94cf7c522bf6c15cb25c175850b16 #v35.7.12 + uses: tj-actions/changed-files@7ecfc6730dff8072d1cc5215a24cc9478f55264d #v35.8.0 with: files_ignore: '**.md' - id: docs_only_check From 21e1950fdb90e1e07d70fb5c607d3aee85f7f5ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 16:43:06 +0000 Subject: [PATCH 057/316] :seedling: Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 74d54961220..6c537836077 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect github.com/sirupsen/logrus v1.9.0 - github.com/spf13/cobra v1.6.1 + github.com/spf13/cobra v1.7.0 github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 gocloud.dev v0.29.0 @@ -146,7 +146,7 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/googleapis/gax-go/v2 v2.7.1 // indirect github.com/imdario/mergo v0.3.13 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect diff --git a/go.sum b/go.sum index a05634fea5d..195c137ae82 100644 --- a/go.sum +++ b/go.sum @@ -1375,8 +1375,8 @@ github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/ionos-cloud/sdk-go/v6 v6.1.3/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= @@ -1889,8 +1889,8 @@ github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3 github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= From f3c480f21426a804e14abb1a756fd549895e8923 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 16:59:19 +0000 Subject: [PATCH 058/316] :seedling: Bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1 Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6c537836077..36621be8109 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( ) require ( - github.com/Masterminds/semver/v3 v3.2.0 + github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.1 diff --git a/go.sum b/go.sum index 195c137ae82..0a876c23529 100644 --- a/go.sum +++ b/go.sum @@ -513,8 +513,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXY github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c h1:RGWPOewvKIROun94nF7v2cua9qP+thov/7M50KEoeSU= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= From fd78f950380248ef4214a60b4d5fe2e9d74aada3 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 13 Apr 2023 14:44:18 -0500 Subject: [PATCH 059/316] :seedling: Unit Tests for checker/client (#2851) - Included the unit tests for checker/client.go - Coverage to 87% Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checker/client_test.go | 126 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) create mode 100644 checker/client_test.go diff --git a/checker/client_test.go b/checker/client_test.go new file mode 100644 index 00000000000..cd73f3725a5 --- /dev/null +++ b/checker/client_test.go @@ -0,0 +1,126 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package checker + +import ( + "context" + "testing" + + "github.com/ossf/scorecard/v4/log" +) + +// nolint:paralleltest +// because we are using t.Setenv. +func TestGetClients(t *testing.T) { //nolint:gocognit + type args struct { //nolint:govet + ctx context.Context + repoURI string + localURI string + logger *log.Logger + } + tests := []struct { //nolint:govet + name string + args args + shouldOSSFuzzBeNil bool + shouldRepoClientBeNil bool + shouldVulnClientBeNil bool + shouldRepoBeNil bool + shouldCIIBeNil bool + wantErr bool + experimental bool + }{ + { + name: "localURI is not empty", + args: args{ + ctx: context.Background(), + repoURI: "", + localURI: "foo", + }, + shouldOSSFuzzBeNil: false, + shouldRepoClientBeNil: false, + shouldVulnClientBeNil: false, + shouldRepoBeNil: true, + wantErr: true, + }, + { + name: "repoURI is not empty", + args: args{ + ctx: context.Background(), + repoURI: "foo", + localURI: "", + }, + shouldOSSFuzzBeNil: false, + shouldRepoClientBeNil: false, + shouldVulnClientBeNil: false, + shouldRepoBeNil: true, + wantErr: true, + }, + { + name: "repoURI is gitlab which is not supported", + args: args{ + ctx: context.Background(), + repoURI: "https://gitlab.com/ossf/scorecard", + localURI: "", + }, + shouldOSSFuzzBeNil: false, + shouldRepoClientBeNil: false, + shouldVulnClientBeNil: false, + shouldRepoBeNil: true, + wantErr: true, + }, + { + name: "repoURI is gitlab and experimental is true", + args: args{ + ctx: context.Background(), + repoURI: "https://gitlab.com/ossf/scorecard", + localURI: "", + }, + shouldOSSFuzzBeNil: false, + shouldRepoBeNil: false, + shouldRepoClientBeNil: false, + shouldVulnClientBeNil: false, + shouldCIIBeNil: false, + wantErr: false, + experimental: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + if tt.experimental { + t.Setenv("SCORECARD_EXPERIMENTAL", "true") + } + got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger) //nolint:lll + if (err != nil) != tt.wantErr { + t.Fatalf("GetClients() error = %v, wantErr %v", err, tt.wantErr) + } + if tt.shouldRepoBeNil != (got == nil) { + t.Errorf("GetClients() got = %v", got) + } + if repoClient != nil && tt.shouldRepoClientBeNil { + t.Errorf("GetClients() repoClient = %v ", repoClient) + } + if ossFuzzClient != nil && tt.shouldOSSFuzzBeNil { + t.Errorf("GetClients() ossFuzzClient = %v ", ossFuzzClient) + } + if ciiClient != nil && tt.shouldCIIBeNil { + t.Errorf("GetClients() ciiClient = %v", ciiClient) + } + if vulnsClient != nil && tt.shouldVulnClientBeNil { + t.Errorf("GetClients() vulnsClient = %v", vulnsClient) + } + }) + } +} From ccb461cd4962de6a03ea5d497ae2309353ae5915 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 13 Apr 2023 16:57:38 -0500 Subject: [PATCH 060/316] :seedling: Unit tests for checker/detail_logger_impl (#2852) * :seedling: Unit tests for checker/detail_logger_impl - Included tests for detail_logger_impl. - It has 100% coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checker/detail_logger_impl_test.go | 79 ++++++++++++++++++++++++++++++ checker/raw_result.go | 6 +-- 2 files changed, 82 insertions(+), 3 deletions(-) create mode 100644 checker/detail_logger_impl_test.go diff --git a/checker/detail_logger_impl_test.go b/checker/detail_logger_impl_test.go new file mode 100644 index 00000000000..c1cebcb8a61 --- /dev/null +++ b/checker/detail_logger_impl_test.go @@ -0,0 +1,79 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package checker + +import ( + "testing" +) + +func Test_logger_Info(t *testing.T) { + l := &logger{ + logs: []CheckDetail{}, + } + l.Info(&LogMessage{Text: "test"}) + if len(l.logs) != 1 && l.logs[0].Type != DetailInfo { + t.Errorf("expected 1 log, got %d", len(l.logs)) + } +} + +func Test_logger_Warn(t *testing.T) { + l := &logger{ + logs: []CheckDetail{}, + } + l.Warn(&LogMessage{Text: "test"}) + if len(l.logs) != 1 && l.logs[0].Type != DetailWarn { + t.Errorf("expected 1 log, got %d", len(l.logs)) + } +} + +func Test_logger_Flush(t *testing.T) { + l := &logger{ + logs: []CheckDetail{}, + } + l.Warn(&LogMessage{Text: "test"}) + ret := l.Flush() + if len(ret) != 1 { + t.Errorf("expected 1 log, got %d", len(ret)) + } + if len(l.logs) != 0 { + t.Errorf("expected 0 log, got %d", len(l.logs)) + } +} + +func Test_logger_Logs(t *testing.T) { + l := &logger{ + logs: []CheckDetail{}, + } + l.Warn(&LogMessage{Text: "test"}) + if len(l.Logs()) != 1 { + t.Errorf("expected 1 log, got %d", len(l.logs)) + } +} + +func Test_logger_Debug(t *testing.T) { + l := &logger{ + logs: []CheckDetail{}, + } + l.Debug(&LogMessage{Text: "test"}) + if len(l.logs) != 1 && l.logs[0].Type != DetailDebug { + t.Errorf("expected 1 log, got %d", len(l.logs)) + } +} + +func TestNewLogger(t *testing.T) { + l := NewLogger() + if l == nil { + t.Errorf("expected non-nil logger, got nil") + } +} diff --git a/checker/raw_result.go b/checker/raw_result.go index 5ec49e47998..6676babb7f5 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -81,7 +81,7 @@ type Package struct { Runs []Run } -// DependencyUseType reprensets a type of dependency use. +// DependencyUseType represents a type of dependency use. type DependencyUseType string const ( @@ -323,7 +323,7 @@ type DangerousWorkflow struct { File File } -// WorkflowJob reprresents a workflow job. +// WorkflowJob represents a workflow job. type WorkflowJob struct { Name *string ID *string @@ -348,7 +348,7 @@ const ( type PermissionLevel string const ( - // PermissionLevelUndeclared is an undecleared permission. + // PermissionLevelUndeclared is an undeclared permission. PermissionLevelUndeclared PermissionLevel = "undeclared" // PermissionLevelWrite is a permission set to `write` for a permission we consider potentially dangerous. PermissionLevelWrite PermissionLevel = "write" From 7eeffb16e4bbe9afd0a2a94ee5ef8d339bbf359a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 12:46:17 -0500 Subject: [PATCH 061/316] :seedling: Bump actions/checkout from 3.5.1 to 3.5.2 (#2869) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/83b7061638ee4956cf7545a6f7efe594e5ad0247...8e5e7e5ab8b370d6c329ec480221332ada57f0ab) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5b35a50fe41..85f103dba78 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 0349a9f2697..7d8727083dd 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - name: 'Dependency Review' uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 16b32b388c3..944c8388afe 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -36,7 +36,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 #v3.5.1 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2 with: fetch-depth: 2 - id: files @@ -86,7 +86,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -134,7 +134,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 90090261f44..f5bdbc7a0c4 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 530f3f5a42a..598c8a6341d 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -42,7 +42,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 91d160a7dec..2702c11db3f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -99,7 +99,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -147,7 +147,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -182,7 +182,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -230,7 +230,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -278,7 +278,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -326,7 +326,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -374,7 +374,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -422,7 +422,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -470,7 +470,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -518,7 +518,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -566,7 +566,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -614,7 +614,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -662,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -710,7 +710,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -745,7 +745,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -782,7 +782,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -829,7 +829,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -864,7 +864,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -893,7 +893,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 625ff5bbe7a..7040409f159 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -40,7 +40,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 48785f08655..68bc5dcd3e4 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - name: "Run analysis" uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 926c89508a8..4d7fa033dfd 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -15,7 +15,7 @@ jobs: ldflags: ${{ steps.ldflags.outputs.value }} steps: - id: checkout - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v2.3.4 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 with: fetch-depth: 0 - id: ldflags From d0e952c31779a851a1c8382dddd378d1d98d1ec8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 17:47:49 +0000 Subject: [PATCH 062/316] :seedling: Bump github/codeql-action from 2.2.11 to 2.2.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.11 to 2.2.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/d186a2a36cc67bfa1b860e6170d37fb9634742c7...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 85f103dba78..c8ff776cace 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 + uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 + uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 + uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 68bc5dcd3e4..ad2d4a95290 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v1 + uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 with: sarif_file: results.sarif From 1c0a2aeb2fdcdb9aa1aff11788f56dc2f0617b99 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 14 Apr 2023 15:03:02 -0500 Subject: [PATCH 063/316] :seedling: Included unit tests for CII Best practices (#2870) - Add a test file for the CII Best Practices checker - Add tests for different badge responses and assign different scores based on badge responses - Change CIIBestPractices function parameter and add a check for empty raw data Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/cii_best_practices.go | 2 +- checks/evaluation/cii_best_practices_test.go | 86 ++++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 checks/evaluation/cii_best_practices_test.go diff --git a/checks/evaluation/cii_best_practices.go b/checks/evaluation/cii_best_practices.go index 61d3a98865b..0d8e5dcef26 100644 --- a/checks/evaluation/cii_best_practices.go +++ b/checks/evaluation/cii_best_practices.go @@ -32,7 +32,7 @@ const ( ) // CIIBestPractices applies the score policy for the CIIBestPractices check. -func CIIBestPractices(name string, dl checker.DetailLogger, r *checker.CIIBestPracticesData) checker.CheckResult { +func CIIBestPractices(name string, _ checker.DetailLogger, r *checker.CIIBestPracticesData) checker.CheckResult { if r == nil { e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data") return checker.CreateRuntimeErrorResult(name, e) diff --git a/checks/evaluation/cii_best_practices_test.go b/checks/evaluation/cii_best_practices_test.go new file mode 100644 index 00000000000..d1798bfa72b --- /dev/null +++ b/checks/evaluation/cii_best_practices_test.go @@ -0,0 +1,86 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" +) + +func TestCIIBestPractices(t *testing.T) { + t.Run("CIIBestPractices", func(t *testing.T) { + t.Run("in progress", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.InProgress, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != inProgressScore { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, inProgressScore) + } + }) + t.Run("passing", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.Passing, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != passingScore { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, passingScore) + } + }) + t.Run("silver", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.Silver, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != silverScore { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, silverScore) + } + }) + t.Run("gold", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.Gold, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != checker.MaxResultScore { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, checker.MaxResultScore) + } + }) + t.Run("not found", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.NotFound, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != checker.MinResultScore { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, checker.MinResultScore) + } + }) + t.Run("error", func(t *testing.T) { + r := &checker.CIIBestPracticesData{ + Badge: clients.Unknown, + } + result := CIIBestPractices("CIIBestPractices", nil, r) + if result.Score != -1 { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, -1) + } + }) + t.Run("nil response", func(t *testing.T) { + result := CIIBestPractices("CIIBestPractices", nil, nil) + if result.Score != -1 { + t.Errorf("CIIBestPractices() = %v, want %v", result.Score, -1) + } + }) + }) +} From 2a5929162a33efe227a054fefab096c823549c3e Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 14 Apr 2023 16:16:53 -0500 Subject: [PATCH 064/316] :seedling: Unit tests for dangerous workflows (#2866) - Add a test to check for dangerous workflow patterns - Add checks to prevent script injection and invalid types - Add a check to ensure workflow data is valid [checks/evaluation/dangerous_workflow_test.go] - Add a test for dangerous workflow check - Add a check for empty workflow data - Add a check for dangerous workflow patterns - Add a check for script injection - Add a check for invalid types - Add a check for empty raw data - 100% Coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/dangerous_workflow_test.go | 157 +++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 checks/evaluation/dangerous_workflow_test.go diff --git a/checks/evaluation/dangerous_workflow_test.go b/checks/evaluation/dangerous_workflow_test.go new file mode 100644 index 00000000000..7726f33a64b --- /dev/null +++ b/checks/evaluation/dangerous_workflow_test.go @@ -0,0 +1,157 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + scut "github.com/ossf/scorecard/v4/utests" +) + +func TestDangerousWorkflow(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + name string + dl checker.DetailLogger + r *checker.DangerousWorkflowData + } + tests := []struct { + name string + args args + want checker.CheckResult + }{ + { + name: "DangerousWorkflow - empty", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: &checker.DangerousWorkflowData{}, + }, + want: checker.CheckResult{ + Score: 10, + Reason: "no dangerous workflow patterns detected", + Version: 2, + Name: "DangerousWorkflow", + }, + }, + { + name: "DangerousWorkflow - Dangerous workflow detected", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: &checker.DangerousWorkflowData{ + Workflows: []checker.DangerousWorkflow{ + { + Type: checker.DangerousWorkflowUntrustedCheckout, + File: checker.File{ + Path: "a", + Snippet: "a", + Offset: 0, + EndOffset: 0, + Type: 0, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Score: 0, + Reason: "dangerous workflow patterns detected", + Version: 2, + Name: "DangerousWorkflow", + }, + }, + { + name: "DangerousWorkflow - Script injection detected", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: &checker.DangerousWorkflowData{ + Workflows: []checker.DangerousWorkflow{ + { + Type: checker.DangerousWorkflowScriptInjection, + File: checker.File{ + Path: "a", + Snippet: "a", + Offset: 0, + EndOffset: 0, + Type: 0, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Score: 0, + Reason: "dangerous workflow patterns detected", + Version: 2, + Name: "DangerousWorkflow", + }, + }, + { + name: "DangerousWorkflow - unknown type", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: &checker.DangerousWorkflowData{ + Workflows: []checker.DangerousWorkflow{ + { + Type: "foobar", + File: checker.File{ + Path: "a", + Snippet: "a", + Offset: 0, + EndOffset: 0, + Type: 0, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Score: -1, + Reason: "internal error: invalid type", + Version: 2, + Name: "DangerousWorkflow", + }, + }, + { + name: "DangerousWorkflow - nil data", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: nil, + }, + want: checker.CheckResult{ + Score: -1, + Reason: "internal error: empty raw data", + Name: "DangerousWorkflow", + Version: 2, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := DangerousWorkflow(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll + t.Errorf("DangerousWorkflow() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From 66bd66f091a10bd1867d353b192860898598ba81 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 14 Apr 2023 17:19:52 -0500 Subject: [PATCH 065/316] :seedling: Unit tests Fuzzing Checker (#2867) - Add fuzzing tests for checker - Enhance logic for checking if project is fuzzed - Handle nil FuzzingData [checks/evaluation/fuzzing_test.go] - Add tests for fuzzing checker - Add logic to check if project is fuzzed or not - Add handling for nil FuzzingData Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/fuzzing_test.go | 104 ++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 checks/evaluation/fuzzing_test.go diff --git a/checks/evaluation/fuzzing_test.go b/checks/evaluation/fuzzing_test.go new file mode 100644 index 00000000000..89311490586 --- /dev/null +++ b/checks/evaluation/fuzzing_test.go @@ -0,0 +1,104 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + scut "github.com/ossf/scorecard/v4/utests" +) + +func TestFuzzing(t *testing.T) { + t.Parallel() + type args struct { //nolint + name string + dl checker.DetailLogger + r *checker.FuzzingData + } + tests := []struct { + name string + args args + want checker.CheckResult + }{ + { + name: "Fuzzing - no fuzzing", + args: args{ + name: "Fuzzing", + dl: &scut.TestDetailLogger{}, + r: &checker.FuzzingData{}, + }, + want: checker.CheckResult{ + Score: 0, + Name: "Fuzzing", + Version: 2, + Reason: "project is not fuzzed", + }, + }, + { + name: "Fuzzing - fuzzing", + args: args{ + name: "Fuzzing", + dl: &scut.TestDetailLogger{}, + r: &checker.FuzzingData{ + Fuzzers: []checker.Tool{ + { + Name: "Fuzzing", + Files: []checker.File{ + { + Path: "Fuzzing", + Type: 0, + Offset: 1, + Snippet: "Fuzzing", + }, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Score: 10, + Name: "Fuzzing", + Version: 2, + Reason: "project is fuzzed with [Fuzzing]", + }, + }, + { + name: "Fuzzing - fuzzing data nil", + args: args{ + name: "Fuzzing", + dl: &scut.TestDetailLogger{}, + r: nil, + }, + want: checker.CheckResult{ + Score: -1, + Name: "Fuzzing", + Version: 2, + Reason: "internal error: empty raw data", + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := Fuzzing(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll + t.Errorf("Fuzzing() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From 1c441f3773712e6d12de6b353c25b4c093c11015 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 15 Apr 2023 15:40:41 +0000 Subject: [PATCH 066/316] :seedling: Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0 Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.4.0 to 1.5.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index f5bdbc7a0c4..0d23eff4f13 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -72,7 +72,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 4d7fa033dfd..52a7b7e9c03 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -29,7 +29,7 @@ jobs: contents: write actions: read needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@bdd89e60dc5387d8f819bebc702987956bcd4913 # v1.2.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 # v1.2.0 with: go-version: 1.19 evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}" From 3bf6c2a90aba4929c2ea6c0e4c3c57c18131948a Mon Sep 17 00:00:00 2001 From: Avishay Balter Date: Mon, 17 Apr 2023 20:01:51 +0300 Subject: [PATCH 067/316] =?UTF-8?q?=E2=9C=A8=20add=20support=20for=20Nuget?= =?UTF-8?q?=20ad-hoc=20commands=20(add/install)=20in=20Pinned=20Dependency?= =?UTF-8?q?=20checks=20=20(#2779)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add nuget pinned dependency checks Signed-off-by: Avishay * checks.yaml Signed-off-by: Avishay * ✨ GitLab: Security Policy check (#2754) * Add tarballHandler for GitLab, enabling repo download Signed-off-by: Raghav Kaul * Abstract OrgSecurityPolicy details to RepoClient instead of checker Signed-off-by: Raghav Kaul * Remove Org() from RepoClient Signed-off-by: Raghav Kaul * Rename Signed-off-by: Raghav Kaul * Don't run as part of CI tests that depend on external sites Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722) * :seedling: Bump gocloud.dev from 0.26.0 to 0.29.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](https://github.com/google/go-cloud/compare/v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Switch pubsubpb import path. See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock --------- Signed-off-by: dependabot[bot] Signed-off-by: Spencer Schrock Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.2.6 to 2.2.7 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/16964e90ba004cdf0cd845b866b5df21038b7723...168b99b3c22180941ae7dbdd5f5c9678ede476ba) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * Remove unused code from changeset creation (#2776) Signed-off-by: Azeem Shaikh Signed-off-by: Avishay * :bug: Pass proper commit depth to github checkrun handler. (#2777) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * pr fixes Signed-off-by: Avishay * ✨ Support for GitHub's internal integration (#2773) * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon Signed-off-by: Avishay * 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781) * Remove duplicate RevisionID collision from changeset tests. The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal. Signed-off-by: Spencer Schrock * remove any potential sha collisions Signed-off-by: Spencer Schrock * Revert deduplications. Signed-off-by: Spencer Schrock * Use ReviewPlatform as tie breaker. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: enable fuzzing check in cron. (#2780) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/bd376fbcfae914347656e4c70801e2a3fafed05b...07f86bcdc42639264ec561c7f175fea5f532b6ce) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump actions/checkout from 3.3.0 to 3.4.0 (#2767) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/ac593985615ec2ede58e132d2e21d2b1cbd6127c...24cb9080177205b6e8c946b17badbe402adc938f) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * 🌱 Bump golangci-lint and fix configuration file. (#2783) * Bump golangci-lint to v1.52.1 Signed-off-by: Spencer Schrock * Remove deprecated linters. Signed-off-by: Spencer Schrock * Configure errorlint to ignore wrapping multiple errors. We don't use golang 1.20 yet. Signed-off-by: Spencer Schrock * extra go mod tidy to hide linter. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.0...v2.9.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.2.7 to 2.2.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/168b99b3c22180941ae7dbdd5f5c9678ede476ba...67a35a08586135a9573f4327e904ecbf517a882d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/c090f4e553673e6e505ea70d6a95362ee12adb94...f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :bug: Restore upload of existing raw result Big Query data (#2795) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/07f86bcdc42639264ec561c7f175fea5f532b6ce...db5dd7c176cf59a19ef6561bf1936f059dee4b74) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * 🌱 Restore API quota metrics for the weekly cron job. (#2799) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github.com/golangci/golangci-lint in /tools (#2794) Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.52.1...v1.52.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump google.golang.org/protobuf in /tools (#2759) Signed-off-by: Avishay * :seedling: Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769) Signed-off-by: Avishay * :seedling: Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737) * :seedling: Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis. Signed-off-by: Spencer Schrock --------- Signed-off-by: dependabot[bot] Signed-off-by: Spencer Schrock Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump actions/stale from 6.0.1 to 8.0.0 (#2793) Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/5ebf00ea0e4c1561e9b43a292ed34424fb1d4578...1160a2240286f5da8ec72b1c0816ce2481aabf84) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/6edd4406fa81c3da01a34fa6f6343087c207a568...4d34df0c2316fe8122ab82dc22947d607c0c91f9) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/8f67e590f2d095516493f017008adc464e63adb1...f82d6c1c344bcacabba2c841718984797f664a6b) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/google/osv-scanner (#2803) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.28.0...pubsub/v1.30.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2770) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.14.1...v1.16.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump actions/checkout from 3.4.0 to 3.5.0 (#2800) Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802) Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801) Signed-off-by: Avishay * :seedling: Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...80e868c13c90f172d68d1f4501dee99e2479f7af) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807) Signed-off-by: Avishay * :seedling: Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.48.0...bigquery/v1.49.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.49.0...bigquery/v1.50.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/1f99358870fe1c846a3ccba386cc2b2246836776...03bee3930647ebbf994244c21ddbc0d4933aab4f) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/docker/docker in /tools (#2825) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v23.0.1...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...d186a2a36cc67bfa1b860e6170d37fb9634742c7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 35.7.8 to 35.7.12 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/e9b5807e928fc8eea705c90da5524fd44b183ba1...b109d83a62e94cf7c522bf6c15cb25c175850b16) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/c3667d99424e7e6047999fb6246c0da843953c65...9e9de2292db7abb3f51b7f4808d98f0d347a8919) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/xeipuuv/gojsonschema Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0. - [Release notes](https://github.com/xeipuuv/gojsonschema/releases) - [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/xeipuuv/gojsonschema dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Unit tests for checker result and request (#2844) Included tests for checker result and request Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :sparkles: Consider haskell-actions/hlint-scan a code scanning action (#2846) * Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF. Signed-off-by: Yoo Chung * Test security-events permissions with actions known to upload SARIF. Signed-off-by: Yoo Chung --------- Signed-off-by: Yoo Chung Signed-off-by: Avishay * :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/otiai10/copy from 1.9.0 to 1.10.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/goreleaser/goreleaser in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.16.2...v1.17.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * 🌱 Add instructions to test cron controller + worker locally (#2817) * Add GitLab test repos. Signed-off-by: Spencer Schrock * Add test GitLab projects to release controller. Signed-off-by: Spencer Schrock * worker gitlab WIP Signed-off-by: Spencer Schrock * Read config in worker. Signed-off-by: Spencer Schrock * Use UTC time for shards. This avoids issues when the controller and worker timezones differ. Signed-off-by: Spencer Schrock * update directions for gcs fake Signed-off-by: Spencer Schrock * update readme Signed-off-by: Spencer Schrock * Undo gitlab parts, which will be its own PR. Signed-off-by: Spencer Schrock * Clarify project and config files are placeholders. Signed-off-by: Spencer Schrock * remove accidentally added whitespace Signed-off-by: Spencer Schrock * clarify code change with comment. Signed-off-by: Spencer Schrock * Minor edits. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump codecov/codecov-action from 3.1.0 to 3.1.2 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/81cd2dc8148241f03f5839d295e000b8f761e378...40a12dcee2df644d47232dde008099a3e9e4f865) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :book: Fix broken links. (#2858) Signed-off-by: Yoo Chung Signed-off-by: Avishay * :sparkles: Detect fuzzing in Haskell by the presence of property tests. (#2843) * Add Haskell as a language. Signed-off-by: Yoo Chung * Detect fuzzing in Haskell using presence of property-based testing. Signed-off-by: Yoo Chung * Mention fuzzing detection for Haskell in documentation. Signed-off-by: Yoo Chung * Fix pattern and test. Add test case. Signed-off-by: Yoo Chung --------- Signed-off-by: Yoo Chung Signed-off-by: Avishay * :seedling: Unit tests for attestor policy (#2857) - Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults` - Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review [attestor/policy/attestation_policy_test.go] - Add `github.com/google/go-cmp/cmp` to imports - Add a test for `GetRequiredChecksForPolicy` - Add a test for `EvaluateResults` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * ✨ Use local files instead of search for SAST CodeQL check (#2839) * Look for codeQL action use with local files instead of search. Signed-off-by: Spencer Schrock * Switch SAST mocks to using local file contents. Signed-off-by: Spencer Schrock * Update e2e test Signed-off-by: Spencer Schrock * Remove unneeded code. The tests deleted here were merged with another test in an earlier commit. Signed-off-by: Spencer Schrock * update Signed-off-by: Spencer Schrock * Add tests to get code coverage up. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: Avishay * .exe Signed-off-by: Avishay * lint Signed-off-by: Avishay * pr comments Signed-off-by: Avishay --------- Signed-off-by: Avishay Signed-off-by: Raghav Kaul Signed-off-by: dependabot[bot] Signed-off-by: Spencer Schrock Signed-off-by: Azeem Shaikh Signed-off-by: laurentsimon Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Yoo Chung Signed-off-by: Avishay Balter Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock Co-authored-by: Azeem Shaikh Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Yoo Chung Co-authored-by: Yoo Chung --- checker/raw_result.go | 4 +- checks/raw/pinned_dependencies_test.go | 24 +++- checks/raw/shell_download_validate.go | 110 +++++++++++++++++- checks/raw/shell_download_validate_test.go | 103 ++++++++++++++++ .../github-workflow-pkg-managers.yaml | 24 +++- checks/raw/testdata/Dockerfile-pkg-managers | 14 ++- checks/raw/testdata/script-pkg-managers | 10 ++ checks/raw/testdata/shell-download-lines.sh | 12 +- docs/checks.md | 4 +- docs/checks/internal/checks.yaml | 2 +- 10 files changed, 295 insertions(+), 12 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index 6676babb7f5..318a039a997 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -97,8 +97,10 @@ const ( DependencyUseTypeChocoCommand DependencyUseType = "chocoCommand" // DependencyUseTypeNpmCommand is an npm command. DependencyUseTypeNpmCommand DependencyUseType = "npmCommand" - // DependencyUseTypePipCommand is a pipp command. + // DependencyUseTypePipCommand is a pip command. DependencyUseTypePipCommand DependencyUseType = "pipCommand" + // DependencyUseTypeNugetCommand is a nuget command. + DependencyUseTypeNugetCommand DependencyUseType = "nugetCommand" ) // PinningDependenciesData represents pinned dependency data. diff --git a/checks/raw/pinned_dependencies_test.go b/checks/raw/pinned_dependencies_test.go index e0116d758f7..d1bf323d6c9 100644 --- a/checks/raw/pinned_dependencies_test.go +++ b/checks/raw/pinned_dependencies_test.go @@ -261,7 +261,7 @@ func TestGithubWorkflowPkgManagerPinning(t *testing.T) { { name: "npm packages without verification", filename: "./testdata/.github/workflows/github-workflow-pkg-managers.yaml", - warns: 46, + warns: 49, }, } for _, tt := range tests { @@ -819,6 +819,24 @@ func TestShellscriptInsecureDownloadsLineNumber(t *testing.T) { endLine: 56, t: checker.DependencyUseTypePipCommand, }, + { + snippet: "nuget install some-package", + startLine: 59, + endLine: 59, + t: checker.DependencyUseTypeNugetCommand, + }, + { + snippet: "dotnet add package some-package", + startLine: 63, + endLine: 63, + t: checker.DependencyUseTypeNugetCommand, + }, + { + snippet: "dotnet add SomeProject package some-package", + startLine: 64, + endLine: 64, + t: checker.DependencyUseTypeNugetCommand, + }, }, }, } @@ -971,7 +989,7 @@ func TestDockerfileScriptDownload(t *testing.T) { { name: "pkg managers", filename: "./testdata/Dockerfile-pkg-managers", - warns: 57, + warns: 60, }, { name: "download with some python", @@ -1089,7 +1107,7 @@ func TestShellScriptDownload(t *testing.T) { { name: "pkg managers", filename: "./testdata/script-pkg-managers", - warns: 53, + warns: 56, }, { name: "invalid shell script", diff --git a/checks/raw/shell_download_validate.go b/checks/raw/shell_download_validate.go index 11e707193b7..524e6d6e57e 100644 --- a/checks/raw/shell_download_validate.go +++ b/checks/raw/shell_download_validate.go @@ -45,8 +45,9 @@ var ( pythonInterpreters = []string{"python", "python3", "python2.7"} shellInterpreters = append([]string{"exec", "su"}, shellNames...) otherInterpreters = []string{"perl", "ruby", "php", "node", "nodejs", "java"} - interpreters = append(otherInterpreters, - append(shellInterpreters, append(shellNames, pythonInterpreters...)...)...) + dotnetInterpreters = []string{"dotnet", "nuget"} + interpreters = append(dotnetInterpreters, append(otherInterpreters, + append(shellInterpreters, append(shellNames, pythonInterpreters...)...)...)...) ) // Note: aws is handled separately because it uses different @@ -696,6 +697,93 @@ func isChocoUnpinnedDownload(cmd []string) bool { return true } +func isUnpinnedNugetCliInstall(cmd []string) bool { + // looking for command of type nuget install ... + if len(cmd) < 2 { + return false + } + + // Search for nuget commands. + if !isBinaryName("nuget", cmd[0]) && !isBinaryName("nuget.exe", cmd[0]) { + return false + } + + // Search for install commands. + if !strings.EqualFold(cmd[1], "install") { + return false + } + + // Assume installing a project with PackageReference (with versions) + // or packages.config at the root of command + if len(cmd) == 2 { + return false + } + + // Assume that the script is installing from a packages.config file (with versions) + // package.config schema has required version field + // https://learn.microsoft.com/en-us/nuget/reference/packages-config#schema + // and Nuget follows Semantic Versioning 2.0.0 (versions are immutable) + // https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#semantic-versioning-200 + if strings.HasSuffix(cmd[2], "packages.config") { + return false + } + + unpinnedDependency := true + for i := 2; i < len(cmd); i++ { + // look for version flag + if strings.EqualFold(cmd[i], "-Version") { + unpinnedDependency = false + break + } + } + + return unpinnedDependency +} + +func isUnpinnedDotNetCliInstall(cmd []string) bool { + // Search for command of type dotnet add package + if len(cmd) < 4 { + return false + } + // Search for dotnet commands. + if !isBinaryName("dotnet", cmd[0]) && !isBinaryName("dotnet.exe", cmd[0]) { + return false + } + + // Search for add commands. + if !strings.EqualFold(cmd[1], "add") { + return false + } + + // Search for package commands (can be either the second or the third word) + if !(strings.EqualFold(cmd[2], "package") || strings.EqualFold(cmd[3], "package")) { + return false + } + + unpinnedDependency := true + for i := 3; i < len(cmd); i++ { + // look for version flag + // https://learn.microsoft.com/en-us/dotnet/core/tools/dotnet-add-package + if strings.EqualFold(cmd[i], "-v") || strings.EqualFold(cmd[i], "--version") { + unpinnedDependency = false + break + } + } + return unpinnedDependency +} + +func isNugetUnpinnedDownload(cmd []string) bool { + if isUnpinnedDotNetCliInstall(cmd) { + return true + } + + if isUnpinnedNugetCliInstall(cmd) { + return true + } + + return false +} + func collectUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.Node, cmd, pathfn string, r *checker.PinningDependenciesData, ) { @@ -782,6 +870,24 @@ func collectUnpinnedPakageManagerDownload(startLine, endLine uint, node syntax.N return } + + // Nuget install. + if isNugetUnpinnedDownload(c) { + r.Dependencies = append(r.Dependencies, + checker.Dependency{ + Location: &checker.File{ + Path: pathfn, + Type: finding.FileTypeSource, + Offset: startLine, + EndOffset: endLine, + Snippet: cmd, + }, + Type: checker.DependencyUseTypeNugetCommand, + }, + ) + + return + } // TODO(laurent): add other package managers. } diff --git a/checks/raw/shell_download_validate_test.go b/checks/raw/shell_download_validate_test.go index a38115aad34..4624353e29c 100644 --- a/checks/raw/shell_download_validate_test.go +++ b/checks/raw/shell_download_validate_test.go @@ -107,6 +107,109 @@ func TestValidateShellFile(t *testing.T) { } } +func Test_isDotNetUnpinnedDownload(t *testing.T) { + type args struct { + cmd []string + } + tests := []struct { + name string + args args + want bool + }{ + { + name: "nuget install", + args: args{ + cmd: []string{"nuget", "install", "Newtonsoft.Json"}, + }, + want: true, + }, + { + name: "nuget restore", + args: args{ + cmd: []string{"nuget", "restore"}, + }, + want: false, + }, + { + name: "nuget install with -Version", + args: args{ + cmd: []string{"nuget", "install", "Newtonsoft.Json", "-Version", "2"}, + }, + want: false, + }, + { + name: "nuget install with packages.config", + args: args{ + cmd: []string{"nuget", "install", "config\\packages.config"}, + }, + want: false, + }, + { + name: "dotnet add", + args: args{ + cmd: []string{"dotnet", "add", "package", "Newtonsoft.Json"}, + }, + want: true, + }, + { + name: "dotnet add to project", + args: args{ + cmd: []string{"dotnet", "add", "project1", "package", "Newtonsoft.Json"}, + }, + want: true, + }, + { + name: "dotnet add reference to project", + args: args{ + cmd: []string{"dotnet", "add", "project1", "reference", "OtherProject"}, + }, + want: false, + }, + { + name: "dotnet build", + args: args{ + cmd: []string{"dotnet", "build"}, + }, + want: false, + }, + { + name: "dotnet add with -v", + args: args{ + cmd: []string{"dotnet", "add", "package", "Newtonsoft.Json", "-v", "2.0"}, + }, + want: false, + }, + { + name: "dotnet add to project with -v", + args: args{ + cmd: []string{"dotnet", "add", "project1", "package", "Newtonsoft.Json", "-v", "2.0"}, + }, + want: false, + }, + { + name: "dotnet add reference to project with -v", + args: args{ + cmd: []string{"dotnet", "add", "project1", "reference", "Newtonsoft.Json", "-v", "2.0"}, + }, + want: false, + }, + { + name: "dotnet add with --version", + args: args{ + cmd: []string{"dotnet", "add", "package", "Newtonsoft.Json", "--version", "2.0"}, + }, + want: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := isNugetUnpinnedDownload(tt.args.cmd); got != tt.want { + t.Errorf("isNugetUnpinnedDownload() = %v, want %v", got, tt.want) + } + }) + } +} + func Test_isGoUnpinnedDownload(t *testing.T) { type args struct { cmd []string diff --git a/checks/raw/testdata/.github/workflows/github-workflow-pkg-managers.yaml b/checks/raw/testdata/.github/workflows/github-workflow-pkg-managers.yaml index 1b89a440469..7b28e3ec97c 100644 --- a/checks/raw/testdata/.github/workflows/github-workflow-pkg-managers.yaml +++ b/checks/raw/testdata/.github/workflows/github-workflow-pkg-managers.yaml @@ -161,4 +161,26 @@ jobs: - name: run: choco install --requirechecksums 'some-package' - name: - run: choco install --require-checksums 'some-package' \ No newline at end of file + run: choco install --require-checksums 'some-package' + - name: + run: nuget install 'some-package' + - name: + run: nuget restore + - name: + run: dotnet add package 'some-package' + - name: + run: dotnet add SomeProject package 'some-package' + - name: + run: nuget install 'some-package' -Version 1.2.3 + - name: + run: nuget install packages.config + - name: + run: nuget install packages/packages.config + - name: + run: dotnet add package 'some-package' -v 1.2.3 + - name: + run: dotnet build + - name: + run: dotnet add package 'some-package' --version 1.2.3 + - name: + run: dotnet add SomeProject package 'some-package' --version 1.2.3 \ No newline at end of file diff --git a/checks/raw/testdata/Dockerfile-pkg-managers b/checks/raw/testdata/Dockerfile-pkg-managers index 98183685c25..0208433c8d5 100644 --- a/checks/raw/testdata/Dockerfile-pkg-managers +++ b/checks/raw/testdata/Dockerfile-pkg-managers @@ -122,4 +122,16 @@ RUN choco install 'some-package' RUN choco install 'some-other-package' RUN choco install --requirechecksum 'some-package' RUN choco install --requirechecksums 'some-package' -RUN choco install --require-checksums 'some-package' \ No newline at end of file +RUN choco install --require-checksums 'some-package' + + +RUN nuget install some-package +RUN nuget restore +RUN nuget install some-package -Version 1.2.3 +RUN nuget install packages.config +RUN dotnet add package some-package +RUN dotnet add SomeProject package some-package +RUN dotnet build +RUN dotnet add package some-package -v 1.2.3 +RUN dotnet add package some-package --version 1.2.3 +RUN dotnet add SomeProject package some-package --version 1.2.3 \ No newline at end of file diff --git a/checks/raw/testdata/script-pkg-managers b/checks/raw/testdata/script-pkg-managers index 684c85cf5c4..e13e6f2b646 100644 --- a/checks/raw/testdata/script-pkg-managers +++ b/checks/raw/testdata/script-pkg-managers @@ -123,3 +123,13 @@ choco install 'some-other-package' choco install --requirechecksum 'some-package' choco install --requirechecksums 'some-package' choco install --require-checksums 'some-package' + +nuget install some-package +nuget restore +nuget install some-package -Version 1.2.3 +nuget install packages.config +dotnet add package some-package +dotnet add SomeProject package some-package +dotnet build +dotnet add package some-package -v 1.2.3 +dotnet add package some-package --version 1.2.3 diff --git a/checks/raw/testdata/shell-download-lines.sh b/checks/raw/testdata/shell-download-lines.sh index 053687afe4d..6a4f934e726 100644 --- a/checks/raw/testdata/shell-download-lines.sh +++ b/checks/raw/testdata/shell-download-lines.sh @@ -54,4 +54,14 @@ pip install --no-deps -e . git+https://github.com/username/repo.git pip install --no-deps -e . git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package python -m pip install --no-deps -e git+https://github.com/username/repo.git -python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package \ No newline at end of file +python -m pip install --no-deps -e git+https://github.com/username/repo.git@0123456789abcdef0123456789abcdef01234567#egg=package + +nuget install some-package +nuget restore +nuget install some-package -Version 1.2.3 +nuget install packages.config +dotnet add package some-package +dotnet add SomeProject package some-package +dotnet build +dotnet add package some-package -v 1.2.3 +dotnet add package some-package --version 1.2.3 \ No newline at end of file diff --git a/docs/checks.md b/docs/checks.md index 2883446a91e..fe95ebd23d6 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -102,7 +102,7 @@ Note: If Scorecard is run without an administrative access token, the requiremen Tier 1 Requirements (3/10 points): - Prevent force push - Prevent branch deletion - - For administrators: Do not allow bypassing the above settings + - For administrators: Include administrator for review Tier 2 Requirements (6/10 points): - Required reviewers >=1 @@ -503,7 +503,7 @@ dependencies using the [GitHub dependency graph](https://docs.github.com/en/code **Remediation steps** -- If your project is producing an application, declare all your dependencies with specific versions in your package format file (e.g. `package.json` for npm, `requirements.txt` for python). For C/C++, check in the code from a trusted source and add a `README` on the specific version used (and the archive SHA hashes). +- If your project is producing an application, declare all your dependencies with specific versions in your package format file (e.g. `package.json` for npm, `requirements.txt` for python, `packages.config` for nuget). For C/C++, check in the code from a trusted source and add a `README` on the specific version used (and the archive SHA hashes). - If your project is producing an application and the package manager supports lock files (e.g. `package-lock.json` for npm), make sure to check these in the source code as well. These files maintain signatures for the entire dependency tree and saves from future exploitation in case the package is compromised. - For Dockerfiles used in building and releasing your project, pin dependencies by hash. See [Dockerfile](https://github.com/ossf/scorecard/blob/main/cron/internal/worker/Dockerfile) for example. If you are using a manifest list to support builds across multiple architectures, you can pin to the manifest list hash instead of a single image hash. You can use a tool like [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md) to obtain the hash of the manifest list like in this [example](https://github.com/ossf/scorecard/issues/1773#issuecomment-1076699039). - For GitHub workflows used in building and releasing your project, pin dependencies by hash. See [main.yaml](https://github.com/ossf/scorecard/blob/f55b86d6627cc3717e3a0395e03305e81b9a09be/.github/workflows/main.yml#L27) for example. To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking the "Pin actions to a full length commit SHA". You may also tick the "Restrict permissions for GITHUB_TOKEN" to fix issues found by the Token-Permissions check. diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index f8709cd6559..0321985e02f 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -503,7 +503,7 @@ checks: remediation: - >- If your project is producing an application, declare all your dependencies with specific versions in your package - format file (e.g. `package.json` for npm, `requirements.txt` for python). + format file (e.g. `package.json` for npm, `requirements.txt` for python, `packages.config` for nuget). For C/C++, check in the code from a trusted source and add a `README` on the specific version used (and the archive SHA hashes). - >- From d0bfc0bc69c2f750c5feee473eaba5602eed89c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 17:07:29 +0000 Subject: [PATCH 068/316] :seedling: Bump golang from `25de7b6` to `403f486` in /cron/internal/cii Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/cii/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 44c5f1b3692..575b336ca64 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 20e84875559c29efd95e33306db15ff4d6088bf9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 17:20:55 +0000 Subject: [PATCH 069/316] :seedling: Bump golang in /cron/internal/worker Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/worker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index 7218b94042c..0cc8f1008b6 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 8183a9f96fec452a3d8fad4f6813e10b0c84324e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 17:33:22 +0000 Subject: [PATCH 070/316] :seedling: Bump golang from `25de7b6` to `403f486` Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e8d66b69ad5..b4b5288545c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From b7180e84729dca13de04d5bac4e71bd21a7e52f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 17:45:58 +0000 Subject: [PATCH 071/316] :seedling: Bump distroless/base Bumps distroless/base from `4b22ca3` to `e406b1d`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 968dd6a3c8e..6e3153833c5 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -24,6 +24,6 @@ ARG TARGETOS ARG TARGETARCH RUN CGO_ENABLED=0 make build-github-server -FROM gcr.io/distroless/base:nonroot@sha256:4b22ca3c68018333c56f8dddcf1f8b55f32889f2dd12d28ab60856eba1130d04 +FROM gcr.io/distroless/base:nonroot@sha256:e406b1da09bc455495417a809efe48a03c48011a89f6eb57b0ab882508021c0d COPY --from=authserver /src/clients/githubrepo/roundtripper/tokens/server/github-auth-server clients/githubrepo/roundtripper/tokens/server/github-auth-server ENTRYPOINT ["clients/githubrepo/roundtripper/tokens/server/github-auth-server"] From 6858355f246efeb0a5ff024f4585a6c208fa4b68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 18:09:49 +0000 Subject: [PATCH 072/316] :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `ea3d912` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 6e3153833c5..d0012b6d7d5 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From ab74f25f9cdc1342f1288e00a184766ea9064617 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 18:23:12 +0000 Subject: [PATCH 073/316] :seedling: Bump golang in /cron/internal/controller Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/controller/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 9dd74ffa638..2477bad5279 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From a91a0d8026a59ff3f937c160281cca906eb7e6d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 18:35:26 +0000 Subject: [PATCH 074/316] :seedling: Bump golang in /cron/internal/webhook Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/webhook/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index 3251717bfe5..1b3e3a1b8ad 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From e1d4f3726920cc49615c1cae8d920a75975500d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Apr 2023 18:47:43 +0000 Subject: [PATCH 075/316] :seedling: Bump golang from `25de7b6` to `403f486` in /cron/internal/bq Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/bq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index a67920a2d26..b731c679354 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:25de7b6b28219279a409961158c547aadd0960cf2dcbc533780224afa1157fd4 AS base +FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 81e6c21132dc9264f2b036b21c9bebc8939972a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Apr 2023 08:57:59 +0000 Subject: [PATCH 076/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.82.0 to 0.83.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.82.0 to 0.83.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.82.0...v0.83.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 36621be8109..0b23e9fd01c 100644 --- a/go.mod +++ b/go.mod @@ -163,7 +163,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.2 // indirect - github.com/xanzy/go-gitlab v0.82.0 + github.com/xanzy/go-gitlab v0.83.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 0a876c23529..9f48f885bba 100644 --- a/go.sum +++ b/go.sum @@ -1963,8 +1963,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.82.0 h1:WUAqZqNj/VGsXvFM9mYC0MEpPpmK4sHoOAryRQJARp4= -github.com/xanzy/go-gitlab v0.82.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= +github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 6506930fa11bd35e9038b1d055909329232b8819 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Apr 2023 15:50:49 +0000 Subject: [PATCH 077/316] :seedling: Bump cloud.google.com/go/bigquery from 1.50.0 to 1.51.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.50.0 to 1.51.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.50.0...bigquery/v1.51.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0b23e9fd01c..17c83bc9e53 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.50.0 + cloud.google.com/go/bigquery v1.51.0 cloud.google.com/go/monitoring v1.13.0 // indirect cloud.google.com/go/pubsub v1.30.0 cloud.google.com/go/trace v1.9.0 // indirect diff --git a/go.sum b/go.sum index 9f48f885bba..9717701a92c 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.50.0 h1:RscMV6LbnAmhAzD893Lv9nXXy2WCaJmbxYPWDLbGqNQ= -cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= +cloud.google.com/go/bigquery v1.51.0 h1:Y3qpQAdMQlbD2xJ70Y6flcK/CVpjLRuVrR0rJSi7wD4= +cloud.google.com/go/bigquery v1.51.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= From bdb512360d6420d69801fd4d41161a6b82dc5cbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Apr 2023 16:26:45 +0000 Subject: [PATCH 078/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2880) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.17.0 to 1.17.1. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.17.0...v1.17.1) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 9c00d779a08..11b6663bb3e 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.17.0 + github.com/goreleaser/goreleaser v1.17.1 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.2 google.golang.org/protobuf v1.30.0 diff --git a/tools/go.sum b/tools/go.sum index 5a3db811086..2252319cec5 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1464,8 +1464,8 @@ github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6 github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.17.0 h1:CcA7EOcljdYhpEY2MUI1je6swCTCAlubxZk1VCbPKBY= -github.com/goreleaser/goreleaser v1.17.0/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= +github.com/goreleaser/goreleaser v1.17.1 h1:8Phogx0J2/zmzHCCHWs4RV6tc2R77Kw666sGXt+o8xY= +github.com/goreleaser/goreleaser v1.17.1/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= From e1afb499ec1565e89a5f697e28bb70d4b53936fa Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 18 Apr 2023 15:02:26 -0500 Subject: [PATCH 079/316] :seedling: Unit tests for checks/evaluation/license.go (#2885) - Add tests for license scoring criteria - Add license checker tests for no license, no license files, and license files detected - 100% coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/license_test.go | 172 ++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 checks/evaluation/license_test.go diff --git a/checks/evaluation/license_test.go b/checks/evaluation/license_test.go new file mode 100644 index 00000000000..3ea4771582a --- /dev/null +++ b/checks/evaluation/license_test.go @@ -0,0 +1,172 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + scut "github.com/ossf/scorecard/v4/utests" +) + +func Test_scoreLicenseCriteria(t *testing.T) { + t.Parallel() + type args struct { + f *checker.LicenseFile + dl checker.DetailLogger + } + tests := []struct { //nolint:govet + name string + args args + want int + }{ + { + name: "License Attribution Type API", + args: args{ + f: &checker.LicenseFile{ + LicenseInformation: checker.License{ + Attribution: checker.LicenseAttributionTypeAPI, + Approved: true, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 10, + }, + { + name: "License Attribution Type Heuristics", + args: args{ + f: &checker.LicenseFile{ + LicenseInformation: checker.License{ + Attribution: checker.LicenseAttributionTypeHeuristics, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 9, + }, + { + name: "License Attribution Type Other", + args: args{ + f: &checker.LicenseFile{ + LicenseInformation: checker.License{ + Attribution: checker.LicenseAttributionTypeOther, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 6, + }, + { + name: "License Attribution Type Unknown", + args: args{ + f: &checker.LicenseFile{ + LicenseInformation: checker.License{ + Attribution: "Unknown", + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 6, + }, + } + for _, tt := range tests { + tt := tt // Parallel testing scoping hack. + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := scoreLicenseCriteria(tt.args.f, tt.args.dl); got != tt.want { + t.Errorf("scoreLicenseCriteria() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestLicense(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + name string + dl checker.DetailLogger + r *checker.LicenseData + } + tests := []struct { + name string + args args + want checker.CheckResult + }{ + { + name: "No License", + args: args{ + name: "No License", + dl: &scut.TestDetailLogger{}, + }, + want: checker.CheckResult{ + Score: -1, + Version: 2, + Reason: "internal error: empty raw data", + Name: "No License", + }, + }, + { + name: "No License Files", + args: args{ + name: "No License Files", + dl: &scut.TestDetailLogger{}, + r: &checker.LicenseData{ + LicenseFiles: []checker.LicenseFile{}, + }, + }, + want: checker.CheckResult{ + Score: 0, + Version: 2, + Reason: "license file not detected", + Name: "No License Files", + }, + }, + { + name: "License Files Detected", + args: args{ + name: "License Files Detected", + dl: &scut.TestDetailLogger{}, + r: &checker.LicenseData{ + LicenseFiles: []checker.LicenseFile{ + { + LicenseInformation: checker.License{ + Attribution: checker.LicenseAttributionTypeAPI, + Approved: true, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Score: 10, + Version: 2, + Reason: "license file detected", + Name: "License Files Detected", + }, + }, + } + for _, tt := range tests { + tt := tt // Parallel testing scoping hack. + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := License(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll + t.Errorf("License() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From 4e95816f4f0510f29ac1e680f4bea4cbe9666b1d Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 18 Apr 2023 15:39:47 -0500 Subject: [PATCH 080/316] :seedling: Unit test for Contributors (#2881) - Code coverage of 95% for contributors. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/contributors_test.go | 154 +++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 checks/evaluation/contributors_test.go diff --git a/checks/evaluation/contributors_test.go b/checks/evaluation/contributors_test.go new file mode 100644 index 00000000000..87b2c622df7 --- /dev/null +++ b/checks/evaluation/contributors_test.go @@ -0,0 +1,154 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/utests" +) + +func TestContributors(t *testing.T) { + t.Parallel() + testCases := []struct { + name string + raw *checker.ContributorsData + expected checker.CheckResult + }{ + { + name: "No data", + raw: nil, + expected: checker.CheckResult{ + Version: 2, + Score: -1, + Reason: "internal error: empty raw data", + }, + }, + { + name: "No contributors", + raw: &checker.ContributorsData{ + Users: []clients.User{}, + }, + expected: checker.CheckResult{ + Version: 2, + Score: 0, + Reason: "0 different organizations found -- score normalized to 0", + }, + }, + { + name: "Contributors with orgs and number of contributions is greater than 5 with companies", + raw: &checker.ContributorsData{ + Users: []clients.User{ + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org1", + }, + }, + Companies: []string{"company1"}, + }, + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org2", + }, + }, + }, + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org3", + }, + }, + }, + { + NumContributions: 1, + Organizations: []clients.User{ + { + Login: "org2", + }, + }, + }, + }, + }, + expected: checker.CheckResult{ + Version: 2, + Score: 10, + Reason: "4 different organizations found -- score normalized to 10", + }, + }, + { + name: "Contributors with orgs and number of contributions is greater than 5 without companies", + raw: &checker.ContributorsData{ + Users: []clients.User{ + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org1", + }, + }, + }, + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org2", + }, + }, + }, + { + NumContributions: 10, + Organizations: []clients.User{ + { + Login: "org3", + }, + }, + }, + { + NumContributions: 1, + Organizations: []clients.User{ + { + Login: "org10", + }, + }, + }, + }, + }, + expected: checker.CheckResult{ + Version: 2, + Score: 10, + Reason: "3 different organizations found -- score normalized to 10", + }, + }, + } + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + result := Contributors("", &utests.TestDetailLogger{}, tc.raw) + if !cmp.Equal(result, tc.expected, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:govet + t.Errorf("expected %v, got %v", tc.expected, cmp.Diff(tc.expected, result, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From cc817ef7595db935df59bee0056869a6119f4f64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Apr 2023 09:28:34 -0500 Subject: [PATCH 081/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2886) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.17.1 to 1.17.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.17.1...v1.17.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 11b6663bb3e..986497eccf6 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.17.1 + github.com/goreleaser/goreleaser v1.17.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.2 google.golang.org/protobuf v1.30.0 diff --git a/tools/go.sum b/tools/go.sum index 2252319cec5..fe5d78a51ba 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1464,8 +1464,8 @@ github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6 github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.17.1 h1:8Phogx0J2/zmzHCCHWs4RV6tc2R77Kw666sGXt+o8xY= -github.com/goreleaser/goreleaser v1.17.1/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= +github.com/goreleaser/goreleaser v1.17.2 h1:31zA06Sz6/zMNDMvI7l6I4XwFMRoI/WnTMiX8Puu6tE= +github.com/goreleaser/goreleaser v1.17.2/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= From aa01849437c8c1e5349598113d61539d94068705 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 19 Apr 2023 13:55:53 -0500 Subject: [PATCH 082/316] :seedling: Unit tests checks/evaluation/maintained.go (#2887) - Unit tests for checks/evaluation/maintained.go - 100% coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/maintained_test.go | 236 +++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) create mode 100644 checks/evaluation/maintained_test.go diff --git a/checks/evaluation/maintained_test.go b/checks/evaluation/maintained_test.go new file mode 100644 index 00000000000..5170691560c --- /dev/null +++ b/checks/evaluation/maintained_test.go @@ -0,0 +1,236 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" + scut "github.com/ossf/scorecard/v4/utests" +) + +func Test_hasActivityByCollaboratorOrHigher(t *testing.T) { + t.Parallel() + r := clients.RepoAssociationCollaborator + twentDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) + type args struct { + issue *clients.Issue + threshold time.Time + } + tests := []struct { //nolint:govet + name string + args args + want bool + }{ + { + name: "nil issue", + args: args{ + issue: nil, + threshold: time.Now(), + }, + want: false, + }, + { + name: "repo-association collaborator", + args: args{ + issue: &clients.Issue{ + CreatedAt: nil, + AuthorAssociation: &r, + }, + }, + want: false, + }, + { + name: "twentyDaysAgo", + args: args{ + issue: &clients.Issue{ + CreatedAt: &twentDaysAgo, + AuthorAssociation: &r, + }, + }, + want: true, + }, + { + name: "repo-association collaborator with comment", + args: args{ + issue: &clients.Issue{ + CreatedAt: nil, + AuthorAssociation: &r, + Comments: []clients.IssueComment{ + { + CreatedAt: &twentDaysAgo, + AuthorAssociation: &r, + }, + }, + }, + }, + want: true, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := hasActivityByCollaboratorOrHigher(tt.args.issue, tt.args.threshold); got != tt.want { + t.Errorf("hasActivityByCollaboratorOrHigher() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestMaintained(t *testing.T) { + twentyDaysAgo := time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/) + collab := clients.RepoAssociationCollaborator + t.Parallel() + type args struct { //nolint:govet + name string + dl checker.DetailLogger + r *checker.MaintainedData + } + tests := []struct { + name string + args args + want checker.CheckResult + }{ + { + name: "nil", + args: args{ + name: "test", + dl: nil, + r: nil, + }, + want: checker.CheckResult{ + Name: "test", + Version: 2, + Reason: "internal error: empty raw data", + Score: -1, + }, + }, + { + name: "archived", + args: args{ + name: "test", + dl: nil, + r: &checker.MaintainedData{ + ArchivedStatus: checker.ArchivedStatus{Status: true}, + }, + }, + want: checker.CheckResult{ + Name: "test", + Version: 2, + Reason: "repo is marked as archived", + Score: 0, + }, + }, + { + name: "no activity", + args: args{ + name: "test", + dl: nil, + r: &checker.MaintainedData{ + ArchivedStatus: checker.ArchivedStatus{Status: false}, + DefaultBranchCommits: []clients.Commit{ + { + CommittedDate: time.Date(2020, 1, 1, 0, 0, 0, 0, time.UTC), + }, + }, + }, + }, + want: checker.CheckResult{ + Name: "test", + Version: 2, + Reason: "0 commit(s) out of 1 and 0 issue activity out of 0 found in the last 90 days -- score normalized to 0", + Score: 0, + }, + }, + { + name: "commit activity in the last 30 days", + args: args{ + name: "test", + dl: &scut.TestDetailLogger{}, + r: &checker.MaintainedData{ + ArchivedStatus: checker.ArchivedStatus{Status: false}, + DefaultBranchCommits: []clients.Commit{ + { + CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/), + }, + { + CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -10 /*days*/), + }, + }, + + Issues: []clients.Issue{ + { + CreatedAt: &twentyDaysAgo, + AuthorAssociation: &collab, + }, + }, + CreatedAt: time.Now().AddDate(0 /*years*/, 0 /*months*/, -100 /*days*/), + }, + }, + want: checker.CheckResult{ + Name: "test", + Version: 2, + Reason: "2 commit(s) out of 2 and 1 issue activity out of 1 found in the last 90 days -- score normalized to 2", + Score: 2, + }, + }, + { + name: "Repo created recently", + args: args{ + name: "test", + dl: &scut.TestDetailLogger{}, + r: &checker.MaintainedData{ + ArchivedStatus: checker.ArchivedStatus{Status: false}, + DefaultBranchCommits: []clients.Commit{ + { + CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -20 /*days*/), + }, + { + CommittedDate: time.Now().AddDate(0 /*years*/, 0 /*months*/, -10 /*days*/), + }, + }, + + Issues: []clients.Issue{ + { + CreatedAt: &twentyDaysAgo, + AuthorAssociation: &collab, + }, + }, + CreatedAt: time.Now().AddDate(0 /*years*/, 0 /*months*/, -10 /*days*/), + }, + }, + want: checker.CheckResult{ + Name: "test", + Version: 2, + Reason: "repo was created 10 days ago, not enough maintenance history", + Score: 0, + }, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := Maintained(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll + t.Errorf("Maintained() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From 953e68c822cc4be974cf753a1a729cacb7e44a2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Apr 2023 08:21:00 -0500 Subject: [PATCH 083/316] :seedling: Bump github.com/otiai10/copy from 1.10.0 to 1.11.0 (#2890) Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 17c83bc9e53..f2d3ae5660c 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( github.com/google/osv-scanner v1.3.1 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.2 - github.com/otiai10/copy v1.10.0 + github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 9717701a92c..57794631fa2 100644 --- a/go.sum +++ b/go.sum @@ -1708,8 +1708,8 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= -github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= -github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= +github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc= +github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= From ef770829084926a3aaba2bfb45a88c9d27439b2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Apr 2023 13:36:52 +0000 Subject: [PATCH 084/316] :seedling: Bump step-security/harden-runner from 2.3.0 to 2.3.1 (#2889) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/03bee3930647ebbf994244c21ddbc0d4933aab4f...6b3083af2869dc3314a0257a42f4af696cc79ba3) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 14 +++++----- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 4 +-- .github/workflows/main.yml | 40 +++++++++++++-------------- .github/workflows/publishimage.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 8 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c8ff776cace..981c35a50ab 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 944c8388afe..51a53235ae2 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 0d23eff4f13..bd846291eab 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 598c8a6341d..4d6233f930a 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2702c11db3f..36d4ec1f8a2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 7040409f159..597c6fb59ef 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f8e006107de..e5e804708a4 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 27474ae31da..b64405929b1 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs From 6c5de2c32a4b8f60211e8e8eb94f8d3370a11b93 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Thu, 20 Apr 2023 14:28:10 -0700 Subject: [PATCH 085/316] =?UTF-8?q?=F0=9F=90=9B=20Reset=20stored=20error?= =?UTF-8?q?=20when=20handler=20is=20re-inited=20or=20setup=20is=20re-run.?= =?UTF-8?q?=20(#2893)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Reset stored error when checkruns handler is re-inited or setup is run agaain. Signed-off-by: Spencer Schrock * Add test. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- clients/githubrepo/checkruns.go | 2 ++ clients/githubrepo/checkruns_test.go | 30 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 clients/githubrepo/checkruns_test.go diff --git a/clients/githubrepo/checkruns.go b/clients/githubrepo/checkruns.go index 6ed5c04d5b3..22ffe662093 100644 --- a/clients/githubrepo/checkruns.go +++ b/clients/githubrepo/checkruns.go @@ -89,10 +89,12 @@ func (handler *checkrunsHandler) init(ctx context.Context, repourl *repoURL, com handler.checkData = new(checkRunsGraphqlData) handler.setupOnce = new(sync.Once) handler.checkRunsByRef = checkRunsByRef{} + handler.errSetup = nil } func (handler *checkrunsHandler) setup() error { handler.setupOnce.Do(func() { + handler.errSetup = nil commitExpression := handler.repourl.commitExpression() vars := map[string]interface{}{ "owner": githubv4.String(handler.repourl.owner), diff --git a/clients/githubrepo/checkruns_test.go b/clients/githubrepo/checkruns_test.go new file mode 100644 index 00000000000..2d12d68e464 --- /dev/null +++ b/clients/githubrepo/checkruns_test.go @@ -0,0 +1,30 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "testing" + + sce "github.com/ossf/scorecard/v4/errors" +) + +func Test_init_clearsErr(t *testing.T) { + handler := &checkrunsHandler{errSetup: sce.ErrScorecardInternal} + handler.init(context.Background(), nil, 0) + if handler.errSetup != nil { + t.Errorf("expected nil error, got %v", handler.errSetup) + } +} From 99751c0241c6e7317b570e39b5e5fa56e904b3d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Apr 2023 08:58:15 +0000 Subject: [PATCH 086/316] :seedling: Bump github.com/moby/buildkit from 0.11.5 to 0.11.6 Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.5 to 0.11.6. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.11.5...v0.11.6) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index f2d3ae5660c..dc2936a763b 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/grafeas/kritis v0.2.3-0.20210120183821-faeba81c520c github.com/h2non/filetype v1.1.3 github.com/jszwec/csvutil v1.8.0 - github.com/moby/buildkit v0.11.5 + github.com/moby/buildkit v0.11.6 github.com/olekukonko/tablewriter v0.0.5 github.com/onsi/gomega v1.27.6 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa @@ -156,7 +156,7 @@ require ( github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc2 // indirect + github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect github.com/pkg/errors v0.9.1 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/robfig/cron v1.2.0 // indirect diff --git a/go.sum b/go.sum index 57794631fa2..22ffc032830 100644 --- a/go.sum +++ b/go.sum @@ -1591,8 +1591,8 @@ github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= -github.com/moby/buildkit v0.11.5 h1:S6YrFJ0bfBT2w9e8kOxqsDV8Bw+HtfqdB6eHL17BXRI= -github.com/moby/buildkit v0.11.5/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= +github.com/moby/buildkit v0.11.6 h1:VYNdoKk5TVxN7k4RvZgdeM4GOyRvIi4Z8MXOY7xvyUs= +github.com/moby/buildkit v0.11.6/go.mod h1:GCqKfHhz+pddzfgaR7WmHVEE3nKKZMMDPpK8mh3ZLv4= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= From 9a3ed3de692c30cb06549915474282f2f92e1a15 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Apr 2023 12:00:44 +0000 Subject: [PATCH 087/316] :seedling: Bump codecov/codecov-action from 3.1.2 to 3.1.3 (#2894) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/40a12dcee2df644d47232dde008099a3e9e4f865...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/integration.yml | 4 ++-- .github/workflows/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 4d6233f930a..62fc26e7a4b 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -67,7 +67,7 @@ jobs: command: make e2e-gh-token - name: codecov - uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 + uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./e2e-coverage.out verbose: true @@ -81,7 +81,7 @@ jobs: command: make e2e-gitlab - name: codecov - uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 + uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./e2e-coverage.out verbose: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 36d4ec1f8a2..4380a046e14 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -66,7 +66,7 @@ jobs: - name: Run unit-tests run: make unit-test - name: Upload codecoverage - uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 + uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./unit-coverage.out verbose: true From 130a31fba974ab1fb77a855044a53dfe9aa04654 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Fri, 21 Apr 2023 14:58:42 -0400 Subject: [PATCH 088/316] =?UTF-8?q?=E2=9C=A8=20GitLab:=20Documentation=20a?= =?UTF-8?q?nd=20cleaner=20errors=20(#2821)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Return inconclusive if there are no workflows Signed-off-by: Raghav Kaul * Return inconclusive if we don't have any workflows Signed-off-by: Raghav Kaul * logging fixes Signed-off-by: Raghav Kaul * fix panic Signed-off-by: Raghav Kaul * Update README.md Signed-off-by: Raghav Kaul * skip error when getting external status checks (requires full api access) Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * fix dangerous workflow test Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- README.md | 42 ++++++++++---------- checker/raw_result.go | 4 +- checks/evaluation/contributors.go | 2 +- checks/evaluation/dangerous_workflow.go | 4 ++ checks/evaluation/dangerous_workflow_test.go | 21 +++++++++- checks/evaluation/permissions/permissions.go | 4 ++ checks/permissions_test.go | 6 +-- checks/raw/dangerous_workflow.go | 2 + checks/raw/permissions.go | 2 + clients/gitlabrepo/branches.go | 3 +- clients/gitlabrepo/releases.go | 5 ++- clients/gitlabrepo/tarball.go | 2 - 12 files changed, 66 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index ad0b17243d1..83304146402 100644 --- a/README.md +++ b/README.md @@ -433,27 +433,27 @@ These may be specified with the `--format` flag. For example, `--format=json`. The following checks are all run against the target project by default: -Name | Description | Risk Level | Token Required | Note ------------ | ----------------------------------------- | ---------- | --------------- | ----------------- -[Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | -[Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | certain settings are only supported with a maintainer PAT -[CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | -[CII-Best-Practices](docs/checks.md#cii-best-practices) | Does the project have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? | Low | PAT, GITHUB_TOKEN | -[Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | -[Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | -[Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | -[Dependency-Update-Tool](docs/checks.md#dependency-update-tool) | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | -[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? | Medium | PAT, GITHUB_TOKEN | -[License](docs/checks.md#license) | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | -[Maintained](docs/checks.md#maintained) | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | -[Pinned-Dependencies](docs/checks.md#pinned-dependencies) | Does the project declare and pin [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? | Medium | PAT, GITHUB_TOKEN | -[Packaging](docs/checks.md#packaging) | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ? | Medium | PAT, GITHUB_TOKEN | -[SAST](docs/checks.md#sast) | Does the project use static code analysis tools, e.g. [CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository#enabling-code-scanning-using-actions), [LGTM (deprecated)](https://lgtm.com), [SonarCloud](https://sonarcloud.io)? | Medium | PAT, GITHUB_TOKEN | -[Security-Policy](docs/checks.md#security-policy) | Does the project contain a [security policy](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)? | Medium | PAT, GITHUB_TOKEN | -[Signed-Releases](docs/checks.md#signed-releases) | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? | High | PAT, GITHUB_TOKEN | -[Token-Permissions](docs/checks.md#token-permissions) | Does the project declare GitHub workflow tokens as [read only](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)? | High | PAT, GITHUB_TOKEN | -[Vulnerabilities](docs/checks.md#vulnerabilities) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | PAT, GITHUB_TOKEN | -[Webhooks](docs/checks.md#webhooks) | Does the webhook defined in the repository have a token configured to authenticate the origins of requests? | High | maintainer PAT (`admin: repo_hook` or `admin> read:repo_hook` [doc](https://docs.github.com/en/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository) | EXPERIMENTAL +Name | Description | Risk Level | Token Required | GitLab Support | Note +----------- | ----------------------------------------- | ---------- | --------------- | -------------- | --- | +[Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | Fully Supported | +[Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | Fully Supported | certain settings are only supported with a maintainer PAT +[CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | Unsupported +[CII-Best-Practices](docs/checks.md#cii-best-practices) | Does the project have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? | Low | PAT, GITHUB_TOKEN | Fully Supported | +[Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | Fully Supported | +[Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Fully Supported | +[Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | Unsupported | +[Dependency-Update-Tool](docs/checks.md#dependency-update-tool) | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | Unsupported | +[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? | Medium | PAT, GITHUB_TOKEN | Fully Supported +[License](docs/checks.md#license) | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | Fully Supported | +[Maintained](docs/checks.md#maintained) | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | Fully Supported | +[Pinned-Dependencies](docs/checks.md#pinned-dependencies) | Does the project declare and pin [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? | Medium | PAT, GITHUB_TOKEN | Fully Supported | +[Packaging](docs/checks.md#packaging) | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ? | Medium | PAT, GITHUB_TOKEN | Fully Supported | +[SAST](docs/checks.md#sast) | Does the project use static code analysis tools, e.g. [CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository#enabling-code-scanning-using-actions), [LGTM (deprecated)](https://lgtm.com), [SonarCloud](https://sonarcloud.io)? | Medium | PAT, GITHUB_TOKEN | Unsupported | +[Security-Policy](docs/checks.md#security-policy) | Does the project contain a [security policy](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)? | Medium | PAT, GITHUB_TOKEN | Fully Supported | +[Signed-Releases](docs/checks.md#signed-releases) | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? | High | PAT, GITHUB_TOKEN | Fully Supported | +[Token-Permissions](docs/checks.md#token-permissions) | Does the project declare GitHub workflow tokens as [read only](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)? | High | PAT, GITHUB_TOKEN | Unsupported | +[Vulnerabilities](docs/checks.md#vulnerabilities) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | PAT, GITHUB_TOKEN | Fully Supported | +[Webhooks](docs/checks.md#webhooks) | Does the webhook defined in the repository have a token configured to authenticate the origins of requests? | High | maintainer PAT (`admin: repo_hook` or `admin> read:repo_hook` [doc](https://docs.github.com/en/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository) | | EXPERIMENTAL ### Detailed Checks Documentation diff --git a/checker/raw_result.go b/checker/raw_result.go index 318a039a997..8b991d18407 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -315,7 +315,8 @@ const ( // DangerousWorkflowData contains raw results // for dangerous workflow check. type DangerousWorkflowData struct { - Workflows []DangerousWorkflow + Workflows []DangerousWorkflow + NumWorkflows int } // DangerousWorkflow represents a dangerous workflow. @@ -334,6 +335,7 @@ type WorkflowJob struct { // TokenPermissionsData represents data about a permission failure. type TokenPermissionsData struct { TokenPermissions []TokenPermission + NumTokens int } // PermissionLocation represents a declaration type. diff --git a/checks/evaluation/contributors.go b/checks/evaluation/contributors.go index 1425f608d96..d419e6a1ea4 100644 --- a/checks/evaluation/contributors.go +++ b/checks/evaluation/contributors.go @@ -60,7 +60,7 @@ func Contributors(name string, dl checker.DetailLogger, sort.Strings(names) - if len(name) > 0 { + if len(names) > 0 { dl.Info(&checker.LogMessage{ Text: fmt.Sprintf("contributors work for %v", strings.Join(names, ",")), }) diff --git a/checks/evaluation/dangerous_workflow.go b/checks/evaluation/dangerous_workflow.go index be37c6cdee5..9aa76fe751c 100644 --- a/checks/evaluation/dangerous_workflow.go +++ b/checks/evaluation/dangerous_workflow.go @@ -30,6 +30,10 @@ func DangerousWorkflow(name string, dl checker.DetailLogger, return checker.CreateRuntimeErrorResult(name, e) } + if r.NumWorkflows == 0 { + return checker.CreateInconclusiveResult(name, "no workflows found") + } + for _, e := range r.Workflows { var text string switch e.Type { diff --git a/checks/evaluation/dangerous_workflow_test.go b/checks/evaluation/dangerous_workflow_test.go index 7726f33a64b..ae3eef25991 100644 --- a/checks/evaluation/dangerous_workflow_test.go +++ b/checks/evaluation/dangerous_workflow_test.go @@ -43,7 +43,23 @@ func TestDangerousWorkflow(t *testing.T) { r: &checker.DangerousWorkflowData{}, }, want: checker.CheckResult{ - Score: 10, + Score: checker.InconclusiveResultScore, + Reason: "no workflows found", + Version: 2, + Name: "DangerousWorkflow", + }, + }, + { + name: "DangerousWorkflow - found workflows, none dangerous", + args: args{ + name: "DangerousWorkflow", + dl: &scut.TestDetailLogger{}, + r: &checker.DangerousWorkflowData{ + NumWorkflows: 5, + }, + }, + want: checker.CheckResult{ + Score: checker.MaxResultScore, Reason: "no dangerous workflow patterns detected", Version: 2, Name: "DangerousWorkflow", @@ -55,6 +71,7 @@ func TestDangerousWorkflow(t *testing.T) { name: "DangerousWorkflow", dl: &scut.TestDetailLogger{}, r: &checker.DangerousWorkflowData{ + NumWorkflows: 1, Workflows: []checker.DangerousWorkflow{ { Type: checker.DangerousWorkflowUntrustedCheckout, @@ -82,6 +99,7 @@ func TestDangerousWorkflow(t *testing.T) { name: "DangerousWorkflow", dl: &scut.TestDetailLogger{}, r: &checker.DangerousWorkflowData{ + NumWorkflows: 1, Workflows: []checker.DangerousWorkflow{ { Type: checker.DangerousWorkflowScriptInjection, @@ -109,6 +127,7 @@ func TestDangerousWorkflow(t *testing.T) { name: "DangerousWorkflow", dl: &scut.TestDetailLogger{}, r: &checker.DangerousWorkflowData{ + NumWorkflows: 1, Workflows: []checker.DangerousWorkflow{ { Type: "foobar", diff --git a/checks/evaluation/permissions/permissions.go b/checks/evaluation/permissions/permissions.go index fed2c092bb8..a661c372dae 100644 --- a/checks/evaluation/permissions/permissions.go +++ b/checks/evaluation/permissions/permissions.go @@ -40,6 +40,10 @@ func TokenPermissions(name string, c *checker.CheckRequest, r *checker.TokenPerm return checker.CreateRuntimeErrorResult(name, e) } + if r.NumTokens == 0 { + return checker.CreateInconclusiveResult(name, "no github tokens found") + } + score, err := applyScorePolicy(r, c) if err != nil { return checker.CreateRuntimeErrorResult(name, err) diff --git a/checks/permissions_test.go b/checks/permissions_test.go index 23a4b83bbd5..066ed36f818 100644 --- a/checks/permissions_test.go +++ b/checks/permissions_test.go @@ -240,9 +240,9 @@ func TestGithubTokenPermissions(t *testing.T) { filenames: []string{"./testdata/script.sh"}, expected: scut.TestReturn{ Error: nil, - Score: checker.MaxResultScore, + Score: checker.InconclusiveResultScore, NumberOfWarn: 0, - NumberOfInfo: 2, + NumberOfInfo: 0, NumberOfDebug: 0, }, }, @@ -386,7 +386,7 @@ func TestGithubTokenPermissions(t *testing.T) { ctrl := gomock.NewController(t) mockRepo := mockrepo.NewMockRepoClient(ctrl) - mockRepo.EXPECT().GetDefaultBranchName().Return("main", nil) + mockRepo.EXPECT().GetDefaultBranchName().Return("main", nil).AnyTimes() main := "main" mockRepo.EXPECT().URI().Return("github.com/ossf/scorecard").AnyTimes() diff --git a/checks/raw/dangerous_workflow.go b/checks/raw/dangerous_workflow.go index 7db760e715c..1da80f0e2eb 100644 --- a/checks/raw/dangerous_workflow.go +++ b/checks/raw/dangerous_workflow.go @@ -102,6 +102,8 @@ var validateGitHubActionWorkflowPatterns fileparser.DoWhileTrueOnFileContent = f return true, nil } + pdata.NumWorkflows += 1 + workflow, errs := actionlint.Parse(content) if len(errs) > 0 && workflow == nil { return false, fileparser.FormatActionlintError(errs) diff --git a/checks/raw/permissions.go b/checks/raw/permissions.go index c2004ec89cd..8f791b2b9c6 100644 --- a/checks/raw/permissions.go +++ b/checks/raw/permissions.go @@ -84,6 +84,8 @@ var validateGitHubActionTokenPermissions fileparser.DoWhileTrueOnFileContent = f return true, nil } + pdata.results.NumTokens += 1 + workflow, errs := actionlint.Parse(content) if len(errs) > 0 && workflow == nil { return false, fileparser.FormatActionlintError(errs) diff --git a/clients/gitlabrepo/branches.go b/clients/gitlabrepo/branches.go index 79aeaafbb2a..50949f14474 100644 --- a/clients/gitlabrepo/branches.go +++ b/clients/gitlabrepo/branches.go @@ -71,7 +71,8 @@ func (handler *branchesHandler) setup() error { projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks( handler.repourl.project, &gitlab.ListOptions{}) - if err != nil && resp.StatusCode != 404 { + if (err != nil || resp.StatusCode != 404) && + resp.StatusCode != 401 { // 401: permissions. pass token authorization issues silently handler.errSetup = fmt.Errorf("request for external status checks failed with error %w", err) return } diff --git a/clients/gitlabrepo/releases.go b/clients/gitlabrepo/releases.go index 6aca7adbc24..140aa701e38 100644 --- a/clients/gitlabrepo/releases.go +++ b/clients/gitlabrepo/releases.go @@ -70,9 +70,12 @@ func releasesFrom(data []*gitlab.Release) []clients.Release { for _, r := range data { release := clients.Release{ TagName: r.TagName, - URL: r.Assets.Links[0].DirectAssetURL, TargetCommitish: r.CommitPath, } + if len(r.Assets.Links) > 0 { + release.URL = r.Assets.Links[0].DirectAssetURL + } + for _, a := range r.Assets.Sources { release.Assets = append(release.Assets, clients.ReleaseAsset{ Name: a.Format, diff --git a/clients/gitlabrepo/tarball.go b/clients/gitlabrepo/tarball.go index 4646f192de1..02a40d46355 100644 --- a/clients/gitlabrepo/tarball.go +++ b/clients/gitlabrepo/tarball.go @@ -244,8 +244,6 @@ func (handler *tarballHandler) getFileContent(filename string) ([]byte, error) { fmt.Printf("err: %v\n", err) return nil, fmt.Errorf("error during tarballHandler.setup: %w", err) } - fmt.Printf("handler.tempDir: %v\n", handler.tempDir) - fmt.Printf("filename: %v\n", filename) content, err := os.ReadFile(filepath.Join(handler.tempDir, filename)) if err != nil { return content, fmt.Errorf("os.ReadFile: %w", err) From 8db70cfdc3eaba2afbcfe100b4d095483c382030 Mon Sep 17 00:00:00 2001 From: Ashish Kurmi <100655670+boahc077@users.noreply.github.com> Date: Fri, 21 Apr 2023 15:32:26 -0700 Subject: [PATCH 089/316] :sparkles: show non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode (#2835) * showing non-compliant code changes for CI-Tests, Code-Review and SAST checks in --show-details mode Signed-off-by: Ashish Kurmi * changing code review non-compliant revision traces to Debug from Warn Signed-off-by: Ashish Kurmi * changing ci test non-compliant revision trace to Debug from Warn Signed-off-by: Ashish Kurmi * unit test fixes in code_review_test.go Signed-off-by: Ashish Kurmi * Incorporating Spencer's feedback Signed-off-by: Ashish Kurmi --------- Signed-off-by: Ashish Kurmi --- checks/evaluation/ci_tests.go | 2 +- checks/evaluation/code_review.go | 18 ++++++++++++++ checks/evaluation/code_review_test.go | 12 ++++++--- checks/sast.go | 35 ++++++++++++++++++++++----- e2e/code_review_test.go | 10 +++++--- 5 files changed, 62 insertions(+), 15 deletions(-) diff --git a/checks/evaluation/ci_tests.go b/checks/evaluation/ci_tests.go index 6954995d1e6..b6686203457 100644 --- a/checks/evaluation/ci_tests.go +++ b/checks/evaluation/ci_tests.go @@ -62,7 +62,7 @@ func CITests(name string, c *checker.CITestData, dl checker.DetailLogger) checke // Log message says commit, but really we only care about PRs, and // use only one commit (branch HEAD) to refer to all commits in a PR dl.Debug(&checker.LogMessage{ - Text: fmt.Sprintf("merged PR without CI test at HEAD: %s", r.HeadSHA), + Text: fmt.Sprintf("merged PR %d without CI test at HEAD: %s", r.PullRequestNumber, r.HeadSHA), }) } } diff --git a/checks/evaluation/code_review.go b/checks/evaluation/code_review.go index 524a0fe1fde..d2a0b8a9a55 100644 --- a/checks/evaluation/code_review.go +++ b/checks/evaluation/code_review.go @@ -16,6 +16,7 @@ package evaluation import ( "fmt" + "strings" "github.com/ossf/scorecard/v4/checker" sce "github.com/ossf/scorecard/v4/errors" @@ -46,6 +47,8 @@ func CodeReview(name string, dl checker.DetailLogger, r *checker.CodeReviewData) foundBotReviewActivity := false nUnreviewedHumanChanges := 0 nUnreviewedBotChanges := 0 + + var unreviewedHumanRevisionIDs, unreviewedBotRevisionIDs []string for i := range r.DefaultBranchChangesets { cs := &r.DefaultBranchChangesets[i] isReviewed := reviewScoreForChangeset(cs) >= changesReviewed @@ -58,11 +61,26 @@ func CodeReview(name string, dl checker.DetailLogger, r *checker.CodeReviewData) foundHumanReviewActivity = true case !isReviewed && isBotCommit: nUnreviewedBotChanges += 1 + unreviewedBotRevisionIDs = append(unreviewedBotRevisionIDs, cs.RevisionID) case !isReviewed && !isBotCommit: nUnreviewedHumanChanges += 1 + unreviewedHumanRevisionIDs = append(unreviewedHumanRevisionIDs, cs.RevisionID) } } + // Let's include non-compliant revision IDs in details + if len(unreviewedHumanRevisionIDs) > 0 { + dl.Debug(&checker.LogMessage{ + Text: fmt.Sprintf("List of revision IDs not reviewed by humans:%s", strings.Join(unreviewedHumanRevisionIDs, ",")), + }) + } + + if len(unreviewedBotRevisionIDs) > 0 { + dl.Debug(&checker.LogMessage{ + Text: fmt.Sprintf("List of bot revision IDs not reviewed by humans:%s", strings.Join(unreviewedBotRevisionIDs, ",")), + }) + } + if foundBotReviewActivity && !foundHumanReviewActivity { reason := fmt.Sprintf("found no human review activity in the last %v changesets", len(r.DefaultBranchChangesets)) return checker.CreateInconclusiveResult(name, reason) diff --git a/checks/evaluation/code_review_test.go b/checks/evaluation/code_review_test.go index 0eda37fb9ac..eaf7db8eaa7 100644 --- a/checks/evaluation/code_review_test.go +++ b/checks/evaluation/code_review_test.go @@ -50,7 +50,8 @@ func TestCodeReview(t *testing.T) { { name: "NoReviews", expected: scut.TestReturn{ - Score: checker.MinResultScore, + Score: checker.MinResultScore, + NumberOfDebug: 1, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ @@ -66,7 +67,8 @@ func TestCodeReview(t *testing.T) { { name: "Unreviewed human and bot changes", expected: scut.TestReturn{ - Score: checker.MinResultScore, + Score: checker.MinResultScore, + NumberOfDebug: 1, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ @@ -82,7 +84,8 @@ func TestCodeReview(t *testing.T) { { name: "all human changesets reviewed, missing review on bot changeset", expected: scut.TestReturn{ - Score: 7, + Score: 7, + NumberOfDebug: 1, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ @@ -147,7 +150,8 @@ func TestCodeReview(t *testing.T) { { name: "bot commits only", expected: scut.TestReturn{ - Score: checker.InconclusiveResultScore, + Score: checker.InconclusiveResultScore, + NumberOfDebug: 1, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ diff --git a/checks/sast.go b/checks/sast.go index 2a433334df4..a9f3d0ad213 100644 --- a/checks/sast.go +++ b/checks/sast.go @@ -50,7 +50,7 @@ func init() { // SAST runs SAST check. func SAST(c *checker.CheckRequest) checker.CheckResult { - sastScore, sastErr := sastToolInCheckRuns(c) + sastScore, nonCompliantPRs, sastErr := sastToolInCheckRuns(c) if sastErr != nil { return checker.CreateRuntimeErrorResult(CheckSAST, sastErr) } @@ -96,6 +96,9 @@ func SAST(c *checker.CheckRequest) checker.CheckResult { case codeQlScore == checker.MaxResultScore: const sastWeight = 3 const codeQlWeight = 7 + c.Dlogger.Debug(&checker.LogMessage{ + Text: getNonCompliantPRMessage(nonCompliantPRs), + }) score := checker.AggregateScoresWithWeight(map[int]int{sastScore: sastWeight, codeQlScore: codeQlWeight}) return checker.CreateResultWithScore(CheckSAST, "SAST tool detected but not run on all commmits", score) default: @@ -117,6 +120,9 @@ func SAST(c *checker.CheckRequest) checker.CheckResult { return checker.CreateMaxScoreResult(CheckSAST, "SAST tool is run on all commits") } + c.Dlogger.Debug(&checker.LogMessage{ + Text: getNonCompliantPRMessage(nonCompliantPRs), + }) return checker.CreateResultWithScore(CheckSAST, checker.NormalizeReason("SAST tool is not run on all commits", sastScore), sastScore) } @@ -125,15 +131,16 @@ func SAST(c *checker.CheckRequest) checker.CheckResult { return checker.CreateRuntimeErrorResult(CheckSAST, sce.WithMessage(sce.ErrScorecardInternal, "contact team")) } -func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) { +func sastToolInCheckRuns(c *checker.CheckRequest) (int, map[int]int, error) { commits, err := c.RepoClient.ListCommits() if err != nil { - return checker.InconclusiveResultScore, + return checker.InconclusiveResultScore, nil, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("RepoClient.ListCommits: %v", err)) } totalMerged := 0 totalTested := 0 + nonCompliantPRs := make(map[int]int) for i := range commits { pr := commits[i].AssociatedMergeRequest // TODO(#575): We ignore associated PRs if Scorecard is being run on a fork @@ -142,9 +149,10 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) { continue } totalMerged++ + checked := false crs, err := c.RepoClient.ListCheckRunsForRef(pr.HeadSHA) if err != nil { - return checker.InconclusiveResultScore, + return checker.InconclusiveResultScore, nil, sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Checks.ListCheckRunsForRef: %v", err)) } // Note: crs may be `nil`: in this case @@ -163,15 +171,19 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) { Text: fmt.Sprintf("tool detected: %v", cr.App.Slug), }) totalTested++ + checked = true break } } + if !checked { + nonCompliantPRs[pr.Number] = pr.Number + } } if totalMerged == 0 { c.Dlogger.Warn(&checker.LogMessage{ Text: "no pull requests merged into dev branch", }) - return checker.InconclusiveResultScore, nil + return checker.InconclusiveResultScore, nil, nil } if totalTested == totalMerged { @@ -184,7 +196,7 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) { }) } - return checker.CreateProportionalScore(totalTested, totalMerged), nil + return checker.CreateProportionalScore(totalTested, totalMerged), nonCompliantPRs, nil } func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) { @@ -366,3 +378,14 @@ func findLine(content, data []byte) (uint, error) { return 0, nil } + +func getNonCompliantPRMessage(intMap map[int]int) string { + var sb strings.Builder + for _, value := range intMap { + if len(sb.String()) != 0 { + sb.WriteString(", ") + } + sb.WriteString(fmt.Sprintf("%d", value)) + } + return fmt.Sprintf("List of pull requests without CI test: %s", sb.String()) +} diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 004840aed7b..20a91d2f993 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -50,7 +50,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Score: checker.MinResultScore, NumberOfWarn: 0, NumberOfInfo: 0, - NumberOfDebug: 0, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) @@ -75,7 +75,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Score: checker.MinResultScore, NumberOfWarn: 0, NumberOfInfo: 0, - NumberOfDebug: 0, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) @@ -117,7 +117,8 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Score: checker.InconclusiveResultScore, + Score: checker.InconclusiveResultScore, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) @@ -138,7 +139,8 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Score: checker.MinResultScore, + Score: checker.MinResultScore, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) From d31e28afae37a70798af2e9510f9a6b06003b1fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Apr 2023 10:05:01 -0700 Subject: [PATCH 090/316] :seedling: Bump github/codeql-action from 2.2.12 to 2.3.0 (#2900) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 981c35a50ab..cd7f0cbf579 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 + uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 + uses: github/codeql-action/autobuild@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 + uses: github/codeql-action/analyze@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index ad2d4a95290..b076b902d6b 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v1 + uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 with: sarif_file: results.sarif From a4e72a8696c4c75ca803b16617992be2718ac59c Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Mon, 24 Apr 2023 10:26:20 -0700 Subject: [PATCH 091/316] =?UTF-8?q?=F0=9F=90=9B=20Give=20inconclusive=20Vu?= =?UTF-8?q?lnerabilities=20score=20when=20osv-scanner=20panics=20(#2896)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Recover from osv-scanner panics. This allows us to give an inconclusive score instead of crashing. Signed-off-by: Spencer Schrock * Bump osv-scanner to include performance increase. https://github.com/google/osv-scanner/pull/346 Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- clients/osv.go | 9 ++++++++- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/clients/osv.go b/clients/osv.go index 9e4c3e92b06..01c9878971c 100644 --- a/clients/osv.go +++ b/clients/osv.go @@ -20,6 +20,8 @@ import ( "fmt" "github.com/google/osv-scanner/pkg/osvscanner" + + sce "github.com/ossf/scorecard/v4/errors" ) var _ VulnerabilitiesClient = osvClient{} @@ -31,7 +33,12 @@ func (v osvClient) ListUnfixedVulnerabilities( ctx context.Context, commit, localPath string, -) (VulnerabilitiesResponse, error) { +) (_ VulnerabilitiesResponse, err error) { + defer func() { + if r := recover(); r != nil { + err = sce.CreateInternal(sce.ErrScorecardInternal, fmt.Sprintf("osv-scanner panic: %v", r)) + } + }() directoryPaths := []string{} if localPath != "" { directoryPaths = append(directoryPaths, localPath) diff --git a/go.mod b/go.mod index dc2936a763b..e1fbc593a89 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.1 + github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.2 github.com/otiai10/copy v1.11.0 diff --git a/go.sum b/go.sum index 22ffc032830..c6c718c16d7 100644 --- a/go.sum +++ b/go.sum @@ -1202,8 +1202,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.1 h1:wNbKwX/H1SbpecBV1zHbQJ/VreRpOd+w5ATiaQpOjyU= -github.com/google/osv-scanner v1.3.1/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= +github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63 h1:PvWBNgdGvP2rOb2HMK/gexbyeDuDAIr6G/ygvoqD810= +github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= From 46c6fe700cdc10a780f3c867b36b6810e1986cb0 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Mon, 24 Apr 2023 13:58:27 -0400 Subject: [PATCH 092/316] =?UTF-8?q?=E2=9C=A8=20Gitlab:=20CI-Tests=20check?= =?UTF-8?q?=20(#2833)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gitlab: support ci-tests Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update test Signed-off-by: Raghav Kaul * update gitlab workflows Signed-off-by: Raghav Kaul * fix test Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> --- .github/workflows/gitlab.yml | 63 +++++++++++++++++++++++++++++++ .github/workflows/integration.yml | 15 +++++--- Makefile | 13 +++++-- checks/evaluation/ci_tests.go | 1 + clients/gitlabrepo/checkruns.go | 8 ++-- clients/gitlabrepo/statuses.go | 2 +- docs/checks.md | 3 +- e2e/ci_tests_test.go | 60 +++++++++++++++++++++++++++++ 8 files changed, 150 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/gitlab.yml diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml new file mode 100644 index 00000000000..d90d41adfca --- /dev/null +++ b/.github/workflows/gitlab.yml @@ -0,0 +1,63 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: gitlab-tests + +permissions: read-all + +on: + push: + branches: + - main + +jobs: + gitlab-integration-trusted: + runs-on: ubuntu-latest + environment: gitlab + steps: + - name: Harden Runner + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Clone the code + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + with: + fetch-depth: 0 + + - name: setup-go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + with: + go-version: '1.19' + check-latest: true + + - name: Prepare test env + run: | + go mod download + + - name: Run GitLab PAT E2E #using retry because the GitHub token is being throttled. + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + env: + GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} + with: + max_attempts: 3 + retry_on: error + timeout_minutes: 30 + command: make e2e-gitlab-token + + - name: codecov + uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 + with: + files: ./e2e-coverage.out + verbose: true \ No newline at end of file diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 62fc26e7a4b..1585ef24ca3 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -56,32 +56,35 @@ jobs: run: | go mod download - - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. + - name: Run GitLab E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd env: - GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} with: max_attempts: 3 retry_on: error timeout_minutes: 30 - command: make e2e-gh-token + command: make e2e-gitlab - name: codecov uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./e2e-coverage.out verbose: true - - - name: Run GitLab E2E #using retry because the GitHub token is being throttled. + + - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + env: + GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: max_attempts: 3 retry_on: error timeout_minutes: 30 - command: make e2e-gitlab + command: make e2e-gh-token - name: codecov uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./e2e-coverage.out verbose: true + diff --git a/Makefile b/Makefile index 9f8eccc49f1..1e4880f0abc 100644 --- a/Makefile +++ b/Makefile @@ -324,6 +324,11 @@ ifndef GITHUB_AUTH_TOKEN $(error GITHUB_AUTH_TOKEN is undefined) endif +check-env-gitlab: +ifndef GITLAB_AUTH_TOKEN + $(error GITLAB_AUTH_TOKEN is undefined) +endif + e2e-pat: ## Runs e2e tests. Requires GITHUB_AUTH_TOKEN env var to be set to GitHub personal access token e2e-pat: build-scorecard check-env | $(GINKGO) # Run e2e tests. GITHUB_AUTH_TOKEN with personal access token must be exported to run this @@ -335,10 +340,12 @@ e2e-gh-token: build-scorecard check-env | $(GINKGO) TOKEN_TYPE="GITHUB_TOKEN" $(GINKGO) --race -p -v -cover -coverprofile=e2e-coverage.out --keep-separate-coverprofiles ./... e2e-gitlab-token: ## Runs e2e tests that require a GITLAB_TOKEN - TEST_GITLAB_EXTERNAL=1 TOKEN_TYPE="GITLAB_PAT" $(GINKGO) --race -p -vv --focus '.*GitLab Token' ./... +e2e-gitlab-token: build-scorecard check-env-gitlab | $(GINKGO) + TEST_GITLAB_EXTERNAL=1 TOKEN_TYPE="GITLAB_PAT" $(GINKGO) --race -p -vv --focus '.*GitLab' ./... e2e-gitlab: ## Runs e2e tests for GitLab only. TOKEN_TYPE is not used (since these are public APIs), but must be set to something - TOKEN_TYPE="GITLAB_PAT" $(GINKGO) --race -p -vv --focus '.*GitLab' ./... +e2e-gitlab: build-scorecard | $(GINKGO) + TEST_GITLAB_EXTERNAL=1 TOKEN_TYPE="PAT" $(GINKGO) --race -p -vv --focus ".*GitLab" ./... e2e-attestor: ## Runs e2e tests for scorecard-attestor cd attestor/e2e; go test -covermode=atomic -coverprofile=e2e-coverage.out; cd ../.. @@ -439,4 +446,4 @@ cron-github-server-ko: | $(KO) $(KOCACHE_PATH) --tags latest,$(GIT_VERSION),$(GIT_HASH) \ github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens/server -############################################################################### +############################################################################### \ No newline at end of file diff --git a/checks/evaluation/ci_tests.go b/checks/evaluation/ci_tests.go index b6686203457..9033e13fa97 100644 --- a/checks/evaluation/ci_tests.go +++ b/checks/evaluation/ci_tests.go @@ -61,6 +61,7 @@ func CITests(name string, c *checker.CITestData, dl checker.DetailLogger) checke if !foundCI { // Log message says commit, but really we only care about PRs, and // use only one commit (branch HEAD) to refer to all commits in a PR + dl.Debug(&checker.LogMessage{ Text: fmt.Sprintf("merged PR %d without CI test at HEAD: %s", r.PullRequestNumber, r.HeadSHA), }) diff --git a/clients/gitlabrepo/checkruns.go b/clients/gitlabrepo/checkruns.go index 3508f4d3247..3fe06f4868a 100644 --- a/clients/gitlabrepo/checkruns.go +++ b/clients/gitlabrepo/checkruns.go @@ -47,11 +47,11 @@ func checkRunsFrom(data []*gitlab.PipelineInfo, ref string) []clients.CheckRun { var checkRuns []clients.CheckRun for _, pipelineInfo := range data { if strings.EqualFold(pipelineInfo.Ref, ref) { + // TODO: Can get more info from GitLab API here (e.g. pipeline name, URL) + // https://docs.gitlab.com/ee/api/pipelines.html#get-a-pipelines-test-report checkRuns = append(checkRuns, clients.CheckRun{ - Status: pipelineInfo.Status, - Conclusion: "", - URL: pipelineInfo.WebURL, - App: clients.CheckRunApp{Slug: pipelineInfo.Source}, + Status: pipelineInfo.Status, + URL: pipelineInfo.WebURL, }) } } diff --git a/clients/gitlabrepo/statuses.go b/clients/gitlabrepo/statuses.go index 317df54db87..1b1ede68755 100644 --- a/clients/gitlabrepo/statuses.go +++ b/clients/gitlabrepo/statuses.go @@ -46,7 +46,7 @@ func statusFromData(commitStatuses []*gitlab.CommitStatus) []clients.Status { for _, commitStatus := range commitStatuses { statuses = append(statuses, clients.Status{ State: commitStatus.Status, - Context: fmt.Sprint(commitStatus.ID), + Context: commitStatus.Name, URL: commitStatus.TargetURL, TargetURL: commitStatus.TargetURL, }) diff --git a/docs/checks.md b/docs/checks.md index fe95ebd23d6..1349ba706b3 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -130,7 +130,8 @@ Risk: `Low` (possible unknown vulnerabilities) This check tries to determine if the project runs tests before pull requests are merged. It is currently limited to repositories hosted on GitHub, and does not -support other source hosting repositories (i.e., Forges). +support other source hosting repositories (i.e., Forges). All commits that are +part of a PR must be tested by a CI Test for the check to pass. Running tests helps developers catch mistakes early on, which can reduce the number of vulnerabilities that find their way into a project. diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 2c691914ed5..275503741aa 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -16,6 +16,7 @@ package e2e import ( "context" + "os" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -24,6 +25,7 @@ import ( "github.com/ossf/scorecard/v4/checks" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -101,5 +103,63 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { Expect(scut.ValidateTestReturn(nil, "CI tests run", &expected, &result, &dl)).Should(BeTrue()) Expect(repoClient.Close()).Should(BeNil()) }) + It("Should return use of CI tests at commit - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + // url to commit is https://gitlab.com/gitlab-org/gitlab/-/commit/8ae23fa220d73fa07501aabd94214c9e83fe61a0 + err = repoClient.InitRepo(repo, "8ae23fa220d73fa07501aabd94214c9e83fe61a0", 0) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: 0, + NumberOfWarn: 0, + NumberOfInfo: 0, + NumberOfDebug: 13, + } + result := checks.CITests(&req) + Expect(result.Score).Should(BeNumerically("==", expected.Score)) + Expect(result.Error).Should(BeNil()) + Expect(repoClient.Close()).Should(BeNil()) + }) + It("Should return use of CI tests at commit - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/fdroid/fdroidclient") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + // url to commit is https://gitlab.com/fdroid/fdroidclient/-/commit/a1d33881902cee33586a4fd4ee1538042a7bdedf + err = repoClient.InitRepo(repo, "a1d33881902cee33586a4fd4ee1538042a7bdedf", 0) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: 2, + NumberOfWarn: 0, + NumberOfInfo: 0, + NumberOfDebug: 1, + } + result := checks.CITests(&req) + Expect(result.Score).Should(BeNumerically("==", expected.Score)) + Expect(result.Error).Should(BeNil()) + Expect(repoClient.Close()).Should(BeNil()) + }) }) }) From 0739e9eed02dfb86ca82d9230c7f1bc79f2014d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Apr 2023 09:54:50 -0400 Subject: [PATCH 093/316] :seedling: Bump codecov/codecov-action from 3.1.2 to 3.1.3 (#2903) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.1.2...894ff025c7b54547a9a2a1e9f228beae737ad3c2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/gitlab.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index d90d41adfca..954275009e9 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -57,7 +57,7 @@ jobs: command: make e2e-gitlab-token - name: codecov - uses: codecov/codecov-action@40a12dcee2df644d47232dde008099a3e9e4f865 # 2.1.0 + uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: files: ./e2e-coverage.out verbose: true \ No newline at end of file From c54fb4f8eb9de5fce20efd1bda102e7b183f2f4b Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Tue, 25 Apr 2023 10:40:14 -0400 Subject: [PATCH 094/316] =?UTF-8?q?=E2=9C=A8=20Gitlab:=20Maintained=20chec?= =?UTF-8?q?k=20(#2860)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gitlab: maintained check Signed-off-by: Raghav Kaul * update workflow Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- .github/workflows/integration.yml | 2 - clients/gitlabrepo/issues.go | 80 ++++++++++++++----------------- e2e/maintained_test.go | 31 ++++++++++++ 3 files changed, 68 insertions(+), 45 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 1585ef24ca3..baff4ed94e4 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -58,8 +58,6 @@ jobs: - name: Run GitLab E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd - env: - GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} with: max_attempts: 3 retry_on: error diff --git a/clients/gitlabrepo/issues.go b/clients/gitlabrepo/issues.go index 1902bcd0a3f..36151ed4bff 100644 --- a/clients/gitlabrepo/issues.go +++ b/clients/gitlabrepo/issues.go @@ -48,8 +48,8 @@ func (handler *issuesHandler) setup() error { // There doesn't seem to be a good way to get user access_levels in gitlab so the following way may seem incredibly // barberic, however I couldn't find a better way in the docs. - projectAccessTokens, resp, err := handler.glClient.ProjectAccessTokens.ListProjectAccessTokens( - handler.repourl.project, &gitlab.ListProjectAccessTokensOptions{}) + projMemberships, resp, err := handler.glClient.ProjectMembers.ListAllProjectMembers( + handler.repourl.project, &gitlab.ListProjectMembersOptions{}) if err != nil && resp.StatusCode != 401 { handler.errSetup = fmt.Errorf("unable to find access tokens associated with the project id: %w", err) return @@ -58,26 +58,25 @@ func (handler *issuesHandler) setup() error { return } - if len(issues) > 0 { - for _, issue := range issues { - authorAssociation := clients.RepoAssociationMember - if resp.StatusCode != 401 { - authorAssociation = findAuthorAssociationFromUserID(projectAccessTokens, issue.Author.ID) + var authorAssociation clients.RepoAssociation + for _, issue := range issues { + for _, m := range projMemberships { + if issue.Author.ID == m.ID { + authorAssociation = accessLevelToRepoAssociation(m.AccessLevel) } - issueIDString := fmt.Sprint(issue.ID) - handler.issues = append(handler.issues, - clients.Issue{ - URI: &issueIDString, - CreatedAt: issue.CreatedAt, - Author: &clients.User{ - ID: int64(issue.Author.ID), - }, - AuthorAssociation: &authorAssociation, - Comments: nil, - }) } - } else { - handler.issues = nil + + issueIDString := fmt.Sprint(issue.ID) + handler.issues = append(handler.issues, + clients.Issue{ + URI: &issueIDString, + CreatedAt: issue.CreatedAt, + Author: &clients.User{ + ID: int64(issue.Author.ID), + }, + AuthorAssociation: &authorAssociation, + Comments: nil, + }) } }) return handler.errSetup @@ -91,28 +90,23 @@ func (handler *issuesHandler) listIssues() ([]clients.Issue, error) { return handler.issues, nil } -func findAuthorAssociationFromUserID(accessTokens []*gitlab.ProjectAccessToken, targetID int) clients.RepoAssociation { - for _, accessToken := range accessTokens { - if accessToken.UserID == targetID { - switch accessToken.AccessLevel { - case 0: - return clients.RepoAssociationNone - case 5: - return clients.RepoAssociationFirstTimeContributor - case 10: - return clients.RepoAssociationCollaborator - case 20: - return clients.RepoAssociationCollaborator - case 30: - return clients.RepoAssociationMember - case 40: - return clients.RepoAssociationMaintainer - case 50: - return clients.RepoAssociationOwner - default: - return clients.RepoAssociationNone - } - } +func accessLevelToRepoAssociation(l gitlab.AccessLevelValue) clients.RepoAssociation { + switch l { + case 0: + return clients.RepoAssociationNone + case 5: + return clients.RepoAssociationFirstTimeContributor + case 10: + return clients.RepoAssociationCollaborator + case 20: + return clients.RepoAssociationCollaborator + case 30: + return clients.RepoAssociationMember + case 40: + return clients.RepoAssociationMaintainer + case 50: + return clients.RepoAssociationOwner + default: + return clients.RepoAssociationNone } - return clients.RepoAssociationNone } diff --git a/e2e/maintained_test.go b/e2e/maintained_test.go index 228f08823c8..7e7576ede80 100644 --- a/e2e/maintained_test.go +++ b/e2e/maintained_test.go @@ -16,6 +16,7 @@ package e2e import ( "context" + "os" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -24,6 +25,7 @@ import ( "github.com/ossf/scorecard/v4/checks" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -54,5 +56,34 @@ var _ = Describe("E2E TEST:"+checks.CheckMaintained, func() { Expect(scut.ValidateTestReturn(nil, "active repo", &expected, &result, &dl)).Should(BeTrue()) Expect(repoClient.Close()).Should(BeNil()) }) + It("Should return valid maintained status - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), + os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 0, + NumberOfDebug: 0, + } + result := checks.Maintained(&req) + // New version. + Expect(scut.ValidateTestReturn(nil, "active repo", &expected, &result, &dl)).Should(BeTrue()) + Expect(repoClient.Close()).Should(BeNil()) + }) }) }) From 63b3177921b73942a113d835ae69a34e827d4367 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Apr 2023 15:09:29 +0000 Subject: [PATCH 095/316] :seedling: Bump tj-actions/changed-files from 35.8.0 to 35.9.0 (#2901) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.8.0 to 35.9.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/7ecfc6730dff8072d1cc5215a24cc9478f55264d...ce810b29b28abf274afebdcd8fe47b8fba0f28bd) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 51a53235ae2..2b9dd0e0a77 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@7ecfc6730dff8072d1cc5215a24cc9478f55264d #v35.8.0 + uses: tj-actions/changed-files@ce810b29b28abf274afebdcd8fe47b8fba0f28bd #v35.9.0 with: files_ignore: '**.md' - id: docs_only_check From 2bde7ca25be9bdc798a6e6ca40e192a24058e2b4 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 25 Apr 2023 08:33:29 -0700 Subject: [PATCH 096/316] :seedling: Unit tests for checks/evaluation/packaging.go (#2891) - Include unit tests for checks/evaluation/packaging.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/packaging_test.go | 178 ++++++++++++++++++++++++++++ 1 file changed, 178 insertions(+) create mode 100644 checks/evaluation/packaging_test.go diff --git a/checks/evaluation/packaging_test.go b/checks/evaluation/packaging_test.go new file mode 100644 index 00000000000..f61bdb00954 --- /dev/null +++ b/checks/evaluation/packaging_test.go @@ -0,0 +1,178 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + scut "github.com/ossf/scorecard/v4/utests" +) + +func Test_createLogMessage(t *testing.T) { + msg := "msg" + t.Parallel() + tests := []struct { //nolint:govet + name string + args checker.Package + want checker.LogMessage + wantErr bool + }{ + { + name: "nil package", + args: checker.Package{}, + want: checker.LogMessage{}, + wantErr: true, + }, + { + name: "nil file", + args: checker.Package{ + File: nil, + }, + want: checker.LogMessage{}, + wantErr: true, + }, + { + name: "msg is not nil", + args: checker.Package{ + File: &checker.File{}, + Msg: &msg, + }, + want: checker.LogMessage{ + Text: "", + }, + wantErr: true, + }, + { + name: "file is not nil", + args: checker.Package{ + File: &checker.File{ + Path: "path", + }, + }, + want: checker.LogMessage{ + Path: "path", + }, + wantErr: true, + }, + { + name: "runs are not zero", + args: checker.Package{ + File: &checker.File{ + Path: "path", + }, + Runs: []checker.Run{ + {}, + }, + }, + want: checker.LogMessage{ + Text: "GitHub publishing workflow used in run ", + Path: "path", + }, + }, + } + for _, tt := range tests { + tt := tt // Parallel testing + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := createLogMessage(tt.args) + if (err != nil) != tt.wantErr { + t.Errorf("createLogMessage() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !cmp.Equal(got, tt.want) { + t.Errorf("createLogMessage() got = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} + +func TestPackaging(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + name string + dl checker.DetailLogger + r *checker.PackagingData + } + tests := []struct { + name string + args args + want checker.CheckResult + }{ + { + name: "nil packaging data", + args: args{ + name: "name", + dl: nil, + r: nil, + }, + want: checker.CheckResult{ + Name: "name", + Version: 2, + Score: -1, + Reason: "internal error: empty raw data", + }, + }, + { + name: "empty packaging data", + args: args{ + name: "name", + dl: &scut.TestDetailLogger{}, + r: &checker.PackagingData{}, + }, + want: checker.CheckResult{ + Name: "name", + Version: 2, + Score: -1, + Reason: "no published package detected", + }, + }, + { + name: "runs are not zero", + args: args{ + dl: &scut.TestDetailLogger{}, + r: &checker.PackagingData{ + Packages: []checker.Package{ + { + File: &checker.File{ + Path: "path", + }, + Runs: []checker.Run{ + {}, + }, + }, + }, + }, + }, + want: checker.CheckResult{ + Name: "", + Version: 2, + Score: 10, + Reason: "publishing workflow detected", + }, + }, + } + for _, tt := range tests { + tt := tt // Parallel testing + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := Packaging(tt.args.name, tt.args.dl, tt.args.r); !cmp.Equal(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { //nolint:lll + t.Errorf("Packaging() = %v, want %v", got, cmp.Diff(got, tt.want, cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) //nolint:lll + } + }) + } +} From e982f9fdf4c9a854150cd446cf756a9b3b93b620 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 25 Apr 2023 09:43:31 -0700 Subject: [PATCH 097/316] :seedling: Unit tests for checks/ci_tests (#2899) - Included additional tests for ci_tests. - The coverage is at 90% for ci tests. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/ci_tests.go | 6 +- checks/evaluation/ci_tests_test.go | 254 +++++++++++++++++++++++++++++ 2 files changed, 257 insertions(+), 3 deletions(-) diff --git a/checks/evaluation/ci_tests.go b/checks/evaluation/ci_tests.go index 9033e13fa97..8dc9311abe6 100644 --- a/checks/evaluation/ci_tests.go +++ b/checks/evaluation/ci_tests.go @@ -28,7 +28,7 @@ const ( success = "success" ) -func CITests(name string, c *checker.CITestData, dl checker.DetailLogger) checker.CheckResult { +func CITests(_ string, c *checker.CITestData, dl checker.DetailLogger) checker.CheckResult { totalMerged := 0 totalTested := 0 for i := range c.CIInfo { @@ -37,7 +37,7 @@ func CITests(name string, c *checker.CITestData, dl checker.DetailLogger) checke var foundCI bool - // Github Statuses. + // GitHub Statuses. prSuccessStatus, err := prHasSuccessStatus(r, dl) if err != nil { return checker.CreateRuntimeErrorResult(CheckCITests, err) @@ -48,7 +48,7 @@ func CITests(name string, c *checker.CITestData, dl checker.DetailLogger) checke continue } - // Github Check Runs. + // GitHub Check Runs. prCheckSuccessful, err := prHasSuccessfulCheck(r, dl) if err != nil { return checker.CreateRuntimeErrorResult(CheckCITests, err) diff --git a/checks/evaluation/ci_tests_test.go b/checks/evaluation/ci_tests_test.go index c7f630b24d3..8a1ab871645 100644 --- a/checks/evaluation/ci_tests_test.go +++ b/checks/evaluation/ci_tests_test.go @@ -201,3 +201,257 @@ func Test_prHasSuccessfulCheck(t *testing.T) { } } } + +func Test_prHasSuccessStatus(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + r checker.RevisionCIInfo + dl checker.DetailLogger + } + tests := []struct { //nolint:govet + name string + args args + want bool + wantErr bool + }{ + { + name: "empty revision", + args: args{ + r: checker.RevisionCIInfo{}, + }, + want: false, + wantErr: false, + }, + { + name: "no statuses", + args: args{ + r: checker.RevisionCIInfo{ + Statuses: []clients.Status{}, + }, + }, + }, + { + name: "status is not success", + args: args{ + r: checker.RevisionCIInfo{ + Statuses: []clients.Status{ + { + State: "failure", + }, + }, + }, + }, + }, + { + name: "status is success", + args: args{ + r: checker.RevisionCIInfo{ + Statuses: []clients.Status{ + { + State: "success", + Context: CheckCITests, + }, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: true, + wantErr: false, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := prHasSuccessStatus(tt.args.r, tt.args.dl) //nolint:govet + if (err != nil) != tt.wantErr { //nolint:govet + t.Errorf("prHasSuccessStatus() error = %v, wantErr %v", err, tt.wantErr) //nolint:govet + return + } + if got != tt.want { //nolint:govet + t.Errorf("prHasSuccessStatus() got = %v, want %v", got, tt.want) //nolint:govet + } + }) + } +} + +func Test_prHasSuccessfulCheckAdditional(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + r checker.RevisionCIInfo + dl checker.DetailLogger + } + tests := []struct { //nolint:govet + name string + args args + want bool + wantErr bool + }{ + { + name: "empty revision", + args: args{ + r: checker.RevisionCIInfo{}, + }, + want: false, + wantErr: false, + }, + { + name: "status is not completed", + args: args{ + r: checker.RevisionCIInfo{ + CheckRuns: []clients.CheckRun{ + { + Status: "notcompleted", + }, + }, + }, + }, + }, + { + name: "status is not success", + args: args{ + r: checker.RevisionCIInfo{ + CheckRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "failure", + }, + }, + }, + }, + }, + { + name: "conclusion is success", + args: args{ + r: checker.RevisionCIInfo{ + CheckRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + }, + }, + }, + }, + }, + { + name: "conclusion is succesls with a valid app slug", + args: args{ + r: checker.RevisionCIInfo{ + CheckRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + App: clients.CheckRunApp{Slug: "e2e"}, + }, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: true, + wantErr: false, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + got, err := prHasSuccessfulCheck(tt.args.r, tt.args.dl) + if (err != nil) != tt.wantErr { + t.Errorf("prHasSuccessfulCheck() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { //nolint:govet + t.Errorf("prHasSuccessfulCheck() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestCITests(t *testing.T) { + t.Parallel() + type args struct { //nolint:govet + in0 string + c *checker.CITestData + dl checker.DetailLogger + } + tests := []struct { //nolint:govet + name string + args args + want int + }{ + { + name: "Status completed with failure", + args: args{ + in0: "", + c: &checker.CITestData{ + CIInfo: []checker.RevisionCIInfo{ + { + CheckRuns: []clients.CheckRun{ + { + Status: "completed", + App: clients.CheckRunApp{Slug: "e2e"}, + }, + }, + Statuses: []clients.Status{ + { + State: "failure", + Context: CheckCITests, + TargetURL: "e2e", + }, + }, + }, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 0, + }, + { + name: "valid", + args: args{ + in0: "", + c: &checker.CITestData{ + CIInfo: []checker.RevisionCIInfo{ + { + CheckRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + App: clients.CheckRunApp{Slug: "e2e"}, + }, + }, + Statuses: []clients.Status{ + { + State: "success", + Context: CheckCITests, + TargetURL: "e2e", + }, + }, + }, + }, + }, + dl: &scut.TestDetailLogger{}, + }, + want: 10, + }, + { + name: "no ci info", + args: args{ + in0: "", + c: &checker.CITestData{}, + dl: &scut.TestDetailLogger{}, + }, + want: -1, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := CITests(tt.args.in0, tt.args.c, tt.args.dl); got.Score != tt.want { //nolint:govet + t.Errorf("CITests() = %v, want %v", got.Score, tt.want) //nolint:govet + } + }) + } +} From f5f32b77622c0e66a81c64121e3ade47a5951489 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Tue, 25 Apr 2023 17:43:15 -0400 Subject: [PATCH 098/316] :book: Tweak Best Practices badge description to clarify things (#2907) * Tweak Best Practices badge description to clarify things Signed-off-by: David A. Wheeler * Provided clearer message when there's no BP badge detected Signed-off-by: David A. Wheeler * Remove extra line that shouldn't be there Signed-off-by: David A. Wheeler --------- Signed-off-by: David A. Wheeler --- README.md | 2 +- checks/evaluation/cii_best_practices.go | 2 +- docs/checks.md | 35 +++++++------------------ docs/checks/internal/checks.yaml | 34 +++++++----------------- 4 files changed, 20 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index 83304146402..caf23e1d964 100644 --- a/README.md +++ b/README.md @@ -438,7 +438,7 @@ Name | Description | Risk Level | Token Req [Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | Fully Supported | [Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | Fully Supported | certain settings are only supported with a maintainer PAT [CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | Unsupported -[CII-Best-Practices](docs/checks.md#cii-best-practices) | Does the project have an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/en)? | Low | PAT, GITHUB_TOKEN | Fully Supported | +[CII-Best-Practices](docs/checks.md#cii-best-practices) | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org) at the passing, silver, or gold level? | Low | PAT, GITHUB_TOKEN | Fully Supported | [Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | Fully Supported | [Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Fully Supported | [Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | Unsupported | diff --git a/checks/evaluation/cii_best_practices.go b/checks/evaluation/cii_best_practices.go index 0d8e5dcef26..fa940b4c0ba 100644 --- a/checks/evaluation/cii_best_practices.go +++ b/checks/evaluation/cii_best_practices.go @@ -41,7 +41,7 @@ func CIIBestPractices(name string, _ checker.DetailLogger, r *checker.CIIBestPra var results checker.CheckResult switch r.Badge { case clients.NotFound: - results = checker.CreateMinScoreResult(name, "no badge detected") + results = checker.CreateMinScoreResult(name, "no effort to earn an OpenSSF best practices badge detected") case clients.InProgress: msg := fmt.Sprintf("badge detected: %v", r.Badge) results = checker.CreateResultWithScore(name, msg, inProgressScore) diff --git a/docs/checks.md b/docs/checks.md index 1349ba706b3..f50b80f9f2e 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -158,38 +158,21 @@ If a project's system was not detected and you think it should be, please Risk: `Low` (possibly not following security best practices) -This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/), -which indicates that the project uses a set of security-focused best development practices for open +This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level. +The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API. The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give -full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a -significant achievement for many projects. Lower scores represent a project that -is at least working to achieve a badge, with increasingly more points awarded as -more criteria are met. - -- [gold badge](https://bestpractices.coreinfrastructure.org/en/criteria/2): 10 -- [silver badge](https://bestpractices.coreinfrastructure.org/en/criteria/1): 7 -- [passing badge](https://bestpractices.coreinfrastructure.org/en/criteria/0): 5 -- in progress badge: 2 +full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. +Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement. -To earn the passing badge, the project MUST: - - - publish the process for reporting vulnerabilities on the project site - - provide a working build system that can automatically rebuild the software - from source code (where applicable) - - have a general policy that tests will be added to an automated test suite - when major new functionality is added - - meet various cryptography criteria where applicable - - have at least one primary developer who knows how to design secure software - - have at least one primary developer who knows of common kinds of errors - that lead to vulnerabilities in this kind of software (and at least one - method to counter or mitigate each of them) - - apply at least one static code analysis tool (beyond compiler warnings and - "safe" language modes) to any proposed major production release. +- [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10 +- [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7 +- [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5 +- in progress badge: 2 Some of these criteria overlap with other Scorecard checks. - +However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people). **Remediation steps** - Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/). diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 0321985e02f..0dd9c13a2ea 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -255,37 +255,21 @@ checks: description: | Risk: `Low` (possibly not following security best practices) - This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/), - which indicates that the project uses a set of security-focused best development practices for open + This check determines whether the project has earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org/) at the passing, silver, or gold level. + The OpenSSF Best Practices badge indicates whether or not that the project uses a set of security-focused best development practices for open source software. The check uses the URL for the Git repo and the OpenSSF Best Practices badge API. The OpenSSF Best Practices badge has 3 tiers: passing, silver, and gold. We give - full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a - significant achievement for many projects. Lower scores represent a project that - is at least working to achieve a badge, with increasingly more points awarded as - more criteria are met. - - - [gold badge](https://bestpractices.coreinfrastructure.org/en/criteria/2): 10 - - [silver badge](https://bestpractices.coreinfrastructure.org/en/criteria/1): 7 - - [passing badge](https://bestpractices.coreinfrastructure.org/en/criteria/0): 5 - - in progress badge: 2 + full credit to projects that meet the [gold criteria](https://bestpractices.coreinfrastructure.org/criteria/2), which is a significant achievement for projects and requires multiple developers in the project. + Lower scores represent a project that has met the silver criteria, met the passing criteria, or is working to achieve the passing badge, with increasingly more points awarded as more criteria are met. Note that even meeting the passing criteria is a significant achievement. - To earn the passing badge, the project MUST: - - - publish the process for reporting vulnerabilities on the project site - - provide a working build system that can automatically rebuild the software - from source code (where applicable) - - have a general policy that tests will be added to an automated test suite - when major new functionality is added - - meet various cryptography criteria where applicable - - have at least one primary developer who knows how to design secure software - - have at least one primary developer who knows of common kinds of errors - that lead to vulnerabilities in this kind of software (and at least one - method to counter or mitigate each of them) - - apply at least one static code analysis tool (beyond compiler warnings and - "safe" language modes) to any proposed major production release. + - [gold badge](https://bestpractices.coreinfrastructure.org/criteria/2): 10 + - [silver badge](https://bestpractices.coreinfrastructure.org/criteria/1): 7 + - [passing badge](https://bestpractices.coreinfrastructure.org/criteria/0): 5 + - in progress badge: 2 Some of these criteria overlap with other Scorecard checks. + However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people). remediation: - >- Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/). From c9140decabd8eb80f64fce87eefa3623eb2271ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 08:57:50 +0000 Subject: [PATCH 099/316] :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index e1fbc593a89..52f7cbf2ae1 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.3.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 github.com/go-git/go-git/v5 v5.6.1 github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 @@ -75,7 +75,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-github/v50 v50.2.0 // indirect + github.com/google/go-github/v52 v52.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -170,7 +170,7 @@ require ( golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 golang.org/x/net v0.9.0 // indirect - golang.org/x/oauth2 v0.6.0 // indirect + golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.7.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index c6c718c16d7..371714fce76 100644 --- a/go.sum +++ b/go.sum @@ -657,8 +657,8 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.3.0 h1:RRGTqFWOe++1YmvYmO0PvMGzYTaZ6f8X3Su8WKmM+Ds= -github.com/bradleyfalzon/ghinstallation/v2 v2.3.0/go.mod h1:8rdGt82ERhM7sjY5FLx2gV4aPhxn6YUE8XlDMKG1z/Y= +github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 h1:zYSzkoIwekCQAr6GT6KxISLt4YRS6kd4/ixfzMN+7yc= +github.com/bradleyfalzon/ghinstallation/v2 v2.4.0/go.mod h1:4MwZLSgBJJgg4i3nJwZJ95AMooSqN8fJDmegLVn9Q2U= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -1180,8 +1180,8 @@ github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6K github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk= -github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= +github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= +github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -2330,8 +2330,8 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From dd352a1d371b0a4955019f0b8a20b220bdcc0ff8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 11:55:23 +0000 Subject: [PATCH 100/316] :seedling: Bump sigstore/cosign-installer from 3.0.2 to 3.0.3 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9e9de2292db7abb3f51b7f4808d98f0d347a8919...204a51a57a74d190b284a0ce69b44bc37201f343) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 597c6fb59ef..83d93137cfc 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -61,7 +61,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 + uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 - name: Sign image run: | cosign sign ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From f3b777086fb670ed5b10b4d1d7257786d0daa6d6 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 26 Apr 2023 10:10:06 -0700 Subject: [PATCH 101/316] :seedling: Use Go version as specified by our go.mod file. (#2912) Signed-off-by: Spencer Schrock --- .github/workflows/publishimage.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 83d93137cfc..0c807d20111 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -20,12 +20,9 @@ on: push: branches: - main -env: - GO_VERSION: 1.17 jobs: - unit-test: - name: publishimage + publishimage: runs-on: ubuntu-latest permissions: contents: read @@ -46,10 +43,10 @@ jobs: - name: Setup Go uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: go.mod # use version from go.mod so it stays in sync check-latest: true - name: install ko - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa + uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: publishimage uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd with: From 813e9c64927f5b180e939f69933d746d25a5c17a Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Wed, 26 Apr 2023 11:25:52 -0700 Subject: [PATCH 102/316] =?UTF-8?q?=E2=9C=A8=20Add=20a=20new=20format=20fo?= =?UTF-8?q?r=20details=20(#2917)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon --- options/options.go | 18 +++++--- pkg/json.go | 99 ++--------------------------------------- pkg/scorecard_result.go | 4 +- 3 files changed, 17 insertions(+), 104 deletions(-) diff --git a/options/options.go b/options/options.go index a7d4d4d13c9..164c356b821 100644 --- a/options/options.go +++ b/options/options.go @@ -77,9 +77,13 @@ const ( // Formats. // FormatJSON specifies that results should be output in JSON format. FormatJSON = "json" - // FormatSJSON specifies that results should be output in structured JSON format, - // i.e., with the structured results. - FormatSJSON = "structured-json" + // FormatFJSON specifies that results should be output in JSON format, + // but with structured findings. + FormatFJSON = "finding" + // FormatPJSON specifies that results should be output in probe JSON format. + FormatPJSON = "probe" + // FormatSJSON specifies that results should be output in structured JSON format. + FormatSJSON = "structured" // FormatSarif specifies that results should be output in SARIF format. FormatSarif = "sarif" // FormatDefault specifies that results should be output in default format. @@ -159,7 +163,9 @@ func (o *Options) Validate() error { } if !o.isExperimentalEnabled() { - if o.Format == FormatSJSON { + if o.Format == FormatSJSON || + o.Format == FormatFJSON || + o.Format == FormatPJSON { errs = append( errs, errFormatSupportedWithExperimental, @@ -190,7 +196,6 @@ func (o *Options) Validate() error { errs, ) } - return nil } @@ -257,7 +262,8 @@ func (o *Options) isV6Enabled() bool { func validateFormat(format string) bool { switch format { - case FormatJSON, FormatSJSON, FormatSarif, FormatDefault, FormatRaw: + case FormatJSON, FormatSJSON, FormatFJSON, + FormatPJSON, FormatSarif, FormatDefault, FormatRaw: return true default: return false diff --git a/pkg/json.go b/pkg/json.go index 608f969f169..9179ac7becd 100644 --- a/pkg/json.go +++ b/pkg/json.go @@ -20,12 +20,9 @@ import ( "io" "time" - "github.com/ossf/scorecard/v4/checker" docs "github.com/ossf/scorecard/v4/docs/checks" sce "github.com/ossf/scorecard/v4/errors" - "github.com/ossf/scorecard/v4/finding" "github.com/ossf/scorecard/v4/log" - rules "github.com/ossf/scorecard/v4/rule" ) // nolint: govet @@ -87,32 +84,6 @@ type JSONScorecardResultV2 struct { Metadata []string `json:"metadata"` } -// nolint: govet -type jsonCheckResultV3 struct { - Risk rules.Risk `json:"risk"` - Outcome finding.Outcome `json:"outcome"` - Findings []finding.Finding `json:"findings"` - Score int `json:"score"` - Reason string `json:"reason"` - Name string `json:"name"` - // TODO(X): list of rules run. - // TODO(X): simplify the documentation for the overall check - // and add the rules that are used in the description. - Doc jsonCheckDocumentationV2 `json:"documentation"` -} - -// JSONScorecardResultV3 exports results as JSON for structured detail format. -// -//nolint:govet -type JSONScorecardResultV3 struct { - Date string `json:"date"` - Repo jsonRepoV2 `json:"repo"` - Scorecard jsonScorecardV2 `json:"scorecard"` - AggregateScore jsonFloatScore `json:"score"` - Checks []jsonCheckResultV3 `json:"checks"` - Metadata []string `json:"metadata"` -} - // AsJSON exports results as JSON for new detail format. func (r *ScorecardResult) AsJSON(showDetails bool, logLevel log.Level, writer io.Writer) error { encoder := json.NewEncoder(writer) @@ -196,6 +167,7 @@ func (r *ScorecardResult) AsJSON2(showDetails bool, } out.Checks = append(out.Checks, tmpResult) } + if err := encoder.Encode(out); err != nil { return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("encoder.Encode: %v", err)) } @@ -203,73 +175,8 @@ func (r *ScorecardResult) AsJSON2(showDetails bool, return nil } -func (r *ScorecardResult) AsSJSON(showDetails bool, +func (r *ScorecardResult) AsFJSON(showDetails bool, logLevel log.Level, checkDocs docs.Doc, writer io.Writer, ) error { - score, err := r.GetAggregateScore(checkDocs) - if err != nil { - return err - } - - encoder := json.NewEncoder(writer) - out := JSONScorecardResultV3{ - Repo: jsonRepoV2{ - Name: r.Repo.Name, - Commit: r.Repo.CommitSHA, - }, - Scorecard: jsonScorecardV2{ - Version: r.Scorecard.Version, - Commit: r.Scorecard.CommitSHA, - }, - Date: r.Date.Format("2006-01-02"), - Metadata: r.Metadata, - AggregateScore: jsonFloatScore(score), - } - - for _, checkResult := range r.Checks { - doc, e := checkDocs.GetCheck(checkResult.Name) - if e != nil { - return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("GetCheck: %s: %v", checkResult.Name, e)) - } - - tmpResult := jsonCheckResultV3{ - Name: checkResult.Name, - Doc: jsonCheckDocumentationV2{ - URL: doc.GetDocumentationURL(r.Scorecard.CommitSHA), - Short: doc.GetShort(), - }, - Reason: checkResult.Reason, - Score: checkResult.Score, - Risk: rules.RiskNone, - Outcome: finding.OutcomePositive, - } - if showDetails { - for i := range checkResult.Details { - if checkResult.Details[i].Type == checker.DetailDebug && logLevel != log.DebugLevel { - continue - } - - f := checkResult.Details[i].Msg.Finding - if f == nil { - continue - } - - if f.Risk.GreaterThan(tmpResult.Risk) { - tmpResult.Risk = f.Risk - } - - if f.Outcome.WorseThan(tmpResult.Outcome) { - tmpResult.Outcome = f.Outcome - } - - tmpResult.Findings = append(tmpResult.Findings, *f) - } - } - out.Checks = append(out.Checks, tmpResult) - } - if err := encoder.Encode(out); err != nil { - return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("encoder.Encode: %v", err)) - } - - return nil + return sce.WithMessage(sce.ErrScorecardInternal, "WIP: not supported") } diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index 1af8a08e143..2fd0c67e4fb 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -117,8 +117,8 @@ func FormatResults( err = results.AsSARIF(opts.ShowDetails, log.ParseLevel(opts.LogLevel), os.Stdout, doc, policy, opts) case options.FormatJSON: err = results.AsJSON2(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) - case options.FormatSJSON: - err = results.AsSJSON(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) + case options.FormatFJSON: + err = results.AsFJSON(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) case options.FormatRaw: err = results.AsRawJSON(os.Stdout) default: From 032f2998c0fd61fa1715ae2192942b310e4c4c64 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 26 Apr 2023 11:45:52 -0700 Subject: [PATCH 103/316] :seedling: Skip cosign confirmation prompt. (#2918) Signed-off-by: Spencer Schrock --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 0c807d20111..4150dfd2a9b 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -61,4 +61,4 @@ jobs: uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 - name: Sign image run: | - cosign sign ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} + cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From 2239b1338f956a08a4da85b2a8c26a4861b204ea Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 26 Apr 2023 12:13:34 -0700 Subject: [PATCH 104/316] :seedling: Included coverage metrics from other e2e (#2905) * :seedling: Included coverage metrics from other e2e - Update codecov to include multiple directories in the workflow integration [.github/workflows/integration.yml] - Update codecov files to include multiple directories Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updated based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/integration.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index baff4ed94e4..6cadebe3972 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -83,6 +83,5 @@ jobs: - name: codecov uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 with: - files: ./e2e-coverage.out + files: "*e2e-coverage.out" verbose: true - From 85ca86f5e15f6f620477f552446b95718049013b Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 26 Apr 2023 12:46:09 -0700 Subject: [PATCH 105/316] :seedling: Unit tests checks/evaluation/security_policy.go (#2916) - Add tests for security policy evaluation - Fix typo in comment [checks/evaluation/security_policy_test.go] - Add tests for `scoreSecurityCriteria` function - Calculate score based on file size and policy information type and value [checks/evaluation/security_policy.go] - Fix typo in comment from "vuls" to "vulnerability" Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/security_policy.go | 2 +- checks/evaluation/security_policy_test.go | 119 ++++++++++++++++++++++ 2 files changed, 120 insertions(+), 1 deletion(-) diff --git a/checks/evaluation/security_policy.go b/checks/evaluation/security_policy.go index 756c4927804..3512ad67e97 100644 --- a/checks/evaluation/security_policy.go +++ b/checks/evaluation/security_policy.go @@ -70,7 +70,7 @@ func scoreSecurityCriteria(f checker.File, // #3: found whole number(s) and or match(es) to "Disclos" and or "Vuln": score += 1 // rationale: works towards the intent of the security policy file // regarding whom to contact about vuls and disclosures and timing - // e.g., we'll disclose, report a vulnerabily, 30 days, etc. + // e.g., we'll disclose, report a vulnerability, 30 days, etc. // looking for at least 2 hits if discvuls > 1 { score += 1 diff --git a/checks/evaluation/security_policy_test.go b/checks/evaluation/security_policy_test.go index 5ee0e9aecc6..2c6e45fe9b2 100644 --- a/checks/evaluation/security_policy_test.go +++ b/checks/evaluation/security_policy_test.go @@ -114,3 +114,122 @@ func TestSecurityPolicy(t *testing.T) { }) } } + +func TestScoreSecurityCriteria(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + file checker.File + info []checker.SecurityPolicyInformation + expectedScore int + }{ + { + name: "Full score", + file: checker.File{ + Path: "/path/to/security_policy.md", + FileSize: 100, + }, + info: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationTypeEmail, + InformationValue: checker.SecurityPolicyValueType{ + Match: "security@example.com", + LineNumber: 2, + Offset: 0, + }, + }, + { + InformationType: checker.SecurityPolicyInformationTypeLink, + InformationValue: checker.SecurityPolicyValueType{ + Match: "https://example.com/report", + LineNumber: 4, + Offset: 0, + }, + }, + { + InformationType: checker.SecurityPolicyInformationTypeText, + InformationValue: checker.SecurityPolicyValueType{ + Match: "Disclose vulnerability", + LineNumber: 6, + Offset: 0, + }, + }, + { + InformationType: checker.SecurityPolicyInformationTypeText, + InformationValue: checker.SecurityPolicyValueType{ + Match: "30 days", + LineNumber: 7, + Offset: 0, + }, + }, + }, + expectedScore: 10, + }, + { + name: "Partial score", + file: checker.File{ + Path: "/path/to/security_policy.md", + FileSize: 50, + }, + info: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationTypeLink, + InformationValue: checker.SecurityPolicyValueType{ + Match: "https://example.com/report", + LineNumber: 4, + Offset: 0, + }, + }, + { + InformationType: checker.SecurityPolicyInformationTypeText, + InformationValue: checker.SecurityPolicyValueType{ + Match: "Disclose vulnerability", + LineNumber: 6, + Offset: 0, + }, + }, + }, + expectedScore: 9, + }, + { + name: "Low score", + file: checker.File{ + Path: "/path/to/security_policy.md", + FileSize: 10, + }, + info: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationTypeEmail, + InformationValue: checker.SecurityPolicyValueType{ + Match: "security@example.com", + LineNumber: 2, + Offset: 0, + }, + }, + }, + expectedScore: 6, + }, + { + name: "Low score", + file: checker.File{ + Path: "/path/to/security_policy.md", + FileSize: 5, + }, + info: []checker.SecurityPolicyInformation{}, + expectedScore: 3, + }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + mockDetailLogger := &scut.TestDetailLogger{} + score := scoreSecurityCriteria(tc.file, tc.info, mockDetailLogger) + + if score != tc.expectedScore { + t.Errorf("scoreSecurityCriteria() mismatch, expected score: %d, got: %d", tc.expectedScore, score) + } + }) + } +} From 3d0c5e0c141956c89a5fcbd500f8a832b3041164 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 21:19:16 +0000 Subject: [PATCH 106/316] :seedling: Bump github.com/google/osv-scanner (#2914) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.2-0.20230418234519-2c101c1b0e63 to 1.3.2. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.2) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 52f7cbf2ae1..cd612e4505c 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63 + github.com/google/osv-scanner v1.3.2 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.2 github.com/otiai10/copy v1.11.0 @@ -59,7 +59,7 @@ require ( cloud.google.com/go/containeranalysis v0.9.0 // indirect cloud.google.com/go/kms v1.10.0 // indirect github.com/BurntSushi/toml v1.2.1 // indirect - github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect + github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/andybalholm/brotli v1.0.4 // indirect github.com/apache/arrow/go/v11 v11.0.0 // indirect github.com/apache/thrift v0.16.0 // indirect @@ -168,7 +168,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.7.0 // indirect - golang.org/x/exp v0.0.0-20230321023759-10a507213a29 + golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 golang.org/x/net v0.9.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/sync v0.1.0 // indirect diff --git a/go.sum b/go.sum index 371714fce76..d537ff8870b 100644 --- a/go.sum +++ b/go.sum @@ -503,8 +503,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg= -github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= +github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE= +github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.2/go.mod h1:uqoR4sJc63p7ugW8a/vsEspOsNuehbi7ptS2CHCyOnY= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= @@ -1202,8 +1202,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63 h1:PvWBNgdGvP2rOb2HMK/gexbyeDuDAIr6G/ygvoqD810= -github.com/google/osv-scanner v1.3.2-0.20230418234519-2c101c1b0e63/go.mod h1:S073+vv2wokPkcuW47QOR5oHdDfIUYqbw2ZTYyOsMQw= +github.com/google/osv-scanner v1.3.2 h1:QA1t01fqRgVrJXta8Not5lfZgwACZmS/x8VlRCXnYJE= +github.com/google/osv-scanner v1.3.2/go.mod h1:sGfqI0OkLY9Dz9ByX6ul8T0OWIz1dHrlngwEEcjf76s= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1925,8 +1925,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -2169,8 +2169,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= -golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o= +golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= From 7586d2f272164f4f8c277f6888a843798e1c6306 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Apr 2023 11:37:46 -0500 Subject: [PATCH 107/316] :seedling: Bump github/codeql-action from 2.3.0 to 2.3.1 (#2920) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...8662eabe0e9f338a07350b7fd050732745f93848) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cd7f0cbf579..02a166615d0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 + uses: github/codeql-action/init@8662eabe0e9f338a07350b7fd050732745f93848 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 + uses: github/codeql-action/autobuild@8662eabe0e9f338a07350b7fd050732745f93848 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 + uses: github/codeql-action/analyze@8662eabe0e9f338a07350b7fd050732745f93848 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index b076b902d6b..b9647f28b27 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@b2c19fb9a2a485599ccf4ed5d65527d94bc57226 # v1 + uses: github/codeql-action/upload-sarif@8662eabe0e9f338a07350b7fd050732745f93848 # v1 with: sarif_file: results.sarif From 2d87611dbd4433822c339dd7bcaab3210ff0f100 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 08:57:16 +0000 Subject: [PATCH 108/316] :seedling: Bump tj-actions/changed-files from 35.9.0 to 35.9.1 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.0 to 35.9.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/ce810b29b28abf274afebdcd8fe47b8fba0f28bd...4a0aac0d19aa2838c6741fdf95a5276390418dc2) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2b9dd0e0a77..8703ba4d244 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@ce810b29b28abf274afebdcd8fe47b8fba0f28bd #v35.9.0 + uses: tj-actions/changed-files@4a0aac0d19aa2838c6741fdf95a5276390418dc2 #v35.9.1 with: files_ignore: '**.md' - id: docs_only_check From 273dccda33590b7b46e98e19a9154f9da5400521 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Apr 2023 13:19:40 +0000 Subject: [PATCH 109/316] :seedling: Bump github/codeql-action from 2.3.1 to 2.3.2 (#2924) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8662eabe0e9f338a07350b7fd050732745f93848...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 02a166615d0..7019b20c894 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8662eabe0e9f338a07350b7fd050732745f93848 # v1 + uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@8662eabe0e9f338a07350b7fd050732745f93848 # v1 + uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8662eabe0e9f338a07350b7fd050732745f93848 # v1 + uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index b9647f28b27..7f6bec2ead5 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@8662eabe0e9f338a07350b7fd050732745f93848 # v1 + uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 with: sarif_file: results.sarif From 3ccc659a22faad345ac7aebcc2f979bd6660b35e Mon Sep 17 00:00:00 2001 From: Gabriela Gutierrez Date: Fri, 28 Apr 2023 16:17:26 +0000 Subject: [PATCH 110/316] =?UTF-8?q?=F0=9F=90=9B=20Add=20pip=20installs=20t?= =?UTF-8?q?o=20Pinned-Dependencies=20score=20(#2922)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Add pip install to pinned dependencies score Signed-off-by: Gabriela Gutierrez * test: Fix pinned dependencies evaluation tests Considering the new pipInstalls dependencies in Pinned-Dependencies score, there are some changes. The "all dependencies pinned" test generates now one more Info log for "pip installs are all pinned". The "has 2 dependencies unpinned" test now one more Info log for "pip installs are all pinned" too, plus the total score has to weight now 5 scores instead of 4. The previous score was 10 for actionScore, 10 for dockerFromScore, 0 for dockerDownloadScore, because it's a downloadThenRun problem, another 0 for scriptScore, because it's a downloadThenRun problem, an here we have a bug of the same problem counting twice, but that gives a 20/4=5 for total score. Since we have pip install score, the current score counts a 10 for pipScore and that gives a 30/5=6 for total score. Signed-off-by: Gabriela Gutierrez * test: Fix pinned dependencies e2e tests Considering the new pipInstalls dependencies in Pinned-Dependencies score, there are some changes. The repo being tested, ossf-tests/scorecard-check-pinned-dependencies-e2e, has only third-party GitHub actions pinned. All other dependencies types are unpinned, including pip installs. This gives us 8 for actionScore and 0 for all other scores. Previously the total score was 8/4=2, and now the total score is 8/5=1.6, which rounds down to 1. Signed-off-by: Gabriela Gutierrez * test: Unpinned pip install score When having one unpinned pip install and all other dependencies pinned, the score should be 40/5=8. Also, it should raise 1 warning for the unpinned pip install, 5 infos saying the other dependency types are pinned (2 for GHAs, 2 for dockerfile image and downdloads and 1 for script downdloads), and 0 debug logs since the pip install dependency does not have an error message. Signed-off-by: Gabriela Gutierrez * test: Undefined pip install score When an error happens to parse a pip install dependency, the error/debug message is saved in "Msg" field. In this case, we were not able to define if the pip install is pinned or not. This dependency is classified as pinned undefined. We treat such cases as pinned cases, so it logs as Info that pip installs are all pinned and counts the score as 10. Then, the final score makes it to 10 as well. Since it logs the error/debug message, the Debug log goes to 1. Signed-off-by: Gabriela Gutierrez * test: All dependencies pinned score Signed-off-by: Gabriela Gutierrez * :seedling: Bump github/codeql-action from 2.3.0 to 2.3.1 (#2920) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...8662eabe0e9f338a07350b7fd050732745f93848) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: Gabriela Gutierrez Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/pinned_dependencies.go | 18 ++++++- checks/evaluation/pinned_dependencies_test.go | 49 +++++++++++++++++-- e2e/pinned_dependencies_test.go | 6 +-- 3 files changed, 66 insertions(+), 7 deletions(-) diff --git a/checks/evaluation/pinned_dependencies.go b/checks/evaluation/pinned_dependencies.go index 11c7d036ee5..d9133d76da4 100644 --- a/checks/evaluation/pinned_dependencies.go +++ b/checks/evaluation/pinned_dependencies.go @@ -121,14 +121,21 @@ func PinningDependencies(name string, c *checker.CheckRequest, return checker.CreateRuntimeErrorResult(name, err) } + // Pip installs. + pipScore, err := createReturnForIsPipInstallPinned(pr, dl) + if err != nil { + return checker.CreateRuntimeErrorResult(name, err) + } + // Scores may be inconclusive. actionScore = maxScore(0, actionScore) dockerFromScore = maxScore(0, dockerFromScore) dockerDownloadScore = maxScore(0, dockerDownloadScore) scriptScore = maxScore(0, scriptScore) + pipScore = maxScore(0, pipScore) score := checker.AggregateScores(actionScore, dockerFromScore, - dockerDownloadScore, scriptScore) + dockerDownloadScore, scriptScore, pipScore) if score == checker.MaxResultScore { return checker.CreateMaxScoreResult(name, "all dependencies are pinned") @@ -244,6 +251,15 @@ func createReturnForIsDockerfileFreeOfInsecureDownloads(pr map[checker.Dependenc dl) } +// Create the result for pip install commands. +func createReturnForIsPipInstallPinned(pr map[checker.DependencyUseType]pinnedResult, + dl checker.DetailLogger, +) (int, error) { + return createReturnValues(pr, checker.DependencyUseTypePipCommand, + "Pip installs are pinned", + dl) +} + func createReturnValues(pr map[checker.DependencyUseType]pinnedResult, t checker.DependencyUseType, infoMsg string, dl checker.DetailLogger, diff --git a/checks/evaluation/pinned_dependencies_test.go b/checks/evaluation/pinned_dependencies_test.go index 3028adf9128..7b3ad9f3199 100644 --- a/checks/evaluation/pinned_dependencies_test.go +++ b/checks/evaluation/pinned_dependencies_test.go @@ -109,7 +109,7 @@ func Test_PinningDependencies(t *testing.T) { Error: nil, Score: checker.MaxResultScore, NumberOfWarn: 0, - NumberOfInfo: 5, + NumberOfInfo: 6, NumberOfDebug: 1, }, }, @@ -128,9 +128,9 @@ func Test_PinningDependencies(t *testing.T) { }, expected: scut.TestReturn{ Error: nil, - Score: 5, + Score: 6, NumberOfWarn: 1, - NumberOfInfo: 3, + NumberOfInfo: 4, NumberOfDebug: 1, }, }, @@ -162,6 +162,49 @@ func Test_PinningDependencies(t *testing.T) { NumberOfDebug: 1, }, }, + { + name: "unpinned pip install", + dependencies: []checker.Dependency{ + { + Location: &checker.File{}, + Type: checker.DependencyUseTypePipCommand, + }, + }, + expected: scut.TestReturn{ + Error: nil, + Score: 8, + NumberOfWarn: 1, + NumberOfInfo: 5, + NumberOfDebug: 0, + }, + }, + { + name: "undefined pip install", + dependencies: []checker.Dependency{ + { + Location: &checker.File{}, + Type: checker.DependencyUseTypePipCommand, + Msg: asPointer("debug message"), + }, + }, + expected: scut.TestReturn{ + Error: nil, + Score: 10, + NumberOfWarn: 0, + NumberOfInfo: 6, + NumberOfDebug: 1, + }, + }, + { + name: "all dependencies pinned", + expected: scut.TestReturn{ + Error: nil, + Score: 10, + NumberOfWarn: 0, + NumberOfInfo: 6, + NumberOfDebug: 0, + }, + }, } for _, tt := range tests { diff --git a/e2e/pinned_dependencies_test.go b/e2e/pinned_dependencies_test.go index ad6b05683e5..aaec45dda63 100644 --- a/e2e/pinned_dependencies_test.go +++ b/e2e/pinned_dependencies_test.go @@ -49,7 +49,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 2, + Score: 1, NumberOfWarn: 139, NumberOfInfo: 1, NumberOfDebug: 0, @@ -74,7 +74,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 2, + Score: 1, NumberOfWarn: 139, NumberOfInfo: 1, NumberOfDebug: 0, @@ -110,7 +110,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { } expected := scut.TestReturn{ Error: nil, - Score: 2, + Score: 1, NumberOfWarn: 139, NumberOfInfo: 1, NumberOfDebug: 0, From 195767d90b700252d3faa4e3ae95d72728420495 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= Date: Sat, 29 Apr 2023 00:23:42 +0300 Subject: [PATCH 111/316] feature: enable verification for provenance (#2765) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Batuhan Apaydın --- .github/workflows/goreleaser.yaml | 32 ++++++++++++++++++++++++ .github/workflows/slsa-goreleaser.yml | 35 +++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index bd846291eab..d053401cdbe 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -76,3 +76,35 @@ jobs: with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release + + verification: + needs: [goreleaser, provenance] + runs-on: ubuntu-latest + permissions: read-all + steps: + - name: Install the verifier + uses: slsa-framework/slsa-verifier/actions/installer@v2.1.0 + + - name: Download assets + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}" + run: | + set -euo pipefail + gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "*.tar.gz" + gh -R "$GITHUB_REPOSITORY" release download "$GITHUB_REF_NAME" -p "$PROVENANCE" + - name: Verify assets + env: + CHECKSUMS: ${{ needs.goreleaser.outputs.hashes }} + PROVENANCE: "${{ needs.provenance.outputs.provenance-name }}" + run: | + set -euo pipefail + checksums=$(echo "$CHECKSUMS" | base64 -d) + while read -r line; do + fn=$(echo $line | cut -d ' ' -f2) + echo "Verifying $fn" + slsa-verifier verify-artifact --provenance-path "$PROVENANCE" \ + --source-uri "github.com/$GITHUB_REPOSITORY" \ + --source-tag "$GITHUB_REF_NAME" \ + "$fn" + done <<<"$checksums" diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 52a7b7e9c03..2649ad9c2e3 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -13,6 +13,7 @@ jobs: runs-on: ubuntu-latest outputs: ldflags: ${{ steps.ldflags.outputs.value }} + go-binary-name: ${{ steps.build.outputs.go-binary-name }} steps: - id: checkout uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 @@ -21,7 +22,6 @@ jobs: - id: ldflags run: | echo "value=$(./scripts/version-ldflags)" >> "$GITHUB_OUTPUT" - # Trusted builder. build: permissions: @@ -29,7 +29,38 @@ jobs: contents: write actions: read needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 # v1.2.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 #7f4fdb871876c23e455853d694197440c5a91506 with: go-version: 1.19 evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}" + + verification: + needs: + - build + runs-on: ubuntu-latest + permissions: read-all + steps: + - name: Install the verifier + uses: slsa-framework/slsa-verifier/actions/installer@v2.1.0 + + - name: Download the artifact + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: "${{ needs.build.outputs.go-binary-name }}.intoto.jsonl" + + - name: Download the artifact + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: ${{ needs.build.outputs.go-binary-name }} + + - name: Verify assets + env: + ARTIFACT: ${{ needs.build.outputs.go-binary-name }} + ATT_FILE_NAME: "${{ needs.build.outputs.go-binary-name }}.intoto.jsonl" + run: | + set -euo pipefail + + echo "Verifying $ARTIFACT using $ATT_FILE_NAME" + slsa-verifier verify-artifact --provenance-path "$ATT_FILE_NAME" \ + --source-uri "github.com/$GITHUB_REPOSITORY" \ + "$ARTIFACT" From 0b907ef4c068f978c7fe17732b0b2d7c206fe2fc Mon Sep 17 00:00:00 2001 From: Joyce Date: Sun, 30 Apr 2023 10:46:18 -0300 Subject: [PATCH 112/316] =?UTF-8?q?=F0=9F=93=96=20Add=20new=20frequently?= =?UTF-8?q?=20asked=20question=20to=20FAQ=20(#2923)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add trust dependabot question to FAQ Signed-off-by: Joyce * fix: update name to be more specific Signed-off-by: Joyce * Update faq.md Signed-off-by: Joyce * Fix: keep FAQ in ascending order Signed-off-by: Joyce --------- Signed-off-by: Joyce --- docs/faq.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/faq.md b/docs/faq.md index 0555d838031..0b461462c2c 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -10,6 +10,7 @@ This page answers frequently asked questions about Scorecard, including its purp ## Check-Specific Questions - [Binary-Artifacts: Can I allowlist testing artifacts?](#binary-artifacts-can-i-allowlist-testing-artifacts) - [Code-Review: Can it ignore bot commits?](#code-review-can-it-ignore-bot-commits) + - [Dependency-Update-Tool: Why should I trust recommended updates are safe?](#dependency-Update-Tool-why-should-i-trust-recommended-updates-are-safe) - [Fuzzing: Does Scorecard accept custom fuzzers?](#fuzzing-does-scorecard-accept-custom-fuzzers) - [Pinned-Dependencies: Will Scorecard detect unpinned dependencies in tests with Dockerfiles?](#pinned-dependencies-will-scorecard-detect-unpinned-dependencies-in-tests-with-dockerfiles) - [Pinned-Dependencies: Can I use version pinning instead of hash pinning?](#pinned-dependencies-can-i-use-version-pinning-instead-of-hash-pinning) @@ -56,6 +57,14 @@ This is quite a complex question. Right now, there is no way to do that. Here ar However, this is being discussed by the Scorecard Team ([#2302](https://github.com/ossf/scorecard/issues/2302)). +### Dependency-Update-Tool: Why should I trust recommended updates are safe? + +Both dependabot and renovatebot won't update your dependencies immediately. They have some precautions to make sure a release is reasonable / won't break your build (see [dependabot compatibility documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-compatibility-scores)). + +You can either configure the tools to only update your dependencies once a week or once a month. This way, if a malicious version is released, it's very likely that it'll be reported and removed before it even gets suggested to you. Besides, there's also the benefit that it gives you the chance to validate the new release before merging if you want to. + +Another configuration possibility that would limit even more the release updates only to trusted releases is enabling to only perform Security Updates, which means you only be notified about releases that fixes a previous vulnerability you might be exposed to. + ### Fuzzing: Does Scorecard accept custom fuzzers? Currently only for projects written in Go. @@ -80,3 +89,4 @@ Currently, the main benefit of [signed releases](checks.md#signed-releases) is t However, there are already moves to make it even more relevant. For example, the OpenSSF is working on [implementing signature verification for NPM packages](https://github.blog/2022-08-08-new-request-for-comments-on-improving-npm-security-with-sigstore-is-now-open/) which would allow a consumer to automatically verify if the package they are downloading was generated through a reliable builder and if it is correctly signed. Signing releases already has some relevance and it will soon offer even more security benefits for both consumers and maintainers. + From 3564a6dab03c735467010caff5250cbc0d3f4301 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 May 2023 07:52:45 -0500 Subject: [PATCH 113/316] :seedling: Bump slsa-framework/slsa-verifier from 2.1.0 to 2.2.0 (#2930) Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index d053401cdbe..de8b6e5a7b7 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -83,7 +83,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.1.0 + uses: slsa-framework/slsa-verifier/actions/installer@v2.2.0 - name: Download assets env: diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 2649ad9c2e3..2ea67fe5e03 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -41,7 +41,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.1.0 + uses: slsa-framework/slsa-verifier/actions/installer@v2.2.0 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 From 7e24163646b4472f76b0be141f1b7226f4205651 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 1 May 2023 09:26:31 -0500 Subject: [PATCH 114/316] :seedling: Additional e2e clients/githubrepo/branches.go (#2931) - Add a test for getting the default branch - Add tests for getting and querying a branch - Add an error check for non-existent branch - Add an error check for non-HEAD query Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/branches_e2e_test.go | 72 +++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/clients/githubrepo/branches_e2e_test.go b/clients/githubrepo/branches_e2e_test.go index 7b1a4214c8b..92b9406fcc8 100644 --- a/clients/githubrepo/branches_e2e_test.go +++ b/clients/githubrepo/branches_e2e_test.go @@ -47,6 +47,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Expect(brancheshandler.data.RateLimit.Cost).ShouldNot(BeNil()) Expect(*brancheshandler.data.RateLimit.Cost).Should(BeNumerically("<=", 1)) }) + It("Should fail for non-HEAD query", func() { skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") @@ -60,4 +61,75 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Expect(brancheshandler.data).Should(BeNil()) }) }) + + Context("E2E TEST: Get default branch", func() { + It("Should return the correct default branch", func() { + skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + brancheshandler.init(context.Background(), repourl) + Expect(brancheshandler.getDefaultBranch()).ShouldNot(BeNil()) + Expect(brancheshandler.getDefaultBranch()).Should(Equal("main")) + }) + }) + Context("E2E TEST: getBranch", func() { + It("Should return a branch", func() { + skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + brancheshandler.init(context.Background(), repourl) + + branchRef, err := brancheshandler.getBranch("main") + Expect(err).Should(BeNil()) + Expect(branchRef).ShouldNot(BeNil()) + }) + + It("Should return an error for non-existent branch", func() { + skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + brancheshandler.init(context.Background(), repourl) + + branchRef, err := brancheshandler.getBranch("non-existent-branch") + Expect(err).ShouldNot(BeNil()) + Expect(branchRef).Should(BeNil()) + }) + }) + Context("E2E TEST: query branch", func() { + It("Should return a branch", func() { + skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + brancheshandler.init(context.Background(), repourl) + Expect(brancheshandler.query("main")).ShouldNot(BeNil()) + }) + + It("Should fail for non-HEAD query", func() { + skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: "de5224bbc56eceb7a25aece55d2d53bbc561ed2d", + } + brancheshandler.init(context.Background(), repourl) + Expect(brancheshandler.query("main")).Should(BeNil()) + }) + }) }) From 72e697786c7a66ed8967c93557a7c9ead3952a34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 May 2023 10:00:27 -0500 Subject: [PATCH 115/316] :seedling: Bump tj-actions/changed-files from 35.9.1 to 35.9.2 (#2933) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.1 to 35.9.2. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/4a0aac0d19aa2838c6741fdf95a5276390418dc2...b2d17f51244a144849c6b37a3a6791b98a51d86f) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 8703ba4d244..59e5befcebf 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -41,7 +41,7 @@ jobs: fetch-depth: 2 - id: files name: Get changed files - uses: tj-actions/changed-files@4a0aac0d19aa2838c6741fdf95a5276390418dc2 #v35.9.1 + uses: tj-actions/changed-files@b2d17f51244a144849c6b37a3a6791b98a51d86f #v35.9.2 with: files_ignore: '**.md' - id: docs_only_check From 700faf1d2d6a023ba02bdcce591101f9e22f18c1 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 2 May 2023 11:32:40 -0700 Subject: [PATCH 116/316] :bug: Add nil check before accessing a step's uses value. (#2935) Signed-off-by: Spencer Schrock --- checks/sast.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/sast.go b/checks/sast.go index a9f3d0ad213..423767f842e 100644 --- a/checks/sast.go +++ b/checks/sast.go @@ -262,7 +262,7 @@ var searchGitHubActionWorkflowCodeQL fileparser.DoWhileTrueOnFileContent = func( for _, job := range workflow.Jobs { for _, step := range job.Steps { e, ok := step.Exec.(*actionlint.ExecAction) - if !ok { + if !ok || e == nil || e.Uses == nil { continue } // Parse out repo / SHA. From a4da39a7798ef1391170627e62b9844d9b47bfdc Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Tue, 2 May 2023 17:42:32 -0700 Subject: [PATCH 117/316] =?UTF-8?q?=E2=9C=A8=20[experimental]=20Create=20p?= =?UTF-8?q?robes=20within=20findings=20(#2919)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon --- ...gitHubWorkflowPermissionsStepsNoWrite.yml} | 5 +- ...> gitHubWorkflowPermissionsTopNoWrite.yml} | 7 +- checks/evaluation/permissions/permissions.go | 66 ++++--- checks/permissions_test.go | 6 +- finding/finding.go | 157 ++++++++++++--- finding/finding_test.go | 102 +++++----- finding/probe/probe.go | 183 ++++++++++++++++++ finding/probe/probe_test.go | 109 +++++++++++ finding/probe/testdata/all-fields.yml | 16 ++ .../testdata/invalid-effort.yml} | 5 +- .../testdata/missing-id.yml} | 2 - finding/testdata/effort-high.yml | 3 +- finding/testdata/effort-low.yml | 3 +- finding/testdata/metadata-variables.yml | 7 +- pkg/common.go | 4 +- pkg/sarif.go | 2 +- 16 files changed, 545 insertions(+), 132 deletions(-) rename checks/evaluation/permissions/{GitHubWorkflowPermissionsStepsNoWrite.yml => gitHubWorkflowPermissionsStepsNoWrite.yml} (87%) rename checks/evaluation/permissions/{GitHubWorkflowPermissionsTopNoWrite.yml => gitHubWorkflowPermissionsTopNoWrite.yml} (85%) create mode 100644 finding/probe/probe.go create mode 100644 finding/probe/probe_test.go create mode 100644 finding/probe/testdata/all-fields.yml rename finding/{testdata/risk-high.yml => probe/testdata/invalid-effort.yml} (85%) rename finding/{testdata/risk-low.yml => probe/testdata/missing-id.yml} (90%) diff --git a/checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml b/checks/evaluation/permissions/gitHubWorkflowPermissionsStepsNoWrite.yml similarity index 87% rename from checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml rename to checks/evaluation/permissions/gitHubWorkflowPermissionsStepsNoWrite.yml index d4d81e22724..171f8503fb1 100644 --- a/checks/evaluation/permissions/GitHubWorkflowPermissionsStepsNoWrite.yml +++ b/checks/evaluation/permissions/gitHubWorkflowPermissionsStepsNoWrite.yml @@ -12,8 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +id: gitHubWorkflowPermissionsStepsNoWrite short: Checks that GitHub workflows do not have steps with dangerous write permissions -desc: This rule checks that GitHub workflows do not have steps with dangerous write permissions motivation: > Even with permissions default set to read, some scopes having write permissions in their steps brings incurs a risk to the project. By giving write permission to the Actions you call in jobs, an external Action you call could abuse them. Depending on the permissions, @@ -21,10 +21,9 @@ motivation: > For more information about the scopes and the vulnerabilities involved, see https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions. implementation: > - The rule is implemented by checking whether the `permissions` keyword is given non-write permissions for the following + The probe is implemented by checking whether the `permissions` keyword is given non-write permissions for the following scopes: `statuses`, `checks`, `security-events`, `deployments`, `contents`, `packages`, `actions`. Write permissions given to recognized packaging actions or commands are allowed and are considered an acceptable risk. -risk: Medium remediation: effort: High text: diff --git a/checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml b/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml similarity index 85% rename from checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml rename to checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml index e15475925cf..65c89173c92 100644 --- a/checks/evaluation/permissions/GitHubWorkflowPermissionsTopNoWrite.yml +++ b/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml @@ -12,8 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +id: gitHubWorkflowPermissionsTopNoWrite short: Checks that GitHub workflows do not have default write permissions -desc: This rule checks that GitHub workflows do not have default write permissions motivation: > If no permissions are declared, a workflow's GitHub token's permissions default to write for all scopes. This include write permissions to push to the repository, to read encrypted secrets, etc. @@ -21,16 +21,15 @@ motivation: > implementation: > The rule is implemented by checking whether the `permissions` keyword is defined at the top of the workflow, and that no write permissions are given. -risk: High remediation: effort: Low text: - - Visit https://app.stepsecurity.io/secureworkflow/${{ repo }}/${{ workflow }}/${{ branch }}?enable=permissions + - Visit https://app.stepsecurity.io/secureworkflow/${{ metadata.repo }}/${{ metadata.workflow }}/${{ metadata.branch }}?enable=permissions - Tick the 'Restrict permissions for GITHUB_TOKEN' - Untick other options - "NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead." markdown: - - Visit [https://app.stepsecurity.io/secureworkflow](https://app.stepsecurity.io/secureworkflow/${{ repo }}/${{ workflow }}/${{ branch }}?enable=permissions). + - Visit [https://app.stepsecurity.io/secureworkflow](https://app.stepsecurity.io/secureworkflow/${{ metadata.repo }}/${{ metadata.workflow }}/${{ metadata.branch }}?enable=permissions). - Tick the 'Restrict permissions for GITHUB_TOKEN' - Untick other options - "NOTE: If you want to resolve multiple issues at once, you can visit [https://app.stepsecurity.io/securerepo](https://app.stepsecurity.io/securerepo) instead." diff --git a/checks/evaluation/permissions/permissions.go b/checks/evaluation/permissions/permissions.go index a661c372dae..ed8b0cbc21d 100644 --- a/checks/evaluation/permissions/permissions.go +++ b/checks/evaluation/permissions/permissions.go @@ -26,13 +26,18 @@ import ( ) //go:embed *.yml -var rules embed.FS +var probes embed.FS type permissions struct { topLevelWritePermissions map[string]bool jobLevelWritePermissions map[string]bool } +var ( + stepsNoWriteID = "gitHubWorkflowPermissionsStepsNoWrite" + topNoWriteID = "gitHubWorkflowPermissionsTopNoWrite" +) + // TokenPermissions applies the score policy for the Token-Permissions check. func TokenPermissions(name string, c *checker.CheckRequest, r *checker.TokenPermissionsData) checker.CheckResult { if r == nil { @@ -67,9 +72,9 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq dl := c.Dlogger //nolint:errcheck remediationMetadata, _ := remediation.New(c) - negativeRuleResults := map[string]bool{ - "GitHubWorkflowPermissionsStepsNoWrite": false, - "GitHubWorkflowPermissionsTopNoWrite": false, + negativeProbeResults := map[string]bool{ + stepsNoWriteID: false, + topNoWriteID: false, } for _, r := range results.TokenPermissions { @@ -77,14 +82,12 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq if r.File != nil { loc = &finding.Location{ Type: r.File.Type, - Value: r.File.Path, + Path: r.File.Path, LineStart: &r.File.Offset, } if r.File.Snippet != "" { loc.Snippet = &r.File.Snippet } - - loc.Value = r.File.Path } text, err := createText(r) @@ -112,7 +115,7 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq // We warn only for top-level. if *r.LocationType == checker.PermissionLocationTop { - warnWithRemediation(dl, msg, remediationMetadata, loc, negativeRuleResults) + warnWithRemediation(dl, msg, remediationMetadata, loc, negativeProbeResults) } else { dl.Debug(msg) } @@ -123,7 +126,7 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq } case checker.PermissionLevelWrite: - warnWithRemediation(dl, msg, remediationMetadata, loc, negativeRuleResults) + warnWithRemediation(dl, msg, remediationMetadata, loc, negativeProbeResults) // Group results by workflow name for score computation. if err := updateWorkflowHashMap(hm, r); err != nil { @@ -132,7 +135,7 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq } } - if err := reportDefaultFindings(results, c.Dlogger, negativeRuleResults); err != nil { + if err := reportDefaultFindings(results, c.Dlogger, negativeProbeResults); err != nil { return checker.InconclusiveResultScore, err } @@ -140,17 +143,18 @@ func applyScorePolicy(results *checker.TokenPermissionsData, c *checker.CheckReq } func reportDefaultFindings(results *checker.TokenPermissionsData, - dl checker.DetailLogger, negativeRuleResults map[string]bool, + dl checker.DetailLogger, negativeProbeResults map[string]bool, ) error { + // TODO(#2928): re-visit the need for NotApplicable outcome. // No workflow files exist. if len(results.TokenPermissions) == 0 { text := "no workflows found in the repository" - if err := reportFinding("GitHubWorkflowPermissionsStepsNoWrite", - text, finding.OutcomeNotApplicable, dl); err != nil { + if err := reportFinding(stepsNoWriteID, + text, finding.OutcomeNotAvailable, dl); err != nil { return err } - if err := reportFinding("GitHubWorkflowPermissionsTopNoWrite", - text, finding.OutcomeNotApplicable, dl); err != nil { + if err := reportFinding(topNoWriteID, + text, finding.OutcomeNotAvailable, dl); err != nil { return err } return nil @@ -158,12 +162,12 @@ func reportDefaultFindings(results *checker.TokenPermissionsData, // Workflow files found, report positive findings if no // negative findings were found. - // NOTE: we don't consider rule `GitHubWorkflowPermissionsTopNoWrite` + // NOTE: we don't consider probe `topNoWriteID` // because positive results are already reported. - found := negativeRuleResults["GitHubWorkflowPermissionsStepsNoWrite"] + found := negativeProbeResults[stepsNoWriteID] if !found { text := fmt.Sprintf("no %s write permissions found", checker.PermissionLocationJob) - if err := reportFinding("GitHubWorkflowPermissionsStepsNoWrite", + if err := reportFinding(stepsNoWriteID, text, finding.OutcomePositive, dl); err != nil { return err } @@ -172,8 +176,12 @@ func reportDefaultFindings(results *checker.TokenPermissionsData, return nil } -func reportFinding(rule, text string, o finding.Outcome, dl checker.DetailLogger) error { - f, err := finding.New(rules, rule) +func reportFinding(probe, text string, o finding.Outcome, dl checker.DetailLogger) error { + content, err := probes.ReadFile(probe + ".yml") + if err != nil { + return fmt.Errorf("%w", err) + } + f, err := finding.FromBytes(content, probe) if err != nil { return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } @@ -185,11 +193,15 @@ func reportFinding(rule, text string, o finding.Outcome, dl checker.DetailLogger } func createLogMsg(loct *checker.PermissionLocation) (*checker.LogMessage, error) { - Rule := "GitHubWorkflowPermissionsStepsNoWrite" + probe := stepsNoWriteID if loct == nil || *loct == checker.PermissionLocationTop { - Rule = "GitHubWorkflowPermissionsTopNoWrite" + probe = topNoWriteID + } + content, err := probes.ReadFile(probe + ".yml") + if err != nil { + return nil, fmt.Errorf("%w", err) } - f, err := finding.New(rules, Rule) + f, err := finding.FromBytes(content, probe) if err != nil { return nil, sce.WithMessage(sce.ErrScorecardInternal, err.Error()) @@ -201,19 +213,19 @@ func createLogMsg(loct *checker.PermissionLocation) (*checker.LogMessage, error) func warnWithRemediation(logger checker.DetailLogger, msg *checker.LogMessage, rem *remediation.RemediationMetadata, loc *finding.Location, - negativeRuleResults map[string]bool, + negativeProbeResults map[string]bool, ) { - if loc != nil && loc.Value != "" { + if loc != nil && loc.Path != "" { msg.Finding = msg.Finding.WithRemediationMetadata(map[string]string{ "repo": rem.Repo, "branch": rem.Branch, - "workflow": strings.TrimPrefix(loc.Value, ".github/workflows/"), + "workflow": strings.TrimPrefix(loc.Path, ".github/workflows/"), }) } logger.Warn(msg) // Record that we found a negative result. - negativeRuleResults[msg.Finding.Rule] = true + negativeProbeResults[msg.Finding.Probe] = true } func recordPermissionWrite(hm map[string]permissions, path string, diff --git a/checks/permissions_test.go b/checks/permissions_test.go index 066ed36f818..189156f3c25 100644 --- a/checks/permissions_test.go +++ b/checks/permissions_test.go @@ -319,8 +319,8 @@ func TestGithubTokenPermissions(t *testing.T) { Error: nil, Score: checker.MaxResultScore, NumberOfWarn: 0, - NumberOfInfo: 2, // This is constant. - NumberOfDebug: 8, // This is 4 + (number of actions) + NumberOfInfo: 2, // This is constant. + NumberOfDebug: 8, // This is 4 + (number of actions) }, }, { @@ -488,7 +488,7 @@ func TestGithubTokenPermissionsLineNumber(t *testing.T) { logMessage.Finding.Location != nil && logMessage.Finding.Location.LineStart != nil && *logMessage.Finding.Location.LineStart == expectedLog.lineNumber && - logMessage.Finding.Location.Value == p && + logMessage.Finding.Location.Path == p && logType == checker.DetailWarn } if !scut.ValidateLogMessage(isExpectedLog, &dl) { diff --git a/finding/finding.go b/finding/finding.go index d9c2d72d77d..c2c23f387fd 100644 --- a/finding/finding.go +++ b/finding/finding.go @@ -16,10 +16,13 @@ package finding import ( "embed" + "errors" "fmt" "strings" - "github.com/ossf/scorecard/v4/rule" + "gopkg.in/yaml.v3" + + "github.com/ossf/scorecard/v4/finding/probe" ) // FileType is the type of a file. @@ -42,7 +45,7 @@ const ( // nolint: govet type Location struct { Type FileType `json:"type"` - Value string `json:"value"` + Path string `json:"path"` LineStart *uint `json:"lineStart,omitempty"` LineEnd *uint `json:"lineEnd,omitempty"` Snippet *string `json:"snippet,omitempty"` @@ -51,13 +54,33 @@ type Location struct { // Outcome is the result of a finding. type Outcome int +// TODO(#2928): re-visit the finding definitions. const ( + // NOTE: The additional '_' are intended for future use. + // This allows adding outcomes without breaking the values + // of existing outcomes. // OutcomeNegative indicates a negative outcome. OutcomeNegative Outcome = iota + _ + _ + _ + // OutcomeNotAvailable indicates an unavailable outcome, + // typically because an API call did not return an answer. + OutcomeNotAvailable + _ + _ + _ + // OutcomeError indicates an errors while running. + // The results could not be determined. + OutcomeError + _ + _ + _ // OutcomePositive indicates a positive outcome. OutcomePositive - // OutcomeNotApplicable indicates a non-applicable outcome. - OutcomeNotApplicable + _ + _ + _ // OutcomeNotSupported indicates a non-supported outcome. OutcomeNotSupported ) @@ -65,32 +88,92 @@ const ( // Finding represents a finding. // nolint: govet type Finding struct { - Rule string `json:"rule"` - Outcome Outcome `json:"outcome"` - Risk rule.Risk `json:"risk"` - Message string `json:"message"` - Location *Location `json:"location,omitempty"` - Remediation *rule.Remediation `json:"remediation,omitempty"` + Probe string `json:"probe"` + Outcome Outcome `json:"outcome"` + Message string `json:"message"` + Location *Location `json:"location,omitempty"` + Remediation *probe.Remediation `json:"remediation,omitempty"` } -// New creates a new finding. -func New(loc embed.FS, ruleID string) (*Finding, error) { - r, err := rule.New(loc, ruleID) +// AnonymousFinding is a finding without a corerpsonding probe ID. +type AnonymousFinding struct { + Finding + // Remove the probe ID from + // the structure until the probes are GA. + Probe string `json:"probe,omitempty"` +} + +var errInvalid = errors.New("invalid") + +// FromBytes creates a finding for a probe given its config file's content. +func FromBytes(content []byte, probeID string) (*Finding, error) { + p, err := probe.FromBytes(content, probeID) if err != nil { // nolint return nil, err } f := &Finding{ - Rule: ruleID, + Probe: p.ID, + Outcome: OutcomeNegative, + Remediation: p.Remediation, + } + return f, nil +} + +// New creates a new finding. +func New(loc embed.FS, probeID string) (*Finding, error) { + p, err := probe.New(loc, probeID) + if err != nil { + return nil, fmt.Errorf("%w", err) + } + + f := &Finding{ + Probe: p.ID, Outcome: OutcomeNegative, - Remediation: r.Remediation, + Remediation: p.Remediation, } - if r.Remediation != nil { - f.Risk = r.Risk + return f, nil +} + +// NewWith create a finding with the desried location and outcome. +func NewWith(efs embed.FS, probeID, text string, loc *Location, + o Outcome, +) (*Finding, error) { + f, err := New(efs, probeID) + if err != nil { + return nil, fmt.Errorf("finding.New: %w", err) } + + f = f.WithMessage(text).WithOutcome(o).WithLocation(loc) return f, nil } +// NewWith create a negative finding with the desried location. +func NewNegative(efs embed.FS, probeID, text string, loc *Location, +) (*Finding, error) { + return NewWith(efs, probeID, text, loc, OutcomeNegative) +} + +// NewNotAvailable create a finding with a NotAvailable outcome and the desried location. +func NewNotAvailable(efs embed.FS, probeID, text string, loc *Location, +) (*Finding, error) { + return NewWith(efs, probeID, text, loc, OutcomeNotAvailable) +} + +// NewPositive create a positive finding with the desried location. +func NewPositive(efs embed.FS, probeID, text string, loc *Location, +) (*Finding, error) { + return NewWith(efs, probeID, text, loc, OutcomePositive) +} + +// Anonymize removes the probe ID and outcome +// from the finding. It is a temporary solution +// to integrate the code in the details without exposing +// too much information. +func (f *Finding) Anonymize() *AnonymousFinding { + return &AnonymousFinding{Finding: *f} +} + // WithMessage adds a message to an existing finding. // No copy is made. func (f *Finding) WithMessage(text string) *Finding { @@ -102,6 +185,13 @@ func (f *Finding) WithMessage(text string) *Finding { // No copy is made. func (f *Finding) WithLocation(loc *Location) *Finding { f.Location = loc + if f.Remediation != nil && f.Location != nil { + // Replace location data. + f.Remediation.Text = strings.Replace(f.Remediation.Text, + "${{ finding.location.path }}", f.Location.Path, -1) + f.Remediation.Markdown = strings.Replace(f.Remediation.Markdown, + "${{ finding.location.path }}", f.Location.Path, -1) + } return f } @@ -109,6 +199,8 @@ func (f *Finding) WithLocation(loc *Location) *Finding { // No copy is made. func (f *Finding) WithPatch(patch *string) *Finding { f.Remediation.Patch = patch + // NOTE: we will update the remediation section + // using patch information, e.g. ${{ patch.content }}. return f } @@ -131,16 +223,37 @@ func (f *Finding) WithRemediationMetadata(values map[string]string) *Finding { if f.Remediation != nil { // Replace all dynamic values. for k, v := range values { + // Replace metadata. f.Remediation.Text = strings.Replace(f.Remediation.Text, - fmt.Sprintf("${{ %s }}", k), v, -1) + fmt.Sprintf("${{ metadata.%s }}", k), v, -1) f.Remediation.Markdown = strings.Replace(f.Remediation.Markdown, - fmt.Sprintf("${{ %s }}", k), v, -1) + fmt.Sprintf("${{ metadata.%s }}", k), v, -1) } } return f } -// WorseThan compares outcomes. -func (o *Outcome) WorseThan(oo Outcome) bool { - return *o < oo +// UnmarshalYAML is a custom unmarshalling function +// to transform the string into an enum. +func (o *Outcome) UnmarshalYAML(n *yaml.Node) error { + var str string + if err := n.Decode(&str); err != nil { + return fmt.Errorf("decode: %w", err) + } + + switch n.Value { + case "Negative": + *o = OutcomeNegative + case "Positive": + *o = OutcomePositive + case "NotAvailable": + *o = OutcomeNotAvailable + case "NotSupported": + *o = OutcomeNotSupported + case "Error": + *o = OutcomeError + default: + return fmt.Errorf("%w: %q", errInvalid, str) + } + return nil } diff --git a/finding/finding_test.go b/finding/finding_test.go index f45865580e3..bda8e7405a5 100644 --- a/finding/finding_test.go +++ b/finding/finding_test.go @@ -15,24 +15,21 @@ package finding import ( - "embed" "errors" + "os" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - "github.com/ossf/scorecard/v4/rule" + "github.com/ossf/scorecard/v4/finding/probe" ) func errCmp(e1, e2 error) bool { return errors.Is(e1, e2) || errors.Is(e2, e1) } -//go:embed testdata/* -var testfs embed.FS - -func Test_New(t *testing.T) { +func Test_FromBytes(t *testing.T) { snippet := "some code snippet" patch := "some patch values" sline := uint(10) @@ -44,106 +41,92 @@ func Test_New(t *testing.T) { tests := []struct { name string id string + path string outcome *Outcome err error metadata map[string]string finding *Finding }{ - { - name: "risk high", - id: "testdata/risk-high", - outcome: &negativeOutcome, - finding: &Finding{ - Rule: "testdata/risk-high", - Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ - Text: "step1\nstep2 https://www.google.com/something", - Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", - Effort: rule.RemediationEffortLow, - }, - }, - }, { name: "effort low", - id: "testdata/effort-low", + id: "effort-low", + path: "testdata/effort-low.yml", outcome: &negativeOutcome, finding: &Finding{ - Rule: "testdata/effort-low", + Probe: "effort-low", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 https://www.google.com/something", Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", - Effort: rule.RemediationEffortLow, + Effort: probe.RemediationEffortLow, }, }, }, { name: "effort high", - id: "testdata/effort-high", + id: "effort-high", + path: "testdata/effort-high.yml", outcome: &negativeOutcome, finding: &Finding{ - Rule: "testdata/effort-high", + Probe: "effort-high", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 https://www.google.com/something", Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", - Effort: rule.RemediationEffortHigh, + Effort: probe.RemediationEffortHigh, }, }, }, { name: "env variables", - id: "testdata/metadata-variables", + id: "metadata-variables", + path: "testdata/metadata-variables.yml", outcome: &negativeOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ - Rule: "testdata/metadata-variables", + Probe: "metadata-variables", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", - Effort: rule.RemediationEffortLow, + Effort: probe.RemediationEffortLow, }, }, }, { name: "patch", - id: "testdata/metadata-variables", + id: "metadata-variables", + path: "testdata/metadata-variables.yml", outcome: &negativeOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ - Rule: "testdata/metadata-variables", + Probe: "metadata-variables", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", - Effort: rule.RemediationEffortLow, + Effort: probe.RemediationEffortLow, Patch: &patch, }, }, }, { name: "location", - id: "testdata/metadata-variables", + id: "metadata-variables", + path: "testdata/metadata-variables.yml", outcome: &negativeOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ - Rule: "testdata/metadata-variables", + Probe: "metadata-variables", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", - Effort: rule.RemediationEffortLow, + Effort: probe.RemediationEffortLow, }, Location: &Location{ Type: FileTypeSource, - Value: "path/to/file.txt", + Path: "path/to/file.txt", LineStart: &sline, LineEnd: &eline, Snippet: &snippet, @@ -152,29 +135,29 @@ func Test_New(t *testing.T) { }, { name: "text", - id: "testdata/metadata-variables", + id: "metadata-variables", + path: "testdata/metadata-variables.yml", outcome: &negativeOutcome, metadata: map[string]string{"branch": "master", "repo": "ossf/scorecard"}, finding: &Finding{ - Rule: "testdata/metadata-variables", + Probe: "metadata-variables", Outcome: OutcomeNegative, - Risk: rule.RiskHigh, - Remediation: &rule.Remediation{ + Remediation: &probe.Remediation{ Text: "step1\nstep2 google.com/ossf/scorecard@master", Markdown: "step1\nstep2 [google.com/ossf/scorecard@master](google.com/ossf/scorecard@master)", - Effort: rule.RemediationEffortLow, + Effort: probe.RemediationEffortLow, }, Message: "some text", }, }, { - name: "outcome", - id: "testdata/metadata-variables", + name: "positive outcome", + id: "metadata-variables", + path: "testdata/metadata-variables.yml", outcome: &positiveOutcome, finding: &Finding{ - Rule: "testdata/metadata-variables", + Probe: "metadata-variables", Outcome: OutcomePositive, - Risk: rule.RiskHigh, Message: "some text", }, }, @@ -184,7 +167,12 @@ func Test_New(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - r, err := New(testfs, tt.id) + content, err := os.ReadFile(tt.path) + if err != nil { + t.Fatalf(err.Error()) + } + + r, err := FromBytes(content, tt.id) if err != nil || tt.err != nil { if !errCmp(err, tt.err) { t.Fatalf("unexpected error: %v", cmp.Diff(err, tt.err, cmpopts.EquateErrors())) diff --git a/finding/probe/probe.go b/finding/probe/probe.go new file mode 100644 index 00000000000..1db07e8e504 --- /dev/null +++ b/finding/probe/probe.go @@ -0,0 +1,183 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package probe + +import ( + "embed" + "errors" + "fmt" + "strings" + + "gopkg.in/yaml.v3" +) + +var errInvalid = errors.New("invalid") + +// RemediationEffort indicates the estimated effort necessary to remediate a finding. +type RemediationEffort int + +const ( + // RemediationEffortNone indicates a no remediation effort. + RemediationEffortNone RemediationEffort = iota + // RemediationEffortLow indicates a low remediation effort. + RemediationEffortLow + // RemediationEffortMedium indicates a medium remediation effort. + RemediationEffortMedium + // RemediationEffortHigh indicates a high remediation effort. + RemediationEffortHigh +) + +// Remediation represents the remediation for a finding. +type Remediation struct { + // Patch for machines. + Patch *string `json:"patch,omitempty"` + // Text for humans. + Text string `json:"text"` + // Text in markdown format for humans. + Markdown string `json:"markdown"` + // Effort to remediate. + Effort RemediationEffort `json:"effort"` +} + +// nolint: govet +type yamlRemediation struct { + Text []string `yaml:"text"` + Markdown []string `yaml:"markdown"` + Effort RemediationEffort `yaml:"effort"` +} + +// nolint: govet +type yamlProbe struct { + ID string `yaml:"id"` + Short string `yaml:"short"` + Motivation string `yaml:"motivation"` + Implementation string `yaml:"implementation"` + Remediation yamlRemediation `yaml:"remediation"` +} + +// nolint: govet +type Probe struct { + ID string + Short string + Motivation string + Implementation string + Remediation *Remediation +} + +// FromBytes creates a probe from a file. +func FromBytes(content []byte, probeID string) (*Probe, error) { + r, err := parseFromYAML(content) + if err != nil { + return nil, err + } + + if err := validate(r, probeID); err != nil { + return nil, err + } + + return &Probe{ + ID: r.ID, + Short: r.Short, + Motivation: r.Motivation, + Implementation: r.Implementation, + Remediation: &Remediation{ + Text: strings.Join(r.Remediation.Text, "\n"), + Markdown: strings.Join(r.Remediation.Markdown, "\n"), + Effort: r.Remediation.Effort, + }, + }, nil +} + +// New create a new probe. +func New(loc embed.FS, probeID string) (*Probe, error) { + content, err := loc.ReadFile("def.yml") + if err != nil { + return nil, fmt.Errorf("%w", err) + } + return FromBytes(content, probeID) +} + +func validate(r *yamlProbe, probeID string) error { + if err := validateID(r.ID, probeID); err != nil { + return err + } + if err := validateRemediation(r.Remediation); err != nil { + return err + } + return nil +} + +func validateID(actual, expected string) error { + if actual != expected { + return fmt.Errorf("%w: ID: read '%v', expected '%v'", errInvalid, + actual, expected) + } + return nil +} + +func validateRemediation(r yamlRemediation) error { + switch r.Effort { + case RemediationEffortHigh, RemediationEffortMedium, RemediationEffortLow: + return nil + default: + return fmt.Errorf("%w: %v", errInvalid, fmt.Sprintf("remediation '%v'", r)) + } +} + +func parseFromYAML(content []byte) (*yamlProbe, error) { + r := yamlProbe{} + + err := yaml.Unmarshal(content, &r) + if err != nil { + return nil, fmt.Errorf("%w: %v", errInvalid, err) + } + return &r, nil +} + +// UnmarshalYAML is a custom unmarshalling function +// to transform the string into an enum. +func (r *RemediationEffort) UnmarshalYAML(n *yaml.Node) error { + var str string + if err := n.Decode(&str); err != nil { + return fmt.Errorf("%w: %v", errInvalid, err) + } + + // nolint:goconst + switch n.Value { + case "Low": + *r = RemediationEffortLow + case "Medium": + *r = RemediationEffortMedium + case "High": + *r = RemediationEffortHigh + default: + return fmt.Errorf("%w: effort:%q", errInvalid, str) + } + return nil +} + +// String stringifies the enum. +func (r *RemediationEffort) String() string { + switch *r { + case RemediationEffortLow: + return "Low" + case RemediationEffortMedium: + return "Medium" + case RemediationEffortHigh: + return "High" + default: + return "" + } +} diff --git a/finding/probe/probe_test.go b/finding/probe/probe_test.go new file mode 100644 index 00000000000..2fe1a8a82ad --- /dev/null +++ b/finding/probe/probe_test.go @@ -0,0 +1,109 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package probe + +import ( + "errors" + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" +) + +func errCmp(e1, e2 error) bool { + return errors.Is(e1, e2) || errors.Is(e2, e1) +} + +func Test_FromBytes(t *testing.T) { + t.Parallel() + // nolint: govet + tests := []struct { + name string + id string + path string + err error + probe *Probe + }{ + { + name: "all fields set", + id: "all-fields", + path: "testdata/all-fields.yml", + probe: &Probe{ + ID: "all-fields", + Short: "short description", + Implementation: "impl1 impl2\n", + Motivation: "mot1 mot2\n", + Remediation: &Remediation{ + Text: "step1\nstep2 https://www.google.com/something", + Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", + Effort: RemediationEffortLow, + }, + }, + }, + { + name: "mismatch probe ID", + id: "mismatch-id", + path: "testdata/all-fields.yml", + probe: &Probe{ + ID: "all-fields", + Short: "short description", + Implementation: "impl1 impl2\n", + Motivation: "mot1 mot2\n", + Remediation: &Remediation{ + Text: "step1\nstep2 https://www.google.com/something", + Markdown: "step1\nstep2 [google.com](https://www.google.com/something)", + Effort: RemediationEffortLow, + }, + }, + err: errInvalid, + }, + { + name: "missing id", + id: "missing-id", + path: "testdata/missing-id.yml", + err: errInvalid, + }, + { + name: "invalid effort", + id: "invalid-effort", + path: "testdata/invalid-effort.yml", + err: errInvalid, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + content, err := os.ReadFile(tt.path) + if err != nil { + t.Fatalf(err.Error()) + } + + r, err := FromBytes(content, tt.id) + if err != nil || tt.err != nil { + if !errCmp(err, tt.err) { + t.Fatalf("unexpected error: %v", cmp.Diff(err, tt.err, cmpopts.EquateErrors())) + } + return + } + + if diff := cmp.Diff(*tt.probe, *r); diff != "" { + t.Errorf("mismatch (-want +got):\n%s", diff) + } + }) + } +} diff --git a/finding/probe/testdata/all-fields.yml b/finding/probe/testdata/all-fields.yml new file mode 100644 index 00000000000..c67a3251e3b --- /dev/null +++ b/finding/probe/testdata/all-fields.yml @@ -0,0 +1,16 @@ +id: all-fields +short: short description +motivation: > + mot1 + mot2 +implementation: > + impl1 + impl2 +remediation: + effort: Low + text: + - step1 + - step2 https://www.google.com/something + markdown: + - step1 + - step2 [google.com](https://www.google.com/something) diff --git a/finding/testdata/risk-high.yml b/finding/probe/testdata/invalid-effort.yml similarity index 85% rename from finding/testdata/risk-high.yml rename to finding/probe/testdata/invalid-effort.yml index 8f4ac0c957b..0fc9474478c 100644 --- a/finding/testdata/risk-high.yml +++ b/finding/probe/testdata/invalid-effort.yml @@ -1,14 +1,13 @@ +id: invalid-effort short: short description -desc: description motivation: > line1 line2 implementation: > line1 line2 -risk: High remediation: - effort: Low + effort: invalid text: - step1 - step2 https://www.google.com/something diff --git a/finding/testdata/risk-low.yml b/finding/probe/testdata/missing-id.yml similarity index 90% rename from finding/testdata/risk-low.yml rename to finding/probe/testdata/missing-id.yml index 1c8e6cfc130..7fb1325e35d 100644 --- a/finding/testdata/risk-low.yml +++ b/finding/probe/testdata/missing-id.yml @@ -1,12 +1,10 @@ short: short description -desc: description motivation: > line1 line2 implementation: > line1 line2 -risk: Low remediation: effort: Low text: diff --git a/finding/testdata/effort-high.yml b/finding/testdata/effort-high.yml index 237234d28ed..57a46402d01 100644 --- a/finding/testdata/effort-high.yml +++ b/finding/testdata/effort-high.yml @@ -1,12 +1,11 @@ +id: effort-high short: short description -desc: description motivation: > line1 line2 implementation: > line1 line2 -risk: High remediation: effort: High text: diff --git a/finding/testdata/effort-low.yml b/finding/testdata/effort-low.yml index 8f4ac0c957b..7b390ecf0d2 100644 --- a/finding/testdata/effort-low.yml +++ b/finding/testdata/effort-low.yml @@ -1,12 +1,11 @@ +id: effort-low short: short description -desc: description motivation: > line1 line2 implementation: > line1 line2 -risk: High remediation: effort: Low text: diff --git a/finding/testdata/metadata-variables.yml b/finding/testdata/metadata-variables.yml index c1307389052..2fcb7c01f6d 100644 --- a/finding/testdata/metadata-variables.yml +++ b/finding/testdata/metadata-variables.yml @@ -1,17 +1,16 @@ +id: metadata-variables short: short description -desc: description motivation: > line1 line2 implementation: > line1 line2 -risk: High remediation: effort: Low text: - step1 - - step2 google.com/${{ repo }}@${{ branch }} + - step2 google.com/${{ metadata.repo }}@${{ metadata.branch }} markdown: - step1 - - step2 [google.com/${{ repo }}@${{ branch }}](google.com/${{ repo }}@${{ branch }}) + - step2 [google.com/${{ metadata.repo }}@${{ metadata.branch }}](google.com/${{ metadata.repo }}@${{ metadata.branch }}) diff --git a/pkg/common.go b/pkg/common.go index c3a0ca2ecb4..bd861d149db 100644 --- a/pkg/common.go +++ b/pkg/common.go @@ -50,10 +50,10 @@ func nonStructuredResultString(d *checker.CheckDetail) string { func structuredResultString(d *checker.CheckDetail) string { var sb strings.Builder f := d.Msg.Finding - sb.WriteString(fmt.Sprintf("%s: %s severity: %s", typeToString(d.Type), f.Risk.String(), f.Message)) + sb.WriteString(fmt.Sprintf("%s: %s", typeToString(d.Type), f.Message)) if f.Location != nil { - sb.WriteString(fmt.Sprintf(": %s", f.Location.Value)) + sb.WriteString(fmt.Sprintf(": %s", f.Location.Path)) if f.Location.LineStart != nil { sb.WriteString(fmt.Sprintf(":%d", *f.Location.LineStart)) } diff --git a/pkg/sarif.go b/pkg/sarif.go index 8977f6d01c0..30f43d01294 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -209,7 +209,7 @@ func generateDefaultConfig(risk string) string { func getPath(d *checker.CheckDetail) string { f := d.Msg.Finding if f != nil && f.Location != nil { - return f.Location.Value + return f.Location.Path } return d.Msg.Path } From fe3dcf71247a2dad75835b513547c5ec4a9e7c23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 May 2023 09:01:34 +0000 Subject: [PATCH 118/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.3 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.2 to 2.9.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.2...v2.9.3) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tools/go.mod | 4 ++-- tools/go.sum | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 986497eccf6..a4657fdb9c5 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.17.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.2 + github.com/onsi/ginkgo/v2 v2.9.3 google.golang.org/protobuf v1.30.0 ) @@ -143,7 +143,7 @@ require ( github.com/go-git/gcfg v1.5.0 // indirect github.com/go-git/go-billy/v5 v5.3.1 // indirect github.com/go-git/go-git/v5 v5.4.2 // indirect - github.com/go-logr/logr v1.2.3 // indirect + github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect diff --git a/tools/go.sum b/tools/go.sum index fe5d78a51ba..458b77c559c 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1140,8 +1140,9 @@ github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= +github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= @@ -1966,8 +1967,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= -github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= +github.com/onsi/ginkgo/v2 v2.9.3 h1:5X2vl/isiKqkrOYjiaGgp3JQOcLV59g5o5SuTMqCcxU= +github.com/onsi/ginkgo/v2 v2.9.3/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -1986,7 +1987,7 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= +github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From d4624f7fa4f524f8da4f14ce3f5f309323f5feba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 May 2023 14:14:35 +0000 Subject: [PATCH 119/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.3 (#2937) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.2 to 2.9.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.2...v2.9.3) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cd612e4505c..f07829224da 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.2 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.9.2 + github.com/onsi/ginkgo/v2 v2.9.3 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index d537ff8870b..e31f9bb7ed6 100644 --- a/go.sum +++ b/go.sum @@ -1658,8 +1658,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU= -github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= +github.com/onsi/ginkgo/v2 v2.9.3 h1:5X2vl/isiKqkrOYjiaGgp3JQOcLV59g5o5SuTMqCcxU= +github.com/onsi/ginkgo/v2 v2.9.3/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From 0aee65e3061867356ff3d20e8a6fd1866c3e9729 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 3 May 2023 11:19:06 -0500 Subject: [PATCH 120/316] :seedling: Unitest for rule/rule.go (#2926) - Unit tests for rule/rule.go - Covered with 88% of code. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- rule/rule_test.go | 282 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 282 insertions(+) diff --git a/rule/rule_test.go b/rule/rule_test.go index e6484a23f2e..e84de19d47f 100644 --- a/rule/rule_test.go +++ b/rule/rule_test.go @@ -17,10 +17,12 @@ package rule import ( "embed" "errors" + "fmt" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "gopkg.in/yaml.v3" ) func errCmp(e1, e2 error) bool { @@ -85,3 +87,283 @@ func Test_New(t *testing.T) { }) } } + +func TestRisk_GreaterThan(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + r Risk + rr Risk + want bool + }{ + { + name: "greater than", + r: RiskHigh, + rr: RiskLow, + want: true, + }, + { + name: "less than", + r: RiskLow, + rr: RiskHigh, + want: false, + }, + { + name: "equal", + r: RiskMedium, + rr: RiskMedium, + want: false, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + if got := tt.r.GreaterThan(tt.rr); got != tt.want { + t.Errorf("Risk.GreaterThan() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRisk_String(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + r Risk + want string + }{ + { + name: "RiskNone", + r: RiskNone, + want: "None", + }, + { + name: "RiskLow", + r: RiskLow, + want: "Low", + }, + { + name: "RiskMedium", + r: RiskMedium, + want: "Medium", + }, + { + name: "RiskHigh", + r: RiskHigh, + want: "High", + }, + { + name: "RiskCritical", + r: RiskCritical, + want: "Critical", + }, + { + name: "invalid", + r: Risk(100), + want: "", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + if got := tt.r.String(); got != tt.want { + t.Errorf("Risk.String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRemediationEffort_String(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + effort RemediationEffort + want string + }{ + { + name: "RemediationEffortNone", + effort: RemediationEffortNone, + want: "", + }, + { + name: "RemediationEffortLow", + effort: RemediationEffortLow, + want: "Low", + }, + { + name: "RemediationEffortMedium", + effort: RemediationEffortMedium, + want: "Medium", + }, + { + name: "RemediationEffortHigh", + effort: RemediationEffortHigh, + want: "High", + }, + { + name: "invalid", + effort: RemediationEffort(100), + want: "", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + if got := tt.effort.String(); got != tt.want { + t.Errorf("RemediationEffort.String() = %v, want %v", got, tt.want) + } + }) + } +} + +func TestRisk_UnmarshalYAML(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input string + wantErr error + want Risk + }{ + { + name: "RiskNone", + input: "None", + want: RiskNone, + }, + { + name: "RiskLow", + input: "Low", + want: RiskLow, + }, + { + name: "RiskMedium", + input: "Medium", + want: RiskMedium, + }, + { + name: "RiskHigh", + input: "High", + want: RiskHigh, + }, + { + name: "RiskCritical", + input: "Critical", + want: RiskCritical, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + var r Risk + err := yaml.Unmarshal([]byte(tt.input), &r) + if err != nil { + if tt.wantErr == nil || !errors.Is(err, tt.wantErr) { + t.Errorf("Risk.UnmarshalYAML() error = %v, wantErr %v", err, tt.wantErr) + } + return + } + if r != tt.want { + t.Errorf("Risk.UnmarshalYAML() got = %v, want %v", r, tt.want) + } + }) + } +} + +func TestRemediationEffort_UnmarshalYAML(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input string + wantErr error + want RemediationEffort + }{ + { + name: "RemediationEffortLow", + input: "Low", + want: RemediationEffortLow, + }, + { + name: "RemediationEffortMedium", + input: "Medium", + want: RemediationEffortMedium, + }, + { + name: "RemediationEffortHigh", + input: "High", + want: RemediationEffortHigh, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + var r RemediationEffort + err := yaml.Unmarshal([]byte(tt.input), &r) + if err != nil { + if tt.wantErr == nil || !errors.Is(err, tt.wantErr) { + t.Errorf("RemediationEffort.UnmarshalYAML() error = %v, wantErr %v", err, tt.wantErr) + } + return + } + if r != tt.want { + t.Errorf("RemediationEffort.UnmarshalYAML() got = %v, want %v", r, tt.want) + } + }) + } +} + +func Test_validate(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + rule *jsonRule + wantErr error + }{ + { + name: "valid", + rule: &jsonRule{ + Risk: RiskLow, + Remediation: jsonRemediation{ + Effort: RemediationEffortHigh, + }, + }, + wantErr: nil, + }, + { + name: "invalid risk", + rule: &jsonRule{ + Risk: Risk(100), + Remediation: jsonRemediation{ + Effort: RemediationEffortHigh, + }, + }, + wantErr: fmt.Errorf("%w: invalid: risk '100'", errInvalid), + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + err := validate(tt.rule) + if err != nil { + if tt.wantErr == nil || !cmp.Equal(tt.wantErr.Error(), err.Error()) { + t.Logf("got: %s", err.Error()) + t.Errorf("validate() error = %v, wantErr %v", err, cmp.Diff(tt.wantErr.Error(), err.Error())) + } + return + } + if tt.wantErr != nil { + t.Errorf("validate() error = %v, wantErr %v", err, cmp.Diff(tt.wantErr, err)) + } + }) + } +} From 3be7606104b2bc3834a89b4168bc2c8383d98c05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 08:59:54 +0000 Subject: [PATCH 121/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.3 to 2.9.4 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.3...v2.9.4) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index a4657fdb9c5..b0b923ae263 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.17.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.3 + github.com/onsi/ginkgo/v2 v2.9.4 google.golang.org/protobuf v1.30.0 ) diff --git a/tools/go.sum b/tools/go.sum index 458b77c559c..c8676b4c00f 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1967,8 +1967,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.3 h1:5X2vl/isiKqkrOYjiaGgp3JQOcLV59g5o5SuTMqCcxU= -github.com/onsi/ginkgo/v2 v2.9.3/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= +github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= +github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From a94fe2b64a91a39a9295dd1e4edd660d4bd67a39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 10:53:36 +0000 Subject: [PATCH 122/316] :seedling: Bump github.com/sigstore/rekor from 1.0.1 to 1.1.1 in /tools Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.0.1 to 1.1.1. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.0.1...v1.1.1) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: indirect ... Signed-off-by: dependabot[bot] --- tools/go.mod | 63 ++++++++++++++++---------------- tools/go.sum | 101 +++++++++++++++++++++++++++++++++------------------ 2 files changed, 98 insertions(+), 66 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index b0b923ae263..c2d23f12f30 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -16,11 +16,11 @@ require ( require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect - cloud.google.com/go v0.109.0 // indirect - cloud.google.com/go/compute v1.18.0 // indirect + cloud.google.com/go v0.110.0 // indirect + cloud.google.com/go/compute v1.19.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v0.10.0 // indirect - cloud.google.com/go/kms v1.8.0 // indirect + cloud.google.com/go/iam v0.13.0 // indirect + cloud.google.com/go/kms v1.10.1 // indirect cloud.google.com/go/storage v1.29.0 // indirect code.gitea.io/sdk/gitea v0.15.1 // indirect github.com/Abirdcfly/dupword v0.0.11 // indirect @@ -58,32 +58,32 @@ require ( github.com/alessio/shellescape v1.4.1 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect - github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect - github.com/aws/aws-sdk-go v1.44.200 // indirect - github.com/aws/aws-sdk-go-v2 v1.17.4 // indirect + github.com/aws/aws-sdk-go v1.44.248 // indirect + github.com/aws/aws-sdk-go-v2 v1.17.8 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.12 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.12 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.21 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.20 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 // indirect github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.20.11 // indirect github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect @@ -149,11 +149,11 @@ require ( github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/loads v0.21.2 // indirect - github.com/go-openapi/runtime v0.25.0 // indirect - github.com/go-openapi/spec v0.20.7 // indirect - github.com/go-openapi/strfmt v0.21.3 // indirect + github.com/go-openapi/runtime v0.26.0 // indirect + github.com/go-openapi/spec v0.20.9 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-openapi/validate v0.22.0 // indirect + github.com/go-openapi/validate v0.22.1 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect @@ -184,11 +184,12 @@ require ( github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect + github.com/google/s2a-go v0.1.2 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.7.0 // indirect + github.com/googleapis/gax-go/v2 v2.8.0 // indirect github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect github.com/goreleaser/chglog v0.4.2 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect @@ -272,9 +273,9 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/polyfloyd/go-errorlint v1.4.0 // indirect - github.com/prometheus/client_golang v1.14.0 // indirect + github.com/prometheus/client_golang v1.15.0 // indirect github.com/prometheus/client_model v0.3.0 // indirect - github.com/prometheus/common v0.39.0 // indirect + github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect github.com/quasilyte/go-ruleguard v0.3.19 // indirect github.com/quasilyte/gogrep v0.5.0 // indirect @@ -292,8 +293,8 @@ require ( github.com/sergi/go-diff v1.2.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sigstore/cosign/v2 v2.0.0 // indirect - github.com/sigstore/rekor v1.0.1 // indirect - github.com/sigstore/sigstore v1.5.1 // indirect + github.com/sigstore/rekor v1.1.1 // indirect + github.com/sigstore/sigstore v1.6.3 // indirect github.com/sirupsen/logrus v1.9.0 // indirect github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect @@ -335,7 +336,7 @@ require ( github.com/yeya24/promlinter v0.2.0 // indirect gitlab.com/bosi/decorder v0.2.3 // indirect gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect - go.mongodb.org/mongo-driver v1.11.0 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/automaxprocs v1.5.2 // indirect @@ -355,10 +356,10 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.110.0 // indirect + google.golang.org/api v0.119.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc // indirect - google.golang.org/grpc v1.53.0 // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + google.golang.org/grpc v1.54.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/mail.v2 v2.3.1 // indirect diff --git a/tools/go.sum b/tools/go.sum index c8676b4c00f..20647997617 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -42,8 +42,9 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.109.0 h1:38CZoKGlCnPZjGdyj0ZfpoGae0/wgNfy5F0byyxg0Gk= cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= +cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= +cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= @@ -126,8 +127,9 @@ cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= -cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= +cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -219,8 +221,9 @@ cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3Q cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.10.0 h1:fpP/gByFs6US1ma53v7VxhvbJpO2Aapng6wabJ99MuI= cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= +cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= +cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -230,8 +233,9 @@ cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0 cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.8.0 h1:VrJLOsMRzW7IqTTYn+OYupqF3iKSE060Nrn+PECrYjg= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= +cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g= +cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -241,8 +245,8 @@ cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6 cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.0 h1:v+X4EwhHl6xE+TG1XgXj4T1XpKKs7ZevcAJ3FOu0YmY= cloud.google.com/go/longrunning v0.4.0/go.mod h1:eF3Qsw58iX/bkKtVjMTYpH0LRjQ2goDkjkNQTlzq/ZM= +cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= @@ -605,8 +609,9 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/ashanbrown/forbidigo v1.5.1 h1:WXhzLjOlnuDYPYQo/eFlcFMi8X/kLfvWLYu6CSoebis= github.com/ashanbrown/forbidigo v1.5.1/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU= github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= @@ -621,40 +626,48 @@ github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4 github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.200 h1:JcFf/BnOaMWe9ObjaklgbbF0bGXI4XbYJwYn2eFNVyQ= github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.248 h1:GvkxpgsxqNc03LmhXiaxKpzbyxndnex7V+OThLx4g5M= +github.com/aws/aws-sdk-go v1.44.248/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.11/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo= -github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY= github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2 v1.17.8 h1:GMupCNNI7FARX27L7GjCJM8NgivWbRgpjNI/hOQjFS8= +github.com/aws/aws-sdk-go-v2 v1.17.8/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= github.com/aws/aws-sdk-go-v2/config v1.15.15/go.mod h1:A1Lzyy/o21I5/s2FbyX5AevQfSVXpvvIDCoVFD0BC4E= -github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw= github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8= +github.com/aws/aws-sdk-go-v2/config v1.18.21 h1:ENTXWKwE8b9YXgQCsruGLhvA9bhg+RqAsL9XEMEsa2c= +github.com/aws/aws-sdk-go-v2/config v1.18.21/go.mod h1:+jPQiVPz1diRnjj6VGqWcLK6EzNmQ42l7J3OqGTLsSY= github.com/aws/aws-sdk-go-v2/credentials v1.12.10/go.mod h1:g5eIM5XRs/OzIIK81QMBl+dAuDyoLN0VYaLP+tBqEOk= -github.com/aws/aws-sdk-go-v2/credentials v1.13.12 h1:Cb+HhuEnV19zHRaYYVglwvdHGMJWbdsyP4oHhw04xws= github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA= +github.com/aws/aws-sdk-go-v2/credentials v1.13.20 h1:oZCEFcrMppP/CNiS8myzv9JgOzq2s0d3v3MXYil/mxQ= +github.com/aws/aws-sdk-go-v2/credentials v1.13.20/go.mod h1:xtZnXErtbZ8YGXC3+8WfajpMBn5Ga/3ojZdxHq6iI8o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9/go.mod h1:KDCCm4ONIdHtUloDcFvK2+vshZvx4Zmj7UMDfusuz5s= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 h1:jOzQAesnBFDmz93feqKnsTHsXrlwWORNZMFHMV+WLFU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2/go.mod h1:cDh1p6XkSGSwSRIArWRc6+UqAQ7x4alQ0QfpVR6f+co= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 h1:iTFYCAdKzSAjGnVIUe88Hxvix0uaBqr0Rv7qJEOX5hE= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51/go.mod h1:7Grl2gV+dx9SWrUIgwwlUvU40t7+lOSbx34XwfmsTkY= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15/go.mod h1:pWrr2OoHlT7M/Pd2y4HV3gJyPb3qj5qMmnPkKSNPYK4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18/go.mod h1:348MLhzV1GSlZSMusdwQpXKbhD7X2gbI/TxwAPKkYZQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 h1:dpbVNUjczQ8Ae3QKHbpHBpfvaVkRdesxpTOe9pTouhU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32/go.mod h1:RudqOgadTWdcS3t/erPQo24pcVEoYyqj/kKW5Vya21I= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.9/go.mod h1:08tUpeSGN33QKSO7fwxXczNfiwCpbj+GxK6XKwqWVv0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12/go.mod h1:ckaCVTEdGAxO6KwTGzgskxR1xM+iJW4lxMyDFVda2Fc= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 h1:QH2kOS3Ht7x+u0gHCh06CXL/h6G8LQJFpZfFBYBNboo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26/go.mod h1:vq86l7956VgFr0/FWQ2BWnK07QC3WYsepKzy33qqY5U= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16/go.mod h1:CYmI+7x03jjJih8kBEEFKRQc40UjUokT0k7GbvrhhTc= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 h1:HbH1VjUgrCdLJ+4lnnuLI4iVNRvBbBELGaJ5f69ClA8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33/go.mod h1:zG2FcwjQarWaqXSCGpgcr3RSjZ6dHGguZSppUL0XR7Q= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 h1:FGvpyTg2LKEmMrLlpjOgkoNp9XF5CGeyAyo33LdqZW8= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19/go.mod h1:8W88sW3PjamQpKFUQvHWWKay6ARsNvZnzU7+a4apubw= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= @@ -669,12 +682,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1: github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 h1:c5+bNdV8E4fIPteWx4HZSkqI07oY9exbfQ7JH7Yx4PI= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23/go.mod h1:1jcUfF+FAOEwtIcNiHPaV4TSoZqkUIPzrohmD7fb95c= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9/go.mod h1:yQowTpvdZkFVuHrLBXmczat4W+WJKg/PafBZnGBLga0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFuMO22HkV5VWGLBvmCLBCLPivUAmpdpnp4Vs= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 h1:uUt4XctZLhl9wBE1L8lobU3bVN8SNUP7T+olb0bWBO4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26/go.mod h1:Bd4C/4PkVGubtNe5iMXu5BNnaBi/9t/UsFspPt4ram8= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 h1:ISLJ2BKXe4zzyZ7mp5ewKECiw0U7KpLgS3S6OxY9Cm0= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22/go.mod h1:QFVbqK54XArazLvn2wvWMRBi/jGrWii46qbr5DyPGjc= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.2 h1:uXi+MMt+ce01sbj1eq4K0qusMpSNzwPreODYKSfNKiU= github.com/aws/aws-sdk-go-v2/service/kms v1.20.2/go.mod h1:vdqtUOdVuf5ooy+hJ2GnzqNo94xiAA9s1xbZ1hQgRE0= +github.com/aws/aws-sdk-go-v2/service/kms v1.20.11 h1:4wnkwVxvcSkdby772OPyNPzPoGBLRZ9ThV1OxGRj+o8= +github.com/aws/aws-sdk-go-v2/service/kms v1.20.11/go.mod h1:gSdg6VjsqS8EeGjkXAaLjiwG9fwNrCPAj/kAD6of7EI= github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 h1:5EQWIFO+Hc8E2hFcXQJ1vm6ufl/PMt/6RVRDZRju2vM= github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2/go.mod h1:SXDHd6fI2RhqB7vmAzyYQCTQnpZrIprVJvYxpzW3JAM= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog= @@ -682,13 +697,16 @@ github.com/aws/aws-sdk-go-v2/service/sns v1.20.2/go.mod h1:VN2n9SOMS1lNbh5YD7o+h github.com/aws/aws-sdk-go-v2/service/sqs v1.20.2/go.mod h1:1ttxGjUHZliCQMpPss1sU5+Ph/5NvdMFRzr96bv8gm0= github.com/aws/aws-sdk-go-v2/service/ssm v1.35.2/go.mod h1:VLSz2SHUKYFSOlXB/GlXoLU6KPYQJAbw7I20TDJdyws= github.com/aws/aws-sdk-go-v2/service/sso v1.11.13/go.mod h1:d7ptRksDDgvXaUvxyHZ9SYh+iMDymm94JbVcgvSYSzU= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4= github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 h1:5cb3D6xb006bPTqEfCNaEA6PPEfBXxxy4NNeX/44kGk= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.8/go.mod h1:GNIveDnP+aE3jujyUSH5aZ/rktsTM5EvtKnCqBZawdw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 h1:NZaj0ngZMzsubWZbrEFSB4rgSQRbFq38Sd6KBxHuOIU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8/go.mod h1:44qFP1g7pfd+U+sQHLPalAPKnyfTZjJsYR4xIwsJy5o= github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmclSfl4l7cySoay8vz7p/ce0E= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw= github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 h1:Qf1aWwnsNkyAoqDqmdM3nHwN78XQjec27LjM6b9vyfI= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.9/go.mod h1:yyW88BEPXA2fGFyI2KCcZC3dNpiT0CZAHaF+i656/tQ= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= @@ -1169,19 +1187,22 @@ github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZ github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= github.com/go-openapi/runtime v0.23.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= -github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc= github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= -github.com/go-openapi/spec v0.20.7 h1:1Rlu/ZrOCCob0n+JKKJAWhNWMPW8bOZRg8FJaY+0SKI= github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8= +github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -1191,8 +1212,9 @@ github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/e github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= -github.com/go-openapi/validate v0.22.0 h1:b0QecH6VslW/TxtpKgzpO1SNG7GU2FsaqKdP1E2T50Y= github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= @@ -1421,6 +1443,8 @@ github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8I github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.2 h1:WVtYAYuYxKeYajAmThMRYWP6K3wXkcqbGHeUgeubUHY= +github.com/google/s2a-go v0.1.2/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1448,8 +1472,9 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.7.0 h1:IcsPKeInNvYi7eqSaDjiZqDDKu5rsmunY0Y1YupQSSQ= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= +github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc= +github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= @@ -2080,8 +2105,9 @@ github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= -github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM= +github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -2103,8 +2129,9 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec= -github.com/prometheus/common v0.39.0 h1:oOyhkDq05hPZKItWVBkJ6g6AtGxi+fy7F4JvUV8uhsI= github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= +github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= @@ -2200,10 +2227,10 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= github.com/sigstore/cosign/v2 v2.0.0 h1:x+K6VQKtrBR9/MYOx6ebJB6/Aux56nmf2Zn3chZlP5w= github.com/sigstore/cosign/v2 v2.0.0/go.mod h1:MeJyYfKll3AAsb+CdnhI3YkecDPX2erPvf1JaUaFCrM= -github.com/sigstore/rekor v1.0.1 h1:rcESXSNkAPRWFYZel9rarspdvneET60F2ngNkadi89c= -github.com/sigstore/rekor v1.0.1/go.mod h1:ecTKdZWGWqE1pl3U1m1JebQJLU/hSjD9vYHOmHQ7w4g= -github.com/sigstore/sigstore v1.5.1 h1:iUou0QJW8eQKMUkTXbFyof9ZOblDtfaW2Sn2+QI8Tcs= -github.com/sigstore/sigstore v1.5.1/go.mod h1:3i6UTWVNtFwOtbgG63FZZNID4vO9KcO8AszIJlaNI8k= +github.com/sigstore/rekor v1.1.1 h1:JCeSss+qUHnCATmwAZh4zT9k0Frdyq0BjmRwewSfEy4= +github.com/sigstore/rekor v1.1.1/go.mod h1:x/xK+HK08MiuJv+v4OxY/Oo3bhuz1DtJXNJrV7hrzvs= +github.com/sigstore/sigstore v1.6.3 h1:lt/w/fZNnrT4PjjqTYsUXn57fvE1YYfIB3SElQZ1oR4= +github.com/sigstore/sigstore v1.6.3/go.mod h1:BpLOp7N2IECbatk4sXE2toY2krw615NmwAtWs/3SJDw= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -2436,8 +2463,9 @@ go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R7 go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE= go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -2511,8 +2539,8 @@ go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= +go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= @@ -3155,8 +3183,9 @@ google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqA google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= -google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= +google.golang.org/api v0.119.0 h1:Dzq+ARD6+8jmd5wknJE1crpuzu1JiovEU6gCp9PkoKA= +google.golang.org/api v0.119.0/go.mod h1:CrSvlNEFCFLae9ZUtL1z+61+rEBD7J/aCYwVYKZoWFU= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3300,8 +3329,9 @@ google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc h1:ijGwO+0vL2hJt5gaygqP2j6PfflOBrRot0IczKbmtio= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -3345,8 +3375,9 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= -google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From dafae1592e3f5c5c86cf4cd1d66614c622f30635 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 11:07:04 +0000 Subject: [PATCH 123/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.3 to 2.9.4 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.3...v2.9.4) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f07829224da..901f6a5e68b 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.2 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.9.3 + github.com/onsi/ginkgo/v2 v2.9.4 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index e31f9bb7ed6..21bf8ef9234 100644 --- a/go.sum +++ b/go.sum @@ -1658,8 +1658,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.3 h1:5X2vl/isiKqkrOYjiaGgp3JQOcLV59g5o5SuTMqCcxU= -github.com/onsi/ginkgo/v2 v2.9.3/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= +github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= +github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From dbd6894296becd6a311826e0984ab1b1296b89f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 May 2023 11:20:17 +0000 Subject: [PATCH 124/316] :seedling: Bump cloud.google.com/go/pubsub from 1.30.0 to 1.30.1 Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.0 to 1.30.1. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.0...pubsub/v1.30.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 11 ++++++----- go.sum | 22 ++++++++++++---------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 901f6a5e68b..273830f1f64 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( require ( cloud.google.com/go/bigquery v1.51.0 cloud.google.com/go/monitoring v1.13.0 // indirect - cloud.google.com/go/pubsub v1.30.0 + cloud.google.com/go/pubsub v1.30.1 cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 @@ -36,7 +36,7 @@ require ( gocloud.dev v0.29.0 golang.org/x/text v0.9.0 golang.org/x/tools v0.8.0 - google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea // indirect + google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -57,7 +57,7 @@ require ( require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/containeranalysis v0.9.0 // indirect - cloud.google.com/go/kms v1.10.0 // indirect + cloud.google.com/go/kms v1.10.1 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/andybalholm/brotli v1.0.4 // indirect @@ -78,6 +78,7 @@ require ( github.com/google/go-github/v52 v52.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect + github.com/google/s2a-go v0.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/jedib0t/go-pretty/v6 v6.4.6 // indirect @@ -144,7 +145,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.7.1 // indirect + github.com/googleapis/gax-go/v2 v2.8.0 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -174,7 +175,7 @@ require ( golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.7.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.114.0 // indirect + google.golang.org/api v0.118.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/grpc v1.54.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index 21bf8ef9234..059c0c56d80 100644 --- a/go.sum +++ b/go.sum @@ -235,8 +235,8 @@ cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxs cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.10.0 h1:Imrtp8792uqNP9bdfPrjtUkjjqOMBcAJ2bdFaAnLhnk= -cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= +cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g= +cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -306,8 +306,8 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= -cloud.google.com/go/pubsub v1.30.0 h1:vCge8m7aUKBJYOgrZp7EsNDf6QMd2CAlXZqWTn3yq6s= -cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= +cloud.google.com/go/pubsub v1.30.1 h1:RdzTlwhswvROjPIoTfnSJ9tEp0LY2S5ATX90anOw7E8= +cloud.google.com/go/pubsub v1.30.1/go.mod h1:QRi3+y7wp7mPD6XM/TfHhxBxzfFhfphIdP78sUbT52A= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= @@ -1225,6 +1225,8 @@ github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8I github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.0 h1:3Qm0liEiCErViKERO2Su5wp+9PfMRiuS6XB5FvpKnYQ= +github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -1250,8 +1252,8 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A= -github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc= +github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -2727,8 +2729,8 @@ google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE= -google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.118.0 h1:FNfHq9Z2GKULxu7cEhCaB0wWQHg43UpomrrN+24ZRdE= +google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2873,8 +2875,8 @@ google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea h1:yJv4O9/Q178wILoVkpoaERo7wMSIAqftxsa4y/5nP+8= -google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From a49f37e399424f31f68d5cc49cede06806ef89a8 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 4 May 2023 07:04:55 -0500 Subject: [PATCH 125/316] :seedling: Unit tests checks/evaluation/signedrelease.go (#2921) - Add a test file to Signed Releases check to handle cases when 0, 1 or more than 1 artifacts are signed or have provenance [checks/evaluation/signed_releases_test.go] - Add a test file for Signed Releases check - Handle cases when 0, 1 or more than 1 artifacts are signed or have provenance Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/signed_releases_test.go | 108 ++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 checks/evaluation/signed_releases_test.go diff --git a/checks/evaluation/signed_releases_test.go b/checks/evaluation/signed_releases_test.go new file mode 100644 index 00000000000..35cf5cff0ff --- /dev/null +++ b/checks/evaluation/signed_releases_test.go @@ -0,0 +1,108 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package evaluation + +import ( + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" + scut "github.com/ossf/scorecard/v4/utests" +) + +func TestSignedReleases(t *testing.T) { + tests := []struct { + name string + releases []clients.Release + expectedResult checker.CheckResult + }{ + { + name: "Full score", + releases: []clients.Release{ + { + TagName: "v1.0", + Assets: []clients.ReleaseAsset{ + {Name: "binary.tar.gz"}, + {Name: "binary.tar.gz.sig"}, + {Name: "binary.tar.gz.intoto.jsonl"}, + }, + }, + }, + expectedResult: checker.CheckResult{ + Name: "Signed-Releases", + Version: 2, + Score: 10, + Reason: "1 out of 1 artifacts are signed or have provenance", + }, + }, + { + name: "Partial score", + releases: []clients.Release{ + { + TagName: "v1.0", + Assets: []clients.ReleaseAsset{ + {Name: "binary.tar.gz"}, + {Name: "binary.tar.gz.sig"}, + }, + }, + }, + expectedResult: checker.CheckResult{ + Name: "Signed-Releases", + Version: 2, + Score: 8, + Reason: "1 out of 1 artifacts are signed or have provenance", + }, + }, + { + name: "No score", + releases: []clients.Release{ + { + TagName: "v1.0", + Assets: []clients.ReleaseAsset{ + {Name: "binary.tar.gz"}, + }, + }, + }, + expectedResult: checker.CheckResult{ + Name: "Signed-Releases", + Version: 2, + Score: 0, + Reason: "0 out of 1 artifacts are signed or have provenance", + }, + }, + { + name: "No releases", + releases: []clients.Release{}, + expectedResult: checker.CreateInconclusiveResult("Signed-Releases", "no releases found"), + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + dl := &scut.TestDetailLogger{} + data := &checker.SignedReleasesData{Releases: tc.releases} + actualResult := SignedReleases("Signed-Releases", dl, data) + + if !cmp.Equal(tc.expectedResult, actualResult, + cmpopts.IgnoreFields(checker.CheckResult{}, "Error")) { + t.Errorf("SignedReleases() mismatch (-want +got):\n%s", cmp.Diff(tc.expectedResult, actualResult, + cmpopts.IgnoreFields(checker.CheckResult{}, "Error"))) + } + }) + } +} From 705a6121ef00423b511b50fe63cce57cbb78d447 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 4 May 2023 12:46:44 -0500 Subject: [PATCH 126/316] :seedling: Unit test clients/githubrepo/copy.go (#2950) - Add tests for the utility functions - 100% test coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/copy_test.go | 291 ++++++++++++++++++++++++++++++++ 1 file changed, 291 insertions(+) create mode 100644 clients/githubrepo/copy_test.go diff --git a/clients/githubrepo/copy_test.go b/clients/githubrepo/copy_test.go new file mode 100644 index 00000000000..73d3b8eacec --- /dev/null +++ b/clients/githubrepo/copy_test.go @@ -0,0 +1,291 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package githubrepo + +import ( + "reflect" + "testing" + "time" + + "github.com/ossf/scorecard/v4/clients" +) + +func TestCopyBoolPtr(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + src *bool + dest **bool + want *bool + }{ + { + name: "nil_src", + src: nil, + dest: new(*bool), + want: nil, + }, + { + name: "non_nil_src_true", + src: BoolPtr(true), + dest: new(*bool), + want: BoolPtr(true), + }, + { + name: "non_nil_src_false", + src: BoolPtr(false), + dest: new(*bool), + want: BoolPtr(false), + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyBoolPtr(tt.src, tt.dest) + if (tt.want == nil && *tt.dest != nil) || (tt.want != nil && *tt.dest == nil) || (tt.want != nil && *tt.dest != nil && **tt.dest != *tt.want) { //nolint:lll + t.Errorf("copyBoolPtr() got = %v, want %v", *tt.dest, tt.want) + } + }) + } +} + +// BoolPtr is a utility function to get a pointer to a boolean value. +func BoolPtr(value bool) *bool { + return &value +} + +func TestCopyInt32Ptr(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + src *int32 + dest **int32 + want *int32 + }{ + { + name: "nil_src", + src: nil, + dest: new(*int32), + want: nil, + }, + { + name: "non_nil_src_positive", + src: Int32Ptr(123), + dest: new(*int32), + want: Int32Ptr(123), + }, + { + name: "non_nil_src_negative", + src: Int32Ptr(-456), + dest: new(*int32), + want: Int32Ptr(-456), + }, + { + name: "non_nil_src_zero", + src: Int32Ptr(0), + dest: new(*int32), + want: Int32Ptr(0), + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyInt32Ptr(tt.src, tt.dest) + if (tt.want == nil && *tt.dest != nil) || (tt.want != nil && *tt.dest == nil) || (tt.want != nil && *tt.dest != nil && **tt.dest != *tt.want) { //nolint:lll + t.Errorf("copyInt32Ptr() got = %v, want %v", *tt.dest, tt.want) + } + }) + } +} + +// Int32Ptr is a utility function to get a pointer to an int32 value. +func Int32Ptr(value int32) *int32 { + return &value +} + +func TestCopyStringPtr(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + src *string + dest **string + want *string + }{ + { + name: "nil_src", + src: nil, + dest: new(*string), + want: nil, + }, + { + name: "non_nil_src_empty_string", + src: StringPtr(""), + dest: new(*string), + want: StringPtr(""), + }, + { + name: "non_nil_src_hello", + src: StringPtr("hello"), + dest: new(*string), + want: StringPtr("hello"), + }, + { + name: "non_nil_src_world", + src: StringPtr("world"), + dest: new(*string), + want: StringPtr("world"), + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyStringPtr(tt.src, tt.dest) + if (tt.want == nil && *tt.dest != nil) || (tt.want != nil && *tt.dest == nil) || (tt.want != nil && *tt.dest != nil && **tt.dest != *tt.want) { //nolint:lll + t.Errorf("copyStringPtr() got = %v, want %v", *tt.dest, tt.want) + } + }) + } +} + +// StringPtr is a utility function to get a pointer to a string value. +func StringPtr(value string) *string { + return &value +} + +func TestCopyTimePtr(t *testing.T) { + t.Parallel() + // Define some example time values for testing + time1 := time.Date(2023, 4, 16, 12, 0, 0, 0, time.UTC) + time2 := time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC) + + tests := []struct { //nolint:govet + name string + src *time.Time + dest **time.Time + want *time.Time + }{ + { + name: "nil_src", + src: nil, + dest: new(*time.Time), + want: nil, + }, + { + name: "non_nil_src_time1", + src: &time1, + dest: new(*time.Time), + want: &time1, + }, + { + name: "non_nil_src_time2", + src: &time2, + dest: new(*time.Time), + want: &time2, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyTimePtr(tt.src, tt.dest) + if (tt.want == nil && *tt.dest != nil) || (tt.want != nil && *tt.dest == nil) || (tt.want != nil && *tt.dest != nil && !(*tt.dest).Equal(*tt.want)) { //nolint:lll + t.Errorf("copyTimePtr() got = %v, want %v", *tt.dest, tt.want) + } + }) + } +} + +func TestCopyStringSlice(t *testing.T) { + t.Parallel() + tests := []struct { + name string + src []string + dest []string + want []string + }{ + { + name: "empty_src", + src: []string{}, + dest: nil, + want: []string{}, + }, + { + name: "single_element_src", + src: []string{"hello"}, + dest: nil, + want: []string{"hello"}, + }, + { + name: "multiple_elements_src", + src: []string{"hello", "world", "foo", "bar"}, + dest: nil, + want: []string{"hello", "world", "foo", "bar"}, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyStringSlice(tt.src, &tt.dest) + if !reflect.DeepEqual(tt.dest, tt.want) { + t.Errorf("copyStringSlice() got = %v, want %v", tt.dest, tt.want) + } + }) + } +} + +func TestCopyRepoAssociationPtr(t *testing.T) { + t.Parallel() + var repoAssoc1 clients.RepoAssociation + + var repoAssoc2 clients.RepoAssociation + + tests := []struct { //nolint:govet + name string + src *clients.RepoAssociation + dest **clients.RepoAssociation + want *clients.RepoAssociation + }{ + { + name: "nil_src", + src: nil, + dest: new(*clients.RepoAssociation), + want: nil, + }, + { + name: "non_nil_src_repoAssoc1", + src: &repoAssoc1, + dest: new(*clients.RepoAssociation), + want: &repoAssoc1, + }, + { + name: "non_nil_src_repoAssoc2", + src: &repoAssoc2, + dest: new(*clients.RepoAssociation), + want: &repoAssoc2, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + copyRepoAssociationPtr(tt.src, tt.dest) + if (tt.want == nil && *tt.dest != nil) || (tt.want != nil && *tt.dest == nil) || (tt.want != nil && *tt.dest != nil && !reflect.DeepEqual(**tt.dest, *tt.want)) { //nolint:lll + t.Errorf("copyRepoAssociationPtr() got = %v, want %v", *tt.dest, tt.want) + } + }) + } +} From 18bdccc49108609722410d4a8497a3665a73d555 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Thu, 4 May 2023 16:28:02 -0700 Subject: [PATCH 127/316] :seedling: Update cron config to reflect SAST and Vulnerabilities are running again. (#2955) Signed-off-by: Spencer Schrock --- cron/config/config.yaml | 2 +- cron/config/config_test.go | 2 +- cron/k8s/worker.release.yaml | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cron/config/config.yaml b/cron/config/config.yaml index 48be77d5a6f..ed5453e1b06 100644 --- a/cron/config/config.yaml +++ b/cron/config/config.yaml @@ -45,7 +45,7 @@ additional-params: # TODO(#859): Re-add Contributors after fixing inconsistencies. # TODO: Dependency-Update-Tool and SAST are search heavy # TODO: Vulnerabilities is slow on repos with lots of dependencies - blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities + blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool cii-data-bucket-url: gs://ossf-scorecard-cii-data # Raw results. raw-bigquery-table: scorecard-rawdata diff --git a/cron/config/config_test.go b/cron/config/config_test.go index 72b8f944377..54afb6601e7 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -34,7 +34,7 @@ const ( prodCompletionThreshold = 0.99 prodWebhookURL = "" prodCIIDataBucket = "gs://ossf-scorecard-cii-data" - prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities" + prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool" prodShardSize int = 10 prodMetricExporter string = "stackdriver" prodMetricStackdriverPrefix string = "scorecard-cron" diff --git a/cron/k8s/worker.release.yaml b/cron/k8s/worker.release.yaml index be78ad1318b..0a0fa5982c5 100644 --- a/cron/k8s/worker.release.yaml +++ b/cron/k8s/worker.release.yaml @@ -54,8 +54,6 @@ spec: key: installation_id - name: "SCORECARD_API_RESULTS_BUCKET_URL" value: "gs://ossf-scorecard-cron-releasetest-results" - - name: "SCORECARD_BLACKLISTED_CHECKS" - value: "CI-Tests,Contributors,Dependency-Update-Tool,SAST" resources: requests: memory: 5Gi From fd19f1716726b3aafe40d871d79de907a15cda19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 09:03:47 +0000 Subject: [PATCH 128/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.17.2 to 1.18.1. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.17.2...v1.18.1) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tools/go.mod | 14 ++++++++------ tools/go.sum | 36 ++++++++++++++++++++---------------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index c2d23f12f30..0eaea3df89b 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.17.2 + github.com/goreleaser/goreleaser v1.18.1 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.4 google.golang.org/protobuf v1.30.0 @@ -49,7 +49,7 @@ require ( github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect - github.com/Masterminds/semver/v3 v3.2.0 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig v2.22.0+incompatible // indirect github.com/Microsoft/go-winio v0.6.0 // indirect github.com/OpenPeeDeeP/depguard v1.1.1 // indirect @@ -100,7 +100,8 @@ require ( github.com/caarlos0/env/v8 v8.0.0 // indirect github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect github.com/caarlos0/go-shellwords v1.0.12 // indirect - github.com/caarlos0/log v0.2.2 // indirect + github.com/caarlos0/go-version v0.1.1 // indirect + github.com/caarlos0/log v0.4.1 // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -119,7 +120,7 @@ require ( github.com/dghubble/oauth1 v0.7.2 // indirect github.com/dghubble/sling v1.4.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/disgoorg/disgo v0.16.1 // indirect + github.com/disgoorg/disgo v0.16.3 // indirect github.com/disgoorg/json v1.0.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect @@ -130,6 +131,7 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect + github.com/elliotchance/orderedmap/v2 v2.2.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/esimonov/ifshort v1.0.4 // indirect github.com/ettle/strcase v0.1.1 // indirect @@ -299,7 +301,7 @@ require ( github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect github.com/sivchari/tenv v1.7.1 // indirect - github.com/slack-go/slack v0.12.1 // indirect + github.com/slack-go/slack v0.12.2 // indirect github.com/sonatard/noctx v0.0.2 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.9.3 // indirect @@ -330,7 +332,7 @@ require ( github.com/uudashr/gocognit v1.0.6 // indirect github.com/vbatts/tar-split v0.11.2 // indirect github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect - github.com/xanzy/go-gitlab v0.82.0 // indirect + github.com/xanzy/go-gitlab v0.83.0 // indirect github.com/xanzy/ssh-agent v0.3.1 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.2.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 20647997617..fb15d8c911c 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -528,8 +528,8 @@ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= @@ -766,9 +766,11 @@ github.com/caarlos0/go-reddit/v3 v3.0.1/go.mod h1:QlwgmG5SAqxMeQvg/A2dD1x9cIZCO5 github.com/caarlos0/go-rpmutils v0.2.1-0.20211112020245-2cd62ff89b11 h1:IRrDwVlWQr6kS1U8/EtyA1+EHcc4yl8pndcqXWrEamg= github.com/caarlos0/go-shellwords v1.0.12 h1:HWrUnu6lGbWfrDcFiHcZiwOLzHWjjrPVehULaTFgPp8= github.com/caarlos0/go-shellwords v1.0.12/go.mod h1:bYeeX1GrTLPl5cAMYEzdm272qdsQAZiaHgeF0KTk1Gw= -github.com/caarlos0/log v0.2.2 h1:Rier7889+dTKHjvwf0cMNu8DjMF+/wCYC7wrPj9fXFk= -github.com/caarlos0/log v0.2.2/go.mod h1:IbSeDN+hKHdOwE6t2z9i2rcraz+r6N1XZkRHE4BAKm0= -github.com/caarlos0/sshmarshal v0.0.0-20220308164159-9ddb9f83c6b3 h1:w2ANoiT4ubmh4Nssa3/QW1M7lj3FZkma8f8V5aBDxXM= +github.com/caarlos0/go-version v0.1.1 h1:1bikKHkGGVIIxqCmufhSSs3hpBScgHGacrvsi8FuIfc= +github.com/caarlos0/go-version v0.1.1/go.mod h1:Ze5Qx4TsBBi5FyrSKVg1Ibc44KGV/llAaKGp86oTwZ0= +github.com/caarlos0/log v0.4.1 h1:99+ocwxvbvQPK/effsNa4Di8MA0Xt7gBQK3vY20xG18= +github.com/caarlos0/log v0.4.1/go.mod h1:Uv+r6RfrgaRmW/xoarK1S9csv+BQgS7fZbcKYXn8ggo= +github.com/caarlos0/sshmarshal v0.1.0 h1:zTCZrDORFfWh526Tsb7vCm3+Yg/SfW/Ub8aQDeosk0I= github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= @@ -790,7 +792,7 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4= github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ= -github.com/charmbracelet/keygen v0.3.0 h1:mXpsQcH7DDlST5TddmXNXjS0L7ECk4/kLQYyBcsan2Y= +github.com/charmbracelet/keygen v0.4.2 h1:TNHua2MlXc6W1dQB2iW4msSZGKlb8RtxtmYDWUs4iRw= github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 h1:W9o46d2kbNL06lq7UNDPV0zYLzkrde/bjIqO02eoll0= @@ -997,8 +999,8 @@ github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm github.com/digitalocean/godo v1.95.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/disgoorg/disgo v0.16.1 h1:9uZeFzVJ9xR95ZEGwsKNbUyxqTsXEPqipZbdvSif0w4= -github.com/disgoorg/disgo v0.16.1/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= +github.com/disgoorg/disgo v0.16.3 h1:9wI7ZTL/RTJlaTCb2T0DviPvXgpDTNmBk4wGnxIo5Ko= +github.com/disgoorg/disgo v0.16.3/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= github.com/disgoorg/json v1.0.0 h1:kDhSM661fgIuNoZF3BO5/odaR5NSq80AWb937DH+Pdo= github.com/disgoorg/json v1.0.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= github.com/disgoorg/log v1.2.0 h1:sqlXnu/ZKAlIlHV9IO+dbMto7/hCQ474vlIdMWk8QKo= @@ -1050,6 +1052,8 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elliotchance/orderedmap/v2 v2.2.0 h1:7/2iwO98kYT4XkOjA9mBEIwvi4KpGB4cyHeOFOnj4Vk= +github.com/elliotchance/orderedmap/v2 v2.2.0/go.mod h1:85lZyVbpGaGvHvnKa7Qhx7zncAdBIBq6u56Hb1PRU5Q= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -1490,8 +1494,8 @@ github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6 github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.17.2 h1:31zA06Sz6/zMNDMvI7l6I4XwFMRoI/WnTMiX8Puu6tE= -github.com/goreleaser/goreleaser v1.17.2/go.mod h1:n6Rm7V8s38EgE/oXBrRAutjKAd5JlxF3qqzU4g1+cXQ= +github.com/goreleaser/goreleaser v1.18.1 h1:QEpUnMFhSgtqaJbmy9/++KbFNBlITYVIiVYVcz0XaDo= +github.com/goreleaser/goreleaser v1.18.1/go.mod h1:CfWAXthyGOTzUgubl1FdAtkAgSW69XuRHF6KcA9IrLc= github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= @@ -1821,8 +1825,8 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 h1:gWg6ZQ4JhDfJPqlo2srm/LN17lpybq15AryXIRcWYLE= github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= +github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= -github.com/matryer/is v1.4.1 h1:55ehd8zaGABKLXQUe2awZ99BD/PTc2ls+KV/dXphgEQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -2048,7 +2052,7 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= -github.com/ory/dockertest/v3 v3.9.1 h1:v4dkG+dlu76goxMiTT2j8zV7s4oPPEppKT8K8p2f1kY= +github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4= github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= @@ -2248,8 +2252,8 @@ github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt github.com/sivchari/nosnakecase v1.7.0/go.mod h1:CwDzrzPea40/GB6uynrNLiorAlgFRvRbFSgJx2Gs+QY= github.com/sivchari/tenv v1.7.1 h1:PSpuD4bu6fSmtWMxSGWcvqUUgIn7k3yOJhOIzVWn8Ak= github.com/sivchari/tenv v1.7.1/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= -github.com/slack-go/slack v0.12.1 h1:X97b9g2hnITDtNsNe5GkGx6O2/Sz/uC20ejRZN6QxOw= -github.com/slack-go/slack v0.12.1/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= +github.com/slack-go/slack v0.12.2 h1:x3OppyMyGIbbiyFhsBmpf9pwkUzMhthJMRNmNlA4LaQ= +github.com/slack-go/slack v0.12.2/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -2403,8 +2407,8 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 h1:+dBg5k7nuTE38VVdoroRsT0Z88fmvdYrI2EjzJst35I= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySobZb4kFgFy6BptpXp/BBw+xFSyvVPP6auoJB4k= -github.com/xanzy/go-gitlab v0.82.0 h1:WUAqZqNj/VGsXvFM9mYC0MEpPpmK4sHoOAryRQJARp4= -github.com/xanzy/go-gitlab v0.82.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= +github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo= github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w= From 1b862e82a72ad7b5ffed07989b7edadef0d0454c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 13:25:57 +0000 Subject: [PATCH 129/316] :seedling: Bump cloud.google.com/go/bigquery from 1.51.0 to 1.51.1 (#2958) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.0 to 1.51.1. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.0...bigquery/v1.51.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 273830f1f64..4011fb4d539 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.51.0 + cloud.google.com/go/bigquery v1.51.1 cloud.google.com/go/monitoring v1.13.0 // indirect cloud.google.com/go/pubsub v1.30.1 cloud.google.com/go/trace v1.9.0 // indirect @@ -61,7 +61,7 @@ require ( github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/andybalholm/brotli v1.0.4 // indirect - github.com/apache/arrow/go/v11 v11.0.0 // indirect + github.com/apache/arrow/go/v12 v12.0.0 // indirect github.com/apache/thrift v0.16.0 // indirect github.com/cloudflare/circl v1.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -153,7 +153,7 @@ require ( github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.15.12 // indirect github.com/mattn/go-colorable v0.1.12 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect diff --git a/go.sum b/go.sum index 059c0c56d80..43e94730c73 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.51.0 h1:Y3qpQAdMQlbD2xJ70Y6flcK/CVpjLRuVrR0rJSi7wD4= -cloud.google.com/go/bigquery v1.51.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= +cloud.google.com/go/bigquery v1.51.1 h1:qI/8vkBbzLkv0BJmzE7ajA6uZqQC+C31MAwgb+vJe2U= +cloud.google.com/go/bigquery v1.51.1/go.mod h1:BFgZPUBl48YxCQpkBWZK4S6GQb8PXQDW5TsAmk9eiuo= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -569,8 +569,8 @@ github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apache/arrow/go/v11 v11.0.0 h1:hqauxvFQxww+0mEU/2XHG6LT7eZternCZq+A5Yly2uM= -github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/apache/arrow/go/v12 v12.0.0 h1:xtZE63VWl7qLdB0JObIXvvhGjoVNrQ9ciIHG2OK5cmc= +github.com/apache/arrow/go/v12 v12.0.0/go.mod h1:d+tV/eHZZ7Dz7RPrFKtPK02tpr+c9/PEd/zm8mDS9Vg= github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -1548,8 +1548,8 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= From 3e4f22c4bd86412ae849a33b7d40b8a184e4b505 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 18:00:36 +0000 Subject: [PATCH 130/316] :seedling: Bump step-security/harden-runner from 2.3.0 to 2.4.0 (#2957) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/v2.3.0...128a63446a954579617e875aaab7d2978154e969) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 14 +++++----- .github/workflows/gitlab.yml | 2 +- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 4 +-- .github/workflows/main.yml | 40 +++++++++++++-------------- .github/workflows/publishimage.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7019b20c894..7ebd85e8c91 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 59e5befcebf..5c67eb9c654 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -59,7 +59,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -107,7 +107,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -155,7 +155,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -203,7 +203,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -251,7 +251,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -299,7 +299,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -347,7 +347,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index 954275009e9..0e5dac18dce 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -27,7 +27,7 @@ jobs: environment: gitlab steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index de8b6e5a7b7..4a4c00e0fdf 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 6cadebe3972..6c53fa40929 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -37,7 +37,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4380a046e14..e21b7ee5f13 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -77,7 +77,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -125,7 +125,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -208,7 +208,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -256,7 +256,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -304,7 +304,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -352,7 +352,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -400,7 +400,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -448,7 +448,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -496,7 +496,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -544,7 +544,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -592,7 +592,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -640,7 +640,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -688,7 +688,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -735,7 +735,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -765,7 +765,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -808,7 +808,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -854,7 +854,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -889,7 +889,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 4150dfd2a9b..393dd6d3b4d 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -32,7 +32,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e5e804708a4..f34032e239e 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index b64405929b1..2e72e88200f 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs From 7d994707a92760aa854a104b362cb7fedc76f826 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 May 2023 18:02:16 +0000 Subject: [PATCH 131/316] :seedling: Bump github/codeql-action from 2.3.2 to 2.3.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7ebd85e8c91..a5fcd2655e1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 + uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 + uses: github/codeql-action/autobuild@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 + uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 7f6bec2ead5..a482907dd1a 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v1 + uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 with: sarif_file: results.sarif From 7e159f948e6f6a78f9682e6eebb2065868bde46c Mon Sep 17 00:00:00 2001 From: Caroline Date: Sat, 6 May 2023 09:43:47 -0400 Subject: [PATCH 132/316] capitalize proper nouns (#2962) Signed-off-by: leec94 --- docs/checks.md | 12 ++++++------ docs/checks/internal/checks.yaml | 8 ++++---- docs/faq.md | 5 ++--- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index f50b80f9f2e..41aa7046b88 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -130,8 +130,7 @@ Risk: `Low` (possible unknown vulnerabilities) This check tries to determine if the project runs tests before pull requests are merged. It is currently limited to repositories hosted on GitHub, and does not -support other source hosting repositories (i.e., Forges). All commits that are -part of a PR must be tested by a CI Test for the check to pass. +support other source hosting repositories (i.e., Forges). Running tests helps developers catch mistakes early on, which can reduce the number of vulnerabilities that find their way into a project. @@ -173,6 +172,7 @@ Lower scores represent a project that has met the silver criteria, met the passi Some of these criteria overlap with other Scorecard checks. However, note that in those overlapping cases, Scorecard can only report what it can automatically detect, while the OpenSSF Best Practices badge can report on claims and claim justifications from people (this counters false negatives and positives but has the challenge of requiring additional work from people). + **Remediation steps** - Sign up for the [OpenSSF Best Practices program](https://bestpractices.coreinfrastructure.org/). @@ -198,7 +198,7 @@ or if the merger is different from the committer (implicit review). It also performs a similar check for reviews using [Prow](https://github.com/kubernetes/test-infra/tree/master/prow#readme) (labels "lgtm" or "approved") and [Gerrit](https://www.gerritcodereview.com/) ("Reviewed-on" and "Reviewed-by"). -If recent changes are solely bot activity (e.g. dependabot, renovatebot, or custom bots), +If recent changes are solely bot activity (e.g. Dependabot, Renovate bot, or custom bots), the check returns inconclusively. Scoring is leveled instead of proportional to make the check more predictable. @@ -289,8 +289,8 @@ Risk: `High` (possibly vulnerable to attacks on known flaws) This check tries to determine if the project uses a dependency update tool, specifically one of: -- [dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) -- [renovatebot](https://docs.renovatebot.com/configuration-options/) +- [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) +- [Renovate bot](https://docs.renovatebot.com/configuration-options/) - [Sonatype Lift](https://help.sonatype.com/lift/getting-started) - [PyUp](https://docs.pyup.io/docs) (Python) Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. @@ -310,7 +310,7 @@ low score is therefore not a definitive indication that the project is at risk. **Remediation steps** - Signup for automatic dependency updates with one of the previously listed dependency update tools and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. -- Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/#pindigests) without aditional manual effort. +- Unlike Dependabot, Renovate bot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/#pindigests) without aditional manual effort. ## Fuzzing diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 0dd9c13a2ea..51bb0392653 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -58,8 +58,8 @@ checks: This check tries to determine if the project uses a dependency update tool, specifically one of: - - [dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) - - [renovatebot](https://docs.renovatebot.com/configuration-options/) + - [Dependabot](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates) + - [Renovate bot](https://docs.renovatebot.com/configuration-options/) - [Sonatype Lift](https://help.sonatype.com/lift/getting-started) - [PyUp](https://docs.pyup.io/docs) (Python) Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. @@ -85,7 +85,7 @@ checks: maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on. - >- - Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning + Unlike Dependabot, Renovate bot has support to migrate dockerfiles' dependencies from version pinning to hash pinning via the [pinDigests setting](https://docs.renovatebot.com/configuration-options/#pindigests) without aditional manual effort. Binary-Artifacts: @@ -298,7 +298,7 @@ checks: performs a similar check for reviews using [Prow](https://github.com/kubernetes/test-infra/tree/master/prow#readme) (labels "lgtm" or "approved") and [Gerrit](https://www.gerritcodereview.com/) ("Reviewed-on" and "Reviewed-by"). - If recent changes are solely bot activity (e.g. dependabot, renovatebot, or custom bots), + If recent changes are solely bot activity (e.g. Dependabot, Renovate bot, or custom bots), the check returns inconclusively. Scoring is leveled instead of proportional to make the check more predictable. diff --git a/docs/faq.md b/docs/faq.md index 0b461462c2c..624e3a4b935 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -59,7 +59,7 @@ However, this is being discussed by the Scorecard Team ([#2302](https://github.c ### Dependency-Update-Tool: Why should I trust recommended updates are safe? -Both dependabot and renovatebot won't update your dependencies immediately. They have some precautions to make sure a release is reasonable / won't break your build (see [dependabot compatibility documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-compatibility-scores)). +Both Dependabot and Renovate bot won't update your dependencies immediately. They have some precautions to make sure a release is reasonable / won't break your build (see [Dependabot compatibility documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-compatibility-scores)). You can either configure the tools to only update your dependencies once a week or once a month. This way, if a malicious version is released, it's very likely that it'll be reported and removed before it even gets suggested to you. Besides, there's also the benefit that it gives you the chance to validate the new release before merging if you want to. @@ -78,7 +78,7 @@ Scorecard can show the dependencies that are referred to in tests like Dockerfil ### Pinned-Dependencies: Can I use version pinning instead of hash pinning? Version pinning is a significant improvement over not pinning your dependencies. However, it still leaves your project vulnerable to tag-renaming attacks (where a dependency's tags are deleted and recreated to point to a malicious commit). -The OpenSSF therefore recommends hash pinning instead of version pinning, along with the use of dependency update tools such as dependabot to keep your dependencies up-to-date. +The OpenSSF therefore recommends hash pinning instead of version pinning, along with the use of dependency update tools such as Dependabot to keep your dependencies up-to-date. Please see the [Pinned-Dependencies check description](checks.md#pinned-dependencies) for a better understanding of the benefits of the Hash Pinning. @@ -89,4 +89,3 @@ Currently, the main benefit of [signed releases](checks.md#signed-releases) is t However, there are already moves to make it even more relevant. For example, the OpenSSF is working on [implementing signature verification for NPM packages](https://github.blog/2022-08-08-new-request-for-comments-on-improving-npm-security-with-sigstore-is-now-open/) which would allow a consumer to automatically verify if the package they are downloading was generated through a reliable builder and if it is correctly signed. Signing releases already has some relevance and it will soon offer even more security benefits for both consumers and maintainers. - From 1bbc87fbb2673b89c8a3bbc85b32b0ad9fe2208e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 05:28:47 -0500 Subject: [PATCH 133/316] :seedling: Bump golang from `403f486` to `31a8f92` (#2965) Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b4b5288545c..51d6fb51297 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 7d59575b8f07d400f4a3a9cd7189f0a139c6289c Mon Sep 17 00:00:00 2001 From: jimrobison <39074062+jimrobison@users.noreply.github.com> Date: Mon, 8 May 2023 12:20:12 -0500 Subject: [PATCH 134/316] :sparkles: Enable gitlab Packaging Reporting (#2941) * feat: Added yaml file that contains the full, flattened gitlab ci/cd contents Signed-off-by: Robison, Jim B * refactor: Updated to meet linting failures Signed-off-by: Robison, Jim B * refactor: Updated filename for flattened gitlab Signed-off-by: Robison, Jim B * refactor: Updated to include the generated, flattened ci yaml in the file listing Signed-off-by: Robison, Jim B * refactor: Updated the apiFunction to be part of the handler Signed-off-by: Robison, Jim B * refactor: Moved packaging collection to be a repoClient specific sub-package Signed-off-by: Robison, Jim B * feat: Added path for gitlab projects, including a basic search for lines containing nuget, poetry, twine publishes Signed-off-by: Robison, Jim B * test: Added tests for gitlab packaging finders Signed-off-by: Robison, Jim B * test: Added more tests for parsing through the client and grouping packaging data Signed-off-by: Robison, Jim B * refactor: Utilizing existing mock objects to prevent race condition exception Signed-off-by: Robison, Jim B * refactor: Addressed linting errors Signed-off-by: Robison, Jim B * test: Updated expectation for log message Signed-off-by: Robison, Jim B * refactor: Reverted back to the original error Signed-off-by: Robison, Jim B --------- Signed-off-by: Robison, Jim B Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> --- checks/evaluation/packaging.go | 4 +- checks/evaluation/packaging_test.go | 2 +- checks/fileparser/gitlab_workflow.go | 21 ++ checks/packaging.go | 18 +- checks/raw/{ => github}/packaging.go | 6 +- checks/raw/gitlab/packaging.go | 86 ++++++++ checks/raw/gitlab/packaging_test.go | 187 ++++++++++++++++++ checks/raw/gitlab/testdata/docker.yaml | 62 ++++++ checks/raw/gitlab/testdata/no-publishing.yaml | 60 ++++++ checks/raw/gitlab/testdata/nuget.yaml | 54 +++++ checks/raw/gitlab/testdata/poetry.yaml | 64 ++++++ checks/raw/gitlab/testdata/twine.yaml | 60 ++++++ checks/raw/permissions.go | 7 +- clients/gitlabrepo/tarball.go | 87 ++++++-- 14 files changed, 690 insertions(+), 28 deletions(-) create mode 100644 checks/fileparser/gitlab_workflow.go rename checks/raw/{ => github}/packaging.go (95%) create mode 100644 checks/raw/gitlab/packaging.go create mode 100644 checks/raw/gitlab/packaging_test.go create mode 100644 checks/raw/gitlab/testdata/docker.yaml create mode 100644 checks/raw/gitlab/testdata/no-publishing.yaml create mode 100644 checks/raw/gitlab/testdata/nuget.yaml create mode 100644 checks/raw/gitlab/testdata/poetry.yaml create mode 100644 checks/raw/gitlab/testdata/twine.yaml diff --git a/checks/evaluation/packaging.go b/checks/evaluation/packaging.go index fa5b930ebae..a3c13fd3507 100644 --- a/checks/evaluation/packaging.go +++ b/checks/evaluation/packaging.go @@ -55,7 +55,7 @@ func Packaging(name string, dl checker.DetailLogger, r *checker.PackagingData) c } dl.Warn(&checker.LogMessage{ - Text: "no GitHub publishing workflow detected", + Text: "no GitHub/GitLab publishing workflow detected", }) return checker.CreateInconclusiveResult(name, @@ -83,7 +83,7 @@ func createLogMessage(p checker.Package) (checker.LogMessage, error) { return msg, sce.WithMessage(sce.ErrScorecardInternal, "no run data") } - msg.Text = fmt.Sprintf("GitHub publishing workflow used in run %s", p.Runs[0].URL) + msg.Text = fmt.Sprintf("GitHub/GitLab publishing workflow used in run %s", p.Runs[0].URL) return msg, nil } diff --git a/checks/evaluation/packaging_test.go b/checks/evaluation/packaging_test.go index f61bdb00954..eaf6a623a2e 100644 --- a/checks/evaluation/packaging_test.go +++ b/checks/evaluation/packaging_test.go @@ -80,7 +80,7 @@ func Test_createLogMessage(t *testing.T) { }, }, want: checker.LogMessage{ - Text: "GitHub publishing workflow used in run ", + Text: "GitHub/GitLab publishing workflow used in run ", Path: "path", }, }, diff --git a/checks/fileparser/gitlab_workflow.go b/checks/fileparser/gitlab_workflow.go new file mode 100644 index 00000000000..3d4eb572de5 --- /dev/null +++ b/checks/fileparser/gitlab_workflow.go @@ -0,0 +1,21 @@ +// Copyright 2021 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package fileparser + +// IsGitlabWorkflowFile determines if a file is a workflow +// as a callback to use for repo client's ListFiles() API. +func IsGitlabWorkflowFile(pathfn string) (bool, error) { + return pathfn == "gitlabscorecard_flattened_ci.yaml", nil +} diff --git a/checks/packaging.go b/checks/packaging.go index 248a9b558d3..1ae19bdaada 100644 --- a/checks/packaging.go +++ b/checks/packaging.go @@ -17,7 +17,10 @@ package checks import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/evaluation" - "github.com/ossf/scorecard/v4/checks/raw" + "github.com/ossf/scorecard/v4/checks/raw/github" + "github.com/ossf/scorecard/v4/checks/raw/gitlab" + "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" sce "github.com/ossf/scorecard/v4/errors" ) @@ -34,7 +37,18 @@ func init() { // Packaging runs Packaging check. func Packaging(c *checker.CheckRequest) checker.CheckResult { - rawData, err := raw.Packaging(c) + var rawData checker.PackagingData + var err error + + switch v := c.RepoClient.(type) { + case *githubrepo.Client: + rawData, err = github.Packaging(c) + case *gitlabrepo.Client: + rawData, err = gitlab.Packaging(c) + default: + _ = v + } + if err != nil { e := sce.WithMessage(sce.ErrScorecardInternal, err.Error()) return checker.CreateRuntimeErrorResult(CheckPackaging, e) diff --git a/checks/raw/packaging.go b/checks/raw/github/packaging.go similarity index 95% rename from checks/raw/packaging.go rename to checks/raw/github/packaging.go index d4af00c2870..1769dcec7ec 100644 --- a/checks/raw/packaging.go +++ b/checks/raw/github/packaging.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package raw +package github import ( "fmt" @@ -100,7 +100,7 @@ func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) { data.Packages = append(data.Packages, checker.Package{ // Debug message. - Msg: stringPointer(fmt.Sprintf("GitHub publishing workflow not used in runs: %v", fp)), + Msg: StringPointer(fmt.Sprintf("GitHub publishing workflow not used in runs: %v", fp)), File: &checker.File{ Path: fp, Type: finding.FileTypeSource, @@ -115,6 +115,6 @@ func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) { return data, nil } -func stringPointer(s string) *string { +func StringPointer(s string) *string { return &s } diff --git a/checks/raw/gitlab/packaging.go b/checks/raw/gitlab/packaging.go new file mode 100644 index 00000000000..d6d9277fd2c --- /dev/null +++ b/checks/raw/gitlab/packaging.go @@ -0,0 +1,86 @@ +// Copyright 2020 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlab + +import ( + "fmt" + "strings" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/checks/fileparser" + "github.com/ossf/scorecard/v4/finding" +) + +// Packaging checks for packages. +func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) { + var data checker.PackagingData + matchedFiles, err := c.RepoClient.ListFiles(fileparser.IsGitlabWorkflowFile) + if err != nil { + return data, fmt.Errorf("RepoClient.ListFiles: %w", err) + } + + for _, fp := range matchedFiles { + fc, err := c.RepoClient.GetFileContent(fp) + if err != nil { + return data, fmt.Errorf("RepoClient.GetFileContent: %w", err) + } + + file, found := isGitlabPackagingWorkflow(fc, fp) + + if found { + data.Packages = append(data.Packages, checker.Package{ + Name: new(string), + Job: &checker.WorkflowJob{}, + File: &file, + Msg: nil, + Runs: []checker.Run{{URL: c.Repo.URI()}}, + }) + return data, nil + } + } + + return data, nil +} + +func StringPointer(s string) *string { + return &s +} + +func isGitlabPackagingWorkflow(fc []byte, fp string) (checker.File, bool) { + lineNumber := checker.OffsetDefault + + packagingStrings := []string{ + "docker push", + "nuget push", + "poetry publish", + "twine upload", + } + +ParseLines: + for idx, val := range strings.Split(string(fc[:]), "\n") { + for _, element := range packagingStrings { + if strings.Contains(val, element) { + lineNumber = uint(idx + 1) + break ParseLines + } + } + } + + return checker.File{ + Path: fp, + Offset: lineNumber, + Type: finding.FileTypeSource, + }, lineNumber != checker.OffsetDefault +} diff --git a/checks/raw/gitlab/packaging_test.go b/checks/raw/gitlab/packaging_test.go new file mode 100644 index 00000000000..49fd91fe1f5 --- /dev/null +++ b/checks/raw/gitlab/packaging_test.go @@ -0,0 +1,187 @@ +// Copyright 2020 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlab + +import ( + "os" + "testing" + + "github.com/golang/mock/gomock" + + "github.com/ossf/scorecard/v4/checker" + mockrepo "github.com/ossf/scorecard/v4/clients/mockclients" +) + +func TestGitlabPackagingYamlCheck(t *testing.T) { + t.Parallel() + + //nolint + tests := []struct { + name string + lineNumber uint + filename string + exists bool + }{ + { + name: "No Publishing Detected", + filename: "./testdata/no-publishing.yaml", + lineNumber: 1, + exists: false, + }, + { + name: "Docker", + filename: "./testdata/docker.yaml", + lineNumber: 31, + exists: true, + }, + { + name: "Nuget", + filename: "./testdata/nuget.yaml", + lineNumber: 21, + exists: true, + }, + { + name: "Poetry", + filename: "./testdata/poetry.yaml", + lineNumber: 30, + exists: true, + }, + { + name: "Twine", + filename: "./testdata/twine.yaml", + lineNumber: 26, + exists: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + var content []byte + var err error + + content, err = os.ReadFile(tt.filename) + if err != nil { + t.Errorf("cannot read file: %v", err) + } + + file, found := isGitlabPackagingWorkflow(content, tt.filename) + + if tt.exists && !found { + t.Errorf("Packaging %q should exist", tt.name) + } else if !tt.exists && found { + t.Errorf("No packaging information should have been found in %q", tt.name) + } + + if file.Offset != tt.lineNumber { + t.Errorf("Expected line number: %d != %d", tt.lineNumber, file.Offset) + } + + if err != nil { + return + } + }) + } +} + +func TestGitlabPackagingPackager(t *testing.T) { + t.Parallel() + + //nolint + tests := []struct { + name string + lineNumber uint + filename string + exists bool + }{ + { + name: "No Publishing Detected", + filename: "./testdata/no-publishing.yaml", + lineNumber: 1, + exists: false, + }, + { + name: "Docker", + filename: "./testdata/docker.yaml", + lineNumber: 31, + exists: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + ctrl := gomock.NewController(t) + defer ctrl.Finish() + moqRepoClient := mockrepo.NewMockRepoClient(ctrl) + moqRepo := mockrepo.NewMockRepo(ctrl) + + moqRepoClient.EXPECT().ListFiles(gomock.Any()). + Return([]string{tt.filename}, nil).AnyTimes() + + moqRepoClient.EXPECT().GetFileContent(tt.filename). + DoAndReturn(func(b string) ([]byte, error) { + //nolint: errcheck + content, _ := os.ReadFile(b) + return content, nil + }).AnyTimes() + + if tt.exists { + moqRepo.EXPECT().URI().Return("myurl.com/owner/project") + } + + req := checker.CheckRequest{ + RepoClient: moqRepoClient, + Repo: moqRepo, + } + + //nolint: errcheck + packagingData, _ := Packaging(&req) + + if !tt.exists { + if len(packagingData.Packages) != 0 { + t.Errorf("Repo should not contain any packages") + } + return + } + + if len(packagingData.Packages) == 0 { + t.Fatalf("Repo should contain related packages") + } + + pkg := packagingData.Packages[0].File + + if pkg.Offset != tt.lineNumber { + t.Errorf("Expected line number: %d != %d", tt.lineNumber, pkg.Offset) + } + if pkg.Path != tt.filename { + t.Errorf("Expected filename: %v != %v", tt.filename, pkg.Path) + } + + runs := packagingData.Packages[0].Runs + + if len(runs) != 1 { + t.Errorf("Expected only a single run count, but received %d", len(runs)) + } + + if runs[0].URL != "myurl.com/owner/project" { + t.Errorf("URL did not match expected value %q", runs[0].URL) + } + }) + } +} diff --git a/checks/raw/gitlab/testdata/docker.yaml b/checks/raw/gitlab/testdata/docker.yaml new file mode 100644 index 00000000000..b30a0cb8a14 --- /dev/null +++ b/checks/raw/gitlab/testdata/docker.yaml @@ -0,0 +1,62 @@ +--- +variables: + DOCKER_DRIVER: overlay2 + DOCKER_BUILDKIT: 1 + DOCKER_IMAGE: docker.io/library/docker + DOCKER_TAG: 20.10.16 + GIT_AUTHOR_NAME: "$GITLAB_USER_LOGIN" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GITLAB_USER_LOGIN" + GIT_COMMITTER_EMAIL: "$GITLAB_USER_EMAIL" + GIT_CREDENTIALS: gitlab-ci-token:${GITLAB_CI_TOKEN} + GITLAB_TOKEN: "$GITLAB_CI_TOKEN" + +.build-image: + image: "$DOCKER_IMAGE:$DOCKER_TAG" + stage: build + needs: [] + services: + - name: "$DOCKER_IMAGE:$DOCKER_TAG-dind" + alias: docker + variables: + DOCKER_BUILD_DIR: '' + IMAGE_NAME: '' + IMAGE_TAG: '' + before_script: + - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - cd docker + - docker compose build + after_script: + - docker push $IMAGE_NAME:$IMAGE_TAG + +unit-tests: + image: "$CI_REGISTRY_IMAGE/ci:$CI_COMMIT_REF_SLUG" + needs: + - job: poetry + variables: + POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pypoetry" + POETRY_VIRTUALENVS_CREATE: 'true' + POETRY_VIRTUALENVS_IN_PROJECT: 'true' + POETRY_VIRTUALENVS_PATH: "$CI_PROJECT_DIR/.venv" + cache: + key: poetry-$CI_COMMIT_SHORT_SHA + policy: pull + paths: + - ".cache" + - ".venv" + extends: ".base-python" + stage: check + script: + - poetry run pytest + coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/" + artifacts: + when: always + paths: + - coverage.xml + reports: + junit: + - test.xml + coverage_report: + coverage_format: cobertura + path: coverage.xml diff --git a/checks/raw/gitlab/testdata/no-publishing.yaml b/checks/raw/gitlab/testdata/no-publishing.yaml new file mode 100644 index 00000000000..33e5be7d847 --- /dev/null +++ b/checks/raw/gitlab/testdata/no-publishing.yaml @@ -0,0 +1,60 @@ +--- +variables: + DOCKER_DRIVER: overlay2 + DOCKER_BUILDKIT: 1 + DOCKER_IMAGE: docker.io/library/docker + DOCKER_TAG: 20.10.16 + GIT_AUTHOR_NAME: "$GITLAB_USER_LOGIN" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GITLAB_USER_LOGIN" + GIT_COMMITTER_EMAIL: "$GITLAB_USER_EMAIL" + GIT_CREDENTIALS: gitlab-ci-token:${GITLAB_CI_TOKEN} + GITLAB_TOKEN: "$GITLAB_CI_TOKEN" +.build-image: + image: "$DOCKER_IMAGE:$DOCKER_TAG" + stage: build + needs: [] + services: + - name: "$DOCKER_IMAGE:$DOCKER_TAG-dind" + alias: docker + variables: + DOCKER_BUILD_DIR: '' + IMAGE_NAME: '' + IMAGE_TAG: '' + before_script: + - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - cd docker + - docker compose build + after_script: + - docker tag $IMAGE_NAME:$IMAGE_TAG +unit-tests: + image: "$CI_REGISTRY_IMAGE/ci:$CI_COMMIT_REF_SLUG" + needs: + - job: poetry + variables: + POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pypoetry" + POETRY_VIRTUALENVS_CREATE: 'true' + POETRY_VIRTUALENVS_IN_PROJECT: 'true' + POETRY_VIRTUALENVS_PATH: "$CI_PROJECT_DIR/.venv" + cache: + key: poetry-$CI_COMMIT_SHORT_SHA + policy: pull + paths: + - ".cache" + - ".venv" + extends: ".base-python" + stage: check + script: + - poetry run pytest + coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/" + artifacts: + when: always + paths: + - coverage.xml + reports: + junit: + - test.xml + coverage_report: + coverage_format: cobertura + path: coverage.xml diff --git a/checks/raw/gitlab/testdata/nuget.yaml b/checks/raw/gitlab/testdata/nuget.yaml new file mode 100644 index 00000000000..c606ea43258 --- /dev/null +++ b/checks/raw/gitlab/testdata/nuget.yaml @@ -0,0 +1,54 @@ +--- +variables: + DOCKER_DRIVER: overlay2 + DOCKER_BUILDKIT: 1 + DOCKER_IMAGE: docker.io/library/docker + DOCKER_TAG: 20.10.16 + GIT_AUTHOR_NAME: "$GITLAB_USER_LOGIN" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GITLAB_USER_LOGIN" + GIT_COMMITTER_EMAIL: "$GITLAB_USER_EMAIL" + GIT_CREDENTIALS: gitlab-ci-token:${GITLAB_CI_TOKEN} + GITLAB_TOKEN: "$GITLAB_CI_TOKEN" + +.deploy: + image: "$DOCKER_IMAGE:$DOCKER_TAG" + stage: build + needs: [] + script: + - dotnet pack -c Release + - dotnet nuget add source "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/nuget/index.json" --name gitlab --username gitlab-ci-token --password $CI_JOB_TOKEN --store-password-in-clear-text + - dotnet nuget push "bin/Release/*.nupkg" --source gitlab + after_script: + - docker push $IMAGE_NAME:$IMAGE_TAG + +unit-tests: + image: "$CI_REGISTRY_IMAGE/ci:$CI_COMMIT_REF_SLUG" + needs: + - job: poetry + variables: + POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pypoetry" + POETRY_VIRTUALENVS_CREATE: 'true' + POETRY_VIRTUALENVS_IN_PROJECT: 'true' + POETRY_VIRTUALENVS_PATH: "$CI_PROJECT_DIR/.venv" + cache: + key: poetry-$CI_COMMIT_SHORT_SHA + policy: pull + paths: + - ".cache" + - ".venv" + extends: ".base-python" + stage: check + script: + - poetry run pytest + coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/" + artifacts: + when: always + paths: + - coverage.xml + reports: + junit: + - test.xml + coverage_report: + coverage_format: cobertura + path: coverage.xml diff --git a/checks/raw/gitlab/testdata/poetry.yaml b/checks/raw/gitlab/testdata/poetry.yaml new file mode 100644 index 00000000000..8df02bf4bbd --- /dev/null +++ b/checks/raw/gitlab/testdata/poetry.yaml @@ -0,0 +1,64 @@ +--- +variables: + DOCKER_DRIVER: overlay2 + DOCKER_BUILDKIT: 1 + DOCKER_IMAGE: docker.io/library/docker + DOCKER_TAG: 20.10.16 + GIT_AUTHOR_NAME: "$GITLAB_USER_LOGIN" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GITLAB_USER_LOGIN" + GIT_COMMITTER_EMAIL: "$GITLAB_USER_EMAIL" + GIT_CREDENTIALS: gitlab-ci-token:${GITLAB_CI_TOKEN} + GITLAB_TOKEN: "$GITLAB_CI_TOKEN" + +.build-image: + image: "$DOCKER_IMAGE:$DOCKER_TAG" + stage: build + needs: [] + services: + - name: "$DOCKER_IMAGE:$DOCKER_TAG-dind" + alias: docker + variables: + DOCKER_BUILD_DIR: '' + IMAGE_NAME: '' + IMAGE_TAG: '' + before_script: + - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + script: + - cd release + - poetry config repositories.gitlab "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi" + - poetry publish --repository gitlab --username gitlab-ci-token --password "${CI_JOB_TOKEN}" + rules: + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + when: on_success + +unit-tests: + image: "$CI_REGISTRY_IMAGE/ci:$CI_COMMIT_REF_SLUG" + needs: + - job: poetry + variables: + POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pypoetry" + POETRY_VIRTUALENVS_CREATE: 'true' + POETRY_VIRTUALENVS_IN_PROJECT: 'true' + POETRY_VIRTUALENVS_PATH: "$CI_PROJECT_DIR/.venv" + cache: + key: poetry-$CI_COMMIT_SHORT_SHA + policy: pull + paths: + - ".cache" + - ".venv" + extends: ".base-python" + stage: check + script: + - poetry run pytest + coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/" + artifacts: + when: always + paths: + - coverage.xml + reports: + junit: + - test.xml + coverage_report: + coverage_format: cobertura + path: coverage.xml diff --git a/checks/raw/gitlab/testdata/twine.yaml b/checks/raw/gitlab/testdata/twine.yaml new file mode 100644 index 00000000000..5b6fe3931ad --- /dev/null +++ b/checks/raw/gitlab/testdata/twine.yaml @@ -0,0 +1,60 @@ +--- +variables: + DOCKER_DRIVER: overlay2 + DOCKER_BUILDKIT: 1 + DOCKER_IMAGE: docker.io/library/docker + DOCKER_TAG: 20.10.16 + GIT_AUTHOR_NAME: "$GITLAB_USER_LOGIN" + GIT_AUTHOR_EMAIL: "$GITLAB_USER_EMAIL" + GIT_COMMITTER_NAME: "$GITLAB_USER_LOGIN" + GIT_COMMITTER_EMAIL: "$GITLAB_USER_EMAIL" + GIT_CREDENTIALS: gitlab-ci-token:${GITLAB_CI_TOKEN} + GITLAB_TOKEN: "$GITLAB_CI_TOKEN" + +.build-image: + image: "$DOCKER_IMAGE:$DOCKER_TAG" + stage: build + needs: [] + services: + - name: "$DOCKER_IMAGE:$DOCKER_TAG-dind" + alias: docker + variables: + DOCKER_BUILD_DIR: '' + IMAGE_NAME: '' + IMAGE_TAG: '' + script: + - python3 -m twine upload --repository gitlab dist/* + rules: + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH' + when: on_success + +unit-tests: + image: "$CI_REGISTRY_IMAGE/ci:$CI_COMMIT_REF_SLUG" + needs: + - job: poetry + variables: + POETRY_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pypoetry" + POETRY_VIRTUALENVS_CREATE: 'true' + POETRY_VIRTUALENVS_IN_PROJECT: 'true' + POETRY_VIRTUALENVS_PATH: "$CI_PROJECT_DIR/.venv" + cache: + key: poetry-$CI_COMMIT_SHORT_SHA + policy: pull + paths: + - ".cache" + - ".venv" + extends: ".base-python" + stage: check + script: + - poetry run pytest + coverage: "/(?i)total.*? (100(?:\\.0+)?\\%|[1-9]?\\d(?:\\.\\d+)?\\%)$/" + artifacts: + when: always + paths: + - coverage.xml + reports: + junit: + - test.xml + coverage_report: + coverage_format: cobertura + path: coverage.xml diff --git a/checks/raw/permissions.go b/checks/raw/permissions.go index 8f791b2b9c6..4bcded5a025 100644 --- a/checks/raw/permissions.go +++ b/checks/raw/permissions.go @@ -22,6 +22,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/checks/fileparser" + "github.com/ossf/scorecard/v4/checks/raw/github" sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/finding" ) @@ -307,7 +308,7 @@ func validatejobLevelPermissions(workflow *actionlint.Workflow, path string, }, LocationType: &permLoc, Type: checker.PermissionLevelUndeclared, - Msg: stringPointer(fmt.Sprintf("no %s permission defined", permLoc)), + Msg: github.StringPointer(fmt.Sprintf("no %s permission defined", permLoc)), // TODO: Job }) @@ -401,13 +402,13 @@ func isAllowedWorkflow(workflow *actionlint.Workflow, fp string, pdata *permissi uses.Value = strings.Split(uses.Value, "@")[0] if allowlist[uses.Value] { tokenPermissions.File.Offset = fileparser.GetLineNumber(uses.Pos) - tokenPermissions.Msg = stringPointer("allowed SARIF workflow detected") + tokenPermissions.Msg = github.StringPointer("allowed SARIF workflow detected") pdata.results.TokenPermissions = append(pdata.results.TokenPermissions, tokenPermissions) return true } } } - tokenPermissions.Msg = stringPointer("not a SARIF workflow, or not an allowed one") + tokenPermissions.Msg = github.StringPointer("not a SARIF workflow, or not an allowed one") pdata.results.TokenPermissions = append(pdata.results.TokenPermissions, tokenPermissions) return false } diff --git a/clients/gitlabrepo/tarball.go b/clients/gitlabrepo/tarball.go index 02a40d46355..3ff6f21b1e3 100644 --- a/clients/gitlabrepo/tarball.go +++ b/clients/gitlabrepo/tarball.go @@ -18,6 +18,7 @@ import ( "archive/tar" "compress/gzip" "context" + "encoding/json" "errors" "fmt" "io" @@ -75,6 +76,13 @@ type tarballHandler struct { files []string } +type gitLabLint struct { + MergedYaml string `json:"merged_yaml"` + Errors []string `json:"errors"` + Warnings []string `json:"warnings"` + Valid bool `json:"valid"` +} + func (handler *tarballHandler) init(ctx context.Context, repourl *repoURL, repo *gitlab.Project, commitSHA string) { handler.errSetup = nil handler.once = new(sync.Once) @@ -114,6 +122,65 @@ func (handler *tarballHandler) setup() error { func (handler *tarballHandler) getTarball() error { url := fmt.Sprintf("%s/api/v4/projects/%d/repository/archive.tar.gz?sha=%s", handler.repourl.Host(), handler.repo.ID, handler.commitSHA) + + // Create a temp file. This automatically appends a random number to the name. + tempDir, err := os.MkdirTemp("", repoDir) + if err != nil { + return fmt.Errorf("os.MkdirTemp: %w", err) + } + repoFile, err := os.CreateTemp(tempDir, repoFilename) + if err != nil { + return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err) + } + defer repoFile.Close() + err = handler.apiFunction(url, tempDir, repoFile) + if err != nil { + return fmt.Errorf("gitlab.apiFunction: %w", err) + } + // Gitlab url for pulling combined ci + url = fmt.Sprintf("%s/api/v4/projects/%d/ci/lint", + handler.repourl.Host(), handler.repo.ID) + ciFile, err := os.CreateTemp(tempDir, "gitlabscorecard_lint*.json") + if err != nil { + return fmt.Errorf("os.CreateTemp: %w", err) + } + err = handler.apiFunction(url, tempDir, ciFile) + if err != nil { + return fmt.Errorf("gitlab.apiFunction: %w", err) + } + byteValue, err := os.ReadFile(ciFile.Name()) + if err != nil { + return fmt.Errorf("os.ReadFile: %w", err) + } + var result gitLabLint + err = json.Unmarshal(byteValue, &result) + if err != nil { + return fmt.Errorf("json.Unmarshal: %w", err) + } + + ciYaml, err := os.Create(tempDir + "/gitlabscorecard_flattened_ci.yaml") + if err != nil { + return fmt.Errorf("os.CreateTemp: %w", err) + } + defer ciYaml.Close() + _, err = ciYaml.WriteString(result.MergedYaml) + if err != nil { + return fmt.Errorf("os.File.WriteString: %w", err) + } + err = ciYaml.Sync() + if err != nil { + return fmt.Errorf("os.File.Sync: %w", err) + } + + handler.tempDir = tempDir + handler.tempTarFile = repoFile.Name() + + handler.files = append(handler.files, + strings.TrimPrefix(ciYaml.Name(), filepath.Clean(handler.tempDir)+string(os.PathSeparator))) + return nil +} + +func (handler *tarballHandler) apiFunction(url, tempDir string, repoFile *os.File) error { req, err := http.NewRequestWithContext(handler.ctx, http.MethodGet, url, nil) if err != nil { return fmt.Errorf("http.NewRequestWithContext: %w", err) @@ -121,33 +188,19 @@ func (handler *tarballHandler) getTarball() error { req.Header.Set("PRIVATE-TOKEN", os.Getenv("GITLAB_AUTH_TOKEN")) resp, err := http.DefaultClient.Do(req) if err != nil { - return fmt.Errorf("http.DefaultClient.Do: %w", err) + return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err) } defer resp.Body.Close() // Handler 400/404 errors. switch resp.StatusCode { case http.StatusNotFound, http.StatusBadRequest: - return fmt.Errorf("%w: %s", errTarballNotFound, url) - } - - // Create a temp file. This automatically appends a random number to the name. - tempDir, err := os.MkdirTemp("", repoDir) - if err != nil { - return fmt.Errorf("os.MkdirTemp: %w", err) - } - repoFile, err := os.CreateTemp(tempDir, repoFilename) - if err != nil { - return fmt.Errorf("os.CreateTemp: %w", err) + return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err) } - defer repoFile.Close() if _, err := io.Copy(repoFile, resp.Body); err != nil { - // If the incomming tarball is corrupted or the server times out. + // If the incoming tarball is corrupted or the server times out. return fmt.Errorf("%w io.Copy: %v", errTarballNotFound, err) } - - handler.tempDir = tempDir - handler.tempTarFile = repoFile.Name() return nil } From 053ed0ffd9c737140f35c62a7cf1617f10296c31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 17:31:35 +0000 Subject: [PATCH 135/316] :seedling: Bump golang from `403f486` to `31a8f92` in /cron/internal/cii Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/cii/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 575b336ca64..6defba5e2da 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From d4ed2309e82028abe79ffb6ff5809ee9253a853e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 17:45:32 +0000 Subject: [PATCH 136/316] :seedling: Bump golang in /cron/internal/worker Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/worker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index 0cc8f1008b6..d655d78c5e5 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From e590bac645d24325d5fb4ec3a4697af2b9d39490 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 18:04:17 +0000 Subject: [PATCH 137/316] :seedling: Bump golang in /cron/internal/webhook Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/webhook/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index 1b3e3a1b8ad..e384329a4b2 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From f159a6a3bc2f3ba9b8f4def2c47f34fbd19a6344 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 18:18:40 +0000 Subject: [PATCH 138/316] :seedling: Bump golang in /cron/internal/controller Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/controller/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 2477bad5279..0baf183441c 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 624e521074caa88825d75044796bfaba07b7c070 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 18:33:05 +0000 Subject: [PATCH 139/316] :seedling: Bump distroless/base Bumps distroless/base from `e406b1d` to `10985f0`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index d0012b6d7d5..d822d1b22d4 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -24,6 +24,6 @@ ARG TARGETOS ARG TARGETARCH RUN CGO_ENABLED=0 make build-github-server -FROM gcr.io/distroless/base:nonroot@sha256:e406b1da09bc455495417a809efe48a03c48011a89f6eb57b0ab882508021c0d +FROM gcr.io/distroless/base:nonroot@sha256:10985f0577b62767a2f0218bff7dec33c59a5ef9a587d889bf0861e0c3123d57 COPY --from=authserver /src/clients/githubrepo/roundtripper/tokens/server/github-auth-server clients/githubrepo/roundtripper/tokens/server/github-auth-server ENTRYPOINT ["clients/githubrepo/roundtripper/tokens/server/github-auth-server"] From 43999e9a26f6cc6211b42efd07a287c4ed16a486 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 18:45:38 +0000 Subject: [PATCH 140/316] :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index d822d1b22d4..9eaac688c5a 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 923deb7df0e6d013792f8ceff2c35d4172d8254d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 19:03:46 +0000 Subject: [PATCH 141/316] :seedling: Bump golang from `403f486` to `31a8f92` in /cron/internal/bq Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/bq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index b731c679354..6e459dedb82 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:403f48633fb5ebd49f9a2b6ad6719f912df23dae44974a0c9445be331e72ff5e AS base +FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From a7da789faef364c99376c82371dcbdef71d5862f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 23:19:51 +0000 Subject: [PATCH 142/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2973) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.18.1 to 1.18.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.18.1...v1.18.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 0eaea3df89b..8c70367b047 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.13.0 - github.com/goreleaser/goreleaser v1.18.1 + github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.9.4 google.golang.org/protobuf v1.30.0 diff --git a/tools/go.sum b/tools/go.sum index fb15d8c911c..534f5b59351 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1494,8 +1494,8 @@ github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6 github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.18.1 h1:QEpUnMFhSgtqaJbmy9/++KbFNBlITYVIiVYVcz0XaDo= -github.com/goreleaser/goreleaser v1.18.1/go.mod h1:CfWAXthyGOTzUgubl1FdAtkAgSW69XuRHF6KcA9IrLc= +github.com/goreleaser/goreleaser v1.18.2 h1:qeNrKKVOHWEs1+/+a6jwASj7g9yg1R4vfLVlo0Beyro= +github.com/goreleaser/goreleaser v1.18.2/go.mod h1:CfWAXthyGOTzUgubl1FdAtkAgSW69XuRHF6KcA9IrLc= github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= From bc615e3f21d1fe65fd5ac1d16edd0b417d3321e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 23:21:17 +0000 Subject: [PATCH 143/316] :seedling: Bump github.com/google/go-containerregistry Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.12.1 to 0.15.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.12.1...v0.15.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 18 +++++++++--------- go.sum | 35 ++++++++++++++++++----------------- 2 files changed, 27 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 4011fb4d539..7c2c9f54e77 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 - github.com/google/go-containerregistry v0.12.1 + github.com/google/go-containerregistry v0.15.1 github.com/google/go-github/v38 v38.1.0 github.com/grafeas/kritis v0.2.3-0.20210120183821-faeba81c520c github.com/h2non/filetype v1.1.3 @@ -118,20 +118,20 @@ require ( require ( cloud.google.com/go v0.110.0 // indirect - cloud.google.com/go/compute v1.19.0 // indirect + cloud.google.com/go/compute v1.19.1 // indirect cloud.google.com/go/iam v0.13.0 // indirect cloud.google.com/go/storage v1.29.0 // indirect - github.com/Microsoft/go-winio v0.6.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/aws/aws-sdk-go v1.44.200 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/stargz-snapshotter/estargz v0.13.0 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/containerd/typeurl v1.0.2 // indirect - github.com/docker/cli v23.0.0-rc.1+incompatible // indirect + github.com/docker/cli v23.0.5+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect - github.com/docker/docker v23.0.0-rc.1+incompatible // indirect + github.com/docker/docker v23.0.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.13.0 // indirect @@ -151,19 +151,19 @@ require ( github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.15.12 // indirect + github.com/klauspost/compress v1.16.5 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect + github.com/opencontainers/image-spec v1.1.0-rc3 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/robfig/cron v1.2.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/vbatts/tar-split v0.11.2 // indirect + github.com/vbatts/tar-split v0.11.3 // indirect github.com/xanzy/go-gitlab v0.83.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect diff --git a/go.sum b/go.sum index 43e94730c73..9c13eb8190e 100644 --- a/go.sum +++ b/go.sum @@ -126,8 +126,8 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= -cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -525,8 +525,8 @@ github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= -github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -789,8 +789,8 @@ github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFY github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= -github.com/containerd/stargz-snapshotter/estargz v0.13.0 h1:fD7AwuVV+B40p0d9qVkH/Au1qhp8hn/HWJHIYjpEcfw= -github.com/containerd/stargz-snapshotter/estargz v0.13.0/go.mod h1:m+9VaGJGlhCnrcEUod8mYumTmRgblwd3rC5UCEh2Yp0= +github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= +github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -866,16 +866,16 @@ github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyG github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v23.0.0-rc.1+incompatible h1:Vl3pcUK4/LFAD56Ys3BrqgAtuwpWd/IO3amuSL0ZbP0= -github.com/docker/cli v23.0.0-rc.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= +github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY= github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v23.0.0-rc.1+incompatible h1:Dmn88McWuHc7BSNN1s6RtfhMmt6ZPQAYUEf7FhqpiQI= -github.com/docker/docker v23.0.0-rc.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k= +github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= @@ -1176,8 +1176,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.2.1/go.mod h1:Ts3Wioz1r5ayWx8sS6vLcWltWcM1aqFjd/eVrkFhrWM= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= -github.com/google/go-containerregistry v0.12.1 h1:W1mzdNUTx4Zla4JaixCRLhORcR7G6KxE5hHl5fkPsp8= -github.com/google/go-containerregistry v0.12.1/go.mod h1:sdIK+oHQO7B93xI8UweYdl887YhuIwg9vz8BSLH3+8k= +github.com/google/go-containerregistry v0.15.1 h1:RsJ9NbfxYWF8Wl4VmvkpN3zYATwuvlPq2j20zmcs63E= +github.com/google/go-containerregistry v0.15.1/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= @@ -1481,8 +1481,8 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM= -github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= @@ -1949,9 +1949,9 @@ github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= -github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= +github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= +github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= +github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= github.com/vdemeester/k8s-pkg-credentialprovider v1.18.1-0.20201019120933-f1d16962a4db/go.mod h1:grWy0bkr1XO6hqbaaCKaPXqkBVlMGHYG6PGykktwbJc= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= @@ -2500,6 +2500,7 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From d7229e0fa4aa3f5818ff9e1d323091646f7a1f0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 May 2023 09:02:07 -0500 Subject: [PATCH 144/316] :seedling: Bump golang.org/x/tools from 0.8.0 to 0.9.0 (#2976) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 16 ++++++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 7c2c9f54e77..ad3a5a351fb 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.9.0 - golang.org/x/tools v0.8.0 + golang.org/x/tools v0.9.0 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 @@ -101,7 +101,7 @@ require ( github.com/spdx/tools-golang v0.4.0 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.10.0 // indirect - golang.org/x/term v0.7.0 // indirect + golang.org/x/term v0.8.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -170,10 +170,10 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 - golang.org/x/net v0.9.0 // indirect + golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.7.0 // indirect + golang.org/x/sync v0.2.0 // indirect + golang.org/x/sys v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.118.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 9c13eb8190e..0018c70844a 100644 --- a/go.sum +++ b/go.sum @@ -2299,8 +2299,9 @@ golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2350,8 +2351,9 @@ golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2509,8 +2511,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2524,8 +2527,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= +golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2647,8 +2651,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= -golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.9.0 h1:CtBMYmb33qYal6XpayZzNXlyK/3FpZV8bDq4CZo57b8= +golang.org/x/tools v0.9.0/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 793da0ce8b0d60736676e4f74abcd0ec0600d3cf Mon Sep 17 00:00:00 2001 From: Azeem Shaikh Date: Tue, 9 May 2023 22:55:04 +0530 Subject: [PATCH 145/316] Remove hard-coded resources to allow auto-scaling (#2978) The cron/k8s workers were initialized with hardcoded resources. Due to this GKE engine wasn't optimizing the worker load properly. Removed this hardcoding and confirmed that GKE engine optimization works as expected. Signed-off-by: Azeem Shaikh --- cron/k8s/worker.release.yaml | 7 ------- cron/k8s/worker.yaml | 7 ------- 2 files changed, 14 deletions(-) diff --git a/cron/k8s/worker.release.yaml b/cron/k8s/worker.release.yaml index 0a0fa5982c5..50558847a08 100644 --- a/cron/k8s/worker.release.yaml +++ b/cron/k8s/worker.release.yaml @@ -54,13 +54,6 @@ spec: key: installation_id - name: "SCORECARD_API_RESULTS_BUCKET_URL" value: "gs://ossf-scorecard-cron-releasetest-results" - resources: - requests: - memory: 5Gi - ephemeral-storage: 100Gi - limits: - memory: 12Gi - ephemeral-storage: 500Gi volumeMounts: - name: config-volume mountPath: /etc/scorecard diff --git a/cron/k8s/worker.yaml b/cron/k8s/worker.yaml index 9307d2d8d57..222f5ce0b6e 100644 --- a/cron/k8s/worker.yaml +++ b/cron/k8s/worker.yaml @@ -44,13 +44,6 @@ spec: secretKeyRef: name: github key: installation_id - resources: - requests: - memory: 5Gi - ephemeral-storage: 100Gi - limits: - memory: 12Gi - ephemeral-storage: 500Gi volumeMounts: - name: config-volume mountPath: /etc/scorecard From 2ca4722b76d7856fd4253e5f999c4e8e3a37c0ab Mon Sep 17 00:00:00 2001 From: Matt Travi Date: Tue, 9 May 2023 13:00:51 -0500 Subject: [PATCH 146/316] :sparkles: Add packaging workflow for semantic-release (#2964) * :sparkles: Add packaging workflow for semantic-release Signed-off-by: Matt Travi * Resolve indentation inconsistencies Signed-off-by: Matt Travi --------- Signed-off-by: Matt Travi --- checks/fileparser/github_workflow.go | 9 +++++++ checks/fileparser/github_workflow_test.go | 5 ++++ ...b-workflow-packaging-semantic-release.yaml | 24 +++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 checks/testdata/.github/workflows/github-workflow-packaging-semantic-release.yaml diff --git a/checks/fileparser/github_workflow.go b/checks/fileparser/github_workflow.go index 9461c250c98..cc1622d0654 100644 --- a/checks/fileparser/github_workflow.go +++ b/checks/fileparser/github_workflow.go @@ -565,6 +565,15 @@ func IsPackagingWorkflow(workflow *actionlint.Workflow, fp string) (JobMatchResu }, LogText: "candidate container publishing workflow using ko", }, + { + // Commonly JavaScript packages, but supports multiple ecosystems + Steps: []*JobMatcherStep{ + { + Run: "npx.*semantic-release", + }, + }, + LogText: "candidate publishing workflow using semantic-release", + }, } return AnyJobsMatch(workflow, jobMatchers, fp, "not a publishing workflow") diff --git a/checks/fileparser/github_workflow_test.go b/checks/fileparser/github_workflow_test.go index 4702c80a626..cf2912e4fc2 100644 --- a/checks/fileparser/github_workflow_test.go +++ b/checks/fileparser/github_workflow_test.go @@ -998,6 +998,11 @@ func TestIsPackagingWorkflow(t *testing.T) { filename: "../testdata/.github/workflows/github-workflow-packaging-cargo.yaml", expected: true, }, + { + name: "semantic-release publish", + filename: "../testdata/.github/workflows/github-workflow-packaging-semantic-release.yaml", + expected: true, + }, } for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-semantic-release.yaml b/checks/testdata/.github/workflows/github-workflow-packaging-semantic-release.yaml new file mode 100644 index 00000000000..671f1a51f8a --- /dev/null +++ b/checks/testdata/.github/workflows/github-workflow-packaging-semantic-release.yaml @@ -0,0 +1,24 @@ +# Copyright 2022 Security Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: semantic-release + run: npx -p @semantic-release/git semantic-release + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file From 361c57f489e3a443bbe4e40476121c68ff8b5f2d Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 9 May 2023 19:46:17 -0500 Subject: [PATCH 147/316] :seedling: Unit tests errors/internal.go (#2977) - Add tests for the `CreateInternal` and `WithMessage`/`GetName` functions - Add license headers to `internal_test.go` and `public_test.go` files Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- errors/internal_test.go | 46 ++++++++++++++++++ errors/public_test.go | 105 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 errors/internal_test.go create mode 100644 errors/public_test.go diff --git a/errors/internal_test.go b/errors/internal_test.go new file mode 100644 index 00000000000..c8a077b7f1c --- /dev/null +++ b/errors/internal_test.go @@ -0,0 +1,46 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package errors + +import ( + "errors" + "fmt" + "testing" +) + +func TestCreateInternal(t *testing.T) { + type args struct { + e error + msg string + } + test := struct { //nolint:govet + name string + args args + want error + }{ + name: "non-nil error and non-empty message", + args: args{ + e: errors.New("test error"), //nolint:goerr113 + msg: "test message", + }, + want: fmt.Errorf("test error: test message"), //nolint:goerr113 + } + + t.Run(test.name, func(t *testing.T) { + if got := CreateInternal(test.args.e, test.args.msg); got.Error() != test.want.Error() { + t.Errorf("CreateInternal() = %v, want %v", got, test.want) + } + }) +} diff --git a/errors/public_test.go b/errors/public_test.go new file mode 100644 index 00000000000..460a93a2a97 --- /dev/null +++ b/errors/public_test.go @@ -0,0 +1,105 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package errors + +import ( + "errors" + "strings" + "testing" +) + +func TestWithMessage(t *testing.T) { + t.Parallel() + type args struct { + e error + msg string + } + tests := []struct { + name string + args args + wantErr bool + }{ + { + name: "with error and message", + args: args{ + e: ErrScorecardInternal, + msg: "additional context", + }, + wantErr: true, + }, + { + name: "with error and no message", + args: args{ + e: ErrScorecardInternal, + msg: "", + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := WithMessage(tt.args.e, tt.args.msg); (err != nil) != tt.wantErr { + t.Errorf("WithMessage() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} + +func TestGetName(t *testing.T) { + t.Parallel() + type args struct { + err error + } + tests := []struct { + name string + args args + want string + }{ + { + name: "ErrScorecardInternal", + args: args{ + err: ErrScorecardInternal, + }, + want: "ErrScorecardInternal", + }, + { + name: "ErrRepoUnreachable", + args: args{ + err: ErrRepoUnreachable, + }, + want: "ErrRepoUnreachable", + }, + { + name: "ErrorShellParsing", + args: args{ + err: ErrorShellParsing, + }, + want: "ErrorShellParsing", + }, + { + name: "unknown error", + args: args{ + err: errors.New("unknown error"), //nolint:goerr113 + }, + want: "ErrUnknown", + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if got := GetName(tt.args.err); !strings.EqualFold(got, tt.want) { + t.Errorf("GetName() = %v, want %v", got, tt.want) + } + }) + } +} From 7736f36e9bf5415ed993d1f29b9882e1f30f986d Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 9 May 2023 20:05:19 -0500 Subject: [PATCH 148/316] :seedling: Unit tests for checks/evaluation/pinned_dependencies.go (#2975) * :seedling: Unit tests for checks/evaluation/pinned_dependencies.go - Add cmp package to compare results - Add functions to generate owner to display, add workflow pinned result, generate text, and update pinning results - Add tests for max score, generate owner to display, add workflow pinned result, generate text, and update pinning results - Add various warnings and info to the tests Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed code review issues. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/evaluation/pinned_dependencies_test.go | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) diff --git a/checks/evaluation/pinned_dependencies_test.go b/checks/evaluation/pinned_dependencies_test.go index 7b3ad9f3199..cd497a6cfbf 100644 --- a/checks/evaluation/pinned_dependencies_test.go +++ b/checks/evaluation/pinned_dependencies_test.go @@ -17,6 +17,8 @@ package evaluation import ( "testing" + "github.com/google/go-cmp/cmp" + "github.com/ossf/scorecard/v4/checker" scut "github.com/ossf/scorecard/v4/utests" ) @@ -205,6 +207,34 @@ func Test_PinningDependencies(t *testing.T) { NumberOfDebug: 0, }, }, + { + name: "Validate various wanrings and info", + dependencies: []checker.Dependency{ + { + Location: &checker.File{}, + Type: checker.DependencyUseTypePipCommand, + }, + { + Location: &checker.File{}, + Type: checker.DependencyUseTypeDownloadThenRun, + }, + { + Location: &checker.File{}, + Type: checker.DependencyUseTypeDockerfileContainerImage, + }, + { + Location: &checker.File{}, + Msg: asPointer("debug message"), + }, + }, + expected: scut.TestReturn{ + Error: nil, + Score: 2, + NumberOfWarn: 3, + NumberOfInfo: 2, + NumberOfDebug: 1, + }, + }, } for _, tt := range tests { @@ -354,3 +384,173 @@ func Test_maxScore(t *testing.T) { }) } } + +func Test_generateOwnerToDisplay(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + gitHubOwned bool + want string + }{ + { + name: "returns GitHub if gitHubOwned is true", + gitHubOwned: true, + want: "GitHub-owned", + }, + { + name: "returns GitHub if gitHubOwned is false", + gitHubOwned: false, + want: "third-party", + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + if got := generateOwnerToDisplay(tt.gitHubOwned); got != tt.want { + t.Errorf("generateOwnerToDisplay() = %v, want %v", got, tt.want) + } + }) + } +} + +func Test_addWorkflowPinnedResult(t *testing.T) { + t.Parallel() + type args struct { + w *worklowPinningResult + to bool + isGitHub bool + } + tests := []struct { //nolint:govet + name string + want pinnedResult + args args + }{ + { + name: "sets pinned to true if to is true", + args: args{ + w: &worklowPinningResult{}, + to: true, + isGitHub: true, + }, + want: pinned, + }, + { + name: "sets pinned to false if to is false", + args: args{ + w: &worklowPinningResult{}, + to: false, + isGitHub: true, + }, + want: notPinned, + }, + { + name: "sets pinned to undefined if to is false and isGitHub is false", + args: args{ + w: &worklowPinningResult{}, + to: false, + isGitHub: false, + }, + want: pinnedUndefined, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + addWorkflowPinnedResult(tt.args.w, tt.args.to, tt.args.isGitHub) + if tt.args.w.gitHubOwned != tt.want { + t.Errorf("addWorkflowPinnedResult() = %v, want %v", tt.args.w.gitHubOwned, tt.want) + } + }) + } +} + +func TestGenerateText(t *testing.T) { + tests := []struct { + name string + dependency *checker.Dependency + expectedText string + }{ + { + name: "GitHub action not pinned by hash", + dependency: &checker.Dependency{ + Type: checker.DependencyUseTypeGHAction, + Location: &checker.File{ + Snippet: "actions/checkout@v2", + }, + }, + expectedText: "GitHub-owned GitHubAction not pinned by hash", + }, + { + name: "Third-party action not pinned by hash", + dependency: &checker.Dependency{ + Type: checker.DependencyUseTypeGHAction, + Location: &checker.File{ + Snippet: "third-party/action@v1", + }, + }, + expectedText: "third-party GitHubAction not pinned by hash", + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + result := generateText(tc.dependency) + if !cmp.Equal(tc.expectedText, result) { + t.Errorf("generateText mismatch (-want +got):\n%s", cmp.Diff(tc.expectedText, result)) + } + }) + } +} + +func TestUpdatePinningResults(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + dependency *checker.Dependency + expectedPinningResult *worklowPinningResult + expectedPinnedResult map[checker.DependencyUseType]pinnedResult + }{ + { + name: "GitHub Action - GitHub-owned", + dependency: &checker.Dependency{ + Type: checker.DependencyUseTypeGHAction, + Location: &checker.File{ + Snippet: "actions/checkout@v2", + }, + }, + expectedPinningResult: &worklowPinningResult{ + thirdParties: 0, + gitHubOwned: 2, + }, + expectedPinnedResult: map[checker.DependencyUseType]pinnedResult{}, + }, + { + name: "Third party owned.", + dependency: &checker.Dependency{ + Type: checker.DependencyUseTypeGHAction, + Location: &checker.File{ + Snippet: "other/checkout@v2", + }, + }, + expectedPinningResult: &worklowPinningResult{ + thirdParties: 2, + gitHubOwned: 0, + }, + expectedPinnedResult: map[checker.DependencyUseType]pinnedResult{}, + }, + } + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + wp := &worklowPinningResult{} + pr := make(map[checker.DependencyUseType]pinnedResult) + updatePinningResults(tc.dependency, wp, pr) + if tc.expectedPinningResult.thirdParties != wp.thirdParties && tc.expectedPinningResult.gitHubOwned != wp.gitHubOwned { //nolint:lll + t.Errorf("updatePinningResults mismatch (-want +got):\n%s", cmp.Diff(tc.expectedPinningResult, wp)) + } + }) + } +} From 3d1c472c2d87af163eedb5c90422a8eb4dbee7cb Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 10 May 2023 17:52:48 -0400 Subject: [PATCH 149/316] fix pat test messages (#2987) * also fix pat tests Signed-off-by: Raghav Kaul --- clients/githubrepo/branches_e2e_test.go | 28 +++++++++++++++---------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/clients/githubrepo/branches_e2e_test.go b/clients/githubrepo/branches_e2e_test.go index 92b9406fcc8..f84d81f7fa8 100644 --- a/clients/githubrepo/branches_e2e_test.go +++ b/clients/githubrepo/branches_e2e_test.go @@ -34,7 +34,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Context("E2E TEST: Validate query cost", func() { It("Should not have increased for HEAD query", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -49,7 +49,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { }) It("Should fail for non-HEAD query", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -64,7 +64,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { Context("E2E TEST: Get default branch", func() { It("Should return the correct default branch", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -72,13 +72,16 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { commitSHA: clients.HeadSHA, } brancheshandler.init(context.Background(), repourl) - Expect(brancheshandler.getDefaultBranch()).ShouldNot(BeNil()) - Expect(brancheshandler.getDefaultBranch()).Should(Equal("main")) + + branchRef, err := brancheshandler.getDefaultBranch() + Expect(err).Should(BeNil()) + Expect(branchRef).ShouldNot(BeNil()) + Expect(*branchRef.Name).Should(Equal("main")) }) }) Context("E2E TEST: getBranch", func() { It("Should return a branch", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -93,7 +96,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { }) It("Should return an error for non-existent branch", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -103,13 +106,13 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { brancheshandler.init(context.Background(), repourl) branchRef, err := brancheshandler.getBranch("non-existent-branch") - Expect(err).ShouldNot(BeNil()) + Expect(err).Should(BeNil()) Expect(branchRef).Should(BeNil()) }) }) Context("E2E TEST: query branch", func() { It("Should return a branch", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -121,7 +124,7 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { }) It("Should fail for non-HEAD query", func() { - skipIfTokenIsNot(patTokenType, "GITHUB_TOKEN only") + skipIfTokenIsNot(patTokenType, "PAT only") repourl := &repoURL{ owner: "ossf", @@ -129,7 +132,10 @@ var _ = Describe("E2E TEST: githubrepo.branchesHandler", func() { commitSHA: "de5224bbc56eceb7a25aece55d2d53bbc561ed2d", } brancheshandler.init(context.Background(), repourl) - Expect(brancheshandler.query("main")).Should(BeNil()) + branchRef, err := brancheshandler.query("main") + + Expect(err).ShouldNot(BeNil()) + Expect(branchRef).Should(BeNil()) }) }) }) From fdea7aef4f3f83e9d23b785093612aa401bfce05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 May 2023 08:57:05 +0000 Subject: [PATCH 150/316] :seedling: Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0 Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 4a4c00e0fdf..7c1e7bb1e4b 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -72,7 +72,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 2ea67fe5e03..bf818bd8273 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -29,7 +29,7 @@ jobs: contents: write actions: read needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 #7f4fdb871876c23e455853d694197440c5a91506 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0 #7f4fdb871876c23e455853d694197440c5a91506 with: go-version: 1.19 evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}" From f13abc49f073125de8a5b7e8a45b5142b6fb3ddb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 May 2023 15:19:29 +0000 Subject: [PATCH 151/316] :seedling: Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 11 ++++++----- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index ad3a5a351fb..ec9b4848434 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.51.1 + cloud.google.com/go/bigquery v1.51.2 cloud.google.com/go/monitoring v1.13.0 // indirect cloud.google.com/go/pubsub v1.30.1 cloud.google.com/go/trace v1.9.0 // indirect @@ -71,7 +71,7 @@ require ( github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/goccy/go-json v0.9.11 // indirect - github.com/golang/glog v1.0.0 // indirect + github.com/golang/glog v1.1.0 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic v0.5.7-v3refs // indirect @@ -177,7 +177,7 @@ require ( golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.118.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/grpc v1.54.0 // indirect + google.golang.org/grpc v1.55.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index 0018c70844a..065a2e8440f 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= -cloud.google.com/go/bigquery v1.51.1 h1:qI/8vkBbzLkv0BJmzE7ajA6uZqQC+C31MAwgb+vJe2U= -cloud.google.com/go/bigquery v1.51.1/go.mod h1:BFgZPUBl48YxCQpkBWZK4S6GQb8PXQDW5TsAmk9eiuo= +cloud.google.com/go/bigquery v1.51.2 h1:p6SZQJBh64rNJB/9V5O0jvMBI8O/XV5rJKlhmmCU+2o= +cloud.google.com/go/bigquery v1.51.2/go.mod h1:6YYSJ37dAY1HyMDq/+XByPmzsC52MgzNXhxjlTzIVCM= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -1107,8 +1107,9 @@ github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2V github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -2925,8 +2926,8 @@ google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From 622ae353ca47b0f522bb45c0492ee5a9cf844cc6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 May 2023 15:20:54 +0000 Subject: [PATCH 152/316] :seedling: Bump golang.org/x/tools from 0.9.0 to 0.9.1 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec9b4848434..5e4a06a75f6 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.9.0 - golang.org/x/tools v0.9.0 + golang.org/x/tools v0.9.1 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 065a2e8440f..f456ad26965 100644 --- a/go.sum +++ b/go.sum @@ -2652,8 +2652,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.0 h1:CtBMYmb33qYal6XpayZzNXlyK/3FpZV8bDq4CZo57b8= -golang.org/x/tools v0.9.0/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= +golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 025c4fbb9f1f0c444bd09d43d9e1055adb2fac1d Mon Sep 17 00:00:00 2001 From: Laurent Savaete Date: Thu, 11 May 2023 17:53:34 +0200 Subject: [PATCH 153/316] :bug: Update osv-scanner dependency to include Vulnerabilities check fixes (#2981) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update osv-scanner dependency to include Vulnerabilities check fixes Signed-off-by: Laurent Savaëte * Run go mod tidy Signed-off-by: Laurent Savaëte --------- Signed-off-by: Laurent Savaëte --- go.mod | 5 +++-- go.sum | 11 +++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 5e4a06a75f6..58d8fef3ee2 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.2 + github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.4 github.com/otiai10/copy v1.11.0 @@ -60,6 +60,7 @@ require ( cloud.google.com/go/kms v1.10.1 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect + github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect github.com/andybalholm/brotli v1.0.4 // indirect github.com/apache/arrow/go/v12 v12.0.0 // indirect github.com/apache/thrift v0.16.0 // indirect @@ -98,7 +99,7 @@ require ( github.com/prometheus/prometheus v0.42.0 // indirect github.com/skeema/knownhosts v1.1.0 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect - github.com/spdx/tools-golang v0.4.0 // indirect + github.com/spdx/tools-golang v0.5.0 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/term v0.8.0 // indirect diff --git a/go.sum b/go.sum index f456ad26965..203da185796 100644 --- a/go.sum +++ b/go.sum @@ -564,6 +564,8 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc= +github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= @@ -1203,8 +1205,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.2 h1:QA1t01fqRgVrJXta8Not5lfZgwACZmS/x8VlRCXnYJE= -github.com/google/osv-scanner v1.3.2/go.mod h1:sGfqI0OkLY9Dz9ByX6ul8T0OWIz1dHrlngwEEcjf76s= +github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea h1:hKSnBJ0Umi9ROcRqa/RCq/0kSBDYgCQEbToeoPANkpo= +github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea/go.mod h1:Buh7HpwJf3cfdQe4sOx77NdqVe2RqXAXTd1BItxj/ro= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1876,8 +1878,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/tools-golang v0.4.0 h1:jdhnW8zYelURCbYTphiviFKZkWu51in0E4A1KT2csP0= -github.com/spdx/tools-golang v0.4.0/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM= +github.com/spdx/tools-golang v0.5.0 h1:/fqihV2Jna7fmow65dHpgKNsilgLK7ICpd2tkCnPEyY= +github.com/spdx/tools-golang v0.5.0/go.mod h1:kkGlrSXXfHwuSzHQZJRV3aKu9ZXCq/MSf2+xyiJH1lM= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -1930,6 +1932,7 @@ github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= From 2cb794c048e8d6ae9ffb169e77407cec927a0e51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 May 2023 15:11:44 -0700 Subject: [PATCH 154/316] :seedling: Bump github.com/docker/distribution in /tools (#2993) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 8c70367b047..d0cfe6802af 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -125,7 +125,7 @@ require ( github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect github.com/docker/cli v23.0.1+incompatible // indirect - github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/docker v23.0.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 534f5b59351..003b57b8eae 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1018,8 +1018,9 @@ github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvM github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= +github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= From 4eddb16b358d168b8e64a423eecff179952e76b0 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Thu, 11 May 2023 18:31:26 -0400 Subject: [PATCH 155/316] =?UTF-8?q?=F0=9F=8C=B1=20Gitlab:=20e2e=20test=20f?= =?UTF-8?q?ixes=20in=20main=20(#2992)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * test secret chagnes Signed-off-by: Raghav Kaul * update score Signed-off-by: Raghav Kaul * address cr comments Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- .github/workflows/gitlab.yml | 3 ++- e2e/ci_tests_test.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index 0e5dac18dce..3ee802d1dd3 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -46,8 +46,9 @@ jobs: run: | go mod download - - name: Run GitLab PAT E2E #using retry because the GitHub token is being throttled. + - name: Run GitLab PAT E2E # skip if auth token is not available uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + if: ${{ github.actor != 'dependabot[bot]' }} env: GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} with: diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 275503741aa..58cb56ace61 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -151,7 +151,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { } expected := scut.TestReturn{ Error: nil, - Score: 2, + Score: 3, NumberOfWarn: 0, NumberOfInfo: 0, NumberOfDebug: 1, From e2c19a33384aea5c760d7eaa45982cf4392cd742 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 11 May 2023 16:45:14 -0700 Subject: [PATCH 156/316] :seedling: Unit tests log/log.go (#2980) - Add unit tests for the log package - Add Apache License to log_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- log/log_test.go | 115 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 log/log_test.go diff --git a/log/log_test.go b/log/log_test.go new file mode 100644 index 00000000000..a45ec84208d --- /dev/null +++ b/log/log_test.go @@ -0,0 +1,115 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package log + +import ( + "testing" +) + +func TestNewLogger(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + logLevel Level + }{ + { + name: "debug", + logLevel: DebugLevel, + }, + { + name: "info", + logLevel: InfoLevel, + }, + { + name: "warn", + logLevel: WarnLevel, + }, + { + name: "error", + logLevel: ErrorLevel, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + logger := NewLogger(tt.logLevel) + if logger == nil { + t.Errorf("NewLogger() returned nil") + } + }) + } +} + +func TestParseLevel(t *testing.T) { + tests := []struct { + name string + levelStr string + expectedLevel Level + }{ + { + name: "panic level", + levelStr: "panic", + expectedLevel: PanicLevel, + }, + { + name: "fatal level", + levelStr: "fatal", + expectedLevel: FatalLevel, + }, + { + name: "error level", + levelStr: "error", + expectedLevel: ErrorLevel, + }, + { + name: "warn level", + levelStr: "warn", + expectedLevel: WarnLevel, + }, + { + name: "info level", + levelStr: "info", + expectedLevel: InfoLevel, + }, + { + name: "debug level", + levelStr: "debug", + expectedLevel: DebugLevel, + }, + { + name: "trace level", + levelStr: "trace", + expectedLevel: TraceLevel, + }, + { + name: "default level", + levelStr: "invalid", + expectedLevel: DefaultLevel, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + level := ParseLevel(tt.levelStr) + if level != tt.expectedLevel { + t.Errorf("ParseLevel(%s) = %v, expected %v", tt.levelStr, level, tt.expectedLevel) + } + }) + } +} From d97d8ce45541078724958f7b04baab6a334d794f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 May 2023 00:10:27 +0000 Subject: [PATCH 157/316] :seedling: Bump github.com/cloudflare/circl in /tools (#2995) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index d0cfe6802af..96a9a873f89 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -109,7 +109,7 @@ require ( github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 // indirect github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 // indirect - github.com/cloudflare/circl v1.2.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/curioswitch/go-reassign v0.2.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 003b57b8eae..a8e538f8591 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -756,7 +756,6 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/butuzov/ireturn v0.1.1 h1:QvrO2QF2+/Cx1WA/vETCIYBKtRjc30vesdoPUNo1EbY= github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/bwesterb/go-ristretto v1.2.1/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/caarlos0/ctrlc v1.2.0 h1:AtbThhmbeYx1WW3WXdWrd94EHKi+0NPRGS4/4pzrjwk= github.com/caarlos0/ctrlc v1.2.0/go.mod h1:n3gDlSjsXZ7rbD9/RprIR040b7oaLfNStikPd4gFago= github.com/caarlos0/env/v8 v8.0.0 h1:POhxHhSpuxrLMIdvTGARuZqR4Jjm8AYmoi/JKlcScs0= @@ -819,8 +818,8 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.2.0 h1:NheeISPSUcYftKlfrLuOo4T62FkmD4t4jviLfFFYaec= -github.com/cloudflare/circl v1.2.0/go.mod h1:Ch2UgYr6ti2KTtlejELlROl0YIYj7SLjAC8M+INXlMk= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -2599,7 +2598,6 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -2942,7 +2940,6 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220224120231-95c6836cb0e7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From c838916ed16d61a4ca50f0f4432467c1fdf99913 Mon Sep 17 00:00:00 2001 From: Matt Travi Date: Thu, 11 May 2023 20:37:42 -0500 Subject: [PATCH 158/316] :sparkles: Add releasing workflow for semantic-release (#2989) Signed-off-by: Matt Travi --- checks/permissions_test.go | 11 +++++++ checks/raw/permissions.go | 9 ++++++ ...tents-writes-release-semantic-release.yaml | 29 +++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 checks/testdata/.github/workflows/github-workflow-permissions-contents-writes-release-semantic-release.yaml diff --git a/checks/permissions_test.go b/checks/permissions_test.go index 189156f3c25..41f42f105bf 100644 --- a/checks/permissions_test.go +++ b/checks/permissions_test.go @@ -279,6 +279,17 @@ func TestGithubTokenPermissions(t *testing.T) { NumberOfDebug: 4, }, }, + { + name: "release workflow contents write semantic-release", + filenames: []string{"./testdata/.github/workflows/github-workflow-permissions-contents-writes-release-semantic-release.yaml"}, + expected: scut.TestReturn{ + Error: nil, + Score: checker.MaxResultScore, + NumberOfWarn: 0, + NumberOfInfo: 2, + NumberOfDebug: 4, + }, + }, { name: "package workflow write", filenames: []string{"./testdata/.github/workflows/github-workflow-permissions-packages-writes.yaml"}, diff --git a/checks/raw/permissions.go b/checks/raw/permissions.go index 4bcded5a025..2bbc29a923e 100644 --- a/checks/raw/permissions.go +++ b/checks/raw/permissions.go @@ -469,6 +469,15 @@ func isReleasingWorkflow(workflow *actionlint.Workflow, fp string, pdata *permis }, LogText: "candidate python publishing workflow using python-semantic-release", }, + { + // Commonly JavaScript packages, but supports multiple ecosystems + Steps: []*fileparser.JobMatcherStep{ + { + Run: "npx.*semantic-release", + }, + }, + LogText: "candidate publishing workflow using semantic-release", + }, { // Go binaries. Steps: []*fileparser.JobMatcherStep{ diff --git a/checks/testdata/.github/workflows/github-workflow-permissions-contents-writes-release-semantic-release.yaml b/checks/testdata/.github/workflows/github-workflow-permissions-contents-writes-release-semantic-release.yaml new file mode 100644 index 00000000000..a1f74c29895 --- /dev/null +++ b/checks/testdata/.github/workflows/github-workflow-permissions-contents-writes-release-semantic-release.yaml @@ -0,0 +1,29 @@ +# Copyright 2022 Security Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +name: semantic-release release workflow +on: [push] +permissions: + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v3 + - name: semantic-release + run: npx -p @semantic-release/git semantic-release + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} From a268d57ac485947417a9ff4ae38a512b9a1365af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 May 2023 08:57:09 +0000 Subject: [PATCH 159/316] :seedling: Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0 Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 7c1e7bb1e4b..b1b573e24b2 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -83,7 +83,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.2.0 + uses: slsa-framework/slsa-verifier/actions/installer@v2.3.0 - name: Download assets env: diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index bf818bd8273..bef97f17571 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -41,7 +41,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.2.0 + uses: slsa-framework/slsa-verifier/actions/installer@v2.3.0 - name: Download the artifact uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 From f30709d212a1f4f83255996c02e52312636e2867 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 12 May 2023 13:14:55 +0000 Subject: [PATCH 160/316] :seedling: Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 58d8fef3ee2..96ddab15781 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/andybalholm/brotli v1.0.4 // indirect github.com/apache/arrow/go/v12 v12.0.0 // indirect github.com/apache/thrift v0.16.0 // indirect - github.com/cloudflare/circl v1.1.0 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect diff --git a/go.sum b/go.sum index 203da185796..1f3196cf432 100644 --- a/go.sum +++ b/go.sum @@ -700,8 +700,9 @@ github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng= github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= +github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= From 970f4355576c4b661621fcbc204723c739305e93 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Sat, 13 May 2023 08:44:58 -0700 Subject: [PATCH 161/316] :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934) * :seedling: Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/checkruns_e2e_test.go | 43 ++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/clients/githubrepo/checkruns_e2e_test.go b/clients/githubrepo/checkruns_e2e_test.go index 45c5fad2bee..923aa08b33d 100644 --- a/clients/githubrepo/checkruns_e2e_test.go +++ b/clients/githubrepo/checkruns_e2e_test.go @@ -16,11 +16,15 @@ package githubrepo import ( "context" + "net/http" + "github.com/google/go-github/v38/github" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" ) var _ = Describe("E2E TEST: githubrepo.checkrunsHandler", func() { @@ -48,4 +52,43 @@ var _ = Describe("E2E TEST: githubrepo.checkrunsHandler", func() { Expect(*checkrunshandler.checkData.RateLimit.Cost).Should(BeNumerically("<=", 1)) }) }) + Context("E2E TEST: listCheckRunsForRef", func() { + It("Should return check runs for a valid ref", func() { + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + checkrunshandler.init(context.Background(), repourl, 30) + checkrunshandler.client = github.NewClient(httpClient) + Expect(checkrunshandler.setup()).Should(BeNil()) + Expect(checkrunshandler.checkData).ShouldNot(BeNil()) + + checkRuns, err := checkrunshandler.listCheckRunsForRef("main") + Expect(err).Should(BeNil()) + Expect(checkRuns).ShouldNot(BeNil()) + Expect(len(checkRuns)).Should(BeNumerically(">", 0)) + }) + }) + It("Should return an error for an invalid ref", func() { + repourl := &repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + checkrunshandler.init(context.Background(), repourl, 30) + Expect(checkrunshandler.setup()).Should(BeNil()) + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + checkrunshandler.client = github.NewClient(httpClient) + checkRuns, err := checkrunshandler.listCheckRunsForRef("invalid-ref") + Expect(err).ShouldNot(BeNil()) + Expect(checkRuns).Should(BeNil()) + }) }) From 022cd163a060bd479c5383c9a7d4aa976c7de1fc Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Sat, 13 May 2023 09:11:18 -0700 Subject: [PATCH 162/316] :seedling: E2E for clients/githubrepo/contributors.go (#2939) * :seedling: E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/contributors_e2e_test.go | 59 +++++++++++++++++++++ clients/githubrepo/githubrepo_suite_test.go | 7 ++- go.mod | 2 +- 3 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 clients/githubrepo/contributors_e2e_test.go diff --git a/clients/githubrepo/contributors_e2e_test.go b/clients/githubrepo/contributors_e2e_test.go new file mode 100644 index 00000000000..df05c3f9068 --- /dev/null +++ b/clients/githubrepo/contributors_e2e_test.go @@ -0,0 +1,59 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.contributorsHandler", func() { + var contribHandler *contributorsHandler + + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + client := github.NewClient(httpClient) + contribHandler = &contributorsHandler{ + ghClient: client, + ctx: ctx, + } + }) + Context("getContributors()", func() { + skipIfTokenIsNot(patTokenType, "PAT only") + It("returns contributors for valid HEAD query", func() { + repoURL := repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + + contribHandler.init(context.Background(), &repoURL) + Expect(contribHandler.getContributors()).ShouldNot(BeNil()) + Expect(contribHandler.errSetup).Should(BeNil()) + }) + }) +}) diff --git a/clients/githubrepo/githubrepo_suite_test.go b/clients/githubrepo/githubrepo_suite_test.go index edc1dd33afa..6f7f2ff150c 100644 --- a/clients/githubrepo/githubrepo_suite_test.go +++ b/clients/githubrepo/githubrepo_suite_test.go @@ -21,6 +21,7 @@ import ( "os" "testing" + "github.com/google/go-github/v38/github" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/shurcooL/githubv4" @@ -38,7 +39,10 @@ func TestGithubrepo(t *testing.T) { RunSpecs(t, "Githubrepo Suite") } -var graphClient *githubv4.Client +var ( + graphClient *githubv4.Client + ghClient *github.Client +) type tokenType int @@ -63,6 +67,7 @@ var _ = BeforeSuite(func() { Transport: rt, } graphClient = githubv4.NewClient(httpClient) + ghClient = github.NewClient(httpClient) tt := os.Getenv("TOKEN_TYPE") switch tt { diff --git a/go.mod b/go.mod index 96ddab15781..a9657f5a882 100644 --- a/go.mod +++ b/go.mod @@ -172,7 +172,7 @@ require ( golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.7.0 // indirect + golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect From 1dff4278e7a4b368c864bf993cd996c48d6c2607 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Sun, 14 May 2023 12:40:11 -0700 Subject: [PATCH 163/316] :book: Clarify that AI/ML doesn't count as human code review (#2953) * Clarify that AI/ML doesn't count as human code review Add this clarification per the Scorecards Zoom call meeting today (2023-05-04). Signed-off-by: David A. Wheeler * Tweaked per review Signed-off-by: David A. Wheeler --------- Signed-off-by: David A. Wheeler --- docs/checks.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/checks.md b/docs/checks.md index 41aa7046b88..a27dc624a77 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -182,7 +182,7 @@ However, note that in those overlapping cases, Scorecard can only report what it Risk: `High` (unintentional vulnerabilities or possible injection of malicious code) -This check determines whether the project requires code review before pull +This check determines whether the project requires human code review before pull requests (merge requests) are merged. Reviews detect various unintentional problems, including vulnerabilities that @@ -206,6 +206,15 @@ If any bot-originated changes are unreviewed, 3 points are deducted. If any huma changes are unreviewed, 7 points are deducted if a single change is unreviewed, and another 3 are deducted if multiple changes are unreviewed. +Review by bots, including bots powered by +artificial intelligence / machine learning (AI/ML), +do not count as code review. +Such reviews do not provide confidence that there will +be a second person who understands the +code change (e.g., if the originator suddenly becomes unavailable). +However, analysis by bots +may be able to meet (at least in part) the [SAST](#sast) criterion. + Note: Requiring reviews for all changes is infeasible for some projects, such as those with only one active participant. Even a project with multiple active contributors may not have enough active participation to be able to require From ba61c40c2622dd0c61730dc620984da9b6bcf088 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 09:10:31 +0000 Subject: [PATCH 164/316] :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/cii/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 6defba5e2da..86477028141 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 3a7244deb21a7ddb69fdfe4308e571cc3b227f2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 13:54:25 +0000 Subject: [PATCH 165/316] :seedling: Bump golang in /cron/internal/controller Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/controller/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 0baf183441c..dac894d7cb4 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From d5a7b28212a0571a3a163eaf40e9d1e8fd42d0f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 14:12:09 +0000 Subject: [PATCH 166/316] :seedling: Bump golang in /cron/internal/worker Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/worker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index d655d78c5e5..5661128466e 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 11fce076fa88d657ed69bbb8c87c2a3fa99701ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 14:25:11 +0000 Subject: [PATCH 167/316] :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 9eaac688c5a..e5b6aa972b9 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 7ccd900c27171d281fe0cd6ca92b2b500facf92b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 14:39:12 +0000 Subject: [PATCH 168/316] :seedling: Bump golang from `31a8f92` to `685a22e` Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 51d6fb51297..86a4788659d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 488051ec1a055636f6bda32882486387f0b782df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 14:52:36 +0000 Subject: [PATCH 169/316] :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/bq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index 6e459dedb82..5397cb7e2e4 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From e105189fdd97d420e491bbb2ccbf5cea3a652153 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 15:08:47 +0000 Subject: [PATCH 170/316] :seedling: Bump golang in /cron/internal/webhook Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/webhook/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index e384329a4b2..cd2bce302f4 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:31a8f92b17829b3ccddf0add184f18203acfd79ccc1bcb5c43803ab1c4836cca AS base +FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From a0b9fb3818ce869df73752d4b25a3c1331f7fb56 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Mon, 15 May 2023 09:07:24 -0700 Subject: [PATCH 171/316] Clarify AI/ML not human code review - in .yml file (#3012) This clarifies that AI/ML doesn't count as human code review. This was earlier done in #2953 but that didn't modify the relevant .yml file - this does. Signed-off-by: David A. Wheeler --- docs/checks/internal/checks.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 51bb0392653..3e1c54b2ea7 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -277,13 +277,13 @@ checks: risk: High tags: supply-chain, security, source-code, code-reviews repos: GitHub - short: Determines if the project requires code review before pull requests (aka merge requests) are merged. + short: Determines if the project requires human code review before pull requests (aka merge requests) are merged. description: | Risk: `High` (unintentional vulnerabilities or possible injection of malicious code) - This check determines whether the project requires code review before pull - requests (merge requests) are merged. + This check determines whether the project requires human code review + before pull requests (merge requests) are merged. Reviews detect various unintentional problems, including vulnerabilities that can be fixed immediately before they are merged, which improves the quality of @@ -306,6 +306,15 @@ checks: changes are unreviewed, 7 points are deducted if a single change is unreviewed, and another 3 are deducted if multiple changes are unreviewed. + Review by bots, including bots powered by + artificial intelligence / machine learning (AI/ML), + do not count as code review. + Such reviews do not provide confidence that there will + be a second person who understands the + code change (e.g., if the originator suddenly becomes unavailable). + However, analysis by bots + may be able to meet (at least in part) the [SAST](#sast) criterion. + Note: Requiring reviews for all changes is infeasible for some projects, such as those with only one active participant. Even a project with multiple active contributors may not have enough active participation to be able to require From dedae921b546892e3f38e4b30d1e0639660c40ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 May 2023 16:20:15 +0000 Subject: [PATCH 172/316] :seedling: Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a9657f5a882..3c36eca23bd 100644 --- a/go.mod +++ b/go.mod @@ -172,7 +172,7 @@ require ( golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.7.0 + golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index 1f3196cf432..71e62237f19 100644 --- a/go.sum +++ b/go.sum @@ -2338,8 +2338,9 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 364190793ff52dd19a7ece4f4eecc018686d5feb Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 15 May 2023 17:32:17 -0500 Subject: [PATCH 173/316] :seedling: Unit tests for checks/raw/maintained.go (#2996) - Add tests and checks for the `Maintained` function - Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/raw/maintained_test.go | 121 ++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 checks/raw/maintained_test.go diff --git a/checks/raw/maintained_test.go b/checks/raw/maintained_test.go new file mode 100644 index 00000000000..07f3b691d51 --- /dev/null +++ b/checks/raw/maintained_test.go @@ -0,0 +1,121 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package raw + +import ( + "context" + "fmt" + "testing" + "time" + + "github.com/golang/mock/gomock" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" + mockrepo "github.com/ossf/scorecard/v4/clients/mockclients" +) + +func TestMaintained(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockRepoClient := mockrepo.NewMockRepoClient(ctrl) + + ctx := context.Background() + req := &checker.CheckRequest{ + Ctx: ctx, + RepoClient: mockRepoClient, + } + + t.Run("successfully returns maintained data", func(t *testing.T) { + createdAt := time.Now().AddDate(-1, 0, 0) // 1 year ago + archived := false + commits := []clients.Commit{ + {SHA: "commit1"}, + {SHA: "commit2"}, + } + issue := "issue1" + issues := []clients.Issue{ + {URI: &issue}, + } + + mockRepoClient.EXPECT().IsArchived().Return(archived, nil) + mockRepoClient.EXPECT().ListCommits().Return(commits, nil) + mockRepoClient.EXPECT().ListIssues().Return(issues, nil) + mockRepoClient.EXPECT().GetCreatedAt().Return(createdAt, nil) + + data, err := Maintained(req) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + + if data.CreatedAt != createdAt { + t.Errorf("unexpected createdAt: got %v, want %v", data.CreatedAt, createdAt) + } + + if data.ArchivedStatus.Status != archived { + t.Errorf("unexpected archived status: got %v, want %v", data.ArchivedStatus.Status, archived) + } + + if len(data.DefaultBranchCommits) != len(commits) { + t.Errorf("unexpected number of commits: got %v, want %v", len(data.DefaultBranchCommits), len(commits)) + } + + if len(data.Issues) != len(issues) { + t.Errorf("unexpected number of issues: got %v, want %v", len(data.Issues), len(issues)) + } + }) + + t.Run("returns error if IsArchived fails", func(t *testing.T) { + mockRepoClient.EXPECT().IsArchived().Return(false, fmt.Errorf("some error")) // nolint: goerr113 + + _, err := Maintained(req) + if err == nil { + t.Fatal("expected an error but got none") + } + }) + + t.Run("returns error if ListCommits fails", func(t *testing.T) { + mockRepoClient.EXPECT().IsArchived().Return(false, nil) + mockRepoClient.EXPECT().ListCommits().Return(nil, fmt.Errorf("some error")) // nolint: goerr113 + + _, err := Maintained(req) + if err == nil { + t.Fatal("expected an error but got none") + } + }) + + t.Run("returns error if ListIssues fails", func(t *testing.T) { + mockRepoClient.EXPECT().IsArchived().Return(false, nil) + mockRepoClient.EXPECT().ListCommits().Return([]clients.Commit{}, nil) + mockRepoClient.EXPECT().ListIssues().Return(nil, fmt.Errorf("some error")) // nolint: goerr113 + + _, err := Maintained(req) + if err == nil { + t.Fatal("expected an error but got none") + } + }) + + t.Run("returns error if GetCreatedAt fails", func(t *testing.T) { + mockRepoClient.EXPECT().IsArchived().Return(false, nil) + mockRepoClient.EXPECT().ListCommits().Return([]clients.Commit{}, nil) + mockRepoClient.EXPECT().ListIssues().Return([]clients.Issue{}, nil) + mockRepoClient.EXPECT().GetCreatedAt().Return(time.Time{}, fmt.Errorf("some error")) // nolint: goerr113 + + _, err := Maintained(req) + if err == nil { + t.Fatal("expected an error but got none") + } + }) +} From 8acd8c063527d6aee96baaeba16b33c3359cf364 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 May 2023 09:02:10 +0000 Subject: [PATCH 174/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tools/go.mod | 12 ++++++------ tools/go.sum | 23 ++++++++++++----------- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 96a9a873f89..0b2008b3304 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.4 + github.com/onsi/ginkgo/v2 v2.9.5 google.golang.org/protobuf v1.30.0 ) @@ -349,14 +349,14 @@ require ( golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.10.0 // indirect - golang.org/x/net v0.9.0 // indirect + golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sync v0.1.0 // indirect - golang.org/x/sys v0.7.0 // indirect - golang.org/x/term v0.7.0 // indirect + golang.org/x/sync v0.2.0 // indirect + golang.org/x/sys v0.8.0 // indirect + golang.org/x/term v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.8.0 // indirect + golang.org/x/tools v0.9.1 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.119.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/tools/go.sum b/tools/go.sum index a8e538f8591..5441423c151 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1996,8 +1996,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= +github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= +github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -2754,8 +2754,8 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2805,8 +2805,9 @@ golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2963,8 +2964,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2975,8 +2976,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= +golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3108,8 +3109,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= -golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= +golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 661df0e5dd6a99f898505470379df95ab9fcac87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 May 2023 15:18:30 +0000 Subject: [PATCH 175/316] :seedling: Bump actions/setup-go from 4.0.0 to 4.0.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 14 +++++------ .github/workflows/gitlab.yml | 2 +- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 +++++++++++++++--------------- .github/workflows/publishimage.yml | 2 +- 6 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5c67eb9c654..20e93364fe3 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -90,7 +90,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -138,7 +138,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index 3ee802d1dd3..ee03be492b2 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -37,7 +37,7 @@ jobs: fetch-depth: 0 - name: setup-go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index b1b573e24b2..4b214723caa 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -40,7 +40,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: 1.19 check-latest: true diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 6c53fa40929..d00f9b47e3e 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -47,7 +47,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} - name: setup-go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e21b7ee5f13..6cde96bae53 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -58,7 +58,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -103,7 +103,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -151,7 +151,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -186,7 +186,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -234,7 +234,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -282,7 +282,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -330,7 +330,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -378,7 +378,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -426,7 +426,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -474,7 +474,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -522,7 +522,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -570,7 +570,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -618,7 +618,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -666,7 +666,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -714,7 +714,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -749,7 +749,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -786,7 +786,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -833,7 +833,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -868,7 +868,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -894,7 +894,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v2.2.0 + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 393dd6d3b4d..200b74ee7a7 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -41,7 +41,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 with: go-version-file: go.mod # use version from go.mod so it stays in sync check-latest: true From 4048d22622c7dffae347bb81189e7d77032c689b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 May 2023 15:32:02 +0000 Subject: [PATCH 176/316] :seedling: Bump codecov/codecov-action from 3.1.3 to 3.1.4 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/gitlab.yml | 2 +- .github/workflows/integration.yml | 4 ++-- .github/workflows/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index ee03be492b2..dac7926d520 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -58,7 +58,7 @@ jobs: command: make e2e-gitlab-token - name: codecov - uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 with: files: ./e2e-coverage.out verbose: true \ No newline at end of file diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index d00f9b47e3e..43f25a578d6 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -65,7 +65,7 @@ jobs: command: make e2e-gitlab - name: codecov - uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 with: files: ./e2e-coverage.out verbose: true @@ -81,7 +81,7 @@ jobs: command: make e2e-gh-token - name: codecov - uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 with: files: "*e2e-coverage.out" verbose: true diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6cde96bae53..11dab4a2d43 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -66,7 +66,7 @@ jobs: - name: Run unit-tests run: make unit-test - name: Upload codecoverage - uses: codecov/codecov-action@894ff025c7b54547a9a2a1e9f228beae737ad3c2 # 2.1.0 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 with: files: ./unit-coverage.out verbose: true From 9f9fe96f2628b8d193104d17cbfe99b54d38d130 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 16 May 2023 12:37:15 -0500 Subject: [PATCH 177/316] :seedling: Unit tests for Policy.go (#3003) - Included tests for policy.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .codecov.yml | 1 + policy/policy_test.go | 232 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 233 insertions(+) diff --git a/.codecov.yml b/.codecov.yml index f5e0d5c0d57..d53e7576a7b 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -5,6 +5,7 @@ codecov: require_ci_to_pass: yes ignore: + - "*.pb.go" - "cron/**/*" - "clients/mockclients/**/*" - "attestor/command/**/*" diff --git a/policy/policy_test.go b/policy/policy_test.go index 57290dd37d7..7557d1504d1 100644 --- a/policy/policy_test.go +++ b/policy/policy_test.go @@ -19,6 +19,10 @@ import ( "os" "testing" + "github.com/google/go-cmp/cmp" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/checks" sce "github.com/ossf/scorecard/v4/errors" ) @@ -131,3 +135,231 @@ func TestPolicyRead(t *testing.T) { }) } } + +func TestChecksHavePolicies(t *testing.T) { + // Create a sample ScorecardPolicy + sp := &ScorecardPolicy{ + Version: 1, + Policies: map[string]*CheckPolicy{ + "Binary-Artifacts": { + // Set fields of the CheckPolicy struct accordingly + }, + }, + } + check := checker.CheckNameToFnMap{ + "Binary-Artifacts": checker.Check{ + Fn: checks.BinaryArtifacts, + }, + } + + // Call the function being tested + result := checksHavePolicies(sp, check) + + // Assert the result + if !result { + t.Error("Expected checks to have policies") + } + + delete(sp.Policies, "Binary-Artifacts") + // Call the function being tested + result = checksHavePolicies(sp, check) + + if result { + t.Error("Expected checks to have no policies") + } +} + +func TestEnableCheck(t *testing.T) { + t.Parallel() + + // Create a sample check name + checkName := "Binary-Artifacts" + + // Create a sample enabled checks map + enabledChecks := make(checker.CheckNameToFnMap) + + // Call the function being tested + result := enableCheck(checkName, &enabledChecks) + + // Assert the result + if !result { + t.Error("Expected the check to be enabled") + } + if _, ok := enabledChecks[checkName]; !ok { + t.Error("Expected the check to be added to enabled checks") + } + + // Try enabling a check that does not exist + nonExistentCheck := "Non-Existent-Check" + result = enableCheck(nonExistentCheck, &enabledChecks) + + // Assert the result + if result { + t.Error("Expected the check to not be enabled") + } + if _, ok := enabledChecks[nonExistentCheck]; ok { + t.Error("Expected the check to not be added to enabled checks") + } +} + +func TestIsSupportedCheck(t *testing.T) { + t.Parallel() + + // Create a sample check name + checkName := "Binary-Artifacts" + + // Create a sample list of required request types + requiredRequestTypes := []checker.RequestType{ + checker.FileBased, + } + + // Call the function being tested + result := isSupportedCheck(checkName, requiredRequestTypes) + + // Assert the result + expectedResult := false + if result != expectedResult { + t.Errorf("Unexpected result: got %v, want %v", result, expectedResult) + } + + // Try with an unsupported check + unsupportedCheckName := "Unsupported-Check" + result = isSupportedCheck(unsupportedCheckName, requiredRequestTypes) + + // Assert the result + expectedResult = false + if diff := cmp.Diff(result, expectedResult); diff != "" { + t.Errorf("Unexpected result (-got +want):\n%s", diff) + } + + // Additional test cases can be added to cover more scenarios +} + +func TestParseFromFile(t *testing.T) { + t.Parallel() + + // Provide the path to the policy file + policyFile := "testdata/policy-ok.yaml" + + // Call the function being tested + sp, err := ParseFromFile(policyFile) + if err != nil { + t.Errorf("Unexpected error: %v", err) + } + if len(sp.Policies) != 3 { + t.Errorf("Unexpected number of policies: got %v, want %v", len(sp.Policies), 3) + } + invalidPolicy := "testdata/policy-invalid-score-0.yaml" + _, err = ParseFromFile(invalidPolicy) + if err == nil { + t.Error("Expected an error") + } + invalidMode := "testdata/policy-invalid-mode.yaml" + _, err = ParseFromFile(invalidMode) + if err == nil { + t.Error("Expected an error") + } + invalidFile := "testdata/invalid-file.yaml" + _, err = ParseFromFile(invalidFile) + if err == nil { + t.Error("Expected an error") + } +} + +func TestModeToProto(t *testing.T) { + t.Parallel() + + // Call the function being tested + mode := modeToProto("enforced") + + // Check the result + expectedMode := CheckPolicy_ENFORCED + if mode != expectedMode { + t.Errorf("Unexpected mode. Got: %v, Want: %v", mode, expectedMode) + } + + // Call the function again with a different mode + mode = modeToProto("disabled") + + // Check the result + expectedMode = CheckPolicy_DISABLED + if mode != expectedMode { + t.Errorf("Unexpected mode. Got: %v, Want: %v", mode, expectedMode) + } + + // Test panic with an unknown mode + testPanic := func() { + defer func() { + if r := recover(); r == nil { + t.Errorf("Expected panic, but no panic occurred") + } + }() + modeToProto("unknown") + } + + // Run the panic test + testPanic() + + // Additional test cases can be added to cover more scenarios +} + +func TestGetEnabled(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + sp *ScorecardPolicy + argsChecks []string + requiredRequestTypes []checker.RequestType + expectedEnabledChecks int + expectedError bool + }{ + { + name: "With ScorecardPolicy and argsChecks", + sp: &ScorecardPolicy{}, + argsChecks: []string{"Binary-Artifacts"}, + requiredRequestTypes: []checker.RequestType{checker.FileBased, checker.CommitBased}, + expectedEnabledChecks: 0, + expectedError: true, + }, + { + name: "With ScorecardPolicy and unsupported check", + sp: &ScorecardPolicy{}, + argsChecks: []string{"Binary-Artifacts", "UnsupportedCheck"}, + requiredRequestTypes: []checker.RequestType{checker.FileBased, checker.CommitBased}, + expectedEnabledChecks: 0, + expectedError: true, + }, + { + name: "Without ScorecardPolicy and argsChecks", + sp: nil, + argsChecks: []string{}, + requiredRequestTypes: []checker.RequestType{checker.FileBased, checker.CommitBased}, + expectedEnabledChecks: 4, // All checks are enabled by default + expectedError: false, + }, + { + name: "With ScorecardPolicy and missing policy", + sp: &ScorecardPolicy{}, + argsChecks: []string{"Binary-Artifacts"}, + requiredRequestTypes: []checker.RequestType{checker.FileBased, checker.CommitBased}, + expectedEnabledChecks: 0, + expectedError: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + enabledChecks, err := GetEnabled(tt.sp, tt.argsChecks, tt.requiredRequestTypes) + + if len(enabledChecks) != tt.expectedEnabledChecks { + t.Errorf("Unexpected number of enabled checks: got %v, want %v", len(enabledChecks), tt.expectedEnabledChecks) + } + if tt.expectedError && err == nil { + t.Errorf("Expected an error, but got none") + } else if !tt.expectedError && err != nil { + t.Errorf("Unexpected error: %v", err) + } + }) + } +} From 1b9deaaa1bcd679f0d03ed3fa24e87bd9bef7ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 May 2023 08:58:39 +0000 Subject: [PATCH 178/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3c36eca23bd..7d412622558 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.9.4 + github.com/onsi/ginkgo/v2 v2.9.5 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 71e62237f19..68503ea74e0 100644 --- a/go.sum +++ b/go.sum @@ -1664,8 +1664,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= +github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= +github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From 211397504335989eac74cf3e48ec8d3ad349f445 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 May 2023 14:47:41 +0000 Subject: [PATCH 179/316] :seedling: Bump sigstore/cosign-installer from 3.0.3 to 3.0.4 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 200b74ee7a7..96a7c0e42a2 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -58,7 +58,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 + uses: sigstore/cosign-installer@03d0fecf172873164a163bbc64bed0f3bf114ed7 - name: Sign image run: | cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From a880f42c4ad5193e8d37471f67639006f4d09ea9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 May 2023 15:23:19 +0000 Subject: [PATCH 180/316] :seedling: Bump github.com/google/go-containerregistry (#3025) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7d412622558..82ec618725f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 - github.com/google/go-containerregistry v0.15.1 + github.com/google/go-containerregistry v0.15.2 github.com/google/go-github/v38 v38.1.0 github.com/grafeas/kritis v0.2.3-0.20210120183821-faeba81c520c github.com/h2non/filetype v1.1.3 diff --git a/go.sum b/go.sum index 68503ea74e0..7ff98ac022c 100644 --- a/go.sum +++ b/go.sum @@ -1180,8 +1180,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.2.1/go.mod h1:Ts3Wioz1r5ayWx8sS6vLcWltWcM1aqFjd/eVrkFhrWM= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= -github.com/google/go-containerregistry v0.15.1 h1:RsJ9NbfxYWF8Wl4VmvkpN3zYATwuvlPq2j20zmcs63E= -github.com/google/go-containerregistry v0.15.1/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= +github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= +github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= From 1bb97a544e82c14ac5370a80fe910fc724b30378 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 May 2023 15:25:03 +0000 Subject: [PATCH 181/316] :seedling: Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 82ec618725f..07be4190152 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/onsi/gomega v1.27.6 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect - github.com/sirupsen/logrus v1.9.0 + github.com/sirupsen/logrus v1.9.1 github.com/spf13/cobra v1.7.0 github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 diff --git a/go.sum b/go.sum index 7ff98ac022c..31efb5b1341 100644 --- a/go.sum +++ b/go.sum @@ -1866,8 +1866,9 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.1 h1:Ou41VVR3nMWWmTiEUnj0OlsgOSCUFgsPAOl6jRIcVtQ= +github.com/sirupsen/logrus v1.9.1/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= From a3a133181a93f35af9e400e46263d64063d3c996 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 17 May 2023 11:27:22 -0500 Subject: [PATCH 182/316] :seedling: Included e2e tests for push to main (#2951) - Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/integration.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 43f25a578d6..3b993c37bc7 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -14,7 +14,14 @@ # Run secret-dependent integration tests only after approval name: Integration tests -on: pull_request + +on: + push: + branches: + - main # The e2e coverage is required to be run on main branch to get the coverage report + pull_request: + branches: + - main permissions: contents: read From 157a509b23bd152635acd2843b90df590c22289a Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 17 May 2023 12:15:25 -0500 Subject: [PATCH 183/316] :seedling: Included directories that don't require coverage (#3002) - Included directories that don't require coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .codecov.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.codecov.yml b/.codecov.yml index d53e7576a7b..8185f5d689b 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -8,7 +8,11 @@ ignore: - "*.pb.go" - "cron/**/*" - "clients/mockclients/**/*" - - "attestor/command/**/*" + # ignoring them as these are internal tools for generating docs. + - "docs/**/*" + # this is the runner + - "main.go" + coverage: precision: 2 round: down From c3bcfa716a5b4f0b25335aea66d7a4da2a2b7f03 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 17 May 2023 13:20:20 -0500 Subject: [PATCH 184/316] :seedling: Unit tests for checks/raw/contributors.go (#2998) - Add tests and fix casing for Contributors function in checks/raw/contributors_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checks/raw/contributors_test.go | 163 ++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 checks/raw/contributors_test.go diff --git a/checks/raw/contributors_test.go b/checks/raw/contributors_test.go new file mode 100644 index 00000000000..6d7814246fc --- /dev/null +++ b/checks/raw/contributors_test.go @@ -0,0 +1,163 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package raw + +import ( + "testing" + + "github.com/golang/mock/gomock" + "github.com/google/go-cmp/cmp" + + "github.com/ossf/scorecard/v4/clients" + mockrepo "github.com/ossf/scorecard/v4/clients/mockclients" +) + +func TestCompanyContains(t *testing.T) { + t.Parallel() + testCases := []struct { //nolint:govet + name string + cs []string + company string + expected bool + }{ + { + name: "company is present", + cs: []string{"Google", "Facebook", "OpenAI"}, + company: "OpenAI", + expected: true, + }, + { + name: "company is not present", + cs: []string{"Google", "Facebook", "OpenAI"}, + company: "Microsoft", + expected: false, + }, + { + name: "empty slice", + cs: []string{}, + company: "Microsoft", + expected: false, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + result := companyContains(tc.cs, tc.company) + if result != tc.expected { + t.Errorf("expected %v, got %v", tc.expected, result) + } + }) + } +} + +func TestOrgContains(t *testing.T) { + t.Parallel() + testCases := []struct { //nolint:govet + name string + os []clients.User + login string + expected bool + }{ + { + name: "user is present", + os: []clients.User{{Login: "alice"}, {Login: "bob"}, {Login: "charlie"}}, + login: "bob", + expected: true, + }, + { + name: "user is not present", + os: []clients.User{{Login: "alice"}, {Login: "bob"}, {Login: "charlie"}}, + login: "david", + expected: false, + }, + { + name: "empty slice", + os: []clients.User{}, + login: "alice", + expected: false, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + result := orgContains(tc.os, tc.login) + if result != tc.expected { + t.Errorf("expected %v, got %v", tc.expected, result) + } + }) + } +} + +func TestContributors(t *testing.T) { + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockRepoClient := mockrepo.NewMockRepoClient(ctrl) + contributors := []clients.User{ + { + Login: "user1", + NumContributions: 5, + Companies: []string{"Company1", "Company2"}, + Organizations: []clients.User{ + {Login: "org1"}, + {Login: "org2"}, + }, + }, + { + Login: "user2", + NumContributions: 3, + Companies: []string{"Company3", "Company4"}, + Organizations: []clients.User{ + {Login: "org3"}, + {Login: "org4"}, + }, + }, + } + + mockRepoClient.EXPECT().ListContributors().Return(contributors, nil) + + data, err := Contributors(mockRepoClient) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + + expectedUsers := []clients.User{ + { + Login: "user1", + NumContributions: 5, + Companies: []string{"company1", "company2"}, + Organizations: []clients.User{ + {Login: "org1"}, + {Login: "org2"}, + }, + }, + { + Login: "user2", + NumContributions: 3, + Companies: []string{"company3", "company4"}, + Organizations: []clients.User{ + {Login: "org3"}, + {Login: "org4"}, + }, + }, + } + + if diff := cmp.Diff(expectedUsers, data.Users); diff != "" { + t.Errorf("unexpected contributors data (-want +got):\n%s", diff) + } +} From 3b4236faff92432bdf7a561b4758e94e242b3667 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 17 May 2023 14:47:31 -0400 Subject: [PATCH 185/316] =?UTF-8?q?=E2=9C=A8=20GitLab:=20Code=20Review=20c?= =?UTF-8?q?heck=20(#2764)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add GitLab support for Code-Review check Signed-off-by: Raghav Kaul * Remove spurious printf Signed-off-by: Raghav Kaul * Working commit Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * e2e test Signed-off-by: Raghav Kaul * update: test coverage Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- checks/evaluation/code_review.go | 5 +- clients/gitlabrepo/client.go | 26 +++- clients/gitlabrepo/client_test.go | 55 ++++++++ clients/gitlabrepo/commits.go | 200 ++++++++++++++--------------- clients/gitlabrepo/commits_test.go | 64 +++++++++ clients/gitlabrepo/graphql.go | 142 ++++++++++++++++++++ clients/gitlabrepo/graphql_test.go | 77 +++++++++++ clients/gitlabrepo/repo.go | 1 + clients/gitlabrepo/tarball.go | 1 - clients/mockclients/repo_client.go | 12 +- e2e/code_review_test.go | 57 ++++++++ 11 files changed, 531 insertions(+), 109 deletions(-) create mode 100644 clients/gitlabrepo/client_test.go create mode 100644 clients/gitlabrepo/commits_test.go create mode 100644 clients/gitlabrepo/graphql.go create mode 100644 clients/gitlabrepo/graphql_test.go diff --git a/checks/evaluation/code_review.go b/checks/evaluation/code_review.go index d2a0b8a9a55..8c26295972c 100644 --- a/checks/evaluation/code_review.go +++ b/checks/evaluation/code_review.go @@ -105,7 +105,10 @@ func CodeReview(name string, dl checker.DetailLogger, r *checker.CodeReviewData) } return checker.CreateResultWithScore( name, - fmt.Sprintf("found %v unreviewed human changesets", nUnreviewedHumanChanges), + fmt.Sprintf( + "found %v unreviewed human changesets (%d total)", + nUnreviewedHumanChanges, len(r.DefaultBranchChangesets), + ), score, ) } diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index f42436dec33..f70201f396f 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -52,6 +52,7 @@ type Client struct { languages *languagesHandler licenses *licensesHandler tarball *tarballHandler + graphql *graphqlHandler ctx context.Context commitDepth int } @@ -78,7 +79,9 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD client.repourl = &repoURL{ scheme: glRepo.scheme, host: glRepo.host, - project: fmt.Sprint(repo.ID), + owner: glRepo.owner, + project: glRepo.project, + projectID: fmt.Sprint(repo.ID), defaultBranch: repo.DefaultBranch, commitSHA: commitSHA, } @@ -132,6 +135,9 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD // Init tarballHandler client.tarball.init(client.ctx, client.repourl, repo, commitSHA) + // Init graphqlHandler + client.graphql.init(client.ctx, client.repourl) + return nil } @@ -152,7 +158,22 @@ func (client *Client) GetFileContent(filename string) ([]byte, error) { } func (client *Client) ListCommits() ([]clients.Commit, error) { - return client.commits.listCommits() + // Get commits from REST API + commitsRaw, err := client.commits.listRawCommits() + if err != nil { + return []clients.Commit{}, err + } + + // Get merge request details from GraphQL + // GitLab REST API doesn't provide a way to link Merge Requests and Commits that + // are within them without making a REST call for each commit (~30 by default) + // Making 1 GraphQL query to combine the results of 2 REST calls, we avoid this + mrDetails, err := client.graphql.getMergeRequestsDetail() + if err != nil { + return []clients.Commit{}, err + } + + return client.commits.zip(commitsRaw, mrDetails), nil } func (client *Client) ListIssues() ([]clients.Issue, error) { @@ -278,6 +299,7 @@ func CreateGitlabClientWithToken(ctx context.Context, token string, repo clients }, licenses: &licensesHandler{}, tarball: &tarballHandler{}, + graphql: &graphqlHandler{}, }, nil } diff --git a/clients/gitlabrepo/client_test.go b/clients/gitlabrepo/client_test.go new file mode 100644 index 00000000000..e4caa108e0a --- /dev/null +++ b/clients/gitlabrepo/client_test.go @@ -0,0 +1,55 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "testing" +) + +func Test_InitRepo(t *testing.T) { + t.Parallel() + tcs := []struct { + name string + repourl string + commit string + depth int + }{ + { + repourl: "https://gitlab.com/fdroid/fdroidclient", + commit: "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", + depth: 20, + }, + } + + for _, tt := range tcs { + t.Run(tt.name, func(t *testing.T) { + repo, err := MakeGitlabRepo(tt.repourl) + if err != nil { + t.Error("couldn't make gitlab repo", err) + } + + client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + if err != nil { + t.Error("couldn't make gitlab client", err) + } + + err = client.InitRepo(repo, tt.commit, tt.depth) + if err != nil { + t.Error("couldn't init gitlab repo", err) + } + }) + } +} diff --git a/clients/gitlabrepo/commits.go b/clients/gitlabrepo/commits.go index 92956dda745..5029801d8c7 100644 --- a/clients/gitlabrepo/commits.go +++ b/clients/gitlabrepo/commits.go @@ -16,6 +16,7 @@ package gitlabrepo import ( "fmt" + "strconv" "strings" "sync" @@ -25,11 +26,11 @@ import ( ) type commitsHandler struct { - glClient *gitlab.Client - once *sync.Once - errSetup error - repourl *repoURL - commits []clients.Commit + glClient *gitlab.Client + once *sync.Once + errSetup error + repourl *repoURL + commitsRaw []*gitlab.Commit } func (handler *commitsHandler) init(repourl *repoURL) { @@ -38,123 +39,118 @@ func (handler *commitsHandler) init(repourl *repoURL) { handler.once = new(sync.Once) } -// nolint: gocognit func (handler *commitsHandler) setup() error { handler.once.Do(func() { - commits, _, err := handler.glClient.Commits.ListCommits(handler.repourl.project, &gitlab.ListCommitsOptions{}) + commits, _, err := handler.glClient.Commits.ListCommits(handler.repourl.projectID, &gitlab.ListCommitsOptions{}) if err != nil { handler.errSetup = fmt.Errorf("request for commits failed with %w", err) return } + handler.commitsRaw = commits + }) - // To limit the number of user requests we are going to map every committer email - // to a user. - userToEmail := make(map[string]*gitlab.User) - for _, commit := range commits { - user, ok := userToEmail[commit.AuthorEmail] - if !ok { - users, _, err := handler.glClient.Search.Users(commit.CommitterName, &gitlab.SearchOptions{}) - if err != nil { - // Possibility this shouldn't be an issue as individuals can leave organizations - // (possibly taking their account with them) - handler.errSetup = fmt.Errorf("unable to find user associated with commit: %w", err) - return - } - - // For some reason some users have unknown names, so below we are going to parse their email into pieces. - // i.e. (firstname.lastname@domain.com) -> "firstname lastname". - if len(users) == 0 { - users, _, err = handler.glClient.Search.Users(parseEmailToName(commit.CommitterEmail), &gitlab.SearchOptions{}) - if err != nil { - handler.errSetup = fmt.Errorf("unable to find user associated with commit: %w", err) - return - } - } - userToEmail[commit.AuthorEmail] = users[0] - user = users[0] - } + return handler.errSetup +} - // Commits are able to be a part of multiple merge requests, but the only one that will be important - // here is the earliest one. - mergeRequests, _, err := handler.glClient.Commits.ListMergeRequestsByCommit(handler.repourl.project, commit.ID) - if err != nil { - handler.errSetup = fmt.Errorf("unable to find merge requests associated with commit: %w", err) - return - } - var mergeRequest *gitlab.MergeRequest - if len(mergeRequests) > 0 { - mergeRequest = mergeRequests[0] - for i := range mergeRequests { - if mergeRequests[i] == nil || mergeRequests[i].MergedAt == nil { - continue - } - if mergeRequests[i].CreatedAt.Before(*mergeRequest.CreatedAt) { - mergeRequest = mergeRequests[i] - } - } - } else { - handler.commits = append(handler.commits, clients.Commit{ - CommittedDate: *commit.CommittedDate, - Message: commit.Message, - SHA: commit.ID, - }) - continue - } +func (handler *commitsHandler) listRawCommits() ([]*gitlab.Commit, error) { + if err := handler.setup(); err != nil { + return nil, fmt.Errorf("error during commitsHandler.setup: %w", err) + } + + return handler.commitsRaw, nil +} - if mergeRequest == nil || mergeRequest.MergedAt == nil { - handler.commits = append(handler.commits, clients.Commit{ - CommittedDate: *commit.CommittedDate, - Message: commit.Message, - SHA: commit.ID, - }) +// zip combines Commit and MergeRequest information from the GitLab REST API with +// information from the GitLab GraphQL API. The REST API doesn't provide any way to +// get from Commits -> MRs that they were part of or vice-versa (MRs -> commits they +// contain), except through a separate API call. Instead of calling the REST API +// len(commits) times to get the associated MR, we make 3 calls (2 REST, 1 GraphQL). +func (handler *commitsHandler) zip(commitsRaw []*gitlab.Commit, data graphqlData) []clients.Commit { + commitToMRIID := make(map[string]string) // which mr does a commit belong to? + for i := range data.Project.MergeRequests.Nodes { + mr := data.Project.MergeRequests.Nodes[i] + for _, commit := range mr.Commits.Nodes { + commitToMRIID[commit.SHA] = mr.IID + } + commitToMRIID[mr.MergeCommitSHA] = mr.IID + } + + iidToMr := make(map[string]clients.PullRequest) + for i := range data.Project.MergeRequests.Nodes { + mr := data.Project.MergeRequests.Nodes[i] + // Two GitLab APIs for reviews (reviews vs. approvals) + // Use a map to consolidate results from both APIs by the user ID who performed review + reviews := make(map[string]clients.Review) + for _, reviewer := range mr.Reviewers.Nodes { + reviews[reviewer.Username] = clients.Review{ + Author: &clients.User{Login: reviewer.Username}, + State: "COMMENTED", } + } - // Casting the Reviewers into clients.Review. - var reviews []clients.Review - for _, reviewer := range mergeRequest.Reviewers { - reviews = append(reviews, clients.Review{ - Author: &clients.User{ID: int64(reviewer.ID)}, - State: "", - }) + if fmt.Sprintf("%v", mr.IID) != mr.IID { + continue + } + + // Check approvers + for _, approver := range mr.Approvers.Nodes { + reviews[approver.Username] = clients.Review{ + Author: &clients.User{Login: approver.Username}, + State: "APPROVED", } + break + } - // Casting the Labels into []clients.Label. - var labels []clients.Label - for _, label := range mergeRequest.Labels { - labels = append(labels, clients.Label{ - Name: label, - }) + // Check reviewers (sometimes unofficial approvals end up here) + for _, reviewer := range mr.Reviewers.Nodes { + if reviewer.MergeRequestInteraction.ReviewState != "REVIEWED" { + continue } + reviews[reviewer.Username] = clients.Review{ + Author: &clients.User{Login: reviewer.Username}, + State: "APPROVED", + } + break + } - // append the commits to the handler. - handler.commits = append(handler.commits, - clients.Commit{ - CommittedDate: *commit.CommittedDate, - Message: commit.Message, - SHA: commit.ID, - AssociatedMergeRequest: clients.PullRequest{ - Number: mergeRequest.ID, - MergedAt: *mergeRequest.MergedAt, - HeadSHA: mergeRequest.SHA, - Author: clients.User{ID: int64(mergeRequest.Author.ID)}, - Labels: labels, - Reviews: reviews, - MergedBy: clients.User{ID: int64(mergeRequest.MergedBy.ID)}, - }, - Committer: clients.User{ID: int64(user.ID)}, - }) + vals := []clients.Review{} + for _, v := range reviews { + vals = append(vals, v) } - }) - return handler.errSetup -} + var mrno int + mrno, err := strconv.Atoi(mr.IID) + if err != nil { + mrno = mr.ID.ID + } -func (handler *commitsHandler) listCommits() ([]clients.Commit, error) { - if err := handler.setup(); err != nil { - return nil, fmt.Errorf("error during commitsHandler.setup: %w", err) + iidToMr[mr.IID] = clients.PullRequest{ + Number: mrno, + MergedAt: mr.MergedAt, + HeadSHA: mr.MergeCommitSHA, + Author: clients.User{Login: mr.Author.Username, ID: int64(mr.Author.ID.ID)}, + Reviews: vals, + MergedBy: clients.User{Login: mr.MergedBy.Username, ID: int64(mr.MergedBy.ID.ID)}, + } + } + + // Associate Merge Requests with Commits based on the GitLab Merge Request IID + commits := []clients.Commit{} + for _, cRaw := range commitsRaw { + // Get IID of Merge Request that this commit was merged as part of + mrIID := commitToMRIID[cRaw.ID] + associatedMr := iidToMr[mrIID] + + commits = append(commits, + clients.Commit{ + CommittedDate: *cRaw.CommittedDate, + Message: cRaw.Message, + SHA: cRaw.ID, + AssociatedMergeRequest: associatedMr, + }) } - return handler.commits, nil + return commits } // Expected email form: .@.com. diff --git a/clients/gitlabrepo/commits_test.go b/clients/gitlabrepo/commits_test.go new file mode 100644 index 00000000000..57d9c9abc48 --- /dev/null +++ b/clients/gitlabrepo/commits_test.go @@ -0,0 +1,64 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "testing" +) + +func Test_Setup(t *testing.T) { + t.Parallel() + tcs := []struct { + name string + repourl string + commit string + depth int + }{ + { + name: "check that listcommits works", + repourl: "https://gitlab.com/fdroid/fdroidclient", + commit: "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", + depth: 20, + }, + } + + for _, tt := range tcs { + t.Run(tt.name, func(t *testing.T) { + repo, err := MakeGitlabRepo(tt.repourl) + if err != nil { + t.Error("couldn't make gitlab repo", err) + } + + client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + if err != nil { + t.Error("couldn't make gitlab client", err) + } + + err = client.InitRepo(repo, tt.commit, tt.depth) + if err != nil { + t.Error("couldn't init gitlab repo", err) + } + + c, err := client.ListCommits() + if err != nil { + t.Error("couldn't list gitlab repo commits", err) + } + if len(c) == 0 { + t.Error("couldn't get any commits from gitlab repo") + } + }) + } +} diff --git a/clients/gitlabrepo/graphql.go b/clients/gitlabrepo/graphql.go new file mode 100644 index 00000000000..2d5e76541f4 --- /dev/null +++ b/clients/gitlabrepo/graphql.go @@ -0,0 +1,142 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "errors" + "fmt" + "net/http" + "os" + "regexp" + "strconv" + "time" + + "github.com/shurcooL/graphql" + "golang.org/x/oauth2" +) + +//nolint:govet +type graphqlHandler struct { + err error + client *http.Client + graphClient *graphql.Client + ctx context.Context + repourl *repoURL +} + +func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) { + handler.ctx = ctx + handler.repourl = repourl + handler.err = nil + + src := oauth2.StaticTokenSource( + &oauth2.Token{AccessToken: os.Getenv("GITLAB_AUTH_TOKEN")}, + ) + handler.client = oauth2.NewClient(context.Background(), src) + handler.graphClient = graphql.NewClient("https://gitlab.com/api/graphql", handler.client) +} + +//nolint:govet +type graphqlData struct { + Project struct { + MergeRequests struct { + Nodes []graphqlMergeRequestNode `graphql:"nodes"` + } `graphql:"mergeRequests(sort: MERGED_AT_DESC, state: merged)"` + } `graphql:"project(fullPath: $fullPath)"` + QueryComplexity struct { + Limit int `graphql:"limit"` + Score int `graphql:"score"` + } `graphql:"queryComplexity"` +} + +//nolint:govet +type graphqlMergeRequestNode struct { + ID GitlabGID `graphql:"id"` + IID string `graphql:"iid"` + MergedAt time.Time `graphql:"mergedAt"` + Author struct { + Username string `graphql:"username"` + ID GitlabGID `graphql:"id"` + } `graphql:"author"` + MergedBy struct { + Username string `graphql:"username"` + ID GitlabGID `graphql:"id"` + } `graphql:"mergeUser"` + Commits struct { + Nodes []struct { + SHA string `graphql:"sha"` + } `graphql:"nodes"` + } `graphql:"commits"` + Reviewers struct { + Nodes []struct { + Username string `graphql:"username"` + ID GitlabGID `graphql:"id"` + MergeRequestInteraction struct { + ReviewState string `graphql:"reviewState"` + } `graphql:"mergeRequestInteraction"` + } `graphql:"nodes"` + } `graphql:"reviewers"` + Approvers struct { + Nodes []struct { + Username string `graphql:"username"` + ID GitlabGID `graphql:"id"` + } `graphql:"nodes"` + } `graphql:"approvedBy"` + MergeCommitSHA string `graphql:"mergeCommitSha"` + // Labels struct { + // Nodes []struct { + // Title string `graphql:"title"` + // } `graphql:"nodes"` + // } `graphql:"labels"` +} + +type GitlabGID struct { + Type string + ID int +} + +var errGitlabID = errors.New("failed to parse gitlab id") + +func (g *GitlabGID) UnmarshalJSON(data []byte) error { + re := regexp.MustCompile(`gid:\/\/gitlab\/(\w+)\/(\d+)`) + m := re.FindStringSubmatch(string(data)) + if len(m) < 3 { + return fmt.Errorf("%w: %s", errGitlabID, string(data)) + } + g.Type = m[1] + + id, err := strconv.Atoi(m[2]) + if err != nil { + return fmt.Errorf("gid parse error: %w", err) + } + g.ID = id + + return nil +} + +func (handler *graphqlHandler) getMergeRequestsDetail() (graphqlData, error) { + data := graphqlData{} + path := fmt.Sprintf("%s/%s", handler.repourl.owner, handler.repourl.project) + params := map[string]interface{}{ + "fullPath": path, + } + err := handler.graphClient.Query(context.Background(), &data, params) + if err != nil { + return graphqlData{}, fmt.Errorf("couldn't query gitlab graphql for merge requests: %w", err) + } + + return data, nil +} diff --git a/clients/gitlabrepo/graphql_test.go b/clients/gitlabrepo/graphql_test.go new file mode 100644 index 00000000000..37e54dd4eef --- /dev/null +++ b/clients/gitlabrepo/graphql_test.go @@ -0,0 +1,77 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "fmt" + "os" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +func TestGitlabRepoE2E(t *testing.T) { + if val, exists := os.LookupEnv("SKIP_GINKGO"); exists && val == "1" { + t.Skip() + } + t.Parallel() + RegisterFailHandler(Fail) + RunSpecs(t, "Githubrepo Suite") +} + +var _ = Describe("E2E TEST: gitlabrepo.graphqlHandler", func() { + var graphqlhandler graphqlHandler + + Context("E2E TEST: Confirm query result", func() { + It("Should have sufficient number of merge requests", func() { + repo, err := MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") + Expect(err).Should(BeNil()) + + graphqlhandler.init(context.Background(), repo.(*repoURL)) + data := graphqlData{} + + path := fmt.Sprintf("%s/%s", graphqlhandler.repourl.owner, graphqlhandler.repourl.project) + params := map[string]interface{}{ + "fullPath": path, + } + err = graphqlhandler.graphClient.Query(context.Background(), &data, params) + Expect(err).Should(BeNil()) + + Expect(len(data.Project.MergeRequests.Nodes)).Should(BeNumerically(">=", 100)) + }) + }) + + Context("E2E TEST: Validate query cost - GitLab", func() { + It("Should not have increased for HEAD query", func() { + repo, err := MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") + Expect(err).Should(BeNil()) + + graphqlhandler.init(context.Background(), repo.(*repoURL)) + data := graphqlData{} + + path := fmt.Sprintf("%s/%s", graphqlhandler.repourl.owner, graphqlhandler.repourl.project) + params := map[string]interface{}{ + "fullPath": path, + } + err = graphqlhandler.graphClient.Query(context.Background(), &data, params) + Expect(err).Should(BeNil()) + + Expect(data.QueryComplexity.Limit).Should(BeNumerically(">=", 200)) + Expect(data.QueryComplexity.Score).Should(BeNumerically("<=", 75)) + }) + }) +}) diff --git a/clients/gitlabrepo/repo.go b/clients/gitlabrepo/repo.go index 2d072f14034..24dcaba9d1d 100644 --- a/clients/gitlabrepo/repo.go +++ b/clients/gitlabrepo/repo.go @@ -32,6 +32,7 @@ type repoURL struct { host string owner string project string + projectID string defaultBranch string commitSHA string metadata []string diff --git a/clients/gitlabrepo/tarball.go b/clients/gitlabrepo/tarball.go index 3ff6f21b1e3..e8ff3be3bd4 100644 --- a/clients/gitlabrepo/tarball.go +++ b/clients/gitlabrepo/tarball.go @@ -294,7 +294,6 @@ func (handler *tarballHandler) listFiles(predicate func(string) (bool, error)) ( func (handler *tarballHandler) getFileContent(filename string) ([]byte, error) { if err := handler.setup(); err != nil { - fmt.Printf("err: %v\n", err) return nil, fmt.Errorf("error during tarballHandler.setup: %w", err) } content, err := os.ReadFile(filepath.Join(handler.tempDir, filename)) diff --git a/clients/mockclients/repo_client.go b/clients/mockclients/repo_client.go index ced212b6390..deb2af7ff29 100644 --- a/clients/mockclients/repo_client.go +++ b/clients/mockclients/repo_client.go @@ -20,7 +20,7 @@ package mockrepo import ( - "context" + context "context" reflect "reflect" time "time" @@ -141,14 +141,20 @@ func (mr *MockRepoClientMockRecorder) GetFileContent(filename interface{}) *gomo } // GetOrgRepoClient mocks base method. -func (m *MockRepoClient) GetOrgRepoClient(ctx context.Context) (clients.RepoClient, error) { +func (m *MockRepoClient) GetOrgRepoClient(arg0 context.Context) (clients.RepoClient, error) { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetOrgRepoClient") + ret := m.ctrl.Call(m, "GetOrgRepoClient", arg0) ret0, _ := ret[0].(clients.RepoClient) ret1, _ := ret[1].(error) return ret0, ret1 } +// GetOrgRepoClient indicates an expected call of GetOrgRepoClient. +func (mr *MockRepoClientMockRecorder) GetOrgRepoClient(arg0 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetOrgRepoClient", reflect.TypeOf((*MockRepoClient)(nil).GetOrgRepoClient), arg0) +} + // InitRepo mocks base method. func (m *MockRepoClient) InitRepo(repo clients.Repo, commitSHA string, commitDepth int) error { m.ctrl.T.Helper() diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 20a91d2f993..1278e1b94dc 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -16,6 +16,7 @@ package e2e import ( "context" + "os" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -25,6 +26,7 @@ import ( "github.com/ossf/scorecard/v4/checks/raw" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -147,4 +149,59 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Expect(repoClient.Close()).Should(BeNil()) }) }) + // GitLab doesn't seem to preserve merge requests (pull requests in github) and some users had data lost in + // the transfer from github so this returns a different value than the above GitHub test. + It("Should return use of code reviews at commit - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/fdroid/fdroidclient") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + err = repoClient.InitRepo(repo, "1f7ed43c120047102862d9d1d644f5b2de7a47f2", 0) + Expect(err).Should(BeNil()) + + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: 3, + } + result := checks.CodeReview(&req) + Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) + Expect(repoClient.Close()).Should(BeNil()) + }) + // GitLab doesn't seem to preserve merge requests (pull requests in github) and some users had data lost in + // the transfer from github so this returns a different value than the above GitHub test. + It("Should return use of code reviews at HEAD - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) + // err = repoClient.InitRepo(repo, "0b5ba5049f3e5b8e945305acfa45c44d63df21b1", 0) + Expect(err).Should(BeNil()) + + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: checker.MinResultScore, + } + result := checks.CodeReview(&req) + Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) + Expect(repoClient.Close()).Should(BeNil()) + }) }) From 3722a44079cdedfd8415b1f45026f07d822966d5 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 17 May 2023 15:16:57 -0400 Subject: [PATCH 186/316] gitlab: license check (#2834) Signed-off-by: Raghav Kaul --- clients/gitlabrepo/client.go | 2 +- clients/gitlabrepo/licenses.go | 63 +++++++++++++++++++--------------- e2e/license_test.go | 57 ++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 28 deletions(-) diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index f70201f396f..2109bb593a3 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -130,7 +130,7 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD client.languages.init(client.repourl) // Init languagesHandler - client.licenses.init(client.repourl) + client.licenses.init(client.repourl, repo) // Init tarballHandler client.tarball.init(client.ctx, client.repourl, repo, commitSHA) diff --git a/clients/gitlabrepo/licenses.go b/clients/gitlabrepo/licenses.go index ec011c5048e..6ef7d827ecd 100644 --- a/clients/gitlabrepo/licenses.go +++ b/clients/gitlabrepo/licenses.go @@ -14,57 +14,66 @@ package gitlabrepo -// TODO: -// add "github.com/xanzy/go-gitlab" to this list. - import ( + "errors" "fmt" + "regexp" "sync" + "github.com/xanzy/go-gitlab" + "github.com/ossf/scorecard/v4/clients" ) type licensesHandler struct { - // TODO: glClient *gitlab.Client - once *sync.Once - errSetup error - repourl *repoURL - licenses []clients.License + glProject *gitlab.Project + once *sync.Once + errSetup error + repourl *repoURL + licenses []clients.License } -func (handler *licensesHandler) init(repourl *repoURL) { +func (handler *licensesHandler) init(repourl *repoURL, project *gitlab.Project) { handler.repourl = repourl + handler.glProject = project handler.errSetup = nil handler.once = new(sync.Once) } +var errLicenseURLParse = errors.New("couldn't parse gitlab repo license url") + func (handler *licensesHandler) setup() error { handler.once.Do(func() { - // TODO: find actual GitLab API, data type, and fields - // client := handler.glClient - // licenseMap, _, err := client.Projects.GetLicense(handler.repourl.projectID) licenseMap := []clients.License{} - // TODO: err := (*struct{})(nil) if len(licenseMap) == 0 { // TODO: handler.errSetup = fmt.Errorf("request for repo licenses failed with %w", err) handler.errSetup = fmt.Errorf("%w: ListLicenses not yet supported for gitlab", clients.ErrUnsupportedFeature) return } - // TODO: find actual GitLab API, data type, and fields - // TODO: for k, v := range *licenseMap { - // handler.licenses = append(handler.licenses, - // clients.License{ - // Key: "", - // Name: "", - // Path: "", - // Size: 0, - // SPDXId: "", - // Type: "", - // }, - // ) - // } - // + l := handler.glProject.License + + ptn, err := regexp.Compile(fmt.Sprintf("%s/~/blob/master/(.*)", handler.repourl.URI())) + if err != nil { + handler.errSetup = fmt.Errorf("couldn't parse License URL: %w", err) + return + } + + m := ptn.FindStringSubmatch(handler.glProject.LicenseURL) + if len(m) < 2 { + handler.errSetup = fmt.Errorf("%w: %s", errLicenseURLParse, handler.glProject.LicenseURL) + return + } + path := m[1] + + handler.licenses = append(handler.licenses, + clients.License{ + Key: l.Key, + Name: l.Name, + Path: path, + }, + ) + handler.errSetup = nil }) diff --git a/e2e/license_test.go b/e2e/license_test.go index 3081c866fbd..0c4c7501d7d 100644 --- a/e2e/license_test.go +++ b/e2e/license_test.go @@ -25,6 +25,7 @@ import ( "github.com/ossf/scorecard/v4/checks" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" "github.com/ossf/scorecard/v4/clients/localdir" scut "github.com/ossf/scorecard/v4/utests" ) @@ -115,6 +116,62 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { } result := checks.License(&req) + Expect(scut.ValidateTestReturn(nil, "license found", &expected, &result, + &dl)).Should(BeTrue()) + }) + It("Should return license check works - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/N8BWert/scorecard-check-license-e2e") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + err = repoClient.InitRepo(repo, clients.HeadSHA, 0) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: 9, + NumberOfWarn: 1, + NumberOfInfo: 1, + NumberOfDebug: 0, + } + result := checks.License(&req) + + Expect(scut.ValidateTestReturn(nil, "license found", &expected, &result, + &dl)).Should(BeTrue()) + }) + It("Should return license check works at commitSHA - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + + dl := scut.TestDetailLogger{} + repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/N8BWert/scorecard-check-license-e2e") + Expect(err).Should(BeNil()) + repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + Expect(err).Should(BeNil()) + err = repoClient.InitRepo(repo, "c3a8778e73ea95f937c228a34ee57d5e006f7304", 0) + Expect(err).Should(BeNil()) + req := checker.CheckRequest{ + Ctx: context.Background(), + RepoClient: repoClient, + Repo: repo, + Dlogger: &dl, + } + expected := scut.TestReturn{ + Error: nil, + Score: 9, + NumberOfWarn: 1, + NumberOfInfo: 1, + NumberOfDebug: 0, + } + result := checks.License(&req) + Expect(scut.ValidateTestReturn(nil, "license found", &expected, &result, &dl)).Should(BeTrue()) }) From b126d0c4d11c08a4a890437efc27d34b7bc89a31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 13:06:43 -0500 Subject: [PATCH 187/316] :seedling: Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 07be4190152..fdaa94bcc61 100644 --- a/go.mod +++ b/go.mod @@ -28,8 +28,8 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/onsi/gomega v1.27.6 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa - github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect - github.com/sirupsen/logrus v1.9.1 + github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a + github.com/sirupsen/logrus v1.9.2 github.com/spf13/cobra v1.7.0 github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 @@ -172,7 +172,7 @@ require ( golang.org/x/crypto v0.7.0 // indirect golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/oauth2 v0.8.0 golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index 31efb5b1341..fc02e46eebb 100644 --- a/go.sum +++ b/go.sum @@ -1867,8 +1867,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sirupsen/logrus v1.9.1 h1:Ou41VVR3nMWWmTiEUnj0OlsgOSCUFgsPAOl6jRIcVtQ= -github.com/sirupsen/logrus v1.9.1/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= +github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= From b9927b21d89787325abc290877335e74b46b5203 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 18:09:09 +0000 Subject: [PATCH 188/316] :seedling: Bump github.com/google/osv-scanner Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.3) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index fdaa94bcc61..f9201b8b6e5 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea + github.com/google/osv-scanner v1.3.3 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.5 github.com/otiai10/copy v1.11.0 @@ -170,7 +170,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.7.0 // indirect - golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 + golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.8.0 golang.org/x/sync v0.2.0 // indirect diff --git a/go.sum b/go.sum index fc02e46eebb..63461674b72 100644 --- a/go.sum +++ b/go.sum @@ -1206,8 +1206,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea h1:hKSnBJ0Umi9ROcRqa/RCq/0kSBDYgCQEbToeoPANkpo= -github.com/google/osv-scanner v1.3.3-0.20230509011216-baae1796eeea/go.mod h1:Buh7HpwJf3cfdQe4sOx77NdqVe2RqXAXTd1BItxj/ro= +github.com/google/osv-scanner v1.3.3 h1:CeMeaCHPKx1jWb5b1ksTA3YOt7SNWjjW7tFltK6FOFU= +github.com/google/osv-scanner v1.3.3/go.mod h1:kDFfINeXZDv/q5ZnNzIkMzi5X92INdMz1ohJsq9Z1eM= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -2177,8 +2177,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o= -golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea h1:vLCWI/yYrdEHyN2JzIzPO3aaQJHQdp89IZBA/+azVC4= +golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= From 682f274d534216d80a7d29621d818a1072e58720 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 19:32:37 +0000 Subject: [PATCH 189/316] :seedling: Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 96a7c0e42a2..249e588b7b3 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -58,7 +58,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@03d0fecf172873164a163bbc64bed0f3bf114ed7 + uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 - name: Sign image run: | cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From 73c145c5e85118df4408961ba833100c42573854 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 May 2023 19:33:24 +0000 Subject: [PATCH 190/316] :seedling: Bump arduino/setup-protoc from 1.1.2 to 1.2.0 Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](https://github.com/arduino/setup-protoc/compare/64c0c85d18e984422218383b81c52f8b077404d3...4b3578161eece2eb20a9dfd84bb8ed105e684dba) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 14 +++++++------- .github/workflows/main.yml | 34 +++++++++++++++++----------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 20e93364fe3..42bbb394fc1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -64,7 +64,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -112,7 +112,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -160,7 +160,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -208,7 +208,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -256,7 +256,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -304,7 +304,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -352,7 +352,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 11dab4a2d43..9f7d00f5b2b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -82,7 +82,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -130,7 +130,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -177,7 +177,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -213,7 +213,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -261,7 +261,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -309,7 +309,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -357,7 +357,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -405,7 +405,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -453,7 +453,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -501,7 +501,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -549,7 +549,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -597,7 +597,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -645,7 +645,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -693,7 +693,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -740,7 +740,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -812,7 +812,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -859,7 +859,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2 + uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} From ee4f45c49153a6adf777a04ca6758a7e9d15b0cb Mon Sep 17 00:00:00 2001 From: Niket Patel Date: Thu, 18 May 2023 17:17:00 -0500 Subject: [PATCH 191/316] :sparkles: Add support for github GHES (#2999) * :sparkles: adding support for github GHES Signed-off-by: Niket Patel * fix: lint and cleanup Signed-off-by: Niket Patel * fix: flaky test Signed-off-by: Niket Patel * fix: address missing host Signed-off-by: Niket Patel * fix: lint error Signed-off-by: Niket Patel * :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934) * :seedling: Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel * :seedling: E2E for clients/githubrepo/contributors.go (#2939) * :seedling: E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel * chore: add GHES instructions Signed-off-by: Niket Patel * refact: use test setenv Signed-off-by: Niket Patel * fix: corp unit test Signed-off-by: Niket Patel --------- Signed-off-by: Niket Patel Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> --- README.md | 14 +++++++++++++ checker/client_test.go | 20 ++++++++++++++++++ clients/githubrepo/client.go | 32 ++++++++++++++++++++++++++--- clients/githubrepo/repo.go | 9 ++++++++- clients/githubrepo/repo_test.go | 36 ++++++++++++++++++++++++++++----- 5 files changed, 102 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index caf23e1d964..b74dc1b85f9 100644 --- a/README.md +++ b/README.md @@ -404,6 +404,20 @@ RESULTS |---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------| ``` +##### Using GitHub Enterprise Server (GHES) based Repository + +To use a GitHub Enterprise host `github.corp.com`, use the `GH_HOST` environment variable. + +```shell +# Set the GitHub Enterprise host without https prefix or slash with relevant authentication token +export GH_HOST=github.corp.com +export GITHUB_AUTH_TOKEN=token + +scorecard --repo=github.corp.com/org/repo +# OR without github host url +scorecard --repo=org/repo +``` + ##### Using a Package manager For projects in the `--npm`, `--pypi`, or `--rubygems` ecosystems, you have the diff --git a/checker/client_test.go b/checker/client_test.go index cd73f3725a5..b2dd293d2e2 100644 --- a/checker/client_test.go +++ b/checker/client_test.go @@ -39,6 +39,7 @@ func TestGetClients(t *testing.T) { //nolint:gocognit shouldCIIBeNil bool wantErr bool experimental bool + isGhHost bool }{ { name: "localURI is not empty", @@ -94,6 +95,21 @@ func TestGetClients(t *testing.T) { //nolint:gocognit wantErr: false, experimental: true, }, + { + name: "repoURI is corp github host", + args: args{ + ctx: context.Background(), + repoURI: "https://github.corp.com/ossf/scorecard", + localURI: "", + }, + shouldOSSFuzzBeNil: false, + shouldRepoClientBeNil: false, + shouldVulnClientBeNil: false, + shouldRepoBeNil: false, + shouldCIIBeNil: false, + wantErr: false, + isGhHost: true, + }, } for _, tt := range tests { @@ -102,6 +118,10 @@ func TestGetClients(t *testing.T) { //nolint:gocognit if tt.experimental { t.Setenv("SCORECARD_EXPERIMENTAL", "true") } + if tt.isGhHost { + t.Setenv("GH_HOST", "github.corp.com") + t.Setenv("GH_TOKEN", "PAT") + } got, repoClient, ossFuzzClient, ciiClient, vulnsClient, err := GetClients(tt.args.ctx, tt.args.repoURI, tt.args.localURI, tt.args.logger) //nolint:lll if (err != nil) != tt.wantErr { t.Fatalf("GetClients() error = %v, wantErr %v", err, tt.wantErr) diff --git a/clients/githubrepo/client.go b/clients/githubrepo/client.go index e6680efd8e2..309c34f0a40 100644 --- a/clients/githubrepo/client.go +++ b/clients/githubrepo/client.go @@ -20,6 +20,8 @@ import ( "errors" "fmt" "net/http" + "os" + "strings" "time" "github.com/google/go-github/v38/github" @@ -59,6 +61,8 @@ type Client struct { commitDepth int } +const defaultGhHost = "github.com" + // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency. func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error { ghRepo, ok := inputRepo.(*repoURL) @@ -126,7 +130,11 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD // URI implements RepoClient.URI. func (client *Client) URI() string { - return fmt.Sprintf("github.com/%s/%s", client.repourl.owner, client.repourl.repo) + host, isHost := os.LookupEnv("GH_HOST") + if !isHost { + host = defaultGhHost + } + return fmt.Sprintf("%s/%s/%s", host, client.repourl.owner, client.repourl.repo) } // LocalPath implements RepoClient.LocalPath. @@ -259,8 +267,26 @@ func CreateGithubRepoClientWithTransport(ctx context.Context, rt http.RoundTripp httpClient := &http.Client{ Transport: rt, } - client := github.NewClient(httpClient) - graphClient := githubv4.NewClient(httpClient) + + var client *github.Client + var graphClient *githubv4.Client + githubHost, isGhHost := os.LookupEnv("GH_HOST") + + if isGhHost && githubHost != defaultGhHost { + githubRestURL := fmt.Sprintf("https://%s/api/v3", strings.TrimSpace(githubHost)) + githubGraphqlURL := fmt.Sprintf("https://%s/api/graphql", strings.TrimSpace(githubHost)) + + var err error + client, err = github.NewEnterpriseClient(githubRestURL, githubRestURL, httpClient) + if err != nil { + panic(fmt.Errorf("error during CreateGithubRepoClientWithTransport:EnterpriseClient: %w", err)) + } + + graphClient = githubv4.NewEnterpriseClient(githubGraphqlURL, httpClient) + } else { + client = github.NewClient(httpClient) + graphClient = githubv4.NewClient(httpClient) + } return &Client{ ctx: ctx, diff --git a/clients/githubrepo/repo.go b/clients/githubrepo/repo.go index 638fe4281b6..5fe8fb734cb 100644 --- a/clients/githubrepo/repo.go +++ b/clients/githubrepo/repo.go @@ -17,6 +17,7 @@ package githubrepo import ( "fmt" "net/url" + "os" "strings" "github.com/ossf/scorecard/v4/clients" @@ -42,7 +43,11 @@ func (r *repoURL) parse(input string) error { // This will takes care for repo/owner format. // By default it will use github.com case l == two: - t = "github.com/" + c[0] + "/" + c[1] + githubHost, isGhHost := os.LookupEnv("GH_HOST") + if !isGhHost { + githubHost = "github.com" + } + t = githubHost + "/" + c[0] + "/" + c[1] case l >= three: t = input } @@ -83,8 +88,10 @@ func (r *repoURL) String() string { // IsValid implements Repo.IsValid. func (r *repoURL) IsValid() error { + githubHost := os.Getenv("GH_HOST") switch r.host { case "github.com": + case githubHost: default: return sce.WithMessage(sce.ErrorUnsupportedHost, r.host) } diff --git a/clients/githubrepo/repo_test.go b/clients/githubrepo/repo_test.go index 10b2c7a5e5a..689b6c94684 100644 --- a/clients/githubrepo/repo_test.go +++ b/clients/githubrepo/repo_test.go @@ -20,13 +20,15 @@ import ( "github.com/google/go-cmp/cmp" ) +// nolint:paralleltest +// because we are using t.Setenv. func TestRepoURL_IsValid(t *testing.T) { - t.Parallel() tests := []struct { name string inputURL string expected repoURL wantErr bool + ghHost bool }{ { name: "Valid http address", @@ -59,7 +61,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: true, }, { - name: "github repository", + name: "Github repository", expected: repoURL{ host: "github.com", owner: "foo", @@ -69,7 +71,7 @@ func TestRepoURL_IsValid(t *testing.T) { wantErr: false, }, { - name: "github repository", + name: "Github repository with host", expected: repoURL{ host: "github.com", owner: "foo", @@ -78,11 +80,36 @@ func TestRepoURL_IsValid(t *testing.T) { inputURL: "https://github.com/foo/kubeflow", wantErr: false, }, + { + name: "Enterprise github repository with host", + expected: repoURL{ + host: "github.corp.com", + owner: "corpfoo", + repo: "kubeflow", + }, + inputURL: "https://github.corp.com/corpfoo/kubeflow", + wantErr: false, + ghHost: true, + }, + { + name: "Enterprise github repository", + expected: repoURL{ + host: "github.corp.com", + owner: "corpfoo", + repo: "kubeflow", + }, + inputURL: "corpfoo/kubeflow", + wantErr: false, + ghHost: true, + }, } for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below t.Run(tt.name, func(t *testing.T) { - t.Parallel() + if tt.ghHost { + t.Setenv("GH_HOST", "github.corp.com") + } + r := repoURL{ host: tt.expected.host, owner: tt.expected.owner, @@ -97,7 +124,6 @@ func TestRepoURL_IsValid(t *testing.T) { if !tt.wantErr && !cmp.Equal(tt.expected, r, cmp.AllowUnexported(repoURL{})) { t.Errorf("Got diff: %s", cmp.Diff(tt.expected, r)) } - if !cmp.Equal(r.Host(), tt.expected.host) { t.Errorf("%s expected host: %s got host %s", tt.inputURL, tt.expected.host, r.Host()) } From ad161bbdea126801f2928a49c7084eed43853d12 Mon Sep 17 00:00:00 2001 From: Jeff Mendoza Date: Thu, 18 May 2023 16:15:08 -0700 Subject: [PATCH 192/316] Change Facilitators to Maintainers (#3039) Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS. Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder. Signed-off-by: Jeff Mendoza --- README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index b74dc1b85f9..28304015908 100644 --- a/README.md +++ b/README.md @@ -553,13 +553,7 @@ Community Meeting Calendar | Biweekly Thursdays, 1:00pm-2:00pm PST
[Calen Meeting Notes | [Notes](https://docs.google.com/document/d/1dB2U7_qZpNW96vtuoG7ShmgKXzIg6R5XT5Tc-0yz6kE/edit#heading=h.4k8ml0qkh7tl) Slack Channel | [#security_scorecards](https://slack.openssf.org/#security_scorecards) -  | Facilitators | Company | Profile ----------------------------------------------------------------- | ----------------- | ------- | ------- - | Azeem Shaikh | Google | [azeemshaikh38](https://github.com/azeemshaikh38) - | Laurent Simon | Google | [laurentsimon](https://github.com/laurentsimon) - | Naveen Srinivasan | Endor Labs | [naveensrinivasan](https://github.com/naveensrinivasan) - | Chris McGehee | Datto | [chrismcgehee](https://github.com/chrismcgehee) - | Stephen Augustus | Cisco | [justaugustus](https://github.com/justaugustus) +__Maintainers__ are listed in the [CODEOWNERS file](.github/CODEOWNERS). ### Report a Security Issue From 03dc18db785216b301dd8c1e00021a3fb8f0ef98 Mon Sep 17 00:00:00 2001 From: jimrobison <39074062+jimrobison@users.noreply.github.com> Date: Thu, 18 May 2023 20:31:07 -0500 Subject: [PATCH 193/316] :bug: Gitlab: Commit/Commitor Exceptions (#3026) * feat: Added paging for contributor/users against gitlab projects Signed-off-by: Robison, Jim B * refactor: Updated the bot flag for unmatched users Signed-off-by: Robison, Jim B * fix: Not all commit users are in the git registry instance Signed-off-by: Robison, Jim B * fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char. Signed-off-by: Robison, Jim B * fix: Updated to allow for commits with PRs to be accounted/added to the client.commits Signed-off-by: Robison, Jim B * refactor: Updated to prevent linting issue regarding nested if's Signed-off-by: Robison, Jim B * test: Adding coverage for commits and contributors for gitlab Signed-off-by: Robison, Jim B * refactor: Moved queries from the client to their own functions Signed-off-by: Robison, Jim B * bug: Need to pass the ProjectID value to the contributor query Signed-off-by: Robison, Jim B * bug: Updating project title versus projectID values for api querying Signed-off-by: Robison, Jim B * test: Updated tests to match expected property set for projectID Signed-off-by: Robison, Jim B * revert: Reverted based on feedback during review Signed-off-by: Robison, Jim B --------- Signed-off-by: Robison, Jim B --- clients/gitlabrepo/branches.go | 18 +-- clients/gitlabrepo/checkruns.go | 2 +- clients/gitlabrepo/client.go | 2 +- clients/gitlabrepo/commits.go | 11 +- clients/gitlabrepo/commits_test.go | 39 +++++++ clients/gitlabrepo/contributors.go | 84 +++++++++++--- clients/gitlabrepo/contributors_test.go | 139 +++++++++++++++++++++++ clients/gitlabrepo/issues.go | 4 +- clients/gitlabrepo/languages.go | 2 +- clients/gitlabrepo/project.go | 2 +- clients/gitlabrepo/releases.go | 2 +- clients/gitlabrepo/search.go | 4 +- clients/gitlabrepo/searchCommits.go | 4 +- clients/gitlabrepo/searchCommits_test.go | 8 +- clients/gitlabrepo/search_test.go | 24 ++-- clients/gitlabrepo/statuses.go | 2 +- clients/gitlabrepo/webhook.go | 2 +- clients/gitlabrepo/workflows.go | 2 +- clients/mockclients/repo.go | 22 ++-- 19 files changed, 307 insertions(+), 66 deletions(-) create mode 100644 clients/gitlabrepo/contributors_test.go diff --git a/clients/gitlabrepo/branches.go b/clients/gitlabrepo/branches.go index 50949f14474..df832cde7ad 100644 --- a/clients/gitlabrepo/branches.go +++ b/clients/gitlabrepo/branches.go @@ -46,13 +46,13 @@ func (handler *branchesHandler) setup() error { return } - proj, _, err := handler.glClient.Projects.GetProject(handler.repourl.project, &gitlab.GetProjectOptions{}) + proj, _, err := handler.glClient.Projects.GetProject(handler.repourl.projectID, &gitlab.GetProjectOptions{}) if err != nil { handler.errSetup = fmt.Errorf("requirest for project failed with error %w", err) return } - branch, _, err := handler.glClient.Branches.GetBranch(handler.repourl.project, proj.DefaultBranch) + branch, _, err := handler.glClient.Branches.GetBranch(handler.repourl.projectID, proj.DefaultBranch) if err != nil { handler.errSetup = fmt.Errorf("request for default branch failed with error %w", err) return @@ -60,7 +60,7 @@ func (handler *branchesHandler) setup() error { if branch.Protected { protectedBranch, resp, err := handler.glClient.ProtectedBranches.GetProtectedBranch( - handler.repourl.project, branch.Name) + handler.repourl.projectID, branch.Name) if err != nil && resp.StatusCode != 403 { handler.errSetup = fmt.Errorf("request for protected branch failed with error %w", err) return @@ -70,14 +70,14 @@ func (handler *branchesHandler) setup() error { } projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks( - handler.repourl.project, &gitlab.ListOptions{}) + handler.repourl.projectID, &gitlab.ListOptions{}) if (err != nil || resp.StatusCode != 404) && resp.StatusCode != 401 { // 401: permissions. pass token authorization issues silently handler.errSetup = fmt.Errorf("request for external status checks failed with error %w", err) return } - projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.project) + projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.projectID) if err != nil && resp.StatusCode != 404 { handler.errSetup = fmt.Errorf("request for project approval rule failed with %w", err) return @@ -106,24 +106,24 @@ func (handler *branchesHandler) getDefaultBranch() (*clients.BranchRef, error) { } func (handler *branchesHandler) getBranch(branch string) (*clients.BranchRef, error) { - bran, _, err := handler.glClient.Branches.GetBranch(handler.repourl.project, branch) + bran, _, err := handler.glClient.Branches.GetBranch(handler.repourl.projectID, branch) if err != nil { return nil, fmt.Errorf("error getting branch in branchsHandler.getBranch: %w", err) } if bran.Protected { - protectedBranch, _, err := handler.glClient.ProtectedBranches.GetProtectedBranch(handler.repourl.project, bran.Name) + protectedBranch, _, err := handler.glClient.ProtectedBranches.GetProtectedBranch(handler.repourl.projectID, bran.Name) if err != nil { return nil, fmt.Errorf("request for protected branch failed with error %w", err) } projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks( - handler.repourl.project, &gitlab.ListOptions{}) + handler.repourl.projectID, &gitlab.ListOptions{}) if err != nil && resp.StatusCode != 404 { return nil, fmt.Errorf("request for external status checks failed with error %w", err) } - projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.project) + projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.projectID) if err != nil && resp.StatusCode != 404 { return nil, fmt.Errorf("request for project approval rule failed with %w", err) } diff --git a/clients/gitlabrepo/checkruns.go b/clients/gitlabrepo/checkruns.go index 3fe06f4868a..7a153de0ad2 100644 --- a/clients/gitlabrepo/checkruns.go +++ b/clients/gitlabrepo/checkruns.go @@ -34,7 +34,7 @@ func (handler *checkrunsHandler) init(repourl *repoURL) { func (handler *checkrunsHandler) listCheckRunsForRef(ref string) ([]clients.CheckRun, error) { pipelines, _, err := handler.glClient.Pipelines.ListProjectPipelines( - handler.repourl.project, &gitlab.ListProjectPipelinesOptions{}) + handler.repourl.projectID, &gitlab.ListProjectPipelinesOptions{}) if err != nil { return nil, fmt.Errorf("request for pipelines returned error: %w", err) } diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index 2109bb593a3..4294a8a9912 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -142,7 +142,7 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD } func (client *Client) URI() string { - return fmt.Sprintf("%s/%s/%s", client.repourl.host, client.repourl.owner, client.repourl.project) + return fmt.Sprintf("%s/%s/%s", client.repourl.host, client.repourl.owner, client.repourl.projectID) } func (client *Client) LocalPath() (string, error) { diff --git a/clients/gitlabrepo/commits.go b/clients/gitlabrepo/commits.go index 5029801d8c7..99848f927c0 100644 --- a/clients/gitlabrepo/commits.go +++ b/clients/gitlabrepo/commits.go @@ -155,8 +155,11 @@ func (handler *commitsHandler) zip(commitsRaw []*gitlab.Commit, data graphqlData // Expected email form: .@.com. func parseEmailToName(email string) string { - s := strings.Split(email, ".") - firstName := s[0] - lastName := strings.Split(s[1], "@")[0] - return firstName + " " + lastName + if strings.Contains(email, ".") { + s := strings.Split(email, ".") + firstName := s[0] + lastName := strings.Split(s[1], "@")[0] + return firstName + " " + lastName + } + return email } diff --git a/clients/gitlabrepo/commits_test.go b/clients/gitlabrepo/commits_test.go index 57d9c9abc48..cb29f7c1af0 100644 --- a/clients/gitlabrepo/commits_test.go +++ b/clients/gitlabrepo/commits_test.go @@ -62,3 +62,42 @@ func Test_Setup(t *testing.T) { }) } } + +func TestParsingEmail(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + email string + expected string + }{ + { + name: "Perfect Match Email Parser", + email: "john.doe@nowhere.com", + expected: "john doe", + }, + { + name: "Valid Email Not Formatted as expected", + email: "johndoe@nowhere.com", + expected: "johndoe@nowhere com", + }, + { + name: "Invalid email format", + email: "johndoe@nowherecom", + expected: "johndoe@nowherecom", + }, + } + + for _, tt := range tests { + tt := tt + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + result := parseEmailToName(tt.email) + + if tt.expected != result { + t.Errorf("Parser didn't work as expected: %s != %s", tt.expected, result) + } + }) + } +} diff --git a/clients/gitlabrepo/contributors.go b/clients/gitlabrepo/contributors.go index f52afd4d7c9..596c5a73fa2 100644 --- a/clients/gitlabrepo/contributors.go +++ b/clients/gitlabrepo/contributors.go @@ -25,17 +25,63 @@ import ( ) type contributorsHandler struct { - glClient *gitlab.Client - once *sync.Once - errSetup error - repourl *repoURL - contributors []clients.User + fnContributors retrieveContributorFn + fnUsers retrieveUserFn + glClient *gitlab.Client + once *sync.Once + errSetup error + repourl *repoURL + contributors []clients.User } func (handler *contributorsHandler) init(repourl *repoURL) { handler.repourl = repourl handler.errSetup = nil handler.once = new(sync.Once) + handler.fnContributors = handler.retrieveContributors + handler.fnUsers = handler.retrieveUsers +} + +type ( + retrieveContributorFn func(string) ([]*gitlab.Contributor, error) + retrieveUserFn func(string) ([]*gitlab.User, error) +) + +func (handler *contributorsHandler) retrieveContributors(project string) ([]*gitlab.Contributor, error) { + var contribs []*gitlab.Contributor + i := 1 + + for { + c, _, err := handler.glClient.Repositories.Contributors( + project, + &gitlab.ListContributorsOptions{ + ListOptions: gitlab.ListOptions{ + Page: i, + PerPage: 100, + }, + }, + ) + if err != nil { + //nolint wrapcheck + return nil, err + } + + if len(c) == 0 { + break + } + i++ + contribs = append(contribs, c...) + } + return contribs, nil +} + +func (handler *contributorsHandler) retrieveUsers(queryName string) ([]*gitlab.User, error) { + users, _, err := handler.glClient.Search.Users(queryName, &gitlab.SearchOptions{}) + if err != nil { + //nolint wrapcheck + return nil, err + } + return users, nil } func (handler *contributorsHandler) setup() error { @@ -45,8 +91,8 @@ func (handler *contributorsHandler) setup() error { clients.ErrUnsupportedFeature) return } - contribs, _, err := handler.glClient.Repositories.Contributors( - handler.repourl.project, &gitlab.ListContributorsOptions{}) + + contribs, err := handler.fnContributors(handler.repourl.projectID) if err != nil { handler.errSetup = fmt.Errorf("error during ListContributors: %w", err) return @@ -57,27 +103,35 @@ func (handler *contributorsHandler) setup() error { continue } - // In Gitlab users only have one registered organization which is the company they work for, this means that - // the organizations field will not be filled in and the companies field will be a singular value. - users, _, err := handler.glClient.Search.Users(contrib.Name, &gitlab.SearchOptions{}) + users, err := handler.fnUsers(contrib.Name) if err != nil { handler.errSetup = fmt.Errorf("error during Users.Get: %w", err) return - } else if len(users) == 0 { + } else if len(users) == 0 && contrib.Email != "" { // parseEmailToName is declared in commits.go - users, _, err = handler.glClient.Search.Users(parseEmailToName(contrib.Email), &gitlab.SearchOptions{}) + users, err = handler.fnUsers(parseEmailToName(contrib.Email)) if err != nil { handler.errSetup = fmt.Errorf("error during Users.Get: %w", err) return } } + user := &gitlab.User{} + + if len(users) == 0 { + user.ID = 0 + user.Organization = "" + user.Bot = false + } else { + user = users[0] + } + contributor := clients.User{ Login: contrib.Email, - Companies: []string{users[0].Organization}, + Companies: []string{user.Organization}, NumContributions: contrib.Commits, - ID: int64(users[0].ID), - IsBot: users[0].Bot, + ID: int64(user.ID), + IsBot: user.Bot, } handler.contributors = append(handler.contributors, contributor) } diff --git a/clients/gitlabrepo/contributors_test.go b/clients/gitlabrepo/contributors_test.go new file mode 100644 index 00000000000..cbb1ced3a38 --- /dev/null +++ b/clients/gitlabrepo/contributors_test.go @@ -0,0 +1,139 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "fmt" + "strconv" + "strings" + "sync" + "testing" + + "github.com/xanzy/go-gitlab" +) + +func Test_ContributorsSetup(t *testing.T) { + t.Parallel() + tcs := []struct { + name string + repourl string + commit string + depth int + }{ + { + name: "check that Contributor works", + repourl: "https://gitlab.com/fdroid/fdroidclient", + commit: "HEAD", + depth: 20, + }, + } + + for _, tt := range tcs { + t.Run(tt.name, func(t *testing.T) { + repo, err := MakeGitlabRepo(tt.repourl) + if err != nil { + t.Error("couldn't make gitlab repo", err) + } + + client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + if err != nil { + t.Error("couldn't make gitlab client", err) + } + + err = client.InitRepo(repo, tt.commit, tt.depth) + if err != nil { + t.Error("couldn't init gitlab repo", + err) + } + + c, err := client.ListContributors() + // Authentication is failing when querying users, not sure yet how to get around that + if err != nil { + errMsg := fmt.Sprintf("%v", err) + + if !(strings.Contains(errMsg, "error during Users.Get") && strings.Contains(errMsg, "401")) { + t.Error("couldn't list gitlab repo contributors", err) + } + } + if len(c) != 0 { + t.Error("couldn't get any contributors from gitlab repo") + } + }) + } +} + +func TestContributors(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + contributors []*gitlab.Contributor + users []*gitlab.User + }{ + { + name: "No Data", + contributors: []*gitlab.Contributor{}, + users: []*gitlab.User{}, + }, + { + name: "Simple Passthru", + contributors: []*gitlab.Contributor{ + { + Name: "John Doe", + }, + }, + users: []*gitlab.User{ + { + Name: "John Doe", + }, + }, + }, + } + + for _, tt := range tests { + tt := tt + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + handler := contributorsHandler{ + fnContributors: func(s string) ([]*gitlab.Contributor, error) { + return tt.contributors, nil + }, + fnUsers: func(s string) ([]*gitlab.User, error) { + return tt.users, nil + }, + once: new(sync.Once), + repourl: &repoURL{ + commitSHA: "HEAD", + }, + } + + if len(handler.contributors) != 0 { + t.Errorf("Initial count of contributors should be 0, but was %v", strconv.Itoa(len(handler.contributors))) + } + + err := handler.setup() + if err != nil { + t.Errorf("Exception in contributors.setup %v", err) + } + + if len(handler.contributors) != len(tt.contributors) { + t.Errorf("Initial count of contributors should be 1, but was %v", strconv.Itoa(len(handler.contributors))) + } + }) + } +} diff --git a/clients/gitlabrepo/issues.go b/clients/gitlabrepo/issues.go index 36151ed4bff..83844f264e4 100644 --- a/clients/gitlabrepo/issues.go +++ b/clients/gitlabrepo/issues.go @@ -40,7 +40,7 @@ func (handler *issuesHandler) init(repourl *repoURL) { func (handler *issuesHandler) setup() error { handler.once.Do(func() { issues, _, err := handler.glClient.Issues.ListProjectIssues( - handler.repourl.project, &gitlab.ListProjectIssuesOptions{}) + handler.repourl.projectID, &gitlab.ListProjectIssuesOptions{}) if err != nil { handler.errSetup = fmt.Errorf("unable to find issues associated with the project id: %w", err) return @@ -49,7 +49,7 @@ func (handler *issuesHandler) setup() error { // There doesn't seem to be a good way to get user access_levels in gitlab so the following way may seem incredibly // barberic, however I couldn't find a better way in the docs. projMemberships, resp, err := handler.glClient.ProjectMembers.ListAllProjectMembers( - handler.repourl.project, &gitlab.ListProjectMembersOptions{}) + handler.repourl.projectID, &gitlab.ListProjectMembersOptions{}) if err != nil && resp.StatusCode != 401 { handler.errSetup = fmt.Errorf("unable to find access tokens associated with the project id: %w", err) return diff --git a/clients/gitlabrepo/languages.go b/clients/gitlabrepo/languages.go index 57b9a652ca8..1346fabe012 100644 --- a/clients/gitlabrepo/languages.go +++ b/clients/gitlabrepo/languages.go @@ -40,7 +40,7 @@ func (handler *languagesHandler) init(repourl *repoURL) { func (handler *languagesHandler) setup() error { handler.once.Do(func() { client := handler.glClient - languageMap, _, err := client.Projects.GetProjectLanguages(handler.repourl.project) + languageMap, _, err := client.Projects.GetProjectLanguages(handler.repourl.projectID) if err != nil || languageMap == nil { handler.errSetup = fmt.Errorf("request for repo languages failed with %w", err) return diff --git a/clients/gitlabrepo/project.go b/clients/gitlabrepo/project.go index a36256e7e7e..595f83a5224 100644 --- a/clients/gitlabrepo/project.go +++ b/clients/gitlabrepo/project.go @@ -39,7 +39,7 @@ func (handler *projectHandler) init(repourl *repoURL) { func (handler *projectHandler) setup() error { handler.once.Do(func() { - proj, _, err := handler.glClient.Projects.GetProject(handler.repourl.project, &gitlab.GetProjectOptions{}) + proj, _, err := handler.glClient.Projects.GetProject(handler.repourl.projectID, &gitlab.GetProjectOptions{}) if err != nil { handler.errSetup = fmt.Errorf("request for project failed with error %w", err) return diff --git a/clients/gitlabrepo/releases.go b/clients/gitlabrepo/releases.go index 140aa701e38..3b74b799ac8 100644 --- a/clients/gitlabrepo/releases.go +++ b/clients/gitlabrepo/releases.go @@ -44,7 +44,7 @@ func (handler *releasesHandler) setup() error { handler.errSetup = fmt.Errorf("%w: ListReleases only supported for HEAD queries", clients.ErrUnsupportedFeature) return } - releases, _, err := handler.glClient.Releases.ListReleases(handler.repourl.project, &gitlab.ListReleasesOptions{}) + releases, _, err := handler.glClient.Releases.ListReleases(handler.repourl.projectID, &gitlab.ListReleasesOptions{}) if err != nil { handler.errSetup = fmt.Errorf("%w: ListReleases failed", err) return diff --git a/clients/gitlabrepo/search.go b/clients/gitlabrepo/search.go index 2c4d94245b1..cb1a2f5cbf1 100644 --- a/clients/gitlabrepo/search.go +++ b/clients/gitlabrepo/search.go @@ -45,7 +45,7 @@ func (handler *searchHandler) search(request clients.SearchRequest) (clients.Sea return clients.SearchResponse{}, fmt.Errorf("handler.buildQuery: %w", err) } - blobs, _, err := handler.glClient.Search.BlobsByProject(handler.repourl.project, query, &gitlab.SearchOptions{}) + blobs, _, err := handler.glClient.Search.BlobsByProject(handler.repourl.projectID, query, &gitlab.SearchOptions{}) if err != nil { return clients.SearchResponse{}, fmt.Errorf("Search.BlobsByProject: %w", err) } @@ -60,7 +60,7 @@ func (handler *searchHandler) buildQuery(request clients.SearchRequest) (string, if _, err := queryBuilder.WriteString( fmt.Sprintf("%s project:%s/%s", strings.ReplaceAll(request.Query, "/", " "), - handler.repourl.owner, handler.repourl.project)); err != nil { + handler.repourl.owner, handler.repourl.projectID)); err != nil { return "", fmt.Errorf("WriteString: %w", err) } if request.Filename != "" { diff --git a/clients/gitlabrepo/searchCommits.go b/clients/gitlabrepo/searchCommits.go index 6de69701d0e..1fa1ea9f727 100644 --- a/clients/gitlabrepo/searchCommits.go +++ b/clients/gitlabrepo/searchCommits.go @@ -41,7 +41,7 @@ func (handler *searchCommitsHandler) search(request clients.SearchCommitsOptions return nil, fmt.Errorf("handler.buildQuiery: %w", err) } - commits, _, err := handler.glClient.Search.CommitsByProject(handler.repourl.project, query, &gitlab.SearchOptions{}) + commits, _, err := handler.glClient.Search.CommitsByProject(handler.repourl.projectID, query, &gitlab.SearchOptions{}) if err != nil { return nil, fmt.Errorf("Search.Commits: %w", err) } @@ -75,7 +75,7 @@ func (handler *searchCommitsHandler) buildQuery(request clients.SearchCommitsOpt var queryBuilder strings.Builder if _, err := queryBuilder.WriteString( fmt.Sprintf("project:%s/%s author:%s", - handler.repourl.owner, handler.repourl.project, + handler.repourl.owner, handler.repourl.projectID, request.Author)); err != nil { return "", fmt.Errorf("writestring: %w", err) } diff --git a/clients/gitlabrepo/searchCommits_test.go b/clients/gitlabrepo/searchCommits_test.go index b7ad84d2173..a509d62543e 100644 --- a/clients/gitlabrepo/searchCommits_test.go +++ b/clients/gitlabrepo/searchCommits_test.go @@ -34,8 +34,8 @@ func TestSearchCommitsBuildQuery(t *testing.T) { { name: "Basic", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchCommitsOptions{ Author: "testAuthor", @@ -45,8 +45,8 @@ func TestSearchCommitsBuildQuery(t *testing.T) { { name: "EmptyQuery:", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchCommitsOptions{}, hasError: true, diff --git a/clients/gitlabrepo/search_test.go b/clients/gitlabrepo/search_test.go index 284fa23cbee..2cd7e65edca 100644 --- a/clients/gitlabrepo/search_test.go +++ b/clients/gitlabrepo/search_test.go @@ -34,8 +34,8 @@ func TestBuildQuery(t *testing.T) { { name: "Basic", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{ Query: "testquery", @@ -45,8 +45,8 @@ func TestBuildQuery(t *testing.T) { { name: "EmptyQuery", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{}, hasError: true, @@ -55,8 +55,8 @@ func TestBuildQuery(t *testing.T) { { name: "WithFilename", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{ Query: "testquery", @@ -67,8 +67,8 @@ func TestBuildQuery(t *testing.T) { { name: "WithPath", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{ Query: "testquery", @@ -79,8 +79,8 @@ func TestBuildQuery(t *testing.T) { { name: "WithFilenameAndPath", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{ Query: "testquery", @@ -92,8 +92,8 @@ func TestBuildQuery(t *testing.T) { { name: "WithFilenameAndPathWithSeperator", repourl: &repoURL{ - owner: "testowner", - project: "1234", + owner: "testowner", + projectID: "1234", }, searchReq: clients.SearchRequest{ Query: "testquery/query", diff --git a/clients/gitlabrepo/statuses.go b/clients/gitlabrepo/statuses.go index 1b1ede68755..f880cb2eae0 100644 --- a/clients/gitlabrepo/statuses.go +++ b/clients/gitlabrepo/statuses.go @@ -34,7 +34,7 @@ func (handler *statusesHandler) init(repourl *repoURL) { // for gitlab this only works if ref is SHA. func (handler *statusesHandler) listStatuses(ref string) ([]clients.Status, error) { commitStatuses, _, err := handler.glClient.Commits.GetCommitStatuses( - handler.repourl.project, ref, &gitlab.GetCommitStatusesOptions{}) + handler.repourl.projectID, ref, &gitlab.GetCommitStatusesOptions{}) if err != nil { return nil, fmt.Errorf("error getting commit statuses: %w", err) } diff --git a/clients/gitlabrepo/webhook.go b/clients/gitlabrepo/webhook.go index 9c9d6c49277..2d2970fd678 100644 --- a/clients/gitlabrepo/webhook.go +++ b/clients/gitlabrepo/webhook.go @@ -40,7 +40,7 @@ func (handler *webhookHandler) init(repourl *repoURL) { func (handler *webhookHandler) setup() error { handler.once.Do(func() { projectHooks, _, err := handler.glClient.Projects.ListProjectHooks( - handler.repourl.project, &gitlab.ListProjectHooksOptions{}) + handler.repourl.projectID, &gitlab.ListProjectHooksOptions{}) if err != nil { handler.errSetup = fmt.Errorf("request for project hooks failed with %w", err) return diff --git a/clients/gitlabrepo/workflows.go b/clients/gitlabrepo/workflows.go index cba2cef59ad..e90ef5e86d0 100644 --- a/clients/gitlabrepo/workflows.go +++ b/clients/gitlabrepo/workflows.go @@ -35,7 +35,7 @@ func (handler *workflowsHandler) init(repourl *repoURL) { func (handler *workflowsHandler) listSuccessfulWorkflowRuns(filename string) ([]clients.WorkflowRun, error) { var buildStates []gitlab.BuildStateValue buildStates = append(buildStates, gitlab.Success) - jobs, _, err := handler.glClient.Jobs.ListProjectJobs(handler.repourl.project, + jobs, _, err := handler.glClient.Jobs.ListProjectJobs(handler.repourl.projectID, &gitlab.ListJobsOptions{Scope: &buildStates}) if err != nil { return nil, fmt.Errorf("error getting project jobs: %w", err) diff --git a/clients/mockclients/repo.go b/clients/mockclients/repo.go index 3f1148981a8..e95414ba6b6 100644 --- a/clients/mockclients/repo.go +++ b/clients/mockclients/repo.go @@ -64,6 +64,20 @@ func (mr *MockRepoMockRecorder) AppendMetadata(metadata ...interface{}) *gomock. return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AppendMetadata", reflect.TypeOf((*MockRepo)(nil).AppendMetadata), metadata...) } +// Host mocks base method. +func (m *MockRepo) Host() string { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Host") + ret0, _ := ret[0].(string) + return ret0 +} + +// Host indicates an expected call of Host. +func (mr *MockRepoMockRecorder) Host() *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Host", reflect.TypeOf((*MockRepo)(nil).Host)) +} + // IsValid mocks base method. func (m *MockRepo) IsValid() error { m.ctrl.T.Helper() @@ -114,14 +128,6 @@ func (m *MockRepo) URI() string { return ret0 } -// URI mocks base method. -func (m *MockRepo) Host() string { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Host") - ret0, _ := ret[0].(string) - return ret0 -} - // URI indicates an expected call of URI. func (mr *MockRepoMockRecorder) URI() *gomock.Call { mr.mock.ctrl.T.Helper() From cd0bc8f6c7253e7b888b311e354d7f2828534c16 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 May 2023 09:40:33 -0500 Subject: [PATCH 194/316] :seedling: Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f9201b8b6e5..fcca8727799 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/jszwec/csvutil v1.8.0 github.com/moby/buildkit v0.11.6 github.com/olekukonko/tablewriter v0.0.5 - github.com/onsi/gomega v1.27.6 + github.com/onsi/gomega v1.27.7 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a github.com/sirupsen/logrus v1.9.2 diff --git a/go.sum b/go.sum index 63461674b72..0c626b2190e 100644 --- a/go.sum +++ b/go.sum @@ -1683,8 +1683,8 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= +github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From f4e3363f0b5dcc175b0767217faf834619b654aa Mon Sep 17 00:00:00 2001 From: Ashish Kurmi <100655670+ashishkurmi@users.noreply.github.com> Date: Fri, 19 May 2023 13:23:28 -0700 Subject: [PATCH 195/316] :book: Make all StepSecurity app endpoint references consistent (#3042) Signed-off-by: Ashish Kurmi --- docs/checks.md | 4 ++-- docs/checks/internal/checks.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index a27dc624a77..9e569b9ec6a 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -499,7 +499,7 @@ dependencies using the [GitHub dependency graph](https://docs.github.com/en/code - If your project is producing an application, declare all your dependencies with specific versions in your package format file (e.g. `package.json` for npm, `requirements.txt` for python, `packages.config` for nuget). For C/C++, check in the code from a trusted source and add a `README` on the specific version used (and the archive SHA hashes). - If your project is producing an application and the package manager supports lock files (e.g. `package-lock.json` for npm), make sure to check these in the source code as well. These files maintain signatures for the entire dependency tree and saves from future exploitation in case the package is compromised. - For Dockerfiles used in building and releasing your project, pin dependencies by hash. See [Dockerfile](https://github.com/ossf/scorecard/blob/main/cron/internal/worker/Dockerfile) for example. If you are using a manifest list to support builds across multiple architectures, you can pin to the manifest list hash instead of a single image hash. You can use a tool like [crane](https://github.com/google/go-containerregistry/blob/main/cmd/crane/README.md) to obtain the hash of the manifest list like in this [example](https://github.com/ossf/scorecard/issues/1773#issuecomment-1076699039). -- For GitHub workflows used in building and releasing your project, pin dependencies by hash. See [main.yaml](https://github.com/ossf/scorecard/blob/f55b86d6627cc3717e3a0395e03305e81b9a09be/.github/workflows/main.yml#L27) for example. To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking the "Pin actions to a full length commit SHA". You may also tick the "Restrict permissions for GITHUB_TOKEN" to fix issues found by the Token-Permissions check. +- For GitHub workflows used in building and releasing your project, pin dependencies by hash. See [main.yaml](https://github.com/ossf/scorecard/blob/f55b86d6627cc3717e3a0395e03305e81b9a09be/.github/workflows/main.yml#L27) for example. To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/secureworkflow/) by ticking the "Pin actions to a full length commit SHA". You may also tick the "Restrict permissions for GITHUB_TOKEN" to fix issues found by the Token-Permissions check. - To help update your dependencies after pinning them, use tools such as those listed for the dependency update tool check. ## SAST @@ -639,7 +639,7 @@ Additionally, points are reduced if certain write permissions are defined for a **Remediation steps** - Set permissions as `read-all` or `contents: read` as described in GitHub's [documentation](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions). -- To help determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking the "Restrict permissions for GITHUB_TOKEN". You may also tick the "Pin actions to a full length commit SHA" to fix issues found by the Pinned-dependencies check. +- To help determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/secureworkflow/) by ticking the "Restrict permissions for GITHUB_TOKEN". You may also tick the "Pin actions to a full length commit SHA" to fix issues found by the Pinned-dependencies check. ## Vulnerabilities diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 3e1c54b2ea7..65fdac3de74 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -511,7 +511,7 @@ checks: to obtain the hash of the manifest list like in this [example](https://github.com/ossf/scorecard/issues/1773#issuecomment-1076699039). - >- For GitHub workflows used in building and releasing your project, pin dependencies by hash. See [main.yaml](https://github.com/ossf/scorecard/blob/f55b86d6627cc3717e3a0395e03305e81b9a09be/.github/workflows/main.yml#L27) for example. - To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking + To determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/secureworkflow/) by ticking the "Pin actions to a full length commit SHA". You may also tick the "Restrict permissions for GITHUB_TOKEN" to fix issues found by the Token-Permissions check. - >- @@ -681,7 +681,7 @@ checks: Set permissions as `read-all` or `contents: read` as described in GitHub's [documentation](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions). - >- - To help determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/) by ticking + To help determine the permissions needed for your workflows, you may use [StepSecurity's online tool](https://app.stepsecurity.io/secureworkflow/) by ticking the "Restrict permissions for GITHUB_TOKEN". You may also tick the "Pin actions to a full length commit SHA" to fix issues found by the Pinned-dependencies check. Vulnerabilities: From 028fa93e924d3facde890a113f7edf1225a87ea2 Mon Sep 17 00:00:00 2001 From: Joyce Date: Fri, 19 May 2023 18:34:38 -0300 Subject: [PATCH 196/316] =?UTF-8?q?=F0=9F=93=96=20Update=20checks.md=20to?= =?UTF-8?q?=20show=20the=20benefit=20of=20>=3D2=20reviewers=20(#3013)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update checks.yaml instead of cehcks.md Signed-off-by: Joyce * feat: generate checks.md Signed-off-by: Joyce Brum --------- Signed-off-by: Joyce Signed-off-by: Joyce Brum --- docs/checks.md | 11 ++++++++--- docs/checks/internal/checks.yaml | 7 ++++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index 9e569b9ec6a..339e26e8d88 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -73,11 +73,16 @@ result to meet most user needs. Different types of branch protection protect against different risks: - - Require code review: requires at least one reviewer, which greatly + - Require code review: + - requires at least one reviewer, which greatly reduces the risk that a compromised contributor can inject malicious code. Review also increases the likelihood that an unintentional vulnerability in a contribution will be detected and fixed before the change is accepted. + - requiring two or more reviewers protects even more from the insider risk + whereby a compromised contributor can be used by an attacker to LGTM + the attacker PR and inject a malicious code as if it was legitm. + - Prevent force push: prevents use of the `--force` command on public branches, which overwrites code irrevocably. This protection prevents the rewriting of public history without external notice. @@ -182,8 +187,8 @@ However, note that in those overlapping cases, Scorecard can only report what it Risk: `High` (unintentional vulnerabilities or possible injection of malicious code) -This check determines whether the project requires human code review before pull -requests (merge requests) are merged. +This check determines whether the project requires human code review +before pull requests (merge requests) are merged. Reviews detect various unintentional problems, including vulnerabilities that can be fixed immediately before they are merged, which improves the quality of diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 65fdac3de74..e5db1e2dc10 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -162,11 +162,16 @@ checks: Different types of branch protection protect against different risks: - - Require code review: requires at least one reviewer, which greatly + - Require code review: + - requires at least one reviewer, which greatly reduces the risk that a compromised contributor can inject malicious code. Review also increases the likelihood that an unintentional vulnerability in a contribution will be detected and fixed before the change is accepted. + - requiring two or more reviewers protects even more from the insider risk + whereby a compromised contributor can be used by an attacker to LGTM + the attacker PR and inject a malicious code as if it was legitm. + - Prevent force push: prevents use of the `--force` command on public branches, which overwrites code irrevocably. This protection prevents the rewriting of public history without external notice. From fe7a8441ad5ab26356d9cdd1f5fd3219b1aceae0 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 22 May 2023 11:55:45 -0500 Subject: [PATCH 197/316] :seedling: Improve workflow pinning remediation tests (#3021) - Add 3 tests for workflow pinning remediation [remediation/remediations_test.go] - Add 3 tests for workflow pinning remediation Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- remediation/remediations_test.go | 52 ++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/remediation/remediations_test.go b/remediation/remediations_test.go index 666537d238c..dce119881d5 100644 --- a/remediation/remediations_test.go +++ b/remediation/remediations_test.go @@ -140,3 +140,55 @@ func TestCreateDockerfilePinningRemediation(t *testing.T) { }) } } + +func TestCreateWorkflowPinningRemediation(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + branch string + repo string + filepath string + expected *rule.Remediation + }{ + { + name: "valid input", + branch: "main", + repo: "ossf/scorecard", + filepath: ".github/workflows/scorecard.yml", + expected: &rule.Remediation{ + Text: fmt.Sprintf(workflowText, "ossf/scorecard", "scorecard.yml", "main", "pin"), + Markdown: fmt.Sprintf(workflowMarkdown, "ossf/scorecard", "scorecard.yml", "main", "pin"), + }, + }, + { + name: "empty branch", + branch: "", + repo: "ossf/scorecard", + filepath: ".github/workflows/", + expected: nil, + }, + { + name: "empty repo", + branch: "main", + repo: "", + filepath: ".github/workflows/", + expected: nil, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + r := RemediationMetadata{ + Branch: tt.branch, + Repo: tt.repo, + } + got := r.CreateWorkflowPinningRemediation(tt.filepath) + if !cmp.Equal(got, tt.expected) { + t.Errorf(cmp.Diff(got, tt.expected)) + } + }) + } +} From b5142abe4dc9983fe11fb4fed2a132cda2ceabbb Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 22 May 2023 12:15:35 -0500 Subject: [PATCH 198/316] :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go (#3000) * :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go - Included e2e tests for clients/githubrepo/languages_e2e_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the token type check. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/languages_e2e_test.go | 54 ++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 clients/githubrepo/languages_e2e_test.go diff --git a/clients/githubrepo/languages_e2e_test.go b/clients/githubrepo/languages_e2e_test.go new file mode 100644 index 00000000000..3186d5ee126 --- /dev/null +++ b/clients/githubrepo/languages_e2e_test.go @@ -0,0 +1,54 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.languagesHandler", func() { + var langHandler *languagesHandler + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + langHandler = &languagesHandler{ + ghclient: github.NewClient(httpClient), + ctx: ctx, + } + }) + Context("listProgrammingLanguages()", func() { + It("returns a list of programming languages for a valid repository", func() { + repoURL := repoURL{ + owner: "ossf", + repo: "scorecard", + } + langHandler.init(context.Background(), &repoURL) + languages, err := langHandler.listProgrammingLanguages() + Expect(err).Should(BeNil()) + Expect(languages).ShouldNot(BeEmpty()) + }) + }) +}) From f8d33f8b3ef2ef6502330ac1d4bf51f592fd6c95 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 22 May 2023 12:37:12 -0500 Subject: [PATCH 199/316] :seedling: Unit tests for pkg/json_raw_results (#3044) * :seedling: Unit tests for pkg/json_raw_results.go - Unit tests for pkg/json_raw_results.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Additional tests Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- pkg/json_raw_results.go | 2 +- pkg/json_raw_results_test.go | 1403 ++++++++++++++++++++++++++++++++++ 2 files changed, 1404 insertions(+), 1 deletion(-) create mode 100644 pkg/json_raw_results_test.go diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index fcbe461c2aa..4be011aabd7 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -352,7 +352,7 @@ func (r *jsonScorecardRawResult) addPackagingRawResults(pk *checker.PackagingDat } if p.File == nil { //nolint - return errors.New("File field is nil") + return errors.New("file field is nil") } jpk.File = &jsonFile{ diff --git a/pkg/json_raw_results_test.go b/pkg/json_raw_results_test.go new file mode 100644 index 00000000000..82adcc8b116 --- /dev/null +++ b/pkg/json_raw_results_test.go @@ -0,0 +1,1403 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package pkg + +import ( + "bytes" + "reflect" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/clients" +) + +func TestAsPointer(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input string + expected *string + }{ + { + name: "test_empty_string", + input: "", + expected: asPointer(""), + }, + { + name: "test_non_empty_string", + input: "test", + expected: asPointer("test"), + }, + { + name: "test_number_string", + input: "123", + expected: asPointer("123"), + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + result := asPointer(tt.input) + if *result != *tt.expected { + t.Errorf("asPointer() = %v, want %v", result, tt.expected) + } + }) + } +} + +func TestJsonScorecardRawResult_AddPackagingRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.PackagingData + wantError bool + }{ + { + name: "test_with_nil_file_field", + input: &checker.PackagingData{ + Packages: []checker.Package{ + {File: nil}, + }, + }, + wantError: true, + }, + { + name: "test_with_empty_package_data", + input: &checker.PackagingData{ + Packages: []checker.Package{}, + }, + wantError: false, + }, + { + name: "test_with_valid_package_data", + input: &checker.PackagingData{ + Packages: []checker.Package{ + { + File: &checker.File{ + Path: "testPath", + Offset: 0, + Snippet: "testSnippet", + }, + Runs: []checker.Run{ + {URL: "testUrl"}, + }, + }, + }, + }, + wantError: false, + }, + { + name: "test_with_package_with_msg", + input: &checker.PackagingData{ + Packages: []checker.Package{ + { + Msg: asPointer("testMsg"), + }, + }, + }, + }, + { + name: "test_with_package_with_file_nil", + input: &checker.PackagingData{ + Packages: []checker.Package{ + { + File: nil, + }, + }, + }, + wantError: true, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addPackagingRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addPackagingRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddTokenPermissionsRawResults(t *testing.T) { + t.Parallel() + loc := checker.PermissionLocation("testLocationType") + tests := []struct { //nolint:govet + name string + input *checker.TokenPermissionsData + wantError bool + }{ + { + name: "test_with_nil_location_type", + input: &checker.TokenPermissionsData{ + TokenPermissions: []checker.TokenPermission{ + { + LocationType: nil, + Type: checker.PermissionLevelUndeclared, + }, + }, + }, + wantError: true, + }, + { + name: "test_with_debug_message", + input: &checker.TokenPermissionsData{ + TokenPermissions: []checker.TokenPermission{ + { + LocationType: &loc, + Type: checker.PermissionLevelRead, + }, + }, + }, + }, + { + name: "test_with_nil_job_and_file", + input: &checker.TokenPermissionsData{ + TokenPermissions: []checker.TokenPermission{ + { + LocationType: &loc, + Type: checker.PermissionLevelUndeclared, + }, + }, + }, + wantError: false, + }, + { + name: "test_with_valid_data", + input: &checker.TokenPermissionsData{ + TokenPermissions: []checker.TokenPermission{ + { + LocationType: &loc, + Type: checker.PermissionLevelUndeclared, + Job: &checker.WorkflowJob{ + Name: asPointer("testJobName"), + ID: asPointer("testJobID"), + }, + File: &checker.File{ + Path: "testPath", + Offset: 0, + Snippet: "testSnippet", + }, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addTokenPermissionsRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addTokenPermissionsRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddDependencyPinningRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.PinningDependenciesData + wantError bool + }{ + { + name: "test_with_nil_location", + input: &checker.PinningDependenciesData{ + Dependencies: []checker.Dependency{ + {Location: nil}, + }, + }, + wantError: false, + }, + { + name: "test_with_valid_data", + input: &checker.PinningDependenciesData{ + Dependencies: []checker.Dependency{ + { + Location: &checker.File{ + Path: "testPath", + Offset: 0, + EndOffset: 5, + Snippet: "testSnippet", + }, + Name: asPointer("testDependency"), + PinnedAt: asPointer("testPinnedAt"), + Type: checker.DependencyUseTypeGHAction, + }, + }, + }, + wantError: false, + }, + { + name: "test_with_nil_location", + input: &checker.PinningDependenciesData{ + Dependencies: []checker.Dependency{ + { + Location: nil, + Name: asPointer("testDependency"), + PinnedAt: asPointer("testPinnedAt"), + Type: checker.DependencyUseTypeGHAction, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addDependencyPinningRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addDependencyPinningRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddDangerousWorkflowRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.DangerousWorkflowData + wantError bool + }{ + { + name: "test_with_valid_data", + input: &checker.DangerousWorkflowData{ + Workflows: []checker.DangerousWorkflow{ + { + File: checker.File{ + Path: "testPath", + Offset: 0, + EndOffset: 5, + Snippet: "testSnippet", + }, + Type: checker.DangerousWorkflowScriptInjection, + Job: &checker.WorkflowJob{ + Name: asPointer("testJob"), + ID: asPointer("testID"), + }, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addDangerousWorkflowRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addDangerousWorkflowRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddContributorsRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.ContributorsData + wantError bool + }{ + { + name: "test_with_valid_data", + input: &checker.ContributorsData{ + Users: []clients.User{ + { + Login: "testLogin", + NumContributions: 5, + Organizations: []clients.User{ + {Login: "testOrg"}, + }, + Companies: []string{"testCompany"}, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addContributorsRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addContributorsRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddSignedReleasesRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.SignedReleasesData + wantError bool + }{ + { + name: "test_with_valid_data", + input: &checker.SignedReleasesData{ + Releases: []clients.Release{ + { + TagName: "v1.0", + URL: "https://example.com/v1.0", + Assets: []clients.ReleaseAsset{ + { + Name: "asset1", + URL: "https://example.com/v1.0/asset1", + }, + }, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addSignedReleasesRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addSignedReleasesRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestJsonScorecardRawResult_AddMaintainedRawResults(t *testing.T) { + t.Parallel() + c := clients.RepoAssociationNone + tests := []struct { //nolint:govet + name string + input *checker.MaintainedData + wantError bool + }{ + { + name: "test_with_nil_archived_status", + input: &checker.MaintainedData{ + CreatedAt: time.Now(), + Issues: []clients.Issue{}, + }, + wantError: false, + }, + { + name: "test_with_valid_archived_status", + input: &checker.MaintainedData{ + CreatedAt: time.Now(), + Issues: []clients.Issue{ + { + URI: asPointer("testUrl"), + Author: &clients.User{ + Login: "testLogin", + }, + AuthorAssociation: &c, + Comments: []clients.IssueComment{ + { + Author: &clients.User{ + Login: "testLogin", + }, + AuthorAssociation: &c, + }, + }, + }, + }, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addMaintainedRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addMaintainedRawResults() error = %v, wantError %v", err, test.wantError) + } + }) + } +} + +func TestSetDefaultCommitData(t *testing.T) { + // Define some test data. + changesets := []checker.Changeset{ + { + ReviewPlatform: "GitHub", + RevisionID: "abc123", + Commits: []clients.Commit{ + { + CommittedDate: time.Now(), + Message: "Initial commit", + SHA: "def456", + Committer: clients.User{ + Login: "johndoe", + }, + }, + }, + Reviews: []clients.Review{ + { + State: "approved", + Author: &clients.User{ + Login: "janedoe", + IsBot: false, + }, + }, + }, + Author: clients.User{ + Login: "johndoe", + }, + }, + } + + // Create a new jsonScorecardRawResult. + r := &jsonScorecardRawResult{} + + // Call setDefaultCommitData with the test data. + err := r.setDefaultCommitData(changesets) + if err != nil { + t.Fatalf("setDefaultCommitData() returned an error: %v", err) + } + + // Define the expected results. + expected := []jsonDefaultBranchChangeset{ + { + RevisionID: "abc123", + ReviewPlatform: "GitHub", + Commits: []jsonCommit{ + { + Committer: jsonUser{ + Login: "johndoe", + }, + Message: "Initial commit", + SHA: "def456", + }, + }, + Reviews: []jsonReview{ + { + State: "approved", + Reviewer: jsonUser{ + Login: "janedoe", + IsBot: false, + }, + }, + }, + Authors: []jsonUser{ + { + Login: "johndoe", + }, + }, + }, + } + + // Compare the actual results with the expected results. + if diff := cmp.Diff(r.Results.DefaultBranchChangesets, expected); diff != "" { + t.Errorf("setDefaultCommitData() mismatch (-want +got):\n%s", diff) + } +} + +func TestJsonScorecardRawResult_AddOssfBestPracticesRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.CIIBestPracticesData + wantError bool + }{ + { + name: "test_with_valid_badge", + input: &checker.CIIBestPracticesData{ + Badge: clients.Gold, + }, + wantError: false, + }, + { + name: "test_with_nil_badge", + input: &checker.CIIBestPracticesData{ + Badge: clients.Silver, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addOssfBestPracticesRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addOssfBestPracticesRawResults() error = %v, wantError %v", err, test.wantError) + } + if r.Results.OssfBestPractices.Badge != test.input.Badge.String() { + t.Errorf("addOssfBestPracticesRawResults() badge = %v, want %v", r.Results.OssfBestPractices.Badge, test.input.Badge.String()) //nolint:lll + } + }) + } +} + +func TestJsonScorecardRawResult_AddCodeReviewRawResults(t *testing.T) { + t.Parallel() + + tests := []struct { //nolint:govet + name string + input *checker.CodeReviewData + wantError bool + }{ + { + name: "test_with_valid_changesets", + input: &checker.CodeReviewData{ + DefaultBranchChangesets: []checker.Changeset{ + { + ReviewPlatform: "GitHub", + RevisionID: "123", + Commits: []clients.Commit{ + { + CommittedDate: time.Now(), + Message: "test commit", + SHA: "abc123", + Committer: clients.User{ + Login: "testuser", + }, + }, + }, + Reviews: []clients.Review{ + { + State: "approved", + Author: &clients.User{ + Login: "testuser", + }, + }, + }, + Author: clients.User{ + Login: "testuser", + }, + }, + }, + }, + wantError: false, + }, + { + name: "test_with_nil_changesets", + input: &checker.CodeReviewData{ + DefaultBranchChangesets: nil, + }, + wantError: false, + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + t.Parallel() + + r := &jsonScorecardRawResult{} + err := r.addCodeReviewRawResults(test.input) + if (err != nil) != test.wantError { + t.Errorf("addCodeReviewRawResults() error = %v, wantError %v", err, test.wantError) + } + if len(r.Results.DefaultBranchChangesets) != len(test.input.DefaultBranchChangesets) { + t.Errorf("addCodeReviewRawResults() changesets length = %v, want %v", len(r.Results.DefaultBranchChangesets), len(test.input.DefaultBranchChangesets)) //nolint:lll + } + }) + } +} + +func TestAddCodeReviewRawResults(t *testing.T) { + r := &jsonScorecardRawResult{} + cr := &checker.CodeReviewData{ + DefaultBranchChangesets: []checker.Changeset{ + { + RevisionID: "abc123", + ReviewPlatform: "github", + Commits: []clients.Commit{ + { + Committer: clients.User{ + Login: "johndoe", + }, + Message: "Fix bug", + SHA: "def456", + }, + }, + Reviews: []clients.Review{ + { + State: "approved", + Author: &clients.User{ + Login: "janedoe", + IsBot: false, + }, + }, + }, + Author: clients.User{ + Login: "johndoe", + }, + }, + }, + } + + err := r.addCodeReviewRawResults(cr) + if err != nil { + t.Errorf("addCodeReviewRawResults returned an error: %v", err) + } + + expected := []jsonDefaultBranchChangeset{ + { + RevisionID: "abc123", + ReviewPlatform: "github", + Commits: []jsonCommit{ + { + Committer: jsonUser{ + Login: "johndoe", + }, + Message: "Fix bug", + SHA: "def456", + }, + }, + Reviews: []jsonReview{ + { + State: "approved", + Reviewer: jsonUser{ + Login: "janedoe", + IsBot: false, + }, + }, + }, + Authors: []jsonUser{ + { + Login: "johndoe", + }, + }, + }, + } + + if !reflect.DeepEqual(r.Results.DefaultBranchChangesets, expected) { + t.Errorf("addCodeReviewRawResults did not produce the expected output. Got: %v, Expected: %v", r.Results.DefaultBranchChangesets, expected) //nolint:lll + } +} + +func TestAddLicenseRawResults(t *testing.T) { + // Create a new jsonScorecardRawResult instance + r := &jsonScorecardRawResult{} + + // Create a new LicenseData instance + ld := &checker.LicenseData{ + LicenseFiles: []checker.LicenseFile{ + { + File: checker.File{ + Path: "LICENSE", + }, + LicenseInformation: checker.License{ + Name: "MIT License", + SpdxID: "MIT", + Attribution: checker.LicenseAttributionTypeOther, + Approved: true, + }, + }, + }, + } + + // Call the addLicenseRawResults function + err := r.addLicenseRawResults(ld) + // Check if there was an error + if err != nil { + t.Errorf("addLicenseRawResults returned an error: %v", err) + } + + // Check if the Licenses field was populated correctly + expected := []jsonLicense{ + { + License: jsonLicenseInfo{ + File: "LICENSE", + Name: "MIT License", + SpdxID: "MIT", + Attribution: "other", + Approved: "true", + }, + }, + } + + if len(r.Results.Licenses) != len(expected) { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + + for i, license := range r.Results.Licenses { + if license.License.File != expected[i].License.File { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + if license.License.Name != expected[i].License.Name { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + if license.License.SpdxID != expected[i].License.SpdxID { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + if license.License.Attribution != expected[i].License.Attribution { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + if license.License.Approved != expected[i].License.Approved { + t.Errorf("addLicenseRawResults did not populate the Licenses field correctly") + } + } +} + +func TestAddBinaryArtifactRawResults(t *testing.T) { + r := &jsonScorecardRawResult{} + ba := &checker.BinaryArtifactData{ + Files: []checker.File{ + { + Path: "path/to/file1", + }, + { + Path: "path/to/file2", + }, + }, + } + + err := r.addBinaryArtifactRawResults(ba) + if err != nil { + t.Errorf("addBinaryArtifactRawResults returned an error: %v", err) + } + + expected := []jsonFile{ + { + Path: "path/to/file1", + }, + { + Path: "path/to/file2", + }, + } + + if len(r.Results.Binaries) != len(expected) { + t.Errorf("addBinaryArtifactRawResults did not add the correct number of files. Expected %d, got %d", len(expected), len(r.Results.Binaries)) //nolint:lll + } + + for i, file := range r.Results.Binaries { + if file.Path != expected[i].Path { + t.Errorf("addBinaryArtifactRawResults did not add the correct file. Expected %s, got %s", expected[i].Path, file.Path) //nolint:lll + } + } +} + +func TestAddSecurityPolicyRawResults(t *testing.T) { + r := &jsonScorecardRawResult{} + sp := &checker.SecurityPolicyData{ + PolicyFiles: []checker.SecurityPolicyFile{ + { + File: checker.File{ + Path: "path/to/policy1", + FileSize: 100, + }, + Information: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationType("type1"), + }, + { + InformationType: checker.SecurityPolicyInformationType("type2"), + }, + }, + }, + { + File: checker.File{ + Path: "path/to/policy2", + FileSize: 200, + }, + Information: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationType("type3"), + }, + }, + }, + }, + } + + err := r.addSecurityPolicyRawResults(sp) + if err != nil { + t.Errorf("addSecurityPolicyRawResults returned an error: %v", err) + } + + expected := []jsonSecurityFile{ + { + Path: "path/to/policy1", + ContentLength: 100, + Hits: []jsonSecurityPolicyHits{ + { + Type: "type1", + }, + { + Type: "type2", + }, + }, + }, + { + Path: "path/to/policy2", + ContentLength: 200, + Hits: []jsonSecurityPolicyHits{ + { + Type: "type3", + }, + }, + }, + } + + if len(r.Results.SecurityPolicies) != len(expected) { + t.Errorf("addSecurityPolicyRawResults did not add the correct number of policies. Expected %d, got %d", len(expected), len(r.Results.SecurityPolicies)) //nolint:lll + } + + for i, policy := range r.Results.SecurityPolicies { + if policy.Path != expected[i].Path { + t.Errorf("addSecurityPolicyRawResults did not add the correct policy. Expected %s, got %s", expected[i].Path, policy.Path) //nolint:lll + } + + if policy.ContentLength != expected[i].ContentLength { + t.Errorf("addSecurityPolicyRawResults did not add the correct content length. Expected %d, got %d", expected[i].ContentLength, policy.ContentLength) //nolint:lll + } + + if len(policy.Hits) != len(expected[i].Hits) { + t.Errorf("addSecurityPolicyRawResults did not add the correct number of hits. Expected %d, got %d", len(expected[i].Hits), len(policy.Hits)) //nolint:lll + } + + for j, hit := range policy.Hits { + if hit.Type != expected[i].Hits[j].Type { + t.Errorf("addSecurityPolicyRawResults did not add the correct hit type. Expected %s, got %s", expected[i].Hits[j].Type, hit.Type) //nolint:lll + } + } + } +} + +func TestAddVulnerabilitiesRawResults(t *testing.T) { + r := &jsonScorecardRawResult{} + vd := &checker.VulnerabilitiesData{ + Vulnerabilities: []clients.Vulnerability{ + { + ID: "CVE-2021-1234", + }, + { + ID: "CVE-2021-5678", + }, + }, + } + + err := r.addVulnerbilitiesRawResults(vd) + if err != nil { + t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + } + + expected := []jsonDatabaseVulnerability{ + { + ID: "CVE-2021-1234", + }, + { + ID: "CVE-2021-5678", + }, + } + + if len(r.Results.DatabaseVulnerabilities) != len(expected) { + t.Errorf("addVulnerbilitiesRawResults did not add the correct number of vulnerabilities. Expected %d, got %d", len(expected), len(r.Results.DatabaseVulnerabilities)) //nolint:lll + } + + for i, vuln := range r.Results.DatabaseVulnerabilities { + if vuln.ID != expected[i].ID { + t.Errorf("addVulnerbilitiesRawResults did not add the correct vulnerability. Expected %s, got %s", expected[i].ID, vuln.ID) //nolint:lll + } + } +} + +func TestAddFuzzingRawResults(t *testing.T) { + r := &jsonScorecardRawResult{} + fd := &checker.FuzzingData{ + Fuzzers: []checker.Tool{ + { + Name: "fuzzer1", + URL: asPointer("https://example.com/fuzzer1"), + Desc: asPointer("Fuzzer 1 description"), + Files: []checker.File{ + { + Path: "path/to/fuzzer1/file1", + }, + { + Path: "path/to/fuzzer1/file2", + }, + }, + }, + { + Name: "fuzzer2", + URL: asPointer("https://example.com/fuzzer2"), + Desc: asPointer("Fuzzer 2 description"), + Files: []checker.File{ + { + Path: "path/to/fuzzer2/file1", + }, + }, + }, + }, + } + + err := r.addFuzzingRawResults(fd) + if err != nil { + t.Errorf("addFuzzingRawResults returned an error: %v", err) + } + + expectedFuzzers := []jsonTool{ + { + Name: "fuzzer1", + URL: asPointer("https://example.com/fuzzer1"), + Desc: asPointer("Fuzzer 1 description"), + Files: []jsonFile{ + { + Path: "path/to/fuzzer1/file1", + }, + { + Path: "path/to/fuzzer1/file2", + }, + }, + }, + { + Name: "fuzzer2", + URL: asPointer("https://example.com/fuzzer2"), + Desc: asPointer("Fuzzer 2 description"), + Files: []jsonFile{ + { + Path: "path/to/fuzzer2/file1", + }, + }, + }, + } + + if len(r.Results.Fuzzers) != len(expectedFuzzers) { + t.Errorf("addFuzzingRawResults did not add the correct number of fuzzers. Expected %d, got %d", len(expectedFuzzers), len(r.Results.Fuzzers)) //nolint:lll + } + for i, fuzzer := range r.Results.Fuzzers { + if fuzzer.Name != expectedFuzzers[i].Name { + t.Errorf("addFuzzingRawResults did not add the correct fuzzer name. Expected %s, got %s", expectedFuzzers[i].Name, fuzzer.Name) //nolint:lll + } + if *fuzzer.URL != *expectedFuzzers[i].URL { + t.Errorf("addFuzzingRawResults did not add the correct fuzzer URL. Expected %s, got %s", *expectedFuzzers[i].URL, *fuzzer.URL) //nolint:lll + } + if *fuzzer.Desc != *expectedFuzzers[i].Desc { + t.Errorf("addFuzzingRawResults did not add the correct fuzzer description. Expected %s, got %s", *expectedFuzzers[i].Desc, *fuzzer.Desc) //nolint:lll + } + if len(fuzzer.Files) != len(expectedFuzzers[i].Files) { + t.Errorf("addFuzzingRawResults did not add the correct number of files for fuzzer %s. Expected %d, got %d", fuzzer.Name, len(expectedFuzzers[i].Files), len(fuzzer.Files)) //nolint:lll + } + for j, file := range fuzzer.Files { + if file.Path != expectedFuzzers[i].Files[j].Path { + t.Errorf("addFuzzingRawResults did not add the correct file path for fuzzer %s. Expected %s, got %s", fuzzer.Name, expectedFuzzers[i].Files[j].Path, file.Path) //nolint:lll + } + } + } +} + +func TestJsonScorecardRawResult(t *testing.T) { + // create a new instance of jsonScorecardRawResult + r := &jsonScorecardRawResult{} + + // create some test data for each of the add*RawResults functions + vd := &checker.VulnerabilitiesData{ + Vulnerabilities: []clients.Vulnerability{ + {ID: "CVE-2021-1234"}, + {ID: "CVE-2021-5678"}, + }, + } + ba := &checker.BinaryArtifactData{ + Files: []checker.File{ + {Path: "binaries/foo"}, + {Path: "binaries/bar"}, + }, + } + sp := &checker.SecurityPolicyData{ + PolicyFiles: []checker.SecurityPolicyFile{ + { + File: checker.File{ + Path: "policies/baz", + FileSize: 1024, + }, + Information: []checker.SecurityPolicyInformation{ + { + InformationType: checker.SecurityPolicyInformationTypeEmail, + InformationValue: checker.SecurityPolicyValueType{ + Match: "match", + LineNumber: 42, + Offset: 0, + }, + }, + }, + }, + }, + } + fd := &checker.FuzzingData{ + Fuzzers: []checker.Tool{ + { + Name: "fuzzer1", + URL: asPointer("https://example.com/fuzzer1"), + Desc: asPointer("fuzzer1 description"), + Files: []checker.File{ + {Path: "fuzzers/fuzzer1/foo"}, + {Path: "fuzzers/fuzzer1/bar"}, + }, + }, + { + Name: "fuzzer2", + URL: asPointer("https://example.com/fuzzer2"), + Desc: asPointer("fuzzer2 description"), + Files: []checker.File{ + {Path: "fuzzers/fuzzer2/foo"}, + {Path: "fuzzers/fuzzer2/bar"}, + }, + }, + }, + } + bp := &checker.BranchProtectionsData{ + Branches: []clients.BranchRef{ + { + Name: stringPtr("main"), + Protected: boolPtr(true), + BranchProtectionRule: clients.BranchProtectionRule{ + AllowDeletions: boolPtr(true), + AllowForcePushes: boolPtr(false), + RequiredPullRequestReviews: clients.PullRequestReviewRule{ + RequireCodeOwnerReviews: boolPtr(true), + DismissStaleReviews: boolPtr(true), + RequiredApprovingReviewCount: intPtr(2), + }, + RequireLinearHistory: boolPtr(true), + EnforceAdmins: boolPtr(true), + CheckRules: clients.StatusChecksRule{ + RequiresStatusChecks: boolPtr(true), + Contexts: []string{"ci"}, + UpToDateBeforeMerge: boolPtr(true), + }, + }, + }, + { + Name: stringPtr("dev"), + Protected: boolPtr(false), + }, + }, + } + + // test addVulnerbilitiesRawResults + err := r.addVulnerbilitiesRawResults(vd) + if err != nil { + t.Errorf("addVulnerbilitiesRawResults returned an error: %v", err) + } + expectedVulnerabilities := []jsonDatabaseVulnerability{ + {ID: "CVE-2021-1234"}, + {ID: "CVE-2021-5678"}, + } + if cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities) != "" { + t.Errorf("addVulnerbilitiesRawResults did not produce the expected results %v", cmp.Diff(r.Results.DatabaseVulnerabilities, expectedVulnerabilities)) //nolint:lll + } + + // test addBinaryArtifactRawResults + err = r.addBinaryArtifactRawResults(ba) + if err != nil { + t.Errorf("addBinaryArtifactRawResults returned an error: %v", err) + } + expectedBinaries := []jsonFile{ + {Path: "binaries/foo"}, + {Path: "binaries/bar"}, + } + if cmp.Diff(expectedBinaries, r.Results.Binaries) != "" { + t.Errorf("addBinaryArtifactRawResults did not produce the expected results") + } + + // test addSecurityPolicyRawResults + err = r.addSecurityPolicyRawResults(sp) + if err != nil { + t.Errorf("addSecurityPolicyRawResults returned an error: %v", err) + } + expectedSecurityPolicies := []jsonSecurityFile{ + { + Path: "policies/baz", + ContentLength: 1024, + Hits: []jsonSecurityPolicyHits{ + { + Type: "emailAddress", + Match: "match", + LineNumber: 42, + Offset: 0, + }, + }, + }, + } + if cmp.Diff(expectedSecurityPolicies, r.Results.SecurityPolicies) != "" { + t.Errorf("addSecurityPolicyRawResults did not produce the expected results %v", cmp.Diff(expectedSecurityPolicies, r.Results.SecurityPolicies)) //nolint:lll + } + + // test addFuzzingRawResults + err = r.addFuzzingRawResults(fd) + if err != nil { + t.Errorf("addFuzzingRawResults returned an error: %v", err) + } + expectedFuzzers := []jsonTool{ + { + Name: "fuzzer1", + URL: asPointer("https://example.com/fuzzer1"), + Desc: asPointer("fuzzer1 description"), + Files: []jsonFile{ + {Path: "fuzzers/fuzzer1/foo"}, + {Path: "fuzzers/fuzzer1/bar"}, + }, + }, + { + Name: "fuzzer2", + URL: asPointer("https://example.com/fuzzer1"), + Desc: asPointer("fuzzer1 description"), + Files: []jsonFile{ + {Path: "fuzzers/fuzzer2/foo"}, + {Path: "fuzzers/fuzzer2/bar"}, + }, + }, + } + if cmp.Diff(expectedFuzzers, r.Results.Fuzzers, cmpopts.IgnoreFields(jsonTool{}, "URL", "Desc")) != "" { + t.Errorf("addFuzzingRawResults did not produce the expected results %v", cmp.Diff(expectedFuzzers, r.Results.Fuzzers)) //nolint:lll + } + + // test addBranchProtectionRawResults + err = r.addBranchProtectionRawResults(bp) + if err != nil { + t.Errorf("addBranchProtectionRawResults returned an error: %v", err) + } +} + +func stringPtr(s string) *string { + return &s +} + +func boolPtr(b bool) *bool { + return &b +} + +func intPtr(i int32) *int32 { + return &i +} + +//nolint:lll +func TestScorecardResult_AsRawJSON(t *testing.T) { + type fields struct { + Repo RepoInfo + Date time.Time + Scorecard ScorecardInfo + Checks []checker.CheckResult + RawResults checker.RawResults + Metadata []string + } + tests := []struct { //nolint:govet + name string + fields fields + wantWriter string + wantErr bool + }{ + { + name: "happy path", + fields: fields{ + Repo: RepoInfo{ + Name: "bar", + CommitSHA: "1234567890123456789012345678901234567890", + }, + }, + wantWriter: `{"date":"0001-01-01","repo":{"name":"bar","commit":"1234567890123456789012345678901234567890"},"scorecard":{"version":"","commit":""},"metadata":null,"results":{"workflows":[],"permissions":{},"licenses":[],"issues":null,"openssfBestPracticesBadge":{"badge":"Unknown"},"databaseVulnerabilities":[],"binaries":[],"securityPolicies":[],"dependencyUpdateTools":[],"branchProtections":{"branches":[],"codeownersFiles":null},"Contributors":{"users":null},"defaultBranchChangesets":[],"archived":{"status":false},"createdAt":{"timestamp":"0001-01-01T00:00:00Z"},"fuzzers":[],"releases":[],"packages":[],"dependencyPinning":{"dependencies":null}}} +`, //nolint:lll + }, + } + for _, tt := range tests { + tt := tt // capture range variable + t.Run(tt.name, func(t *testing.T) { + r := &ScorecardResult{ + Repo: tt.fields.Repo, + Date: tt.fields.Date, + Scorecard: tt.fields.Scorecard, + Checks: tt.fields.Checks, + RawResults: tt.fields.RawResults, + Metadata: tt.fields.Metadata, + } + writer := &bytes.Buffer{} + err := r.AsRawJSON(writer) + if (err != nil) != tt.wantErr { + t.Errorf("AsRawJSON() error = %v, wantErr %v", err, tt.wantErr) + return + } + if gotWriter := writer.String(); gotWriter != tt.wantWriter { + t.Errorf(cmp.Diff(gotWriter, tt.wantWriter)) + } + }) + } +} + +func TestAddBranchProtectionRawResults(t *testing.T) { + t.Parallel() + testCases := []struct { //nolint:govet + name string + input *checker.BranchProtectionsData + expected *jsonScorecardRawResult + }{ + { + name: "no branch protections", + input: &checker.BranchProtectionsData{ + Branches: nil, + }, + expected: &jsonScorecardRawResult{ + Results: jsonRawResults{ + BranchProtections: jsonBranchProtectionMetadata{ + Branches: []jsonBranchProtection{}, + }, + }, + }, + }, + { + name: "one protected branch", + input: &checker.BranchProtectionsData{ + Branches: []clients.BranchRef{ + { + Name: stringPtr("main"), + Protected: boolPtr(true), + BranchProtectionRule: clients.BranchProtectionRule{ + AllowDeletions: boolPtr(false), + }, + }, + }, + }, + expected: &jsonScorecardRawResult{ + Results: jsonRawResults{ + BranchProtections: jsonBranchProtectionMetadata{ + Branches: []jsonBranchProtection{ + { + Name: "main", + Protection: &jsonBranchProtectionSettings{ + AllowsDeletions: boolPtr(false), + }, + }, + }, + }, + }, + }, + }, + } + + for _, tc := range testCases { + tc := tc // capture range variable + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + result := &jsonScorecardRawResult{} + err := result.addBranchProtectionRawResults(tc.input) + if err != nil { + t.Fatal(err) + } + + if diff := cmp.Diff(tc.expected, result); diff != "" { + t.Errorf("mismatch (-want +got):\n%s", diff) + } + }) + } +} + +func TestFillJSONRawResults(t *testing.T) { + raw := checker.RawResults{ + LicenseResults: checker.LicenseData{ + LicenseFiles: []checker.LicenseFile{ + {LicenseInformation: checker.License{Name: "MIT"}}, + }, + }, + VulnerabilitiesResults: checker.VulnerabilitiesData{ + Vulnerabilities: []clients.Vulnerability{ + {ID: "CVE-2020-1234"}, + }, + }, + BinaryArtifactResults: checker.BinaryArtifactData{ + Files: []checker.File{ + {Path: "bin/app"}, + }, + }, + SecurityPolicyResults: checker.SecurityPolicyData{ + PolicyFiles: []checker.SecurityPolicyFile{ + {File: checker.File{Path: "SECURITY.md"}}, + }, + }, + DependencyUpdateToolResults: checker.DependencyUpdateToolData{ + Tools: []checker.Tool{ + {Name: "Dependabot"}, + }, + }, + BranchProtectionResults: checker.BranchProtectionsData{ + Branches: []clients.BranchRef{ + {Name: stringPtr("main"), Protected: boolPtr(true)}, + }, + }, + CodeReviewResults: checker.CodeReviewData{}, + MaintainedResults: checker.MaintainedData{}, + SignedReleasesResults: checker.SignedReleasesData{ + Releases: []clients.Release{ + {TagName: "v1.0.0"}, + }, + }, + ContributorsResults: checker.ContributorsData{}, + PinningDependenciesResults: checker.PinningDependenciesData{ + Dependencies: []checker.Dependency{ + {Name: stringPtr("requirements.txt")}, + }, + }, + CIIBestPracticesResults: checker.CIIBestPracticesData{}, + DangerousWorkflowResults: checker.DangerousWorkflowData{}, + FuzzingResults: checker.FuzzingData{}, + PackagingResults: checker.PackagingData{}, + TokenPermissionsResults: checker.TokenPermissionsData{}, + } + + r := jsonScorecardRawResult{} + err := r.fillJSONRawResults(&raw) + if err != nil { + t.Fatal(err) + } +} From 1a336d80870ceccc8e7c36243ecffef6ce190f17 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Mon, 22 May 2023 18:13:24 -0700 Subject: [PATCH 200/316] =?UTF-8?q?=E2=9C=A8=20=20[experimental]=20Add=20p?= =?UTF-8?q?robe=20code=20and=20support=20for=20Tool-Update-Dependency=20(#?= =?UTF-8?q?2944)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon --- checker/check_result.go | 23 +++ checker/raw_result.go | 22 ++- checks/dependency_update_tool.go | 12 +- checks/dependency_update_tool_test.go | 18 ++- checks/evaluation/dependency_update_tool.go | 49 ++---- .../evaluation/dependency_update_tool_test.go | 152 ++++++------------ checks/raw/dependency_update_tool.go | 8 +- checks/raw/dependency_update_tool_test.go | 119 ++++++-------- checks/run_probes.go | 41 +++++ e2e/dependency_update_tool_test.go | 8 +- probes/entries.go | 59 +++++++ probes/toolDependabotInstalled/def.yml | 32 ++++ probes/toolDependabotInstalled/impl.go | 53 ++++++ probes/toolPyUpInstalled/def.yml | 32 ++++ probes/toolPyUpInstalled/impl.go | 53 ++++++ probes/toolRenovateInstalled/def.yml | 32 ++++ probes/toolRenovateInstalled/impl.go | 53 ++++++ probes/toolSonatypeLiftInstalled/def.yml | 32 ++++ probes/toolSonatypeLiftInstalled/impl.go | 53 ++++++ probes/utils/tools.go | 69 ++++++++ probes/zrunner/runner.go | 51 ++++++ 21 files changed, 742 insertions(+), 229 deletions(-) create mode 100644 checks/run_probes.go create mode 100644 probes/entries.go create mode 100644 probes/toolDependabotInstalled/def.yml create mode 100644 probes/toolDependabotInstalled/impl.go create mode 100644 probes/toolPyUpInstalled/def.yml create mode 100644 probes/toolPyUpInstalled/impl.go create mode 100644 probes/toolRenovateInstalled/def.yml create mode 100644 probes/toolRenovateInstalled/impl.go create mode 100644 probes/toolSonatypeLiftInstalled/def.yml create mode 100644 probes/toolSonatypeLiftInstalled/impl.go create mode 100644 probes/utils/tools.go create mode 100644 probes/zrunner/runner.go diff --git a/checker/check_result.go b/checker/check_result.go index 8491bdd394b..5e0dd21946f 100644 --- a/checker/check_result.go +++ b/checker/check_result.go @@ -193,3 +193,26 @@ func CreateRuntimeErrorResult(name string, e error) CheckResult { Reason: e.Error(), // Note: message already accessible by caller thru `Error`. } } + +// LogFindings logs the list of findings. +func LogFindings(findings []finding.Finding, dl DetailLogger) error { + for i := range findings { + f := &findings[i] + switch f.Outcome { + case finding.OutcomeNegative: + dl.Warn(&LogMessage{ + Finding: f, + }) + case finding.OutcomePositive: + dl.Info(&LogMessage{ + Finding: f, + }) + default: + dl.Debug(&LogMessage{ + Finding: f, + }) + } + } + + return nil +} diff --git a/checker/raw_result.go b/checker/raw_result.go index 8b991d18407..37dfcbd3e4f 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -242,7 +242,6 @@ type SignedReleasesData struct { // for the Dependency-Update-Tool check. type DependencyUpdateToolData struct { // Tools contains a list of tools. - // Note: we only populate one entry at most. Tools []Tool } @@ -375,3 +374,24 @@ type TokenPermission struct { Msg *string Type PermissionLevel } + +// Location generates location from a file. +func (f *File) Location() *finding.Location { + // TODO(2626): merge location and path. + if f == nil { + return nil + } + loc := &finding.Location{ + Type: f.Type, + Path: f.Path, + LineStart: &f.Offset, + } + if f.EndOffset != 0 { + loc.LineEnd = &f.EndOffset + } + if f.Snippet != "" { + loc.Snippet = &f.Snippet + } + + return loc +} diff --git a/checks/dependency_update_tool.go b/checks/dependency_update_tool.go index fee37c1973e..54f1954f9b1 100644 --- a/checks/dependency_update_tool.go +++ b/checks/dependency_update_tool.go @@ -19,12 +19,13 @@ import ( "github.com/ossf/scorecard/v4/checks/evaluation" "github.com/ossf/scorecard/v4/checks/raw" sce "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/probes" ) // CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update. const CheckDependencyUpdateTool = "Dependency-Update-Tool" -//nolint +// nolint func init() { supportedRequestTypes := []checker.RequestType{ checker.FileBased, @@ -48,6 +49,13 @@ func DependencyUpdateTool(c *checker.CheckRequest) checker.CheckResult { c.RawResults.DependencyUpdateToolResults = rawData } + // Evaluate the probes. + findings, err := evaluateProbes(c, CheckDependencyUpdateTool, probes.DependencyToolUpdates) + if err != nil { + e := sce.WithMessage(sce.ErrScorecardInternal, err.Error()) + return checker.CreateRuntimeErrorResult(CheckDependencyUpdateTool, e) + } + // Return the score evaluation. - return evaluation.DependencyUpdateTool(CheckDependencyUpdateTool, c.Dlogger, &rawData) + return evaluation.DependencyUpdateTool(CheckDependencyUpdateTool, findings) } diff --git a/checks/dependency_update_tool_test.go b/checks/dependency_update_tool_test.go index 2b21e6f99c9..173f4e5198c 100644 --- a/checks/dependency_update_tool_test.go +++ b/checks/dependency_update_tool_test.go @@ -51,6 +51,7 @@ func TestDependencyUpdateTool(t *testing.T) { CallSearchCommits: 0, expected: scut.TestReturn{ NumberOfInfo: 1, + NumberOfWarn: 3, Score: 10, }, }, @@ -63,6 +64,7 @@ func TestDependencyUpdateTool(t *testing.T) { CallSearchCommits: 0, expected: scut.TestReturn{ NumberOfInfo: 1, + NumberOfWarn: 3, Score: 10, }, }, @@ -75,7 +77,7 @@ func TestDependencyUpdateTool(t *testing.T) { SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}}}, CallSearchCommits: 1, expected: scut.TestReturn{ - NumberOfWarn: 1, + NumberOfWarn: 4, }, }, { @@ -87,7 +89,7 @@ func TestDependencyUpdateTool(t *testing.T) { SearchCommits: []clients.Commit{}, CallSearchCommits: 1, expected: scut.TestReturn{ - NumberOfWarn: 1, + NumberOfWarn: 4, }, }, @@ -101,6 +103,7 @@ func TestDependencyUpdateTool(t *testing.T) { CallSearchCommits: 1, expected: scut.TestReturn{ NumberOfInfo: 1, + NumberOfWarn: 3, Score: 10, }, }, @@ -108,13 +111,14 @@ func TestDependencyUpdateTool(t *testing.T) { name: "found in commits 2", wantErr: false, files: []string{}, - SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}}, + SearchCommits: []clients.Commit{ + {Committer: clients.User{ID: 111111111}}, {Committer: clients.User{ID: dependabotID}}, }, - CallSearchCommits: 1, expected: scut.TestReturn{ NumberOfInfo: 1, + NumberOfWarn: 3, Score: 10, }, }, @@ -125,12 +129,14 @@ func TestDependencyUpdateTool(t *testing.T) { files: []string{ ".github/foobar.yml", }, - SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}}, + SearchCommits: []clients.Commit{ + {Committer: clients.User{ID: 111111111}}, {Committer: clients.User{ID: dependabotID}}, }, CallSearchCommits: 1, expected: scut.TestReturn{ NumberOfInfo: 1, + NumberOfWarn: 3, Score: 10, }, }, @@ -144,9 +150,11 @@ func TestDependencyUpdateTool(t *testing.T) { mockRepo.EXPECT().ListFiles(gomock.Any()).Return(tt.files, nil) mockRepo.EXPECT().SearchCommits(gomock.Any()).Return(tt.SearchCommits, nil).Times(tt.CallSearchCommits) dl := scut.TestDetailLogger{} + raw := checker.RawResults{} c := &checker.CheckRequest{ RepoClient: mockRepo, Dlogger: &dl, + RawResults: &raw, } res := DependencyUpdateTool(c) diff --git a/checks/evaluation/dependency_update_tool.go b/checks/evaluation/dependency_update_tool.go index c527b82b8e3..239167a4e3b 100644 --- a/checks/evaluation/dependency_update_tool.go +++ b/checks/evaluation/dependency_update_tool.go @@ -15,51 +15,20 @@ package evaluation import ( - "fmt" - "github.com/ossf/scorecard/v4/checker" - sce "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/finding" ) // DependencyUpdateTool applies the score policy for the Dependency-Update-Tool check. -func DependencyUpdateTool(name string, dl checker.DetailLogger, - r *checker.DependencyUpdateToolData, +func DependencyUpdateTool(name string, + findings []finding.Finding, ) checker.CheckResult { - if r == nil { - e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data") - return checker.CreateRuntimeErrorResult(name, e) - } - - // Apply the policy evaluation. - if r.Tools == nil || len(r.Tools) == 0 { - dl.Warn(&checker.LogMessage{ - Text: `Config file not detected in source location for dependabot, renovatebot, Sonatype Lift, or - PyUp (Python). We recommend setting this configuration in code so it can be easily verified by others.`, - }) - return checker.CreateMinScoreResult(name, "no update tool detected") - } - - // Validate the input. - if len(r.Tools) != 1 { - e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("found %d tools, expected 1", len(r.Tools))) - return checker.CreateRuntimeErrorResult(name, e) - } - - if r.Tools[0].Files == nil { - e := sce.WithMessage(sce.ErrScorecardInternal, "Files are nil") - return checker.CreateRuntimeErrorResult(name, e) - } - - // Iterate over all the files, since a Tool can contain multiple files. - for _, file := range r.Tools[0].Files { - dl.Info(&checker.LogMessage{ - Path: file.Path, - Type: file.Type, - Offset: file.Offset, - Text: fmt.Sprintf("%s detected", r.Tools[0].Name), - }) + for i := range findings { + f := &findings[i] + if f.Outcome == finding.OutcomePositive { + return checker.CreateMaxScoreResult(name, "update tool detected") + } } - // High score result. - return checker.CreateMaxScoreResult(name, "update tool detected") + return checker.CreateMinScoreResult(name, "no update tool detected") } diff --git a/checks/evaluation/dependency_update_tool_test.go b/checks/evaluation/dependency_update_tool_test.go index 68d50f610d8..62667d6c3ca 100644 --- a/checks/evaluation/dependency_update_tool_test.go +++ b/checks/evaluation/dependency_update_tool_test.go @@ -18,7 +18,6 @@ import ( "testing" "github.com/ossf/scorecard/v4/checker" - sce "github.com/ossf/scorecard/v4/errors" "github.com/ossf/scorecard/v4/finding" scut "github.com/ossf/scorecard/v4/utests" ) @@ -26,135 +25,91 @@ import ( func TestDependencyUpdateTool(t *testing.T) { t.Parallel() //nolint - type args struct { - name string - dl checker.DetailLogger - r *checker.DependencyUpdateToolData - } - //nolint tests := []struct { name string - args args - want checker.CheckResult + findings []finding.Finding err bool + want checker.CheckResult expected scut.TestReturn }{ { - name: "DependencyUpdateTool", - args: args{ - name: "DependencyUpdateTool", - dl: &scut.TestDetailLogger{}, - r: &checker.DependencyUpdateToolData{ - Tools: []checker.Tool{ - { - Name: "DependencyUpdateTool", - }, - }, + name: "dependabot", + findings: []finding.Finding{ + { + Probe: "toolDependabotInstalled", + Outcome: finding.OutcomePositive, }, }, want: checker.CheckResult{ - Score: -1, - }, - err: false, - expected: scut.TestReturn{ - Error: sce.ErrScorecardInternal, - Score: -1, + Score: 10, }, }, { - name: "empty tool list", - args: args{ - name: "DependencyUpdateTool", - dl: &scut.TestDetailLogger{}, - r: &checker.DependencyUpdateToolData{ - Tools: []checker.Tool{}, + name: "renovate", + findings: []finding.Finding{ + { + Probe: "toolRenovateInstalled", + Outcome: finding.OutcomePositive, }, }, want: checker.CheckResult{ - Score: 0, - Error: nil, - }, - err: false, - expected: scut.TestReturn{ - Score: 0, - NumberOfWarn: 1, + Score: 10, }, }, { - name: "Valid tool", - args: args{ - name: "DependencyUpdateTool", - dl: &scut.TestDetailLogger{}, - r: &checker.DependencyUpdateToolData{ - Tools: []checker.Tool{ - { - Name: "DependencyUpdateTool", - Files: []checker.File{ - { - Path: "/etc/dependency-update-tool.conf", - Snippet: ` - [dependency-update-tool] - enabled = true - `, - Type: finding.FileTypeSource, - }, - }, - }, - }, + name: "pyup", + findings: []finding.Finding{ + { + Probe: "toolPyUpInstalled", + Outcome: finding.OutcomePositive, }, }, want: checker.CheckResult{ Score: 10, - Error: nil, }, - expected: scut.TestReturn{ - Error: nil, - Score: 10, - NumberOfInfo: 1, - }, - err: false, }, { - name: "more than one tool in the list", - args: args{ - name: "DependencyUpdateTool", - dl: &scut.TestDetailLogger{}, - r: &checker.DependencyUpdateToolData{ - Tools: []checker.Tool{ - { - Name: "DependencyUpdateTool", - }, - { - Name: "DependencyUpdateTool", - }, - }, + name: "sonatype", + findings: []finding.Finding{ + { + Probe: "toolSonatypeInstalled", + Outcome: finding.OutcomePositive, }, }, want: checker.CheckResult{ - Score: -1, - Error: nil, - }, - expected: scut.TestReturn{ - Error: sce.ErrScorecardInternal, - Score: -1, + Score: 10, }, - err: false, }, { - name: "Nil r", - args: args{ - name: "nil r", - dl: &scut.TestDetailLogger{}, + name: "none", + findings: []finding.Finding{ + { + Probe: "toolDependabotInstalled", + Outcome: finding.OutcomeNegative, + }, + { + Probe: "toolRenovateInstalled", + Outcome: finding.OutcomeNegative, + }, + { + Probe: "toolPyUpInstalled", + Outcome: finding.OutcomeNegative, + }, + { + Probe: "toolSonatypeInstalled", + Outcome: finding.OutcomeNegative, + }, }, want: checker.CheckResult{ - Score: -1, - Error: nil, + Score: 0, }, - expected: scut.TestReturn{ - Error: sce.ErrScorecardInternal, - Score: -1, + }, + { + name: "empty tool list", + want: checker.CheckResult{ + Score: 0, + Error: nil, }, - err: false, }, } for _, tt := range tests { @@ -162,8 +117,7 @@ func TestDependencyUpdateTool(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - dl := scut.TestDetailLogger{} - got := DependencyUpdateTool(tt.args.name, &dl, tt.args.r) + got := DependencyUpdateTool(tt.name, tt.findings) if tt.want.Score != got.Score { t.Errorf("DependencyUpdateTool() got Score = %v, want %v for %v", got.Score, tt.want.Score, tt.name) } @@ -171,10 +125,6 @@ func TestDependencyUpdateTool(t *testing.T) { t.Errorf("DependencyUpdateTool() error = %v, want %v for %v", got.Error, tt.want.Error, tt.name) return } - - if !scut.ValidateTestReturn(t, tt.name, &tt.expected, &got, &dl) { - t.Fatalf(tt.name) - } }) } } diff --git a/checks/raw/dependency_update_tool.go b/checks/raw/dependency_update_tool.go index 68fc4a1eac3..3af013b4088 100644 --- a/checks/raw/dependency_update_tool.go +++ b/checks/raw/dependency_update_tool.go @@ -126,13 +126,11 @@ var checkDependencyFileExists fileparser.DoWhileTrueOnFilename = func(name strin }, }, }) - default: - // Continue iterating. - return true, nil } - // We found a file, no need to continue iterating. - return false, nil + // Continue iterating, even if we have found a tool. + // It's needed for all probes results to be populated. + return true, nil } func asPointer(s string) *string { diff --git a/checks/raw/dependency_update_tool_test.go b/checks/raw/dependency_update_tool_test.go index 87fb21a7055..02a3128690b 100644 --- a/checks/raw/dependency_update_tool_test.go +++ b/checks/raw/dependency_update_tool_test.go @@ -26,115 +26,84 @@ import ( func Test_checkDependencyFileExists(t *testing.T) { t.Parallel() - //nolint - type args struct { - name string - data *[]checker.Tool - } + //nolint tests := []struct { name string - args args + path string want bool wantErr bool }{ { - name: "check dependency file exists", - args: args{ - name: ".github/dependabot.yml", - data: &[]checker.Tool{}, - }, - want: false, + name: ".github/dependabot.yml", + path: ".github/dependabot.yml", + want: true, wantErr: false, }, { - name: ".other", - args: args{ - name: ".other", - data: &[]checker.Tool{}, - }, + name: ".github/dependabot.yaml", + path: ".github/dependabot.yaml", want: true, wantErr: false, }, { - name: ".github/renovate.json", - args: args{ - name: ".github/renovate.json", - data: &[]checker.Tool{}, - }, + name: ".other", + path: ".other", want: false, wantErr: false, }, { - name: ".github/renovate.json5", - args: args{ - name: ".github/renovate.json5", - data: &[]checker.Tool{}, - }, - want: false, + name: ".github/renovate.json", + path: ".github/renovate.json", + want: true, wantErr: false, }, { - name: ".renovaterc.json", - args: args{ - name: ".renovaterc.json", - data: &[]checker.Tool{}, - }, - want: false, + name: ".github/renovate.json5", + path: ".github/renovate.json5", + want: true, wantErr: false, }, { - name: "renovate.json", - args: args{ - name: "renovate.json", - data: &[]checker.Tool{}, - }, - want: false, + name: ".renovaterc.json", + path: ".renovaterc.json", + want: true, wantErr: false, }, { - name: "renovate.json5", - args: args{ - name: "renovate.json5", - data: &[]checker.Tool{}, - }, - want: false, + name: "renovate.json", + path: "renovate.json", + want: true, wantErr: false, }, { - name: ".renovaterc", - args: args{ - name: ".renovaterc", - data: &[]checker.Tool{}, - }, - want: false, + name: "renovate.json5", + path: "renovate.json5", + want: true, wantErr: false, }, { - name: ".pyup.yml", - args: args{ - name: ".pyup.yml", - data: &[]checker.Tool{}, - }, - want: false, + name: ".renovaterc", + path: ".renovaterc", + want: true, wantErr: false, }, { - name: ".lift.toml", - args: args{ - name: ".lift.toml", - data: &[]checker.Tool{}, - }, - want: false, + name: ".pyup.yml", + path: ".pyup.yml", + want: true, wantErr: false, }, { - name: ".lift/config.toml", - args: args{ - name: ".lift/config.toml", - data: &[]checker.Tool{}, - }, - want: false, + name: ".lift.toml", + path: ".lift.toml", + want: true, + wantErr: false, + }, + { + name: ".lift/config.toml", + path: ".lift/config.toml", + want: true, wantErr: false, }, } @@ -142,13 +111,17 @@ func Test_checkDependencyFileExists(t *testing.T) { tt := tt t.Run(tt.name, func(t *testing.T) { t.Parallel() - got, err := checkDependencyFileExists(tt.args.name, tt.args.data) + results := []checker.Tool{} + cont, err := checkDependencyFileExists(tt.path, &results) if (err != nil) != tt.wantErr { t.Errorf("checkDependencyFileExists() error = %v, wantErr %v", err, tt.wantErr) return } - if got != tt.want { - t.Errorf("checkDependencyFileExists() = %v, want %v for test %v", got, tt.want, tt.name) + if !cont { + t.Errorf("continue is false for %v", tt.name) + } + if tt.want != (len(results) == 1) { + t.Errorf("checkDependencyFileExists() = %v, want %v for test %v", len(results), tt.want, tt.name) } }) } diff --git a/checks/run_probes.go b/checks/run_probes.go new file mode 100644 index 00000000000..5af28ac79ed --- /dev/null +++ b/checks/run_probes.go @@ -0,0 +1,41 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package checks + +import ( + "fmt" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes" + "github.com/ossf/scorecard/v4/probes/zrunner" +) + +// evaluateProbes runs the probes in probesToRun and logs its findings. +func evaluateProbes(c *checker.CheckRequest, checkName string, + probesToRun []probes.ProbeImpl, +) ([]finding.Finding, error) { + // Run the probes. + findings, err := zrunner.Run(c.RawResults, probesToRun) + if err != nil { + return nil, fmt.Errorf("zrunner.Run: %w", err) + } + + // Log the findings. + if err := checker.LogFindings(findings, c.Dlogger); err != nil { + return nil, fmt.Errorf("LogFindings: %w", err) + } + return findings, nil +} diff --git a/e2e/dependency_update_tool_test.go b/e2e/dependency_update_tool_test.go index a580a6bb933..244c849f82f 100644 --- a/e2e/dependency_update_tool_test.go +++ b/e2e/dependency_update_tool_test.go @@ -39,16 +39,18 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) + raw := checker.RawResults{} req := checker.CheckRequest{ Ctx: context.Background(), RepoClient: repoClient, Repo: repo, Dlogger: &dl, + RawResults: &raw, } expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, - NumberOfWarn: 0, + NumberOfWarn: 3, NumberOfInfo: 1, NumberOfDebug: 0, } @@ -66,16 +68,18 @@ var _ = Describe("E2E TEST:"+checks.CheckDependencyUpdateTool, func() { err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) + raw := checker.RawResults{} req := checker.CheckRequest{ Ctx: context.Background(), RepoClient: repoClient, Repo: repo, Dlogger: &dl, + RawResults: &raw, } expected := scut.TestReturn{ Error: nil, Score: checker.MaxResultScore, - NumberOfWarn: 0, + NumberOfWarn: 3, NumberOfInfo: 1, NumberOfDebug: 0, } diff --git a/probes/entries.go b/probes/entries.go new file mode 100644 index 00000000000..84be2c51fee --- /dev/null +++ b/probes/entries.go @@ -0,0 +1,59 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package probes + +import ( + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes/toolDependabotInstalled" + "github.com/ossf/scorecard/v4/probes/toolPyUpInstalled" + "github.com/ossf/scorecard/v4/probes/toolRenovateInstalled" + "github.com/ossf/scorecard/v4/probes/toolSonatypeLiftInstalled" +) + +// ProbeImpl is the implementation of a probe. +type ProbeImpl func(*checker.RawResults) ([]finding.Finding, string, error) + +var ( + // All represents all the probes. + All []ProbeImpl + // DependencyToolUpdates is all the probes for the + // DpendencyUpdateTool check. + DependencyToolUpdates = []ProbeImpl{ + toolRenovateInstalled.Run, + toolDependabotInstalled.Run, + toolPyUpInstalled.Run, + toolSonatypeLiftInstalled.Run, + } +) + +//nolint:gochecknoinits +func init() { + All = concatMultipleProbes([][]ProbeImpl{ + DependencyToolUpdates, + }) +} + +func concatMultipleProbes(slices [][]ProbeImpl) []ProbeImpl { + var totalLen int + for _, s := range slices { + totalLen += len(s) + } + tmp := make([]ProbeImpl, 0, totalLen) + for _, s := range slices { + tmp = append(tmp, s...) + } + return tmp +} diff --git a/probes/toolDependabotInstalled/def.yml b/probes/toolDependabotInstalled/def.yml new file mode 100644 index 00000000000..e58d6e14194 --- /dev/null +++ b/probes/toolDependabotInstalled/def.yml @@ -0,0 +1,32 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +id: toolDependabotInstalled +short: Check that Dependabot is enabled +motivation: > + Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. + Dependabot automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. +implementation: > + The implemtation looks for the presence of files named ".github/dependabot.yml" or ".github/dependabot.yaml". If none of these files are found, + the implementation checks whether commits are authored by Dependabot. If none of these succeed, Dependabot is not installed. + NOTE: if the configuration files are found, the probe does not ensure that the Dependabot is run or that the Dependabot's pull requests are merged. +outcome: + - If dependendabot is installed, the probe returns OutcomePositive (1) + - If dependendabot is not installed, the probe returns OutcomeNegative (0) +remediation: + effort: Low + text: + - Follow the instructions from https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates. + markdown: + - Follow the instructions from [the official documentation](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates). \ No newline at end of file diff --git a/probes/toolDependabotInstalled/impl.go b/probes/toolDependabotInstalled/impl.go new file mode 100644 index 00000000000..1ca92087e10 --- /dev/null +++ b/probes/toolDependabotInstalled/impl.go @@ -0,0 +1,53 @@ +// Copyright 2022 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// nolint:stylecheck +package toolDependabotInstalled + +import ( + "embed" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes/utils" +) + +//go:embed *.yml +var fs embed.FS + +const probe = "toolDependabotInstalled" + +type dependabot struct{} + +func (t dependabot) Name() string { + return "Dependabot" +} + +func (t dependabot) Matches(tool *checker.Tool) bool { + return t.Name() == tool.Name +} + +func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { + tools := raw.DependencyUpdateToolResults.Tools + var matcher dependabot + // Check whether Dependabot tool is installed on the repo, + // and create the corresponding findings. + //nolint:wrapcheck + return utils.ToolsRun(tools, fs, probe, + // Tool found will generate a positive result. + finding.OutcomePositive, + // Tool not found will generate a negative result. + finding.OutcomeNegative, + matcher) +} diff --git a/probes/toolPyUpInstalled/def.yml b/probes/toolPyUpInstalled/def.yml new file mode 100644 index 00000000000..9529194cea3 --- /dev/null +++ b/probes/toolPyUpInstalled/def.yml @@ -0,0 +1,32 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +id: toolPyUpInstalled +short: Check that PyUp is installed. +motivation: > + Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. + PyUp automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. +implementation: > + The implementation looks for the presence of a file named ".pyup.yml". + If the file is not found, PyUp is not installed. + NOTE: the implementation does not ensure that PyUp is run or that PyUp's pull requests are merged. +outcome: + - If PyUp is installed, the probe returns OutcomePositive (1) + - If PyUp is not installed, the probe returns OutcomeNegative (0) +remediation: + effort: Low + text: + - Follow the instructions from https://docs.pyup.io/docs. + markdown: + - Follow the instructions from [the official documentation](https://docs.pyup.io/docs). \ No newline at end of file diff --git a/probes/toolPyUpInstalled/impl.go b/probes/toolPyUpInstalled/impl.go new file mode 100644 index 00000000000..41c58db88a1 --- /dev/null +++ b/probes/toolPyUpInstalled/impl.go @@ -0,0 +1,53 @@ +// Copyright 2022 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// nolint:stylecheck +package toolPyUpInstalled + +import ( + "embed" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes/utils" +) + +//go:embed *.yml +var fs embed.FS + +const probe = "toolPyUpInstalled" + +type pyup struct{} + +func (t pyup) Name() string { + return "PyUp" +} + +func (t pyup) Matches(tool *checker.Tool) bool { + return t.Name() == tool.Name +} + +func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { + tools := raw.DependencyUpdateToolResults.Tools + var matcher pyup + // Check whether PyUp tool is installed on the repo, + // and create the corresponding findings. + //nolint:wrapcheck + return utils.ToolsRun(tools, fs, probe, + // Tool found will generate a positive result. + finding.OutcomePositive, + // Tool not found will generate a negative result. + finding.OutcomeNegative, + matcher) +} diff --git a/probes/toolRenovateInstalled/def.yml b/probes/toolRenovateInstalled/def.yml new file mode 100644 index 00000000000..72a9f106f25 --- /dev/null +++ b/probes/toolRenovateInstalled/def.yml @@ -0,0 +1,32 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +id: toolRenovateInstalled +short: Check that Renovate bot is installed. +motivation: > + Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. + Renovate automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. +implementation: > + The implementation looks for the presence of files named ".github/renovate.json", ".github/renovate.json5", ".renovaterc.json" or. "renovate.json". + If none of these files are found, Renovate is not installed. + NOTE: the implementation does not ensure that Renovate is run or that Renovate's pull requests are merged. +outcome: + - If Renovate is installed, the probe returns OutcomePositive (1) + - If Renovate is not installed, the probe returns OutcomeNegative (0) +remediation: + effort: Low + text: + - Follow the instructions from https://docs.renovatebot.com/configuration-options/. + markdown: + - Follow the instructions from [the official documentation](https://docs.renovatebot.com/configuration-options/). \ No newline at end of file diff --git a/probes/toolRenovateInstalled/impl.go b/probes/toolRenovateInstalled/impl.go new file mode 100644 index 00000000000..a35f91662cc --- /dev/null +++ b/probes/toolRenovateInstalled/impl.go @@ -0,0 +1,53 @@ +// Copyright 2022 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// nolint:stylecheck +package toolRenovateInstalled + +import ( + "embed" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes/utils" +) + +//go:embed *.yml +var fs embed.FS + +const probe = "toolRenovateInstalled" + +type renovate struct{} + +func (t renovate) Name() string { + return "RenovateBot" +} + +func (t renovate) Matches(tool *checker.Tool) bool { + return t.Name() == tool.Name +} + +func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { + tools := raw.DependencyUpdateToolResults.Tools + var matcher renovate + // Check whether Renovate tool is installed on the repo, + // and create the corresponding findings. + //nolint:wrapcheck + return utils.ToolsRun(tools, fs, probe, + // Tool found will generate a positive result. + finding.OutcomePositive, + // Tool not found will generate a negative result. + finding.OutcomeNegative, + matcher) +} diff --git a/probes/toolSonatypeLiftInstalled/def.yml b/probes/toolSonatypeLiftInstalled/def.yml new file mode 100644 index 00000000000..e2d38e1c967 --- /dev/null +++ b/probes/toolSonatypeLiftInstalled/def.yml @@ -0,0 +1,32 @@ +# Copyright 2023 OpenSSF Scorecard Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +id: toolSonatypeLiftInstalled +short: Check that Sonatype Lyft is installed. +motivation: > + Out-of-date dependencies make a project vulnerable to known flaws and prone to attacks. + Sonatype Lyft automates the process of updating dependencies by scanning for outdated or insecure requirements, and opening a pull request to update them if found. +implementation: > + The implementation looks for the presence of files named ".lift.toml" or ".lift/config.toml". + If none of these files are found, Sonatype Lyft is not installed. + NOTE: the implementation does not ensure that Sonatype Lyft is run or that Sonatype Lyft's pull requests are merged. +outcome: + - If Sonatype Lyft is installed, the probe returns OutcomePositive (1) + - If Sonatype Lyft is not installed, the probe returns OutcomeNegative (0) +remediation: + effort: Low + text: + - Follow the instructions from https://help.sonatype.com/lift/getting-started. + markdown: + - Follow the instructions from [the official documentation](https://help.sonatype.com/lift/getting-started). \ No newline at end of file diff --git a/probes/toolSonatypeLiftInstalled/impl.go b/probes/toolSonatypeLiftInstalled/impl.go new file mode 100644 index 00000000000..a7c258fb9e8 --- /dev/null +++ b/probes/toolSonatypeLiftInstalled/impl.go @@ -0,0 +1,53 @@ +// Copyright 2022 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// nolint:stylecheck +package toolSonatypeLiftInstalled + +import ( + "embed" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes/utils" +) + +//go:embed *.yml +var fs embed.FS + +const probe = "toolSonatypeLiftInstalled" + +type sonatypeLyft struct{} + +func (t sonatypeLyft) Name() string { + return "Sonatype Lift" +} + +func (t sonatypeLyft) Matches(tool *checker.Tool) bool { + return t.Name() == tool.Name +} + +func Run(raw *checker.RawResults) ([]finding.Finding, string, error) { + tools := raw.DependencyUpdateToolResults.Tools + var matcher sonatypeLyft + // Check whether Sona Lyft tool is installed on the repo, + // and create the corresponding findings. + //nolint:wrapcheck + return utils.ToolsRun(tools, fs, probe, + // Tool found will generate a positive result. + finding.OutcomePositive, + // Tool not found will generate a negative result. + finding.OutcomeNegative, + matcher) +} diff --git a/probes/utils/tools.go b/probes/utils/tools.go new file mode 100644 index 00000000000..c802126fe16 --- /dev/null +++ b/probes/utils/tools.go @@ -0,0 +1,69 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package utils + +import ( + "embed" + "fmt" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/finding" +) + +type toolMatcher interface { + Name() string + Matches(*checker.Tool) bool +} + +// ToolsRun runs the probe for a tool. +// The function iterates thru the raw results and searches for a tool of interest that is used on a repository. +// The function uses 'matcher' to identify the tool of interest. +// If a tool is used in the repository, it creates a finding with the 'foundOutcome'. +// If not, it returns a finding with outcome 'notFoundOutcome'. +func ToolsRun(tools []checker.Tool, fs embed.FS, probeID string, + foundOutcome, notFoundOutcome finding.Outcome, matcher toolMatcher, +) ([]finding.Finding, string, error) { + var findings []finding.Finding + for i := range tools { + tool := &tools[i] + if !matcher.Matches(tool) { + continue + } + + var loc *finding.Location + if len(tool.Files) > 0 { + loc = tool.Files[0].Location() + } + + f, err := finding.NewWith(fs, probeID, fmt.Sprintf("tool '%s' is used", tool.Name), + loc, foundOutcome) + if err != nil { + return nil, probeID, fmt.Errorf("create finding: %w", err) + } + findings = append(findings, *f) + } + + // No tools found. + if len(findings) == 0 { + f, err := finding.NewWith(fs, probeID, fmt.Sprintf("tool '%s' is not used", matcher.Name()), + nil, notFoundOutcome) + if err != nil { + return nil, probeID, fmt.Errorf("create finding: %w", err) + } + findings = append(findings, *f) + } + + return findings, probeID, nil +} diff --git a/probes/zrunner/runner.go b/probes/zrunner/runner.go new file mode 100644 index 00000000000..e8c837bbcd4 --- /dev/null +++ b/probes/zrunner/runner.go @@ -0,0 +1,51 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package zrunner + +import ( + "errors" + "fmt" + + "github.com/ossf/scorecard/v4/checker" + serrors "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/probes" +) + +var errProbeRun = errors.New("probe run failure") + +// Run runs the probes in probesToRun. +func Run(raw *checker.RawResults, probesToRun []probes.ProbeImpl) ([]finding.Finding, error) { + var results []finding.Finding + var errs []error + for _, probeFunc := range probesToRun { + findings, probeID, err := probeFunc(raw) + if err != nil { + errs = append(errs, err) + results = append(results, + finding.Finding{ + Probe: probeID, + Outcome: finding.OutcomeError, + Message: serrors.WithMessage(serrors.ErrScorecardInternal, err.Error()).Error(), + }) + continue + } + results = append(results, findings...) + } + if len(errs) > 0 { + return results, fmt.Errorf("%w: %v", errProbeRun, errs) + } + return results, nil +} From 0888bad6499b8e9c56c13018a45c74ab19dba6e3 Mon Sep 17 00:00:00 2001 From: Amanda L Martin Date: Tue, 23 May 2023 11:19:27 -0400 Subject: [PATCH 201/316] add zoom link and agenda link (#3050) Signed-off-by: Amanda L Martin --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 28304015908..49c8665fe01 100644 --- a/README.md +++ b/README.md @@ -559,6 +559,17 @@ __Maintainers__ are listed in the [CODEOWNERS file](.github/CODEOWNERS). To report a security issue, please follow instructions [here](SECURITY.md). +### Join the Scorecards Project Meeting + +#### Zoom + +We meet every other Thursday - 4p ET on this [zoom link](https://zoom.us/j/98835923979?pwd=RG5JZ3czZEtmRDlGdms0ZktmMFQvUT09). + +#### Agenda + +You can see the [agenda and meeting notes here](https://docs.google.com/document/d/1dB2U7_qZpNW96vtuoG7ShmgKXzIg6R5XT5Tc-0yz6kE/edit#). + + ## Stargazers over time [![Stargazers over time](https://starchart.cc/ossf/scorecard.svg)](https://starchart.cc/ossf/scorecard) From c631ebd7fb4014e1dd921a839f6d3b0966324002 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 23 May 2023 12:53:57 -0500 Subject: [PATCH 202/316] :seedling: Run E2E PAT test for push to main (#3046) - Add E2E PAT tests for push to main. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/integration.yml | 3 --- .github/workflows/main.yml | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 3b993c37bc7..b51ac6d013a 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -16,9 +16,6 @@ name: Integration tests on: - push: - branches: - - main # The e2e coverage is required to be run on main branch to get the coverage report pull_request: branches: - main diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9f7d00f5b2b..285c8eb046b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -70,6 +70,20 @@ jobs: with: files: ./unit-coverage.out verbose: true + - name: Run PAT Token E2E #using retry because the GitHub token is being throttled. + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + env: + GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} + with: + max_attempts: 3 + retry_on: error + timeout_minutes: 30 + command: make e2e-pat + - name: codecov + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 + with: + files: "*e2e-coverage.out" + verbose: true generate-mocks: name: generate-mocks runs-on: ubuntu-latest From e0a6d1544b95775d2b3b96f3b0b2119beadfbac2 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 23 May 2023 13:36:26 -0500 Subject: [PATCH 203/316] Update main.yml (#3054) -Fixed the YAML indenting issue. Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> --- .github/workflows/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 285c8eb046b..60c65de0569 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -71,17 +71,17 @@ jobs: files: ./unit-coverage.out verbose: true - name: Run PAT Token E2E #using retry because the GitHub token is being throttled. - uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd - env: + uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} - with: + with: max_attempts: 3 retry_on: error timeout_minutes: 30 command: make e2e-pat - name: codecov - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 - with: + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 + with: files: "*e2e-coverage.out" verbose: true generate-mocks: From 30fd0ca41359b369f530ac6d72916bfb23368e6e Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 24 May 2023 08:00:49 -0700 Subject: [PATCH 204/316] only run e2e pat on push (#3056) Signed-off-by: Spencer Schrock --- .github/workflows/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 60c65de0569..36f16e94a56 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,6 +72,7 @@ jobs: verbose: true - name: Run PAT Token E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd + if: ${{ github.event_name != 'pull_request' }} env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} with: @@ -81,6 +82,7 @@ jobs: command: make e2e-pat - name: codecov uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # 2.1.0 + if: ${{ github.event_name != 'pull_request' }} with: files: "*e2e-coverage.out" verbose: true From e8bfa3958322209db6b07a2d2664e205e27bde6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 15:23:00 +0000 Subject: [PATCH 205/316] :seedling: Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 38 ++++++++++++++------------------------ 2 files changed, 20 insertions(+), 30 deletions(-) diff --git a/go.mod b/go.mod index fcca8727799..08382a56ddf 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 - github.com/go-git/go-git/v5 v5.6.1 + github.com/go-git/go-git/v5 v5.7.0 github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 github.com/google/go-cmp v0.5.9 @@ -97,7 +97,7 @@ require ( github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/prometheus/prometheus v0.42.0 // indirect - github.com/skeema/knownhosts v1.1.0 // indirect + github.com/skeema/knownhosts v1.1.1 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.5.0 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect @@ -123,7 +123,7 @@ require ( cloud.google.com/go/iam v0.13.0 // indirect cloud.google.com/go/storage v1.29.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/aws/aws-sdk-go v1.44.200 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect @@ -136,7 +136,7 @@ require ( github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.13.0 // indirect - github.com/go-git/gcfg v1.5.0 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect @@ -147,7 +147,7 @@ require ( github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect github.com/googleapis/gax-go/v2 v2.8.0 // indirect - github.com/imdario/mergo v0.3.13 // indirect + github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -169,7 +169,7 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - golang.org/x/crypto v0.7.0 // indirect + golang.org/x/crypto v0.9.0 // indirect golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.8.0 diff --git a/go.sum b/go.sum index 0c626b2190e..f9f2cebf499 100644 --- a/go.sum +++ b/go.sum @@ -543,8 +543,9 @@ github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:m github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 h1:ZK3C5DtzV2nVAQTx5S5jQvMeDqWtD1By5mOoyY/xJek= +github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= @@ -569,7 +570,6 @@ github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/arrow/go/v12 v12.0.0 h1:xtZE63VWl7qLdB0JObIXvvhGjoVNrQ9ciIHG2OK5cmc= github.com/apache/arrow/go/v12 v12.0.0/go.mod h1:d+tV/eHZZ7Dz7RPrFKtPK02tpr+c9/PEd/zm8mDS9Vg= @@ -898,6 +898,7 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= @@ -955,16 +956,13 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= -github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= -github.com/go-git/go-git-fixtures/v4 v4.3.1 h1:y5z6dd3qi8Hl+stezc8p3JxDkoTRqMAlKnXHuzrfjTQ= -github.com/go-git/go-git-fixtures/v4 v4.3.1/go.mod h1:8LHG1a3SRW71ettAD/jW13h8c6AqjVSeL11RAdgaqpo= -github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk= -github.com/go-git/go-git/v5 v5.6.1/go.mod h1:mvyoL6Unz0PiTQrGQfSfiLFhBH1c1e84ylC2MDs4ee8= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= +github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1378,8 +1376,8 @@ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= +github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -1596,7 +1594,6 @@ github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im3VujLYM= github.com/moby/buildkit v0.11.6 h1:VYNdoKk5TVxN7k4RvZgdeM4GOyRvIi4Z8MXOY7xvyUs= github.com/moby/buildkit v0.11.6/go.mod h1:GCqKfHhz+pddzfgaR7WmHVEE3nKKZMMDPpK8mh3ZLv4= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= @@ -1869,8 +1866,8 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= -github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= +github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= @@ -2110,7 +2107,6 @@ go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= gocloud.dev v0.29.0 h1:fBy0jwJSmxs0IjT0fE32MO+Mj+307VZQwyHaTyFZbC4= gocloud.dev v0.29.0/go.mod h1:E3dAjji80g+lIkq4CQeF/BTWqv1CBeTftmOb+gpyapQ= -golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2151,16 +2147,15 @@ golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2291,7 +2286,6 @@ golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220805013720-a33c5aa5df48/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20220921155015-db77216a4ee9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= @@ -2303,7 +2297,6 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= @@ -2508,7 +2501,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2527,7 +2519,6 @@ golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= @@ -3001,7 +2992,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= From 387edee26ae98bb3851f7dd9bba893af37f64b4e Mon Sep 17 00:00:00 2001 From: dasfreak Date: Wed, 24 May 2023 18:01:11 +0200 Subject: [PATCH 206/316] :book: :ghost: fix anchor link to the code review section (#3058) * fix anchor link to code-review in checks.yaml Signed-off-by: dasfreak Signed-off-by: Marc Ohm * generate checks.md Signed-off-by: Marc Ohm --------- Signed-off-by: dasfreak Signed-off-by: Marc Ohm --- docs/checks.md | 4 ++-- docs/checks/internal/checks.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/checks.md b/docs/checks.md index 339e26e8d88..975eb407877 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -93,7 +93,7 @@ Different types of branch protection protect against different risks: Although requiring code review can greatly reduce the chance that unintentional or malicious code enters the "main" branch, it is not feasible for all projects, such as those that don't have many active participants. For more -discussion, see [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-reviews). +discussion, see [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-review). Additionally, in some cases these rules will need to be suspended. For example, if a past commit includes illegal content such as child pornography, it may be @@ -257,7 +257,7 @@ those contributors must have had at least 5 commits in the last 30 commits. Note: Some projects cannot meet this requirement, such as small projects with only one active participant, or projects with a narrow scope that cannot attract the interest of multiple organizations. See -[Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-reviews) +[Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-review) for more information about evaluating projects with a small number of participants. diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index e5db1e2dc10..1f38d6c4d35 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -182,7 +182,7 @@ checks: Although requiring code review can greatly reduce the chance that unintentional or malicious code enters the "main" branch, it is not feasible for all projects, such as those that don't have many active participants. For more - discussion, see [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-reviews). + discussion, see [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-review). Additionally, in some cases these rules will need to be suspended. For example, if a past commit includes illegal content such as child pornography, it may be @@ -372,7 +372,7 @@ checks: Note: Some projects cannot meet this requirement, such as small projects with only one active participant, or projects with a narrow scope that cannot attract the interest of multiple organizations. See - [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-reviews) + [Code Reviews](https://github.com/ossf/scorecard/blob/main/docs/checks.md#code-review) for more information about evaluating projects with a small number of participants. remediation: From 3db4e2f47e86c0174c385e77b237a4c04f060d80 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 24 May 2023 14:46:11 -0400 Subject: [PATCH 207/316] =?UTF-8?q?=F0=9F=90=9B=20Gitlab:=20Tests=20(#3027?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix tests Signed-off-by: Raghav Kaul * use projectID instead of project where applicable Signed-off-by: Raghav Kaul * pass ref as listcommitoption Signed-off-by: Raghav Kaul * update tests * CI-Tests: check if score > 0. pull request client is limited and can't go back to arbitrary pull requests. CI-Tests don't run on forks, so this can't be pinned either. But, for active repositories, we typically expect *some* tests to be run Signed-off-by: Raghav Kaul * fix commitshandler commitSHA tests Signed-off-by: Raghav Kaul * update tests Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> --- clients/gitlabrepo/client.go | 3 ++- clients/gitlabrepo/commits.go | 9 +++++++-- clients/gitlabrepo/graphql.go | 7 ++++--- clients/gitlabrepo/graphql_test.go | 11 +++++++---- e2e/ci_tests_test.go | 4 ++-- e2e/code_review_test.go | 10 ++++++---- 6 files changed, 28 insertions(+), 16 deletions(-) diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index 4294a8a9912..5b16a0fc8c9 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -164,11 +164,12 @@ func (client *Client) ListCommits() ([]clients.Commit, error) { return []clients.Commit{}, err } + before := commitsRaw[0].CommittedDate // Get merge request details from GraphQL // GitLab REST API doesn't provide a way to link Merge Requests and Commits that // are within them without making a REST call for each commit (~30 by default) // Making 1 GraphQL query to combine the results of 2 REST calls, we avoid this - mrDetails, err := client.graphql.getMergeRequestsDetail() + mrDetails, err := client.graphql.getMergeRequestsDetail(before) if err != nil { return []clients.Commit{}, err } diff --git a/clients/gitlabrepo/commits.go b/clients/gitlabrepo/commits.go index 99848f927c0..1303a203672 100644 --- a/clients/gitlabrepo/commits.go +++ b/clients/gitlabrepo/commits.go @@ -41,7 +41,12 @@ func (handler *commitsHandler) init(repourl *repoURL) { func (handler *commitsHandler) setup() error { handler.once.Do(func() { - commits, _, err := handler.glClient.Commits.ListCommits(handler.repourl.projectID, &gitlab.ListCommitsOptions{}) + commits, _, err := handler.glClient.Commits.ListCommits( + handler.repourl.projectID, + &gitlab.ListCommitsOptions{ + RefName: &handler.repourl.commitSHA, + }, + ) if err != nil { handler.errSetup = fmt.Errorf("request for commits failed with %w", err) return @@ -60,7 +65,7 @@ func (handler *commitsHandler) listRawCommits() ([]*gitlab.Commit, error) { return handler.commitsRaw, nil } -// zip combines Commit and MergeRequest information from the GitLab REST API with +// zip combines Commit information from the GitLab REST API with MergeRequests // information from the GitLab GraphQL API. The REST API doesn't provide any way to // get from Commits -> MRs that they were part of or vice-versa (MRs -> commits they // contain), except through a separate API call. Instead of calling the REST API diff --git a/clients/gitlabrepo/graphql.go b/clients/gitlabrepo/graphql.go index 2d5e76541f4..4b3b38695d8 100644 --- a/clients/gitlabrepo/graphql.go +++ b/clients/gitlabrepo/graphql.go @@ -54,7 +54,7 @@ type graphqlData struct { Project struct { MergeRequests struct { Nodes []graphqlMergeRequestNode `graphql:"nodes"` - } `graphql:"mergeRequests(sort: MERGED_AT_DESC, state: merged)"` + } `graphql:"mergeRequests(sort: MERGED_AT_DESC, state: merged, mergedBefore: $mergedBefore)"` } `graphql:"project(fullPath: $fullPath)"` QueryComplexity struct { Limit int `graphql:"limit"` @@ -127,11 +127,12 @@ func (g *GitlabGID) UnmarshalJSON(data []byte) error { return nil } -func (handler *graphqlHandler) getMergeRequestsDetail() (graphqlData, error) { +func (handler *graphqlHandler) getMergeRequestsDetail(before *time.Time) (graphqlData, error) { data := graphqlData{} path := fmt.Sprintf("%s/%s", handler.repourl.owner, handler.repourl.project) params := map[string]interface{}{ - "fullPath": path, + "fullPath": path, + "mergedBefore": before, } err := handler.graphClient.Query(context.Background(), &data, params) if err != nil { diff --git a/clients/gitlabrepo/graphql_test.go b/clients/gitlabrepo/graphql_test.go index 37e54dd4eef..ce3e8ec4054 100644 --- a/clients/gitlabrepo/graphql_test.go +++ b/clients/gitlabrepo/graphql_test.go @@ -19,6 +19,7 @@ import ( "fmt" "os" "testing" + "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -30,13 +31,13 @@ func TestGitlabRepoE2E(t *testing.T) { } t.Parallel() RegisterFailHandler(Fail) - RunSpecs(t, "Githubrepo Suite") + RunSpecs(t, "GitLab Repo Suite") } var _ = Describe("E2E TEST: gitlabrepo.graphqlHandler", func() { var graphqlhandler graphqlHandler - Context("E2E TEST: Confirm query result", func() { + Context("E2E TEST: Confirm query result - GitLab", func() { It("Should have sufficient number of merge requests", func() { repo, err := MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") Expect(err).Should(BeNil()) @@ -46,7 +47,8 @@ var _ = Describe("E2E TEST: gitlabrepo.graphqlHandler", func() { path := fmt.Sprintf("%s/%s", graphqlhandler.repourl.owner, graphqlhandler.repourl.project) params := map[string]interface{}{ - "fullPath": path, + "fullPath": path, + "mergedBefore": time.Now(), } err = graphqlhandler.graphClient.Query(context.Background(), &data, params) Expect(err).Should(BeNil()) @@ -65,7 +67,8 @@ var _ = Describe("E2E TEST: gitlabrepo.graphqlHandler", func() { path := fmt.Sprintf("%s/%s", graphqlhandler.repourl.owner, graphqlhandler.repourl.project) params := map[string]interface{}{ - "fullPath": path, + "fullPath": path, + "mergedBefore": time.Now(), } err = graphqlhandler.graphClient.Query(context.Background(), &data, params) Expect(err).Should(BeNil()) diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 58cb56ace61..945f078294d 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -122,7 +122,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { } expected := scut.TestReturn{ Error: nil, - Score: 0, + Score: 8, NumberOfWarn: 0, NumberOfInfo: 0, NumberOfDebug: 13, @@ -151,7 +151,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { } expected := scut.TestReturn{ Error: nil, - Score: 3, + Score: 10, NumberOfWarn: 0, NumberOfInfo: 0, NumberOfDebug: 1, diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 1278e1b94dc..69e5e1748cb 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -169,8 +169,9 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Error: nil, - Score: 3, + Error: nil, + Score: 0, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) @@ -197,8 +198,9 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Error: nil, - Score: checker.MinResultScore, + Error: nil, + Score: checker.MinResultScore, + NumberOfDebug: 1, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) From 5d5d1a04c8feb7075275706fe1067af4113d1c86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 May 2023 14:29:47 -0500 Subject: [PATCH 208/316] :seedling: Bump github.com/goreleaser/nfpm/v2 in /tools (#3060) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.28.0 to 2.29.0. - [Release notes](https://github.com/goreleaser/nfpm/releases) - [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml) - [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/nfpm/v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 8 ++++---- tools/go.sum | 15 ++++++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 0b2008b3304..3bdb7bfd103 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -195,7 +195,7 @@ require ( github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect github.com/goreleaser/chglog v0.4.2 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect - github.com/goreleaser/nfpm/v2 v2.28.0 // indirect + github.com/goreleaser/nfpm/v2 v2.29.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect @@ -225,8 +225,8 @@ require ( github.com/kisielk/errcheck v1.6.3 // indirect github.com/kisielk/gotool v1.0.0 // indirect github.com/kkHAIKE/contextcheck v1.1.4 // indirect - github.com/klauspost/compress v1.16.3 // indirect - github.com/klauspost/pgzip v1.2.5 // indirect + github.com/klauspost/compress v1.16.5 // indirect + github.com/klauspost/pgzip v1.2.6 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.6 // indirect github.com/kylelemons/godebug v1.1.0 // indirect @@ -313,7 +313,7 @@ require ( github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect github.com/stretchr/objx v0.5.0 // indirect - github.com/stretchr/testify v1.8.2 // indirect + github.com/stretchr/testify v1.8.3 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect github.com/tdakkota/asciicheck v0.2.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 5441423c151..f6b59dc14ca 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1496,8 +1496,8 @@ github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+ github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= github.com/goreleaser/goreleaser v1.18.2 h1:qeNrKKVOHWEs1+/+a6jwASj7g9yg1R4vfLVlo0Beyro= github.com/goreleaser/goreleaser v1.18.2/go.mod h1:CfWAXthyGOTzUgubl1FdAtkAgSW69XuRHF6KcA9IrLc= -github.com/goreleaser/nfpm/v2 v2.28.0 h1:BLKOrJpyBrO/LQ7XQP/mICDBqq6K3iX1cqZIMYKUbCc= -github.com/goreleaser/nfpm/v2 v2.28.0/go.mod h1:cMwzgk+6Irs3+ZKD6Lz/ADJ8qsVmJxYPlE3/wOxAfVA= +github.com/goreleaser/nfpm/v2 v2.29.0 h1:QW7MD5Od8ePAWqvC+kGQiF8OH5JkSKV+HcblcT0NX6A= +github.com/goreleaser/nfpm/v2 v2.29.0/go.mod h1:+O8Rgz7geEXG1ym2Yl8CGPg5nP2LRuCgkBK6CQF+Q3c= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -1748,10 +1748,10 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY= -github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= -github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= -github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= +github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= +github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= +github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -2329,8 +2329,9 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= From f997b2720d4a64ebccdd280ba533906aae315684 Mon Sep 17 00:00:00 2001 From: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 24 May 2023 14:43:36 -0700 Subject: [PATCH 209/316] =?UTF-8?q?=E2=9C=A8=20Gitlab:=20Add=20projects=20?= =?UTF-8?q?to=20cron=20(#2936)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cron: add gitlab projects * support gitlab client * simplify gitlab detection Signed-off-by: Raghav Kaul * fix MakeGitlabRepo * shortcut when repo url is github.com * fixes add-projects, validate-projects Signed-off-by: Raghav Kaul * Move gitlab repos to release controller Signed-off-by: Raghav Kaul * Add csv headers Signed-off-by: Raghav Kaul * Use gitlab.WithBaseURL Signed-off-by: Raghav Kaul * formatting & logging Signed-off-by: Raghav Kaul * remove spurious test Signed-off-by: Raghav Kaul * consolidate logic Signed-off-by: Raghav Kaul * Turn on experimental flag Signed-off-by: Raghav Kaul * Add projects Signed-off-by: Raghav Kaul * Update client Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- checker/client.go | 27 +- clients/gitlabrepo/client.go | 21 +- clients/gitlabrepo/client_test.go | 2 +- clients/gitlabrepo/commits_test.go | 2 +- clients/gitlabrepo/contributors_test.go | 2 +- clients/gitlabrepo/repo.go | 9 +- clients/gitlabrepo/repo_test.go | 12 +- cron/config/config.yaml | 2 +- cron/config/config_test.go | 2 +- cron/data/iterator.go | 12 +- cron/data/iterator_test.go | 59 +++- cron/data/testdata/basic-gitlab-only.csv | 3 + cron/data/testdata/basic-with-gitlab.csv | 6 + cron/data/testdata/failing_urls.csv | 2 +- cron/data/writer_test.go | 10 + .../data/gitlab-projects-selected.csv | 253 ++++++++++++++++++ cron/internal/data/validate/main.go | 2 +- cron/internal/emulator/config.yaml | 2 +- cron/internal/worker/main.go | 57 +++- cron/k8s/controller.release.yaml | 6 +- cron/k8s/worker.release.yaml | 2 + e2e/ci_tests_test.go | 5 +- e2e/code_review_test.go | 5 +- e2e/license_test.go | 4 +- e2e/maintained_test.go | 2 +- e2e/security_policy_test.go | 4 +- 26 files changed, 441 insertions(+), 72 deletions(-) create mode 100644 cron/data/testdata/basic-gitlab-only.csv create mode 100644 cron/data/testdata/basic-with-gitlab.csv create mode 100644 cron/internal/data/gitlab-projects-selected.csv diff --git a/checker/client.go b/checker/client.go index b6931a7dec1..7a28b2771f4 100644 --- a/checker/client.go +++ b/checker/client.go @@ -57,29 +57,14 @@ func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logge _, experimental := os.LookupEnv("SCORECARD_EXPERIMENTAL") var repoClient clients.RepoClient - //nolint:nestif - if experimental && glrepo.DetectGitLab(repoURI) { + if experimental { repo, makeRepoError = glrepo.MakeGitlabRepo(repoURI) - if makeRepoError != nil { - return repo, - nil, - nil, - nil, - nil, - fmt.Errorf("getting local directory client: %w", makeRepoError) + if repo != nil && makeRepoError == nil { + repoClient, makeRepoError = glrepo.CreateGitlabClient(ctx, repo.Host()) } + } - var err error - repoClient, err = glrepo.CreateGitlabClientWithToken(ctx, os.Getenv("GITLAB_AUTH_TOKEN"), repo) - if err != nil { - return repo, - nil, - nil, - nil, - nil, - fmt.Errorf("error creating gitlab client: %w", err) - } - } else { + if makeRepoError != nil || repo == nil { repo, makeRepoError = ghrepo.MakeGithubRepo(repoURI) if makeRepoError != nil { return repo, @@ -87,7 +72,7 @@ func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logge nil, nil, nil, - fmt.Errorf("getting local directory client: %w", makeRepoError) + fmt.Errorf("error making github repo: %w", makeRepoError) } repoClient = ghrepo.CreateGithubRepoClient(ctx, logger) } diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index 5b16a0fc8c9..1254118fffc 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "log" + "os" "time" "github.com/xanzy/go-gitlab" @@ -250,8 +251,13 @@ func (client *Client) Close() error { return nil } -func CreateGitlabClientWithToken(ctx context.Context, token string, repo clients.Repo) (clients.RepoClient, error) { - client, err := gitlab.NewClient(token, gitlab.WithBaseURL(repo.Host())) +func CreateGitlabClient(ctx context.Context, host string) (clients.RepoClient, error) { + token := os.Getenv("GITLAB_AUTH_TOKEN") + return CreateGitlabClientWithToken(ctx, token, host) +} + +func CreateGitlabClientWithToken(ctx context.Context, token, host string) (clients.RepoClient, error) { + client, err := gitlab.NewClient(token, gitlab.WithBaseURL(host)) if err != nil { return nil, fmt.Errorf("could not create gitlab client with error: %w", err) } @@ -308,14 +314,3 @@ func CreateGitlabClientWithToken(ctx context.Context, token string, repo clients func CreateOssFuzzRepoClient(ctx context.Context, logger *log.Logger) (clients.RepoClient, error) { return nil, fmt.Errorf("%w, oss fuzz currently only supported for github repos", clients.ErrUnsupportedFeature) } - -// DetectGitLab: check whether the repoURI is a GitLab URI -// Makes HTTP request to GitLab API. -func DetectGitLab(repoURI string) bool { - var repo repoURL - if err := repo.parse(repoURI); err != nil { - return false - } - - return repo.IsValid() == nil -} diff --git a/clients/gitlabrepo/client_test.go b/clients/gitlabrepo/client_test.go index e4caa108e0a..8a92d634dbb 100644 --- a/clients/gitlabrepo/client_test.go +++ b/clients/gitlabrepo/client_test.go @@ -41,7 +41,7 @@ func Test_InitRepo(t *testing.T) { t.Error("couldn't make gitlab repo", err) } - client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + client, err := CreateGitlabClient(context.Background(), repo.Host()) if err != nil { t.Error("couldn't make gitlab client", err) } diff --git a/clients/gitlabrepo/commits_test.go b/clients/gitlabrepo/commits_test.go index cb29f7c1af0..93c179faee2 100644 --- a/clients/gitlabrepo/commits_test.go +++ b/clients/gitlabrepo/commits_test.go @@ -42,7 +42,7 @@ func Test_Setup(t *testing.T) { t.Error("couldn't make gitlab repo", err) } - client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + client, err := CreateGitlabClient(context.Background(), repo.Host()) if err != nil { t.Error("couldn't make gitlab client", err) } diff --git a/clients/gitlabrepo/contributors_test.go b/clients/gitlabrepo/contributors_test.go index cbb1ced3a38..50eab3d79c0 100644 --- a/clients/gitlabrepo/contributors_test.go +++ b/clients/gitlabrepo/contributors_test.go @@ -48,7 +48,7 @@ func Test_ContributorsSetup(t *testing.T) { t.Error("couldn't make gitlab repo", err) } - client, err := CreateGitlabClientWithToken(context.Background(), "", repo) + client, err := CreateGitlabClientWithToken(context.Background(), "", repo.Host()) if err != nil { t.Error("couldn't make gitlab client", err) } diff --git a/clients/gitlabrepo/repo.go b/clients/gitlabrepo/repo.go index 24dcaba9d1d..65a4478306c 100644 --- a/clients/gitlabrepo/repo.go +++ b/clients/gitlabrepo/repo.go @@ -17,6 +17,7 @@ package gitlabrepo import ( + "errors" "fmt" "net/url" "strings" @@ -38,6 +39,8 @@ type repoURL struct { metadata []string } +var errInvalidGitlabRepoURL = errors.New("repo is not a gitlab repo") + // Parses input string into repoURL struct /* * Accepted input string formats are as follows: @@ -98,6 +101,10 @@ func (r *repoURL) IsValid() error { return nil } + if strings.EqualFold(r.host, "github.com") { + return fmt.Errorf("%w: %s", errInvalidGitlabRepoURL, r.host) + } + client, err := gitlab.NewClient("", gitlab.WithBaseURL(fmt.Sprintf("%s://%s", r.scheme, r.host))) if err != nil { return sce.WithMessage(err, @@ -141,7 +148,7 @@ func MakeGitlabRepo(input string) (clients.Repo, error) { return nil, fmt.Errorf("error during parse: %w", err) } if err := repo.IsValid(); err != nil { - return nil, fmt.Errorf("error n IsValid: %w", err) + return nil, fmt.Errorf("error in IsValid: %w", err) } return &repo, nil } diff --git a/clients/gitlabrepo/repo_test.go b/clients/gitlabrepo/repo_test.go index 798be39d0bf..87b36894355 100644 --- a/clients/gitlabrepo/repo_test.go +++ b/clients/gitlabrepo/repo_test.go @@ -119,7 +119,7 @@ func TestRepoURL_IsValid(t *testing.T) { } } -func TestRepoURL_DetectGitlab(t *testing.T) { +func TestRepoURL_MakeGitLabRepo(t *testing.T) { tests := []struct { repouri string expected bool @@ -157,9 +157,13 @@ func TestRepoURL_DetectGitlab(t *testing.T) { if tt.flagRequired && os.Getenv("TEST_GITLAB_EXTERNAL") == "" { continue } - g := DetectGitLab(tt.repouri) - if g != tt.expected { - t.Errorf("got %s isgitlab: %t expected %t", tt.repouri, g, tt.expected) + g, err := MakeGitlabRepo(tt.repouri) + if (g != nil) != (err == nil) { + t.Errorf("got gitlabrepo: %s with err %s", g, err) + } + isGitlab := g != nil && err == nil + if isGitlab != tt.expected { + t.Errorf("got %s isgitlab: %t expected %t", tt.repouri, isGitlab, tt.expected) } } } diff --git a/cron/config/config.yaml b/cron/config/config.yaml index ed5453e1b06..9fd9cf8a9da 100644 --- a/cron/config/config.yaml +++ b/cron/config/config.yaml @@ -45,7 +45,7 @@ additional-params: # TODO(#859): Re-add Contributors after fixing inconsistencies. # TODO: Dependency-Update-Tool and SAST are search heavy # TODO: Vulnerabilities is slow on repos with lots of dependencies - blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool + blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,Webhooks cii-data-bucket-url: gs://ossf-scorecard-cii-data # Raw results. raw-bigquery-table: scorecard-rawdata diff --git a/cron/config/config_test.go b/cron/config/config_test.go index 54afb6601e7..536393a2335 100644 --- a/cron/config/config_test.go +++ b/cron/config/config_test.go @@ -34,7 +34,7 @@ const ( prodCompletionThreshold = 0.99 prodWebhookURL = "" prodCIIDataBucket = "gs://ossf-scorecard-cii-data" - prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool" + prodBlacklistedChecks = "CI-Tests,Contributors,Dependency-Update-Tool,Webhooks" prodShardSize int = 10 prodMetricExporter string = "stackdriver" prodMetricStackdriverPrefix string = "scorecard-cron" diff --git a/cron/data/iterator.go b/cron/data/iterator.go index 00d61ee358f..66f0982cf3f 100644 --- a/cron/data/iterator.go +++ b/cron/data/iterator.go @@ -24,6 +24,7 @@ import ( "github.com/jszwec/csvutil" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" ) // Iterator interface is used to iterate through list of input repos for the cron job. @@ -83,9 +84,14 @@ func (reader *csvIterator) Next() (RepoFormat, error) { if reader.err != nil { return reader.next, fmt.Errorf("reader has error: %w", reader.err) } - // Sanity check valid GitHub URL. - if _, err := githubrepo.MakeGithubRepo(reader.next.Repo); err != nil { - return reader.next, fmt.Errorf("invalid GitHub URL: %w", err) + + repoURI := reader.next.Repo + + // validate gitlab or github url + if _, err := gitlabrepo.MakeGitlabRepo(repoURI); err != nil { + if _, err := githubrepo.MakeGithubRepo(repoURI); err != nil { + return reader.next, fmt.Errorf("invalid URL, neither github nor gitlab: %w", err) + } } return reader.next, nil } diff --git a/cron/data/iterator_test.go b/cron/data/iterator_test.go index 8091d615022..69572b872be 100644 --- a/cron/data/iterator_test.go +++ b/cron/data/iterator_test.go @@ -64,6 +64,63 @@ func TestCsvIterator(t *testing.T) { }, }, }, + { + name: "BasicGitlabOnly", + filename: "testdata/basic-gitlab-only.csv", + outcomes: []outcome{ + { + hasError: false, + repo: RepoFormat{ + Repo: "gitlab.com/owner1/repo1", + }, + }, + { + hasError: false, + repo: RepoFormat{ + Repo: "gitlab.com/owner3/path1/repo2", + Metadata: []string{"meta"}, + }, + }, + }, + }, + { + name: "BasicWithGitlab", + filename: "testdata/basic-with-gitlab.csv", + outcomes: []outcome{ + { + hasError: false, + repo: RepoFormat{ + Repo: "github.com/owner1/repo1", + }, + }, + { + hasError: false, + repo: RepoFormat{ + Repo: "github.com/owner2/repo2", + }, + }, + { + hasError: false, + repo: RepoFormat{ + Repo: "github.com/owner3/repo3", + Metadata: []string{"meta"}, + }, + }, + { + hasError: false, + repo: RepoFormat{ + Repo: "gitlab.com/owner1/repo1", + }, + }, + { + hasError: false, + repo: RepoFormat{ + Repo: "gitlab.com/owner3/path1/repo2", + Metadata: []string{"meta"}, + }, + }, + }, + }, { name: "Comment", filename: "testdata/comment.csv", @@ -95,7 +152,7 @@ func TestCsvIterator(t *testing.T) { outcomes: []outcome{ { hasError: true, - expectedErr: sce.ErrorUnsupportedHost, + expectedErr: sce.ErrorInvalidURL, }, { hasError: true, diff --git a/cron/data/testdata/basic-gitlab-only.csv b/cron/data/testdata/basic-gitlab-only.csv new file mode 100644 index 00000000000..8d33822ea8f --- /dev/null +++ b/cron/data/testdata/basic-gitlab-only.csv @@ -0,0 +1,3 @@ +repo,metadata +gitlab.com/owner1/repo1, +gitlab.com/owner3/path1/repo2,meta diff --git a/cron/data/testdata/basic-with-gitlab.csv b/cron/data/testdata/basic-with-gitlab.csv new file mode 100644 index 00000000000..8a1c1d2bdd0 --- /dev/null +++ b/cron/data/testdata/basic-with-gitlab.csv @@ -0,0 +1,6 @@ +repo,metadata +github.com/owner1/repo1, +github.com/owner2/repo2, +github.com/owner3/repo3,meta +gitlab.com/owner1/repo1, +gitlab.com/owner3/path1/repo2,meta diff --git a/cron/data/testdata/failing_urls.csv b/cron/data/testdata/failing_urls.csv index f3c4a5d0022..5ca11f25cdc 100644 --- a/cron/data/testdata/failing_urls.csv +++ b/cron/data/testdata/failing_urls.csv @@ -1,4 +1,4 @@ repo,metadata -gitlab.com/owner1/repo1, +gitlab.com//repo1, github.com/owner2/, github.com//repo3,meta diff --git a/cron/data/writer_test.go b/cron/data/writer_test.go index f847d12eea3..e9ea51d2319 100644 --- a/cron/data/writer_test.go +++ b/cron/data/writer_test.go @@ -34,16 +34,26 @@ func TestCsvWriter(t *testing.T) { Repo: "github.com/owner1/repo1", Metadata: []string{"meta1"}, }, + { + Repo: "gitlab.com/owner3/repo3", + Metadata: []string{"meta3"}, + }, }, newRepos: []RepoFormat{ { Repo: "github.com/owner2/repo2", Metadata: []string{"meta2"}, }, + { + Repo: "gitlab.com/owner4/repo4", + Metadata: []string{"meta4"}, + }, }, out: `repo,metadata github.com/owner1/repo1,meta1 github.com/owner2/repo2,meta2 +gitlab.com/owner3/repo3,meta3 +gitlab.com/owner4/repo4,meta4 `, }, } diff --git a/cron/internal/data/gitlab-projects-selected.csv b/cron/internal/data/gitlab-projects-selected.csv new file mode 100644 index 00000000000..dd22ca97358 --- /dev/null +++ b/cron/internal/data/gitlab-projects-selected.csv @@ -0,0 +1,253 @@ +repo,metadata +https://gitlab.com/gitlab-org/gitlab-foss, +https://gitlab.com/gitlab-org/gitlab, +https://gitlab.com/CalcProgrammer1/OpenRGB, +https://gitlab.com/gitlab-org/gitlab-runner, +https://gitlab.com/fdroid/fdroidclient, +https://gitlab.com/bramw/baserow, +https://gitlab.com/AuroraOSS/AuroraStore, +https://gitlab.com/graphviz/graphviz, +https://gitlab.com/pgjones/quart, +https://gitlab.com/libeigen/eigen, +https://gitlab.com/gitlab-org/gitlab-development-kit, +https://gitlab.com/gitlab-org/omnibus-gitlab, +https://gitlab.com/tezos/tezos, +https://gitlab.com/mayan-edms/mayan-edms, +https://gitlab.com/meltano/meltano, +https://gitlab.com/gitlab-com/runbooks, +https://gitlab.com/antora/antora, +https://gitlab.com/pycqa/flake8, +https://gitlab.com/meno/dropzone, +https://gitlab.com/pages/hugo, +https://gitlab.com/sequoia-pgp/sequoia, +https://gitlab.com/gableroux/unity3d-gitlab-ci-example, +https://gitlab.com/gitlab-org/gitaly, +https://gitlab.com/gitlab-org/cli, +https://gitlab.com/postgres-ai/database-lab, +https://gitlab.com/timvisee/ffsend, +https://gitlab.com/leanlabsio/kanban, +https://gitlab.com/pgjones/hypercorn, +https://gitlab.com/Rich-Harris/buble, +https://gitlab.com/cznic/sqlite, +https://gitlab.com/postgres-ai/postgres-checkup, +https://gitlab.com/mojo42/Jirafeau, +https://gitlab.com/eidheim/Simple-Web-Server, +https://gitlab.com/NebulousLabs/Sia, +https://gitlab.com/akihe/radamsa, +https://gitlab.com/procps-ng/procps, +https://gitlab.com/jam-systems/jam, +https://gitlab.com/catamphetamine/libphonenumber-js, +https://gitlab.com/olaris/olaris-server, +https://gitlab.com/stavros/harbormaster, +https://gitlab.com/conradsnicta/armadillo-code, +https://gitlab.com/gitlab-org/gitlab-shell, +https://gitlab.com/dalibo/postgresql_anonymizer, +https://gitlab.com/fatihacet/gitlab-vscode-extension, +https://gitlab.com/brinkervii/grapejuice, +https://gitlab.com/gitlab-org/gitlab-runner-docker-cleanup, +https://gitlab.com/gitlab-org/gitlab-ui, +https://gitlab.com/ajak/tuir, +https://gitlab.com/kornelski/babel-preset-php, +https://gitlab.com/mailman/hyperkitty, +https://gitlab.com/wg1/jpeg-xl, +https://gitlab.com/nsnam/ns-3-dev, +https://gitlab.com/axet/android-book-reader, +https://gitlab.com/shodan-public/nrich, +https://gitlab.com/bloom42/bloom, +https://gitlab.com/lfortran/lfortran, +https://gitlab.com/gitlab-org/gitlab-triage, +https://gitlab.com/esr/reposurgeon, +https://gitlab.com/leinardi/gkraken, +https://gitlab.com/QEF/q-e, +https://gitlab.com/eidheim/Simple-WebSocket-Server, +https://gitlab.com/signald/signald, +https://gitlab.com/chaica/feed2toot, +https://gitlab.com/gitlab-org/gitlab-pages, +https://gitlab.com/pulsechaincom/go-pulse, +https://gitlab.com/GoogleDriveIndex/Google-Drive-Index, +https://gitlab.com/antonok/enum_dispatch, +https://gitlab.com/gitlab-org/gitlab-workhorse, +https://gitlab.com/petsc/petsc, +https://gitlab.com/eternal-twin/etwin, +https://gitlab.com/mattbas/python-lottie, +https://gitlab.com/gitlab-org/docker-distribution-pruner, +https://gitlab.com/rosie-pattern-language/rosie, +https://gitlab.com/BuildStream/buildstream, +https://gitlab.com/kicad/libraries/kicad-footprints, +https://gitlab.com/dmfay/massive-js, +https://gitlab.com/nanuchi/go-full-course-youtube, +https://gitlab.com/sublime-music/sublime-music, +https://gitlab.com/gitlab-org/opstrace/opstrace, +https://gitlab.com/gitlab-org/release-cli, +https://gitlab.com/gitlab-org/ci-cd/docker-machine, +https://gitlab.com/catamphetamine/react-phone-number-input, +https://gitlab.com/IvanSanchez/Leaflet.GridLayer.GoogleMutant, +https://gitlab.com/klamonte/jexer, +https://gitlab.com/woob/woob, +https://gitlab.com/crates.rs/crates.rs, +https://gitlab.com/stavros/python-yeelight, +https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image, +https://gitlab.com/dbsystel/gitlab-ci-python-library, +https://gitlab.com/DerManu/QCustomPlot, +https://gitlab.com/juhani/go-semrel-gitlab, +https://gitlab.com/postgres-ai/joe, +https://gitlab.com/altek/accountant, +https://gitlab.com/formschema/native, +https://gitlab.com/gardenappl/readability-cli, +https://gitlab.com/doctormo/python-crontab, +https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent, +https://gitlab.com/mattbas/glaxnimate, +https://gitlab.com/mailman/postorius, +https://gitlab.com/cznic/ql, +https://gitlab.com/gitlab-org/release-tools, +https://gitlab.com/gitlab-org/gitlab-svgs, +https://gitlab.com/bzip2/bzip2, +https://gitlab.com/Molcas/OpenMolcas, +https://gitlab.com/anarcat/wallabako, +https://gitlab.com/gpsd/gpsd, +https://gitlab.com/xiliumhq/chromiumembedded/cefglue, +https://gitlab.com/weitzman/drupal-test-traits, +https://gitlab.com/DavidGriffith/frotz, +https://gitlab.com/sane-project/backends, +https://gitlab.com/palisade/palisade-release, +https://gitlab.com/thorchain/thornode, +https://gitlab.com/susurrus/serialport-rs, +https://gitlab.com/purelb/purelb, +https://gitlab.com/libtiff/libtiff, +https://gitlab.com/gilrs-project/gilrs, +https://gitlab.com/altom/altunity/altunitytester, +https://gitlab.com/tglman/persy, +https://gitlab.com/esr/loccount, +https://gitlab.com/WhyNotHugo/darkman, +https://gitlab.com/remram44/taguette, +https://gitlab.com/goobook/goobook, +https://gitlab.com/edneville/please, +https://gitlab.com/gitlab-org/cloud-native/gitlab-operator, +https://gitlab.com/hyper-expanse/open-source/semantic-delivery-gitlab, +https://gitlab.com/bitcoin-cash-node/bitcoin-cash-node, +https://gitlab.com/tspiteri/rug, +https://gitlab.com/libxc/libxc, +https://gitlab.com/amatos/rest-countries, +https://gitlab.com/m2crypto/m2crypto, +https://gitlab.com/ttyperacer/terminal-typeracer, +https://gitlab.com/glatteis/earthwalker, +https://gitlab.com/mattia.basaglia/python-lottie, +https://gitlab.com/john.carroll.p/rschedule, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-rs, +https://gitlab.com/portmod/portmod, +https://gitlab.com/librespacefoundation/polaris/polaris, +https://gitlab.com/allianceauth/allianceauth, +https://gitlab.com/gitlab-org/incubation-engineering/ai-assist/dokter, +https://gitlab.com/joneshf/purty, +https://gitlab.com/cerfacs/batman, +https://gitlab.com/lightmeter/controlcenter, +https://gitlab.com/autokent/pdf-parse, +https://gitlab.com/inkscape/extensions, +https://gitlab.com/vstconsulting/polemarch, +https://gitlab.com/stuko/ovito, +https://gitlab.com/php-ai/php-ml, +https://gitlab.com/cmocka/cmocka, +https://gitlab.com/kashell/Kawa, +https://gitlab.com/francoisjacquet/rosariosis, +https://gitlab.com/catamphetamine/read-excel-file, +https://gitlab.com/oer/emacs-reveal, +https://gitlab.com/xiayesuifeng/v2rayxplus, +https://gitlab.com/gitmate/open-source/IGitt, +https://gitlab.com/subnetzero/iridium, +https://gitlab.com/yorickpeterse/oga, +https://gitlab.com/mbryant/functiontrace, +https://gitlab.com/pyspread/pyspread, +https://gitlab.com/pavel.krupala/pyqt-node-editor, +https://gitlab.com/dslackw/colored, +https://gitlab.com/mikler/glaber, +https://gitlab.com/drutopia/drutopia, +https://gitlab.com/cznic/ccgo, +https://gitlab.com/broj42/nuxt-cookie-control, +https://gitlab.com/orobardet/gitlab-ci-linter, +https://gitlab.com/AdrianDC/gitlabci-local, +https://gitlab.com/virtio-fs/virtiofsd, +https://gitlab.com/ternaris/rosbags, +https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/fargate, +https://gitlab.com/asuran-rs/asuran, +https://gitlab.com/librespacefoundation/satnogs/satnogs-network, +https://gitlab.com/maxlefou/hugo.386, +https://gitlab.com/mattia.basaglia/tgs, +https://gitlab.com/opennota/findimagedupes, +https://gitlab.com/html-validate/html-validate, +https://gitlab.com/oer/org-re-reveal, +https://gitlab.com/BrightOpen/Samotop, +https://gitlab.com/Friz64/erupt, +https://gitlab.com/nyx-space/nyx, +https://gitlab.com/msvechla/vaultbot, +https://gitlab.com/profclems/glab, +https://gitlab.com/pwoolcoc/soup, +https://gitlab.com/yawning/obfs4, +https://gitlab.com/gitlab-org/gitlab-exporter, +https://gitlab.com/gitlab-com/support/toolbox/fast-stats, +https://gitlab.com/lv2/lv2, +https://gitlab.com/remcohaszing/eslint-formatter-gitlab, +https://gitlab.com/eidheim/tiny-process-library, +https://gitlab.com/Linaro/tuxmake, +https://gitlab.com/sdurobotics/ur_rtde, +https://gitlab.com/pulsechaincom/pls-faucet, +https://gitlab.com/aa900031/nestjs-command, +https://gitlab.com/philbooth/bfj, +https://gitlab.com/stp-team/systemtestportal-webapp, +https://gitlab.com/cunity/gitlab-emulator, +https://gitlab.com/tractor-team/tractor, +https://gitlab.com/wrobell/remt, +https://gitlab.com/parrot_parrot/ms-teams-replace-background, +https://gitlab.com/p8n/panopticon, +https://gitlab.com/gitlab-org/terraform-provider-gitlab, +https://gitlab.com/dslackw/slpkg, +https://gitlab.com/gtk-kt/gtk-kt, +https://gitlab.com/ProjectWARP/warp-go, +https://gitlab.com/vmware/idem/idem, +https://gitlab.com/shackra/goimapnotify, +https://gitlab.com/Cwiiis/ferris, +https://gitlab.com/kicad/libraries/kicad-footprint-generator, +https://gitlab.com/broj42/nuxt-gmaps, +https://gitlab.com/lansharkconsulting/django/django-encrypted-model-fields, +https://gitlab.com/pycqa/flake8-docstrings, +https://gitlab.com/xmpp-rs/xmpp-rs, +https://gitlab.com/trantor/trantor, +https://gitlab.com/osnvr/os-nvr, +https://gitlab.com/etherlab.org/ethercat, +https://gitlab.com/inbitcoin/lighter, +https://gitlab.com/hoppr/hoppr, +https://gitlab.com/nomadic-labs/tezos, +https://gitlab.com/dee-see/graphql-path-enum, +https://gitlab.com/ilpianista/arch-audit, +https://gitlab.com/lely_industries/lely-core, +https://gitlab.com/okannen/static_init, +https://gitlab.com/TNThieding/exif, +https://gitlab.com/under-test/undertest, +https://gitlab.com/wholegrain/website-carbon-badges, +https://gitlab.com/broj42/nuxt-lazy-load, +https://gitlab.com/catamphetamine/country-flag-icons, +https://gitlab.com/golang-commonmark/markdown, +https://gitlab.com/williamyaoh/shrinkwraprs, +https://gitlab.com/torkleyy/err-derive, +https://gitlab.com/pavanello-research-group/dftpy, +https://gitlab.com/BVollmerhaus/blurwal, +https://gitlab.com/citrus-rs/citrus, +https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator, +https://gitlab.com/Oslandia/py3dtiles, +https://gitlab.com/Nulide/findmydeviceserver, +https://gitlab.com/clickable/clickable, +https://gitlab.com/microo8/plgo, +https://gitlab.com/cordite/cordite, +https://gitlab.com/shyft-os/shyft, +https://gitlab.com/antora/antora-lunr-extension, +https://gitlab.com/cerlane/SoftPosit, +https://gitlab.com/akita/mgpusim, +https://gitlab.com/lobaro/iot-dashboard, +https://gitlab.com/secml/secml, +https://gitlab.com/gitlab-org/container-registry, +https://gitlab.com/gitlab-org/labkit, +https://gitlab.com/isard/isardvdi, +https://gitlab.com/lmco/hoppr/hoppr, +https://gitlab.com/JacobLinCool/bahamut-automation, +https://gitlab.com/hoppr/hoppr-cop, +https://gitlab.com/hoppr/hoppr-cyclonedx-models, +https://gitlab.com/hoppr/droppr, diff --git a/cron/internal/data/validate/main.go b/cron/internal/data/validate/main.go index 96c10d56dc8..82407f2a252 100644 --- a/cron/internal/data/validate/main.go +++ b/cron/internal/data/validate/main.go @@ -24,7 +24,7 @@ import ( // Validates data.Iterator used by production PubSub cron job. // * Check for no duplicates in repoURLs. -// * Check repoURL is a valid GitHub URL. +// * Check repoURL is a valid GitHub/GitLab URL. func main() { if len(os.Args) != 2 { panic("must provide single argument") diff --git a/cron/internal/emulator/config.yaml b/cron/internal/emulator/config.yaml index 5569d6b43ca..9c12e725f02 100644 --- a/cron/internal/emulator/config.yaml +++ b/cron/internal/emulator/config.yaml @@ -40,7 +40,7 @@ additional-params: # TODO(#859): Re-add Contributors after fixing inconsistencies. # TODO: Dependency-Update-Tool and SAST are search heavy # TODO: Vulnerabilities is slow on repos with lots of dependencies - blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities + blacklisted-checks: CI-Tests,Contributors,Dependency-Update-Tool,SAST,Vulnerabilities,Webhooks cii-data-bucket-url: gs://ossf-scorecard-cii-data # Raw results. raw-bigquery-table: scorecard-rawdata diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index 6ed479dc3fb..39e4f0445e1 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -30,6 +30,7 @@ import ( "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" githubstats "github.com/ossf/scorecard/v4/clients/githubrepo/stats" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" "github.com/ossf/scorecard/v4/clients/ossfuzz" "github.com/ossf/scorecard/v4/cron/config" "github.com/ossf/scorecard/v4/cron/data" @@ -49,14 +50,41 @@ const ( rawResultsFile = "raw.json" ) -var ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored") +var ( + ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored") + + // TODO, should probably be its own config/env var, as the checks we want to run + // per-platform will differ based on API cost/efficiency/implementation. + gitlabDisabledChecks = []string{ + "Binary-Artifacts", + "Branch-Protection", + "CII-Best-Practices", + "CI-Tests", + "Code-Review", + "Contributors", + "Dangerous-Workflow", + "Dependency-Update-Tool", + "Fuzzing", + "License", + "Maintained", + "Packaging", + "Pinned-Dependencies", + "SAST", + // "Security-Policy", + "Signed-Releases", + "Token-Permissions", + "Vulnerabilities", + "Webhooks", + } +) type ScorecardWorker struct { ctx context.Context logger *log.Logger checkDocs docs.Doc exporter monitoring.Exporter - repoClient clients.RepoClient + githubClient clients.RepoClient + gitlabClient clients.RepoClient ciiClient clients.CIIBestPracticesClient ossFuzzRepoClient clients.RepoClient vulnsClient clients.VulnerabilitiesClient @@ -91,7 +119,11 @@ func newScorecardWorker() (*ScorecardWorker, error) { sw.ctx = context.Background() sw.logger = log.NewLogger(log.InfoLevel) - sw.repoClient = githubrepo.CreateGithubRepoClient(sw.ctx, sw.logger) + sw.githubClient = githubrepo.CreateGithubRepoClient(sw.ctx, sw.logger) + // TODO(raghavkaul): Read GitLab auth token from environment + if sw.gitlabClient, err = gitlabrepo.CreateGitlabClient(sw.ctx, "https://gitlab.com"); err != nil { + return nil, fmt.Errorf("gitlabrepo.CreateGitlabClient: %w", err) + } sw.ciiClient = clients.BlobCIIBestPracticesClient(ciiDataBucketURL) if sw.ossFuzzRepoClient, err = ossfuzz.CreateOSSFuzzClientEager(ossfuzz.StatusURL); err != nil { return nil, fmt.Errorf("ossfuzz.CreateOSSFuzzClientEager: %w", err) @@ -119,7 +151,7 @@ func (sw *ScorecardWorker) Close() { func (sw *ScorecardWorker) Process(ctx context.Context, req *data.ScorecardBatchRequest, bucketURL string) error { return processRequest(ctx, req, sw.blacklistedChecks, bucketURL, sw.rawBucketURL, sw.apiBucketURL, - sw.checkDocs, sw.repoClient, sw.ossFuzzRepoClient, sw.ciiClient, sw.vulnsClient, sw.logger) + sw.checkDocs, sw.githubClient, sw.gitlabClient, sw.ossFuzzRepoClient, sw.ciiClient, sw.vulnsClient, sw.logger) } func (sw *ScorecardWorker) PostProcess() { @@ -131,7 +163,7 @@ func processRequest(ctx context.Context, batchRequest *data.ScorecardBatchRequest, blacklistedChecks []string, bucketURL, rawBucketURL, apiBucketURL string, checkDocs docs.Doc, - repoClient clients.RepoClient, ossFuzzRepoClient clients.RepoClient, + githubClient, gitlabClient clients.RepoClient, ossFuzzRepoClient clients.RepoClient, ciiClient clients.CIIBestPracticesClient, vulnsClient clients.VulnerabilitiesClient, logger *log.Logger, @@ -143,10 +175,16 @@ func processRequest(ctx context.Context, // TODO: run Scorecard for each repo in a separate thread. for _, repoReq := range batchRequest.GetRepos() { logger.Info(fmt.Sprintf("Running Scorecard for repo: %s", *repoReq.Url)) - repo, err := githubrepo.MakeGithubRepo(*repoReq.Url) - if err != nil { + var repo clients.Repo + var err error + repoClient := githubClient + disabledChecks := blacklistedChecks + if repo, err = gitlabrepo.MakeGitlabRepo(*repoReq.Url); err == nil { // repo is a gitlab url + repoClient = gitlabClient + disabledChecks = gitlabDisabledChecks + } else if repo, err = githubrepo.MakeGithubRepo(*repoReq.Url); err != nil { // TODO(log): Previously Warn. Consider logging an error here. - logger.Info(fmt.Sprintf("invalid GitHub URL: %v", err)) + logger.Info(fmt.Sprintf("URL was neither valid GitLab nor GitHub: %v", err)) continue } repo.AppendMetadata(repoReq.Metadata...) @@ -161,7 +199,8 @@ func processRequest(ctx context.Context, if err != nil { return fmt.Errorf("error during policy.GetEnabled: %w", err) } - for _, check := range blacklistedChecks { + + for _, check := range disabledChecks { delete(checksToRun, check) } diff --git a/cron/k8s/controller.release.yaml b/cron/k8s/controller.release.yaml index 7cffad6b2fc..c03984a22e9 100644 --- a/cron/k8s/controller.release.yaml +++ b/cron/k8s/controller.release.yaml @@ -52,7 +52,11 @@ spec: containers: - name: controller image: gcr.io/openssf/scorecard-batch-controller:latest - args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.release.csv"] + args: [ + "--config=/etc/scorecard/config.yaml", + "cron/internal/data/projects.release.csv", + "cron/internal/data/gitlab-projects-selected.csv" + ] imagePullPolicy: Always env: - name: GOMEMLIMIT diff --git a/cron/k8s/worker.release.yaml b/cron/k8s/worker.release.yaml index 50558847a08..d5497df9ef2 100644 --- a/cron/k8s/worker.release.yaml +++ b/cron/k8s/worker.release.yaml @@ -54,6 +54,8 @@ spec: key: installation_id - name: "SCORECARD_API_RESULTS_BUCKET_URL" value: "gs://ossf-scorecard-cron-releasetest-results" + - name: "SCORECARD_EXPERIMENTAL" + value: "true" volumeMounts: - name: config-volume mountPath: /etc/scorecard diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 945f078294d..9730e4e432a 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -16,7 +16,6 @@ package e2e import ( "context" - "os" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -109,7 +108,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) // url to commit is https://gitlab.com/gitlab-org/gitlab/-/commit/8ae23fa220d73fa07501aabd94214c9e83fe61a0 err = repoClient.InitRepo(repo, "8ae23fa220d73fa07501aabd94214c9e83fe61a0", 0) @@ -138,7 +137,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/fdroid/fdroidclient") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) // url to commit is https://gitlab.com/fdroid/fdroidclient/-/commit/a1d33881902cee33586a4fd4ee1538042a7bdedf err = repoClient.InitRepo(repo, "a1d33881902cee33586a4fd4ee1538042a7bdedf", 0) diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 69e5e1748cb..871d75c43c2 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -16,7 +16,6 @@ package e2e import ( "context" - "os" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -157,7 +156,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/fdroid/fdroidclient") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, "1f7ed43c120047102862d9d1d644f5b2de7a47f2", 0) Expect(err).Should(BeNil()) @@ -185,7 +184,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, clients.HeadSHA, 0) // err = repoClient.InitRepo(repo, "0b5ba5049f3e5b8e945305acfa45c44d63df21b1", 0) diff --git a/e2e/license_test.go b/e2e/license_test.go index 0c4c7501d7d..e437496845a 100644 --- a/e2e/license_test.go +++ b/e2e/license_test.go @@ -125,7 +125,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/N8BWert/scorecard-check-license-e2e") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) @@ -153,7 +153,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { dl := scut.TestDetailLogger{} repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/N8BWert/scorecard-check-license-e2e") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, "c3a8778e73ea95f937c228a34ee57d5e006f7304", 0) Expect(err).Should(BeNil()) diff --git a/e2e/maintained_test.go b/e2e/maintained_test.go index 7e7576ede80..a20bcaf602f 100644 --- a/e2e/maintained_test.go +++ b/e2e/maintained_test.go @@ -63,7 +63,7 @@ var _ = Describe("E2E TEST:"+checks.CheckMaintained, func() { repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/gitlab-org/gitlab") Expect(err).Should(BeNil()) repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), - os.Getenv("GITLAB_AUTH_TOKEN"), repo) + os.Getenv("GITLAB_AUTH_TOKEN"), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index 7dba22ee2ed..fc6a5ab002e 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -180,7 +180,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { // project url is gitlab.com/bramw/baserow. repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/ossf-test/baserow") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) err = repoClient.InitRepo(repo, clients.HeadSHA, 0) Expect(err).Should(BeNil()) @@ -211,7 +211,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { // project url is gitlab.com/bramw/baserow. repo, err := gitlabrepo.MakeGitlabRepo("gitlab.com/ossf-test/baserow") Expect(err).Should(BeNil()) - repoClient, err := gitlabrepo.CreateGitlabClientWithToken(context.Background(), os.Getenv("GITLAB_AUTH_TOKEN"), repo) + repoClient, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) Expect(err).Should(BeNil()) // url to commit is https://gitlab.com/bramw/baserow/-/commit/28e6224b7d86f7b30bad6adb6b42f26a814c2f58 err = repoClient.InitRepo(repo, "28e6224b7d86f7b30bad6adb6b42f26a814c2f58", 0) From 68c23e166d9eda1a0d66653421169137b51dbe31 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 24 May 2023 15:46:04 -0700 Subject: [PATCH 210/316] :seedling: Simplify caching in docker workflow (#3061) Signed-off-by: Spencer Schrock --- .github/workflows/docker.yml | 200 +++++++---------------------------- 1 file changed, 37 insertions(+), 163 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 42bbb394fc1..7f1ab21783e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -24,7 +24,8 @@ on: env: PROTOC_VERSION: 3.17.3 - GO_VERSION: 1.19 + GO_VERSION_FILE: go.mod # no good way of getting a mutual version between go.mod and tools/go.mod + CACHE_DEPENDENCY_PATH: "**/go.sum" # include both go.sum and tools/go.sum jobs: docs_only_check: @@ -38,7 +39,7 @@ jobs: - name: Check out code uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2 with: - fetch-depth: 2 + fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files uses: tj-actions/changed-files@b2d17f51244a144849c6b37a3a6791b98a51d86f #v35.9.2 @@ -59,7 +60,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -68,33 +69,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make scorecard-docker cron-controller: @@ -107,7 +90,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -116,33 +99,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make cron-controller-docker cron-worker: @@ -155,7 +120,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -164,33 +129,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make cron-worker-docker cron-cii-worker: @@ -203,7 +150,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -212,33 +159,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make cron-cii-worker-docker cron-bq-transfer: @@ -251,7 +180,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -260,33 +189,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make cron-bq-transfer-docker cron-webhook: @@ -299,7 +210,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -308,33 +219,15 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true + cache-dependency-path: ${{ env.CACHE_DEPENDENCY_PATH }} - name: docker build run: make cron-webhook-docker cron-github-server: @@ -347,7 +240,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -356,31 +249,12 @@ jobs: with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Cache builds - # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 #v3.3.1 - with: - # In order: - # * Module download cache - # * Build cache (Linux) - # * Build cache (Mac) - # * Build cache (Windows) - path: | - ~/go/pkg/mod - ~/.cache/go-build - ~/Library/Caches/go-build - %LocalAppData%\go-build - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 - with: - fetch-depth: 0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: - go-version: ${{ env.GO_VERSION }} + go-version-file: ${{ env.GO_VERSION_FILE }} check-latest: true cache: true - name: docker build From e0ac01d9ec8c57cc841e4cef8c8abd54796bfe48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 09:05:06 -0500 Subject: [PATCH 211/316] :seedling: Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...f0e3dfb30302f8a0881bb509b044e0de4f6ef589) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a5fcd2655e1..c1062cf1ed1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 + uses: github/codeql-action/init@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 + uses: github/codeql-action/autobuild@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 + uses: github/codeql-action/analyze@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index a482907dd1a..0ce381c2ed4 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v1 + uses: github/codeql-action/upload-sarif@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 with: sarif_file: results.sarif From 24b06263c4ccad44b713a0e4a37be87af328e3a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 14:20:44 +0000 Subject: [PATCH 212/316] :seedling: Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 29 +++++++++++++++-------------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 08382a56ddf..cd972e1681c 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( require ( cloud.google.com/go/bigquery v1.51.2 cloud.google.com/go/monitoring v1.13.0 // indirect - cloud.google.com/go/pubsub v1.30.1 + cloud.google.com/go/pubsub v1.31.0 cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 @@ -57,7 +57,7 @@ require ( require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/containeranalysis v0.9.0 // indirect - cloud.google.com/go/kms v1.10.1 // indirect + cloud.google.com/go/kms v1.10.2 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect @@ -79,7 +79,7 @@ require ( github.com/google/go-github/v52 v52.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect - github.com/google/s2a-go v0.1.0 // indirect + github.com/google/s2a-go v0.1.4 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/jedib0t/go-pretty/v6 v6.4.6 // indirect @@ -118,9 +118,9 @@ require ( ) require ( - cloud.google.com/go v0.110.0 // indirect + cloud.google.com/go v0.110.2 // indirect cloud.google.com/go/compute v1.19.1 // indirect - cloud.google.com/go/iam v0.13.0 // indirect + cloud.google.com/go/iam v1.0.1 // indirect cloud.google.com/go/storage v1.29.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect @@ -146,7 +146,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.8.0 // indirect + github.com/googleapis/gax-go/v2 v2.9.1 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -176,7 +176,7 @@ require ( golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.118.0 // indirect + google.golang.org/api v0.124.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/grpc v1.55.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index f9f2cebf499..b4acc2a5b17 100644 --- a/go.sum +++ b/go.sum @@ -39,8 +39,8 @@ cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRY cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= -cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= -cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= +cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA= +cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= @@ -223,8 +223,8 @@ cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHD cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= -cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= -cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= +cloud.google.com/go/iam v1.0.1 h1:lyeCAU6jpnVNrE9zGQkTl3WgNgK/X+uWwaw0kynZJMU= +cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -235,8 +235,8 @@ cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxs cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g= -cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= +cloud.google.com/go/kms v1.10.2 h1:8UePKEypK3SQ6g+4mn/s/VgE5L7XOh+FwGGRUqvY3Hw= +cloud.google.com/go/kms v1.10.2/go.mod h1:9mX3Q6pdroWzL20pbK6RaOdBbXBEhMNgK4Pfz2bweb4= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -306,8 +306,8 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= -cloud.google.com/go/pubsub v1.30.1 h1:RdzTlwhswvROjPIoTfnSJ9tEp0LY2S5ATX90anOw7E8= -cloud.google.com/go/pubsub v1.30.1/go.mod h1:QRi3+y7wp7mPD6XM/TfHhxBxzfFhfphIdP78sUbT52A= +cloud.google.com/go/pubsub v1.31.0 h1:aXdyyJz90kA+bor9+6+xHAciMD5mj8v15WqFZ5E0sek= +cloud.google.com/go/pubsub v1.31.0/go.mod h1:dYmJ3K97NCQ/e4OwZ20rD4Ym3Bu8Gu9m/aJdWQjdcks= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= @@ -1227,8 +1227,8 @@ github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8I github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.0 h1:3Qm0liEiCErViKERO2Su5wp+9PfMRiuS6XB5FvpKnYQ= -github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= +github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -1254,8 +1254,8 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc= -github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.9.1 h1:DpTpJqzZ3NvX9zqjhIuI1oVzYZMvboZe+3LoeEIJjHM= +github.com/googleapis/gax-go/v2 v2.9.1/go.mod h1:4FG3gMrVZlyMp5itSYKMU9z/lBE7+SbnUOvzH2HqbEY= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -2145,6 +2145,7 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -2732,8 +2733,8 @@ google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.118.0 h1:FNfHq9Z2GKULxu7cEhCaB0wWQHg43UpomrrN+24ZRdE= -google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= +google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo= +google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= From c1b4098e0208a0b32329df285de450b5796e60f9 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Thu, 25 May 2023 14:35:01 -0700 Subject: [PATCH 213/316] =?UTF-8?q?=F0=9F=90=9B=20gitlab:=20cron=20=20(#30?= =?UTF-8?q?70)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Raghav Kaul --- cron/internal/controller/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index dac894d7cb4..26653c70084 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -33,6 +33,7 @@ RUN CGO_ENABLED=0 make build-controller FROM gcr.io/distroless/base:nonroot@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434 COPY ./cron/internal/data/projects*csv cron/internal/data/ +COPY ./cron/internal/data/gitlab-projects-selected.csv cron/internal/data/ COPY --from=shuffle /src/cron/internal/data/projects.release.csv cron/internal/data/projects.release.csv COPY --from=controller /src/cron/internal/controller/controller cron/internal/controller/controller ENTRYPOINT ["cron/internal/controller/controller"] From 17cf8d0dd829f9ed60698bb7f5431844d3d45557 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 May 2023 05:48:23 -0500 Subject: [PATCH 214/316] :seedling: Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f0e3dfb30302f8a0881bb509b044e0de4f6ef589...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c1062cf1ed1..bf2c506d60c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 + uses: github/codeql-action/init@0225834cc549ee0ca93cb085b92954821a145866 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 + uses: github/codeql-action/autobuild@0225834cc549ee0ca93cb085b92954821a145866 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 + uses: github/codeql-action/analyze@0225834cc549ee0ca93cb085b92954821a145866 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 0ce381c2ed4..f549123947b 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@f0e3dfb30302f8a0881bb509b044e0de4f6ef589 # v1 + uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v1 with: sarif_file: results.sarif From e82a1aea5c8df4c450c60a4083906f1dc9ebdc55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 26 May 2023 11:02:36 +0000 Subject: [PATCH 215/316] :seedling: Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.2 to 36.0.3. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/b2d17f51244a144849c6b37a3a6791b98a51d86f...25eaddf37ae893cec889065e9a60439c8af6f089) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 7f1ab21783e..6a7e4dc4e45 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@b2d17f51244a144849c6b37a3a6791b98a51d86f #v35.9.2 + uses: tj-actions/changed-files@25eaddf37ae893cec889065e9a60439c8af6f089 #v36.0.3 with: files_ignore: '**.md' - id: docs_only_check From fa42daff71ee09beb925e476146e9a0f597ad315 Mon Sep 17 00:00:00 2001 From: jimrobison <39074062+jimrobison@users.noreply.github.com> Date: Fri, 26 May 2023 11:45:46 -0500 Subject: [PATCH 216/316] =?UTF-8?q?=F0=9F=90=9B=20Gitlab=20status=20update?= =?UTF-8?q?s=20(#3052)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * doc: Updating gitlab support validation status Signed-off-by: Robison, Jim B * bug: Updated logic for gitlab to prevent exceptions based on releases Signed-off-by: Robison, Jim B * test: Added initial tests for gitlab branches Signed-off-by: Robison, Jim B * doc: Updated general README Signed-off-by: Robison, Jim B * refactor: Cleaned up the query for pipelines to be focused on the commitID Signed-off-by: Robison, Jim B * feat: Allowed for a non-graphql method of retrieving MRs associated to a commit Signed-off-by: Robison, Jim B * doc: Updated status for the CI-Tests Signed-off-by: Robison, Jim B * bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository. Signed-off-by: Robison, Jim B --------- Signed-off-by: Robison, Jim B Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> --- README.md | 28 +++--- clients/gitlabrepo/branches.go | 71 ++++++++++----- clients/gitlabrepo/branches_test.go | 133 ++++++++++++++++++++++++++++ clients/gitlabrepo/checkruns.go | 24 ++--- clients/gitlabrepo/graphql.go | 2 +- docs/checks.md | 3 + docs/checks/internal/checks.yaml | 9 +- 7 files changed, 220 insertions(+), 50 deletions(-) create mode 100644 clients/gitlabrepo/branches_test.go diff --git a/README.md b/README.md index 49c8665fe01..7b783b44dd7 100644 --- a/README.md +++ b/README.md @@ -449,24 +449,24 @@ The following checks are all run against the target project by default: Name | Description | Risk Level | Token Required | GitLab Support | Note ----------- | ----------------------------------------- | ---------- | --------------- | -------------- | --- | -[Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | Fully Supported | -[Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | Fully Supported | certain settings are only supported with a maintainer PAT -[CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | Unsupported -[CII-Best-Practices](docs/checks.md#cii-best-practices) | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org) at the passing, silver, or gold level? | Low | PAT, GITHUB_TOKEN | Fully Supported | -[Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | Fully Supported | -[Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Fully Supported | +[Binary-Artifacts](docs/checks.md#binary-artifacts) | Is the project free of checked-in binaries? | High | PAT, GITHUB_TOKEN | Supported | +[Branch-Protection](docs/checks.md#branch-protection) | Does the project use [Branch Protection](https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/about-protected-branches) ? | High | PAT (`repo` or `repo> public_repo`), GITHUB_TOKEN | Supported (see notes) | certain settings are only supported with a maintainer PAT +[CI-Tests](docs/checks.md#ci-tests) | Does the project run tests in CI, e.g. [GitHub Actions](https://docs.github.com/en/free-pro-team@latest/actions), [Prow](https://github.com/kubernetes/test-infra/tree/master/prow)? | Low | PAT, GITHUB_TOKEN | Supported +[CII-Best-Practices](docs/checks.md#cii-best-practices) | Has the project earned an [OpenSSF (formerly CII) Best Practices Badge](https://bestpractices.coreinfrastructure.org) at the passing, silver, or gold level? | Low | PAT, GITHUB_TOKEN | Validating | +[Code-Review](docs/checks.md#code-review) | Does the project practice code review before code is merged? | High | PAT, GITHUB_TOKEN | Validating | +[Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Validating | [Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | Unsupported | [Dependency-Update-Tool](docs/checks.md#dependency-update-tool) | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | Unsupported | -[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? | Medium | PAT, GITHUB_TOKEN | Fully Supported -[License](docs/checks.md#license) | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | Fully Supported | -[Maintained](docs/checks.md#maintained) | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | Fully Supported | -[Pinned-Dependencies](docs/checks.md#pinned-dependencies) | Does the project declare and pin [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? | Medium | PAT, GITHUB_TOKEN | Fully Supported | -[Packaging](docs/checks.md#packaging) | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ? | Medium | PAT, GITHUB_TOKEN | Fully Supported | +[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? | Medium | PAT, GITHUB_TOKEN | Validating +[License](docs/checks.md#license) | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | Validating | +[Maintained](docs/checks.md#maintained) | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | Validating | +[Pinned-Dependencies](docs/checks.md#pinned-dependencies) | Does the project declare and pin [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? | Medium | PAT, GITHUB_TOKEN | Validating | +[Packaging](docs/checks.md#packaging) | Does the project build and publish official packages from CI/CD, e.g. [GitHub Publishing](https://docs.github.com/en/free-pro-team@latest/actions/guides/about-packaging-with-github-actions#workflows-for-publishing-packages) ? | Medium | PAT, GITHUB_TOKEN | Validating | [SAST](docs/checks.md#sast) | Does the project use static code analysis tools, e.g. [CodeQL](https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository#enabling-code-scanning-using-actions), [LGTM (deprecated)](https://lgtm.com), [SonarCloud](https://sonarcloud.io)? | Medium | PAT, GITHUB_TOKEN | Unsupported | -[Security-Policy](docs/checks.md#security-policy) | Does the project contain a [security policy](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)? | Medium | PAT, GITHUB_TOKEN | Fully Supported | -[Signed-Releases](docs/checks.md#signed-releases) | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? | High | PAT, GITHUB_TOKEN | Fully Supported | +[Security-Policy](docs/checks.md#security-policy) | Does the project contain a [security policy](https://docs.github.com/en/free-pro-team@latest/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)? | Medium | PAT, GITHUB_TOKEN | Validating | +[Signed-Releases](docs/checks.md#signed-releases) | Does the project cryptographically [sign releases](https://wiki.debian.org/Creating%20signed%20GitHub%20releases)? | High | PAT, GITHUB_TOKEN | Validating | [Token-Permissions](docs/checks.md#token-permissions) | Does the project declare GitHub workflow tokens as [read only](https://docs.github.com/en/actions/reference/authentication-in-a-workflow)? | High | PAT, GITHUB_TOKEN | Unsupported | -[Vulnerabilities](docs/checks.md#vulnerabilities) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | PAT, GITHUB_TOKEN | Fully Supported | +[Vulnerabilities](docs/checks.md#vulnerabilities) | Does the project have unfixed vulnerabilities? Uses the [OSV service](https://osv.dev). | High | PAT, GITHUB_TOKEN | Validating | [Webhooks](docs/checks.md#webhooks) | Does the webhook defined in the repository have a token configured to authenticate the origins of requests? | High | maintainer PAT (`admin: repo_hook` or `admin> read:repo_hook` [doc](https://docs.github.com/en/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository) | | EXPERIMENTAL ### Detailed Checks Documentation diff --git a/clients/gitlabrepo/branches.go b/clients/gitlabrepo/branches.go index df832cde7ad..d3a2d7a0fb4 100644 --- a/clients/gitlabrepo/branches.go +++ b/clients/gitlabrepo/branches.go @@ -25,19 +25,42 @@ import ( ) type branchesHandler struct { - glClient *gitlab.Client - once *sync.Once - errSetup error - repourl *repoURL - defaultBranchRef *clients.BranchRef + glClient *gitlab.Client + once *sync.Once + errSetup error + repourl *repoURL + defaultBranchRef *clients.BranchRef + queryProject fnProject + queryBranch fnQueryBranch + getProtectedBranch fnProtectedBranch + getProjectChecks fnListProjectStatusChecks + getApprovalConfiguration fnGetApprovalConfiguration } func (handler *branchesHandler) init(repourl *repoURL) { handler.repourl = repourl handler.errSetup = nil handler.once = new(sync.Once) + handler.queryProject = handler.glClient.Projects.GetProject + handler.queryBranch = handler.glClient.Branches.GetBranch + handler.getProtectedBranch = handler.glClient.ProtectedBranches.GetProtectedBranch + handler.getProjectChecks = handler.glClient.ExternalStatusChecks.ListProjectStatusChecks + handler.getApprovalConfiguration = handler.glClient.Projects.GetApprovalConfiguration } +type ( + fnProject func(pid interface{}, opt *gitlab.GetProjectOptions, + options ...gitlab.RequestOptionFunc) (*gitlab.Project, *gitlab.Response, error) + fnQueryBranch func(pid interface{}, branch string, + options ...gitlab.RequestOptionFunc) (*gitlab.Branch, *gitlab.Response, error) + fnProtectedBranch func(pid interface{}, branch string, + options ...gitlab.RequestOptionFunc) (*gitlab.ProtectedBranch, *gitlab.Response, error) + fnListProjectStatusChecks func(pid interface{}, opt *gitlab.ListOptions, + options ...gitlab.RequestOptionFunc) ([]*gitlab.ProjectStatusCheck, *gitlab.Response, error) + fnGetApprovalConfiguration func(pid interface{}, + options ...gitlab.RequestOptionFunc) (*gitlab.ProjectApprovals, *gitlab.Response, error) +) + // nolint: nestif func (handler *branchesHandler) setup() error { handler.once.Do(func() { @@ -46,20 +69,20 @@ func (handler *branchesHandler) setup() error { return } - proj, _, err := handler.glClient.Projects.GetProject(handler.repourl.projectID, &gitlab.GetProjectOptions{}) + proj, _, err := handler.queryProject(handler.repourl.projectID, &gitlab.GetProjectOptions{}) if err != nil { - handler.errSetup = fmt.Errorf("requirest for project failed with error %w", err) + handler.errSetup = fmt.Errorf("request for project failed with error %w", err) return } - branch, _, err := handler.glClient.Branches.GetBranch(handler.repourl.projectID, proj.DefaultBranch) + branch, _, err := handler.queryBranch(handler.repourl.projectID, proj.DefaultBranch) if err != nil { handler.errSetup = fmt.Errorf("request for default branch failed with error %w", err) return } if branch.Protected { - protectedBranch, resp, err := handler.glClient.ProtectedBranches.GetProtectedBranch( + protectedBranch, resp, err := handler.getProtectedBranch( handler.repourl.projectID, branch.Name) if err != nil && resp.StatusCode != 403 { handler.errSetup = fmt.Errorf("request for protected branch failed with error %w", err) @@ -69,15 +92,13 @@ func (handler *branchesHandler) setup() error { return } - projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks( - handler.repourl.projectID, &gitlab.ListOptions{}) - if (err != nil || resp.StatusCode != 404) && - resp.StatusCode != 401 { // 401: permissions. pass token authorization issues silently + projectStatusChecks, resp, err := handler.getProjectChecks(handler.repourl.projectID, &gitlab.ListOptions{}) + + if resp.StatusCode != 200 || err != nil { handler.errSetup = fmt.Errorf("request for external status checks failed with error %w", err) - return } - projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.projectID) + projectApprovalRule, resp, err := handler.getApprovalConfiguration(handler.repourl.projectID) if err != nil && resp.StatusCode != 404 { handler.errSetup = fmt.Errorf("request for project approval rule failed with %w", err) return @@ -106,24 +127,34 @@ func (handler *branchesHandler) getDefaultBranch() (*clients.BranchRef, error) { } func (handler *branchesHandler) getBranch(branch string) (*clients.BranchRef, error) { - bran, _, err := handler.glClient.Branches.GetBranch(handler.repourl.projectID, branch) + if strings.Contains(branch, "/-/commit/") { + // Gitlab's release commitish contains commit and is not easily tied to specific branch + p, b := true, "" + ret := &clients.BranchRef{ + Name: &b, + Protected: &p, + } + return ret, nil + } + + bran, _, err := handler.queryBranch(handler.repourl.projectID, branch) if err != nil { - return nil, fmt.Errorf("error getting branch in branchsHandler.getBranch: %w", err) + return nil, fmt.Errorf("error getting branch in branchesHandler.getBranch: %w", err) } if bran.Protected { - protectedBranch, _, err := handler.glClient.ProtectedBranches.GetProtectedBranch(handler.repourl.projectID, bran.Name) + protectedBranch, _, err := handler.getProtectedBranch(handler.repourl.projectID, bran.Name) if err != nil { return nil, fmt.Errorf("request for protected branch failed with error %w", err) } - projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks( + projectStatusChecks, resp, err := handler.getProjectChecks( handler.repourl.projectID, &gitlab.ListOptions{}) if err != nil && resp.StatusCode != 404 { return nil, fmt.Errorf("request for external status checks failed with error %w", err) } - projectApprovalRule, resp, err := handler.glClient.Projects.GetApprovalConfiguration(handler.repourl.projectID) + projectApprovalRule, resp, err := handler.getApprovalConfiguration(handler.repourl.projectID) if err != nil && resp.StatusCode != 404 { return nil, fmt.Errorf("request for project approval rule failed with %w", err) } diff --git a/clients/gitlabrepo/branches_test.go b/clients/gitlabrepo/branches_test.go new file mode 100644 index 00000000000..5fbf9c736df --- /dev/null +++ b/clients/gitlabrepo/branches_test.go @@ -0,0 +1,133 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "net/http" + "sync" + "testing" + + "github.com/xanzy/go-gitlab" +) + +func TestGetBranches(t *testing.T) { + t.Parallel() + + tests := []struct { + returnStatus *gitlab.Response + queryBranchReturn *gitlab.Branch + branchReturn *gitlab.ProtectedBranch + apprvlReturn *gitlab.ProjectApprovals + name string + branchName string + expectedBranchName string + projectID string + projectChecksReturn []*gitlab.ProjectStatusCheck + }{ + { + name: "TargetCommittishFromRelease", + branchName: "/myproject/-/commit/magiccommitid", + expectedBranchName: "", + projectID: "", + }, + { + name: "Existing Protected Branch", + branchName: "branchName", + expectedBranchName: "branchName", + queryBranchReturn: &gitlab.Branch{ + Name: "branchName", + Protected: true, + }, + returnStatus: &gitlab.Response{ + Response: &http.Response{ + StatusCode: 200, + }, + }, + branchReturn: &gitlab.ProtectedBranch{}, + projectChecksReturn: []*gitlab.ProjectStatusCheck{}, + apprvlReturn: &gitlab.ProjectApprovals{}, + }, + { + name: "Existing UnProtected Branch", + branchName: "branchName", + expectedBranchName: "branchName", + queryBranchReturn: &gitlab.Branch{ + Name: "branchName", + Protected: false, + }, + returnStatus: &gitlab.Response{ + Response: &http.Response{ + StatusCode: 200, + }, + }, + }, + } + + for _, tt := range tests { + tt := tt + + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + handler := branchesHandler{ + once: new(sync.Once), + repourl: &repoURL{ + projectID: "5000", + }, + queryBranch: func(pid interface{}, branch string, + options ...gitlab.RequestOptionFunc, + ) (*gitlab.Branch, *gitlab.Response, error) { + return tt.queryBranchReturn, tt.returnStatus, nil + }, + getProtectedBranch: func(pid interface{}, branch string, + options ...gitlab.RequestOptionFunc, + ) (*gitlab.ProtectedBranch, *gitlab.Response, error) { + return tt.branchReturn, tt.returnStatus, nil + }, + getProjectChecks: func(pid interface{}, opt *gitlab.ListOptions, + options ...gitlab.RequestOptionFunc, + ) ([]*gitlab.ProjectStatusCheck, *gitlab.Response, error) { + return tt.projectChecksReturn, tt.returnStatus, nil + }, + getApprovalConfiguration: func(pid interface{}, options ...gitlab.RequestOptionFunc) ( + *gitlab.ProjectApprovals, *gitlab.Response, error, + ) { + return tt.apprvlReturn, tt.returnStatus, nil + }, + } + + handler.once.Do(func() {}) + + // nolint: errcheck + br, _ := handler.getBranch(tt.branchName) + + // nolint: unconvert + if string(*br.Name) != tt.expectedBranchName { + t.Errorf("Branch Name (%s) didn't match expected value (%s)", *br.Name, tt.expectedBranchName) + } + + if tt.queryBranchReturn == nil { + return + } + + actualBool := *br.Protected + expectedBool := tt.queryBranchReturn.Protected + + if actualBool != expectedBool { + t.Errorf("Branch Protection didn't match expectation") + } + }) + } +} diff --git a/clients/gitlabrepo/checkruns.go b/clients/gitlabrepo/checkruns.go index 7a153de0ad2..5744b1df052 100644 --- a/clients/gitlabrepo/checkruns.go +++ b/clients/gitlabrepo/checkruns.go @@ -16,7 +16,6 @@ package gitlabrepo import ( "fmt" - "strings" "github.com/xanzy/go-gitlab" @@ -34,26 +33,27 @@ func (handler *checkrunsHandler) init(repourl *repoURL) { func (handler *checkrunsHandler) listCheckRunsForRef(ref string) ([]clients.CheckRun, error) { pipelines, _, err := handler.glClient.Pipelines.ListProjectPipelines( - handler.repourl.projectID, &gitlab.ListProjectPipelinesOptions{}) + handler.repourl.projectID, &gitlab.ListProjectPipelinesOptions{ + SHA: &ref, + ListOptions: gitlab.ListOptions{}, + }) if err != nil { return nil, fmt.Errorf("request for pipelines returned error: %w", err) } - return checkRunsFrom(pipelines, ref), nil + return checkRunsFrom(pipelines), nil } // Conclusion does not exist in the pipelines for gitlab so I have a placeholder "" as the value. -func checkRunsFrom(data []*gitlab.PipelineInfo, ref string) []clients.CheckRun { +func checkRunsFrom(data []*gitlab.PipelineInfo) []clients.CheckRun { var checkRuns []clients.CheckRun for _, pipelineInfo := range data { - if strings.EqualFold(pipelineInfo.Ref, ref) { - // TODO: Can get more info from GitLab API here (e.g. pipeline name, URL) - // https://docs.gitlab.com/ee/api/pipelines.html#get-a-pipelines-test-report - checkRuns = append(checkRuns, clients.CheckRun{ - Status: pipelineInfo.Status, - URL: pipelineInfo.WebURL, - }) - } + // TODO: Can get more info from GitLab API here (e.g. pipeline name, URL) + // https://docs.gitlab.com/ee/api/pipelines.html#get-a-pipelines-test-report + checkRuns = append(checkRuns, clients.CheckRun{ + Status: pipelineInfo.Status, + URL: pipelineInfo.WebURL, + }) } return checkRuns } diff --git a/clients/gitlabrepo/graphql.go b/clients/gitlabrepo/graphql.go index 4b3b38695d8..34a7694d4fb 100644 --- a/clients/gitlabrepo/graphql.go +++ b/clients/gitlabrepo/graphql.go @@ -46,7 +46,7 @@ func (handler *graphqlHandler) init(ctx context.Context, repourl *repoURL) { &oauth2.Token{AccessToken: os.Getenv("GITLAB_AUTH_TOKEN")}, ) handler.client = oauth2.NewClient(context.Background(), src) - handler.graphClient = graphql.NewClient("https://gitlab.com/api/graphql", handler.client) + handler.graphClient = graphql.NewClient(fmt.Sprintf("%s/api/graphql", repourl.Host()), handler.client) } //nolint:govet diff --git a/docs/checks.md b/docs/checks.md index 975eb407877..7db3d80baf7 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -123,6 +123,9 @@ Tier 4 Requirements (9/10 points): Tier 5 Requirements (10/10 points): - For administrators: Dismiss stale reviews - For administrators: Require CODEOWNER review + +GitLab Integration Status: + - GitLab associates releases with commits and not with the branch. Releases are ignored in this portion of the scoring. **Remediation steps** diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 1f38d6c4d35..7b8ad4eca13 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -91,7 +91,7 @@ checks: Binary-Artifacts: risk: High tags: supply-chain, security, dependencies - repos: GitHub, local + repos: GitHub, GitLab, local short: Determines if the project has generated executable (binary) artifacts in the source repository. description: | Risk: `High` (non-reviewable code) @@ -142,7 +142,7 @@ checks: Branch-Protection: risk: High tags: supply-chain, security, source-code, code-reviews - repos: GitHub + repos: GitHub, GitLab short: Determines if the default and release branches are protected with GitHub's branch protection settings. description: | Risk: `High` (vulnerable to intentional malicious code injection) @@ -213,6 +213,9 @@ checks: - For administrators: Dismiss stale reviews - For administrators: Require CODEOWNER review + GitLab Integration Status: + - GitLab associates releases with commits and not with the branch. Releases are ignored in this portion of the scoring. + remediation: - >- Enable branch protection settings in your source hosting provider to @@ -222,7 +225,7 @@ checks: CI-Tests: risk: Low tags: supply-chain, testing - repos: GitHub + repos: GitHub, GitLab short: Determines if the project runs tests before pull requests are merged. description: | Risk: `Low` (possible unknown vulnerabilities) From 32872ab326709ba4722390baf7e8e2ee390bcec8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 May 2023 10:38:52 -0500 Subject: [PATCH 217/316] :seedling: Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 52 +++++++++++++------------- tools/go.sum | 101 +++++++++++++++++++++++++++------------------------ 2 files changed, 79 insertions(+), 74 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 3bdb7bfd103..2013900774c 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -20,7 +20,7 @@ require ( cloud.google.com/go/compute v1.19.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v0.13.0 // indirect - cloud.google.com/go/kms v1.10.1 // indirect + cloud.google.com/go/kms v1.10.2 // indirect cloud.google.com/go/storage v1.29.0 // indirect code.gitea.io/sdk/gitea v0.15.1 // indirect github.com/Abirdcfly/dupword v0.0.11 // indirect @@ -35,7 +35,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.28 // indirect + github.com/Azure/go-autorest/autorest v0.11.29 // indirect github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -62,28 +62,28 @@ require ( github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect - github.com/aws/aws-sdk-go v1.44.248 // indirect - github.com/aws/aws-sdk-go-v2 v1.17.8 // indirect + github.com/aws/aws-sdk-go v1.44.257 // indirect + github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.21 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.20 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.23 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.22 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.20.11 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 // indirect github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect @@ -169,7 +169,7 @@ require ( github.com/gobwas/glob v0.2.3 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.4.3 // indirect + github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect @@ -186,7 +186,7 @@ require ( github.com/google/go-github/v50 v50.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect - github.com/google/s2a-go v0.1.2 // indirect + github.com/google/s2a-go v0.1.3 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect @@ -275,8 +275,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/polyfloyd/go-errorlint v1.4.0 // indirect - github.com/prometheus/client_golang v1.15.0 // indirect - github.com/prometheus/client_model v0.3.0 // indirect + github.com/prometheus/client_golang v1.15.1 // indirect + github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect github.com/quasilyte/go-ruleguard v0.3.19 // indirect @@ -295,8 +295,8 @@ require ( github.com/sergi/go-diff v1.2.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sigstore/cosign/v2 v2.0.0 // indirect - github.com/sigstore/rekor v1.1.1 // indirect - github.com/sigstore/sigstore v1.6.3 // indirect + github.com/sigstore/rekor v1.2.0 // indirect + github.com/sigstore/sigstore v1.6.4 // indirect github.com/sirupsen/logrus v1.9.0 // indirect github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect @@ -345,8 +345,8 @@ require ( go.uber.org/multierr v1.9.0 // indirect go.uber.org/zap v1.24.0 // indirect gocloud.dev v0.29.0 // indirect - golang.org/x/crypto v0.8.0 // indirect - golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 // indirect + golang.org/x/crypto v0.9.0 // indirect + golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.10.0 // indirect @@ -358,10 +358,10 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.9.1 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.119.0 // indirect + google.golang.org/api v0.121.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.54.0 // indirect + google.golang.org/grpc v1.55.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/mail.v2 v2.3.1 // indirect @@ -372,7 +372,7 @@ require ( gotest.tools/v3 v3.1.0 // indirect honnef.co/go/tools v0.4.3 // indirect k8s.io/apimachinery v0.26.2 // indirect - k8s.io/klog/v2 v2.90.0 // indirect + k8s.io/klog/v2 v2.100.1 // indirect k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect mvdan.cc/gofumpt v0.4.0 // indirect mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect diff --git a/tools/go.sum b/tools/go.sum index f6b59dc14ca..9246174942c 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -234,8 +234,8 @@ cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxs cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.10.1 h1:7hm1bRqGCA1GBRQUrp831TwJ9TWhP+tvLuP497CQS2g= -cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= +cloud.google.com/go/kms v1.10.2 h1:8UePKEypK3SQ6g+4mn/s/VgE5L7XOh+FwGGRUqvY3Hw= +cloud.google.com/go/kms v1.10.2/go.mod h1:9mX3Q6pdroWzL20pbK6RaOdBbXBEhMNgK4Pfz2bweb4= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -477,8 +477,9 @@ github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKn github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest v0.11.25/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= -github.com/Azure/go-autorest/autorest v0.11.28 h1:ndAExarwr5Y+GaHE6VCaY1kyS/HwwGGyuimVhWsHOEM= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= +github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= +github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= @@ -627,47 +628,47 @@ github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4 github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.248 h1:GvkxpgsxqNc03LmhXiaxKpzbyxndnex7V+OThLx4g5M= -github.com/aws/aws-sdk-go v1.44.248/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.257 h1:HwelXYZZ8c34uFFhgVw3ybu2gB5fkk8KLj2idTvzZb8= +github.com/aws/aws-sdk-go v1.44.257/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.11/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo= github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.17.8 h1:GMupCNNI7FARX27L7GjCJM8NgivWbRgpjNI/hOQjFS8= -github.com/aws/aws-sdk-go-v2 v1.17.8/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= +github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= github.com/aws/aws-sdk-go-v2/config v1.15.15/go.mod h1:A1Lzyy/o21I5/s2FbyX5AevQfSVXpvvIDCoVFD0BC4E= github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8= -github.com/aws/aws-sdk-go-v2/config v1.18.21 h1:ENTXWKwE8b9YXgQCsruGLhvA9bhg+RqAsL9XEMEsa2c= -github.com/aws/aws-sdk-go-v2/config v1.18.21/go.mod h1:+jPQiVPz1diRnjj6VGqWcLK6EzNmQ42l7J3OqGTLsSY= +github.com/aws/aws-sdk-go-v2/config v1.18.23 h1:gc3lPsAnZpwfi2exupmgHfva0JiAY2BWDg5JWYlmA28= +github.com/aws/aws-sdk-go-v2/config v1.18.23/go.mod h1:rx0ruaQ+gk3OrLFHRRx56lA//XxP8K8uPzeNiKNuWVY= github.com/aws/aws-sdk-go-v2/credentials v1.12.10/go.mod h1:g5eIM5XRs/OzIIK81QMBl+dAuDyoLN0VYaLP+tBqEOk= github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA= -github.com/aws/aws-sdk-go-v2/credentials v1.13.20 h1:oZCEFcrMppP/CNiS8myzv9JgOzq2s0d3v3MXYil/mxQ= -github.com/aws/aws-sdk-go-v2/credentials v1.13.20/go.mod h1:xtZnXErtbZ8YGXC3+8WfajpMBn5Ga/3ojZdxHq6iI8o= +github.com/aws/aws-sdk-go-v2/credentials v1.13.22 h1:Hp9rwJS4giQ48xqonRV/s7QcDf/wxF6UY7osRmBabvI= +github.com/aws/aws-sdk-go-v2/credentials v1.13.22/go.mod h1:BfNcm6A9nSd+bzejDcMJ5RE+k6WbkCwWkQil7q4heRk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9/go.mod h1:KDCCm4ONIdHtUloDcFvK2+vshZvx4Zmj7UMDfusuz5s= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2 h1:jOzQAesnBFDmz93feqKnsTHsXrlwWORNZMFHMV+WLFU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.2/go.mod h1:cDh1p6XkSGSwSRIArWRc6+UqAQ7x4alQ0QfpVR6f+co= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 h1:iTFYCAdKzSAjGnVIUe88Hxvix0uaBqr0Rv7qJEOX5hE= github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51/go.mod h1:7Grl2gV+dx9SWrUIgwwlUvU40t7+lOSbx34XwfmsTkY= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15/go.mod h1:pWrr2OoHlT7M/Pd2y4HV3gJyPb3qj5qMmnPkKSNPYK4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18/go.mod h1:348MLhzV1GSlZSMusdwQpXKbhD7X2gbI/TxwAPKkYZQ= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32 h1:dpbVNUjczQ8Ae3QKHbpHBpfvaVkRdesxpTOe9pTouhU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.32/go.mod h1:RudqOgadTWdcS3t/erPQo24pcVEoYyqj/kKW5Vya21I= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.9/go.mod h1:08tUpeSGN33QKSO7fwxXczNfiwCpbj+GxK6XKwqWVv0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12/go.mod h1:ckaCVTEdGAxO6KwTGzgskxR1xM+iJW4lxMyDFVda2Fc= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26 h1:QH2kOS3Ht7x+u0gHCh06CXL/h6G8LQJFpZfFBYBNboo= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.26/go.mod h1:vq86l7956VgFr0/FWQ2BWnK07QC3WYsepKzy33qqY5U= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16/go.mod h1:CYmI+7x03jjJih8kBEEFKRQc40UjUokT0k7GbvrhhTc= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33 h1:HbH1VjUgrCdLJ+4lnnuLI4iVNRvBbBELGaJ5f69ClA8= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.33/go.mod h1:zG2FcwjQarWaqXSCGpgcr3RSjZ6dHGguZSppUL0XR7Q= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 h1:FGvpyTg2LKEmMrLlpjOgkoNp9XF5CGeyAyo33LdqZW8= github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19/go.mod h1:8W88sW3PjamQpKFUQvHWWKay6ARsNvZnzU7+a4apubw= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= @@ -683,13 +684,13 @@ github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 h1:c5+bNdV8E4fIPt github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23/go.mod h1:1jcUfF+FAOEwtIcNiHPaV4TSoZqkUIPzrohmD7fb95c= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9/go.mod h1:yQowTpvdZkFVuHrLBXmczat4W+WJKg/PafBZnGBLga0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26 h1:uUt4XctZLhl9wBE1L8lobU3bVN8SNUP7T+olb0bWBO4= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.26/go.mod h1:Bd4C/4PkVGubtNe5iMXu5BNnaBi/9t/UsFspPt4ram8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 h1:ISLJ2BKXe4zzyZ7mp5ewKECiw0U7KpLgS3S6OxY9Cm0= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22/go.mod h1:QFVbqK54XArazLvn2wvWMRBi/jGrWii46qbr5DyPGjc= github.com/aws/aws-sdk-go-v2/service/kms v1.20.2/go.mod h1:vdqtUOdVuf5ooy+hJ2GnzqNo94xiAA9s1xbZ1hQgRE0= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.11 h1:4wnkwVxvcSkdby772OPyNPzPoGBLRZ9ThV1OxGRj+o8= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.11/go.mod h1:gSdg6VjsqS8EeGjkXAaLjiwG9fwNrCPAj/kAD6of7EI= +github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 h1:Q03Jqh1enA8keCiGZpLetpk58Ll9iGejE5bOErxyGAU= +github.com/aws/aws-sdk-go-v2/service/kms v1.21.1/go.mod h1:EEfb4gfSphdVpRo5sGf2W3KvJbelYUno5VaXR5MJ3z4= github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 h1:5EQWIFO+Hc8E2hFcXQJ1vm6ufl/PMt/6RVRDZRju2vM= github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2/go.mod h1:SXDHd6fI2RhqB7vmAzyYQCTQnpZrIprVJvYxpzW3JAM= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog= @@ -698,15 +699,15 @@ github.com/aws/aws-sdk-go-v2/service/sqs v1.20.2/go.mod h1:1ttxGjUHZliCQMpPss1sU github.com/aws/aws-sdk-go-v2/service/ssm v1.35.2/go.mod h1:VLSz2SHUKYFSOlXB/GlXoLU6KPYQJAbw7I20TDJdyws= github.com/aws/aws-sdk-go-v2/service/sso v1.11.13/go.mod h1:d7ptRksDDgvXaUvxyHZ9SYh+iMDymm94JbVcgvSYSzU= github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.8 h1:5cb3D6xb006bPTqEfCNaEA6PPEfBXxxy4NNeX/44kGk= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.8/go.mod h1:GNIveDnP+aE3jujyUSH5aZ/rktsTM5EvtKnCqBZawdw= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8 h1:NZaj0ngZMzsubWZbrEFSB4rgSQRbFq38Sd6KBxHuOIU= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.8/go.mod h1:44qFP1g7pfd+U+sQHLPalAPKnyfTZjJsYR4xIwsJy5o= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk= github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmclSfl4l7cySoay8vz7p/ce0E= github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.9 h1:Qf1aWwnsNkyAoqDqmdM3nHwN78XQjec27LjM6b9vyfI= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.9/go.mod h1:yyW88BEPXA2fGFyI2KCcZC3dNpiT0CZAHaF+i656/tQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 h1:uBE+Zj478pfxV98L6SEpvxYiADNjTlMNY714PJLE7uo= +github.com/aws/aws-sdk-go-v2/service/sts v1.18.11/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= @@ -1312,8 +1313,9 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1447,8 +1449,8 @@ github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8I github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.2 h1:WVtYAYuYxKeYajAmThMRYWP6K3wXkcqbGHeUgeubUHY= -github.com/google/s2a-go v0.1.2/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= +github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE= +github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -2110,15 +2112,16 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= -github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM= -github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= +github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= +github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -2231,10 +2234,10 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= github.com/sigstore/cosign/v2 v2.0.0 h1:x+K6VQKtrBR9/MYOx6ebJB6/Aux56nmf2Zn3chZlP5w= github.com/sigstore/cosign/v2 v2.0.0/go.mod h1:MeJyYfKll3AAsb+CdnhI3YkecDPX2erPvf1JaUaFCrM= -github.com/sigstore/rekor v1.1.1 h1:JCeSss+qUHnCATmwAZh4zT9k0Frdyq0BjmRwewSfEy4= -github.com/sigstore/rekor v1.1.1/go.mod h1:x/xK+HK08MiuJv+v4OxY/Oo3bhuz1DtJXNJrV7hrzvs= -github.com/sigstore/sigstore v1.6.3 h1:lt/w/fZNnrT4PjjqTYsUXn57fvE1YYfIB3SElQZ1oR4= -github.com/sigstore/sigstore v1.6.3/go.mod h1:BpLOp7N2IECbatk4sXE2toY2krw615NmwAtWs/3SJDw= +github.com/sigstore/rekor v1.2.0 h1:ahlnoEY3zo8Vc+eZLPobamw6YfBTAbI0lthzUQd6qe4= +github.com/sigstore/rekor v1.2.0/go.mod h1:zcFO54qIg2G1/i0sE/nvmELUOng/n0MPjTszRYByVPo= +github.com/sigstore/sigstore v1.6.4 h1:jH4AzR7qlEH/EWzm+opSpxCfuUcjHL+LJPuQE7h40WE= +github.com/sigstore/sigstore v1.6.4/go.mod h1:pjR64lBxnjoSrAr+Ydye/FV73IfrgtoYlAI11a8xMfA= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= @@ -2599,6 +2602,7 @@ golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -2607,8 +2611,8 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2623,8 +2627,9 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874 h1:kWC3b7j6Fu09SnEBr7P4PuQyM0R6sqyH9R+EjIvT1nQ= golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 h1:J74nGeMgeFnYQJN59eFwh06jX/V8g0lB7LWpjSLxtgU= @@ -3188,8 +3193,8 @@ google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.119.0 h1:Dzq+ARD6+8jmd5wknJE1crpuzu1JiovEU6gCp9PkoKA= -google.golang.org/api v0.119.0/go.mod h1:CrSvlNEFCFLae9ZUtL1z+61+rEBD7J/aCYwVYKZoWFU= +google.golang.org/api v0.121.0 h1:8Oopoo8Vavxx6gt+sgs8s8/X60WBAtKQq6JqnkF+xow= +google.golang.org/api v0.121.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3380,8 +3385,8 @@ google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag= -google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -3519,8 +3524,8 @@ k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M= -k8s.io/klog/v2 v2.90.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= From f8e193f28baf52a1ade5e65a7d517dbdb5178272 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 17:48:54 -0500 Subject: [PATCH 218/316] :seedling: Bump golang from `685a22e` to `690e413` (#3080) Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 86a4788659d..997431cebe8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 7c5327a6c0cc815d3e13326e6b80ce3ba08b8288 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 22:49:36 +0000 Subject: [PATCH 219/316] :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/cii Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/cii/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 86477028141..7053fc42c0e 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From a1b4928e629593ac389c4cbb97b572c362f85beb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:04:34 +0000 Subject: [PATCH 220/316] :seedling: Bump golang in /cron/internal/controller Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/controller/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 26653c70084..ce9a2022cf4 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 5fd6b0becfaea75788b24689b626adbc5ed27cb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:18:35 +0000 Subject: [PATCH 221/316] :seedling: Bump golang in /cron/internal/worker Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/worker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index 5661128466e..e7d46c7dcc9 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From c417d75d85fd4eebcd619039deff18f0426b647e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:31:58 +0000 Subject: [PATCH 222/316] :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index e5b6aa972b9..3954471e98b 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 30563b96ee031083b2c2a60b8ac8977025289b65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 May 2023 23:45:27 +0000 Subject: [PATCH 223/316] :seedling: Bump golang in /cron/internal/webhook Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/webhook/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index cd2bce302f4..efed742e75e 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 4b21f08619420d919778118bb099bcd2a5871259 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 00:03:35 +0000 Subject: [PATCH 224/316] :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/bq Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/bq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index 5397cb7e2e4..c7566715f1c 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:685a22e459f9516f27d975c5cc6accc11223ee81fdfbbae60e39cc3b87357306 AS base +FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 7406bcb85e7fb3edf4df081b235ca625c653ad0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 11:00:09 -0500 Subject: [PATCH 225/316] :seedling: Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089) Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](https://github.com/arduino/setup-protoc/compare/4b3578161eece2eb20a9dfd84bb8ed105e684dba...149f6c87b92550901b26acd1632e11c3662e381f) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 14 +++++++------- .github/workflows/main.yml | 34 +++++++++++++++++----------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 6a7e4dc4e45..ff2e5d4683a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -65,7 +65,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -95,7 +95,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -125,7 +125,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -155,7 +155,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -185,7 +185,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -215,7 +215,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -245,7 +245,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 36f16e94a56..d2e56277326 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -98,7 +98,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -146,7 +146,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -193,7 +193,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -229,7 +229,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -277,7 +277,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -325,7 +325,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -373,7 +373,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -421,7 +421,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -469,7 +469,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -517,7 +517,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -565,7 +565,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -613,7 +613,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -661,7 +661,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -709,7 +709,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -756,7 +756,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -828,7 +828,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} @@ -875,7 +875,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc - uses: arduino/setup-protoc@4b3578161eece2eb20a9dfd84bb8ed105e684dba # v1.2.0 + uses: arduino/setup-protoc@149f6c87b92550901b26acd1632e11c3662e381f # v1.3.0 with: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} From dc7350546ebb66049d82fdad60593bcb56620b06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 May 2023 16:15:44 +0000 Subject: [PATCH 226/316] :seedling: Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.3 to 36.0.9. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/25eaddf37ae893cec889065e9a60439c8af6f089...cf4fe8759a45edd76ed6215da3529d2dbd2a3c68) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ff2e5d4683a..255bdb01e4d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@25eaddf37ae893cec889065e9a60439c8af6f089 #v36.0.3 + uses: tj-actions/changed-files@cf4fe8759a45edd76ed6215da3529d2dbd2a3c68 #v36.0.9 with: files_ignore: '**.md' - id: docs_only_check From 93b662b0fe11845bb5ea116633e73aa1e23a9b2c Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 31 May 2023 05:36:40 -0700 Subject: [PATCH 227/316] switch security policy e2e test to ossf-tests repo. (#3090) tensorflow/tensorflow is huge and was slowing down tests. Also removed the rust e2e tests because they're already present as unit tests. Signed-off-by: Spencer Schrock --- e2e/security_policy_test.go | 60 +++---------------------------------- 1 file changed, 4 insertions(+), 56 deletions(-) diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index fc6a5ab002e..f52386f7836 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -34,7 +34,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { Context("E2E TEST:Validating security policy", func() { It("Should return valid security policy", func() { dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") + repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-security-policy-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) err = repoClient.InitRepo(repo, clients.HeadSHA, 0) @@ -60,62 +60,10 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { }) It("Should return valid security policy at commitSHA", func() { dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("tensorflow/tensorflow") + repo, err := githubrepo.MakeGithubRepo("ossf-tests/scorecard-check-security-policy-e2e") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "e0cb70344e46276b37d65824f95eca478080de4a", 0) - Expect(err).Should(BeNil()) - - req := checker.CheckRequest{ - Ctx: context.Background(), - RepoClient: repoClient, - Repo: repo, - Dlogger: &dl, - } - expected := scut.TestReturn{ - Error: nil, - Score: checker.MaxResultScore, - NumberOfWarn: 0, - NumberOfInfo: 4, - NumberOfDebug: 0, - } - result := checks.SecurityPolicy(&req) - // New version. - Expect(scut.ValidateTestReturn(nil, "policy found", &expected, &result, &dl)).Should(BeTrue()) - Expect(repoClient.Close()).Should(BeNil()) - }) - It("Should return valid security policy for rust repositories", func() { - dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("randombit/botan") - Expect(err).Should(BeNil()) - repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA, 0) - Expect(err).Should(BeNil()) - - req := checker.CheckRequest{ - Ctx: context.Background(), - RepoClient: repoClient, - Repo: repo, - Dlogger: &dl, - } - expected := scut.TestReturn{ - Error: nil, - Score: checker.MaxResultScore, - NumberOfWarn: 0, - NumberOfInfo: 4, - NumberOfDebug: 0, - } - result := checks.SecurityPolicy(&req) - // New version. - Expect(scut.ValidateTestReturn(nil, "policy found", &expected, &result, &dl)).Should(BeTrue()) - Expect(repoClient.Close()).Should(BeNil()) - }) - It("Should return valid security policy for rust repositories at commitSHA", func() { - dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("randombit/botan") - Expect(err).Should(BeNil()) - repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, "bab40cdd29d19e0638cf1301dfd355c52b94d1c0", 0) + err = repoClient.InitRepo(repo, "46e9bc6538b2f788b6e3d18f8c8c174146565e93", 0) Expect(err).Should(BeNil()) req := checker.CheckRequest{ @@ -144,7 +92,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { defer os.RemoveAll(tmpDir) _, e := git.PlainClone(tmpDir, false, &git.CloneOptions{ - URL: "http://github.com/ossf-tests/botan", + URL: "http://github.com/ossf-tests/scorecard-check-security-policy-e2e", }) Expect(e).Should(BeNil()) From aa4873f869d31c093ce26f14e33554c9d1eb0511 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 10:34:48 -0500 Subject: [PATCH 228/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 2 +- tools/go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 2013900774c..5e2c28edf04 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.5 + github.com/onsi/ginkgo/v2 v2.9.7 google.golang.org/protobuf v1.30.0 ) diff --git a/tools/go.sum b/tools/go.sum index 9246174942c..fbc02982a78 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1998,8 +1998,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= +github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= +github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -2018,7 +2018,7 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= +github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From bfd535755379bbe13d156b262fc9dd8ec33e23a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 May 2023 15:45:31 +0000 Subject: [PATCH 229/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cd972e1681c..83c84d4c51f 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.3 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.9.5 + github.com/onsi/ginkgo/v2 v2.9.7 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index b4acc2a5b17..2a8564469c4 100644 --- a/go.sum +++ b/go.sum @@ -1661,8 +1661,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= +github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= +github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From d5c80c933f784464687bc358e896b177eda8b621 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 11:13:10 -0500 Subject: [PATCH 230/316] :seedling: Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.4 to 3.0.6. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e...1360a344ccb0ab6e9475edef90ad2f46bf8003b1) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/depsreview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 7d8727083dd..96acffae5c2 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - name: 'Dependency Review' - uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e + uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 From 3c400c7dd6e3e0b785c87610fa3b4e52bc0c83da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 12:24:28 -0500 Subject: [PATCH 231/316] :seedling: Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.9 to 36.0.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/cf4fe8759a45edd76ed6215da3529d2dbd2a3c68...5978e5a2df95ef20cde627d4acb5edd1f87ba46a) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 255bdb01e4d..2cd1a61ef1c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@cf4fe8759a45edd76ed6215da3529d2dbd2a3c68 #v36.0.9 + uses: tj-actions/changed-files@5978e5a2df95ef20cde627d4acb5edd1f87ba46a #v36.0.12 with: files_ignore: '**.md' - id: docs_only_check From 1dd627eebcd49d62e0bd71cf2df2a00ac8eaa5c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 17:34:37 +0000 Subject: [PATCH 232/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 83c84d4c51f..26da20b0387 100644 --- a/go.mod +++ b/go.mod @@ -165,7 +165,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.3 // indirect - github.com/xanzy/go-gitlab v0.83.0 + github.com/xanzy/go-gitlab v0.84.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 2a8564469c4..3dfa752afc9 100644 --- a/go.sum +++ b/go.sum @@ -1968,8 +1968,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= -github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.84.0 h1:PdpCaskQSgcVDsx21c6ikf8Rfyo7SNtFAJwP9PrbCFE= +github.com/xanzy/go-gitlab v0.84.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 174aaa266fe86406b4a98379e0ffcbb66f8a0911 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jun 2023 17:36:24 +0000 Subject: [PATCH 233/316] :seedling: Bump golang.org/x/tools from 0.9.1 to 0.9.2 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 26da20b0387..a0933bb3d9d 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.9.0 - golang.org/x/tools v0.9.1 + golang.org/x/tools v0.9.2 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 3dfa752afc9..a28fb26f448 100644 --- a/go.sum +++ b/go.sum @@ -2650,8 +2650,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= -golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.2 h1:UXbndbirwCAx6TULftIfie/ygDNCwxEie+IiNP1IcNc= +golang.org/x/tools v0.9.2/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 02826cc7f4aebc0e880297dc0f6ff5e0869cbbd2 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Thu, 1 Jun 2023 14:55:17 -0400 Subject: [PATCH 234/316] =?UTF-8?q?=E2=9C=A8=20GitLab:=20enable=20more=20c?= =?UTF-8?q?hecks=20in=20cron=20(#3097)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Enable checks * Binary-Artifacts * Code-Review * License * Vulnerabilities Signed-off-by: Raghav Kaul * Enable more checks * CII Best Practices * Fuzzing * Maintained * Packaging * Pinned-Dependencies * Signed-Releases Signed-off-by: Raghav Kaul * update repo name Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- .../data/gitlab-projects-selected.csv | 2 +- cron/internal/worker/main.go | 34 +++++++++---------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/cron/internal/data/gitlab-projects-selected.csv b/cron/internal/data/gitlab-projects-selected.csv index dd22ca97358..0fa9195a82e 100644 --- a/cron/internal/data/gitlab-projects-selected.csv +++ b/cron/internal/data/gitlab-projects-selected.csv @@ -4,7 +4,7 @@ https://gitlab.com/gitlab-org/gitlab, https://gitlab.com/CalcProgrammer1/OpenRGB, https://gitlab.com/gitlab-org/gitlab-runner, https://gitlab.com/fdroid/fdroidclient, -https://gitlab.com/bramw/baserow, +https://gitlab.com/baserow/baserow, https://gitlab.com/AuroraOSS/AuroraStore, https://gitlab.com/graphviz/graphviz, https://gitlab.com/pgjones/quart, diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index 39e4f0445e1..5eccc1a25a4 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -56,25 +56,25 @@ var ( // TODO, should probably be its own config/env var, as the checks we want to run // per-platform will differ based on API cost/efficiency/implementation. gitlabDisabledChecks = []string{ - "Binary-Artifacts", + // "Binary-Artifacts", "Branch-Protection", - "CII-Best-Practices", - "CI-Tests", - "Code-Review", - "Contributors", - "Dangerous-Workflow", - "Dependency-Update-Tool", - "Fuzzing", - "License", - "Maintained", - "Packaging", - "Pinned-Dependencies", - "SAST", + // "CII-Best-Practices", + "CI-Tests", // globally disabled + // "Code-Review", + "Contributors", // globally disabled + "Dangerous-Workflow", // not supported on gitlab + "Dependency-Update-Tool", // globally disabled, not supported on gitlab + // "Fuzzing", + // "License", + // "Maintained", + // "Packaging", + // "Pinned-Dependencies", + "SAST", // not supported on gitlab // "Security-Policy", - "Signed-Releases", - "Token-Permissions", - "Vulnerabilities", - "Webhooks", + // "Signed-Releases", + "Token-Permissions", /// not supported on gitlab + // "Vulnerabilities", + "Webhooks", // globally disabled } ) From 36e3364c5a7d30ece75f407b5c1a17e2b3214f76 Mon Sep 17 00:00:00 2001 From: Amanda L Martin Date: Thu, 1 Jun 2023 19:24:40 -0400 Subject: [PATCH 235/316] :book: agenda link change (#3111) Signed-off-by: Amanda L Martin --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7b783b44dd7..a36a9763342 100644 --- a/README.md +++ b/README.md @@ -567,7 +567,7 @@ We meet every other Thursday - 4p ET on this [zoom link](https://zoom.us/j/98835 #### Agenda -You can see the [agenda and meeting notes here](https://docs.google.com/document/d/1dB2U7_qZpNW96vtuoG7ShmgKXzIg6R5XT5Tc-0yz6kE/edit#). +You can see the [agenda and meeting notes here](https://docs.google.com/document/d/1b6d3CVJLsl7YnTE7ZaZQHdkdYIvuOQ8rzAmvVdypOWM/edit?usp=sharing). ## Stargazers over time From 14c8ade533465468f61114ace0ec75c60c887e57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:31:52 -0500 Subject: [PATCH 236/316] :seedling: Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0225834cc549ee0ca93cb085b92954821a145866...83f0fe6c4988d98a455712a27f0255212bba9bd4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bf2c506d60c..e4a2ac34298 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0225834cc549ee0ca93cb085b92954821a145866 # v1 + uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0225834cc549ee0ca93cb085b92954821a145866 # v1 + uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0225834cc549ee0ca93cb085b92954821a145866 # v1 + uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index f549123947b..697720dd9d9 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@0225834cc549ee0ca93cb085b92954821a145866 # v1 + uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 with: sarif_file: results.sarif From 7772314743fdd68a7e159606dff8516901e7934b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 11:45:25 -0500 Subject: [PATCH 237/316] :seedling: Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.12 to 36.0.15. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/5978e5a2df95ef20cde627d4acb5edd1f87ba46a...5d2fcdb4cbef720a52f49fd05d8c7edd18a64758) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2cd1a61ef1c..694508f8131 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@5978e5a2df95ef20cde627d4acb5edd1f87ba46a #v36.0.12 + uses: tj-actions/changed-files@5d2fcdb4cbef720a52f49fd05d8c7edd18a64758 #v36.0.15 with: files_ignore: '**.md' - id: docs_only_check From 743ef52dc0e32eada7f553efb2dc7e01971a49e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 2 Jun 2023 08:59:22 +0000 Subject: [PATCH 238/316] :seedling: Bump golang.org/x/tools from 0.9.2 to 0.9.3 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.2 to 0.9.3. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a0933bb3d9d..f08bbd93f58 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.9.0 - golang.org/x/tools v0.9.2 + golang.org/x/tools v0.9.3 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index a28fb26f448..efa24a6caba 100644 --- a/go.sum +++ b/go.sum @@ -2650,8 +2650,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.2 h1:UXbndbirwCAx6TULftIfie/ygDNCwxEie+IiNP1IcNc= -golang.org/x/tools v0.9.2/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 13162b7ef6b52eb632f03f152c5f2bd98ba8ec76 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 2 Jun 2023 14:31:06 -0500 Subject: [PATCH 239/316] :seedling: Unit tests for option (#3109) - Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format - Add tests for checks to run and format flags Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- options/flags_test.go | 168 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 options/flags_test.go diff --git a/options/flags_test.go b/options/flags_test.go new file mode 100644 index 00000000000..ff4a38b3e4d --- /dev/null +++ b/options/flags_test.go @@ -0,0 +1,168 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package options + +import ( + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/spf13/cobra" +) + +//nolint:gocognit +func TestOptions_AddFlags(t *testing.T) { + t.Parallel() + tests := []struct { //nolint:govet + name string + opts *Options + }{ + { + name: "custom options", + opts: &Options{ + Repo: "owner/repo", + Local: "/path/to/local", + Commit: "1234567890abcdef", + LogLevel: "debug", + NPM: "npm-package", + PyPI: "pypi-package", + RubyGems: "rubygems-package", + Metadata: []string{"key1=value1", "key2=value2"}, + ShowDetails: true, + ChecksToRun: []string{"check1", "check2"}, + PolicyFile: "policy-file", + Format: "json", + }, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + cmd := &cobra.Command{} + tt.opts.AddFlags(cmd) + + // check FlagRepo + if cmd.Flag(FlagRepo).Value.String() != tt.opts.Repo { + t.Errorf("expected FlagRepo to be %q, but got %q", tt.opts.Repo, cmd.Flag(FlagRepo).Value.String()) + } + + // check FlagLocal + if cmd.Flag(FlagLocal).Value.String() != tt.opts.Local { + t.Errorf("expected FlagLocal to be %q, but got %q", tt.opts.Local, cmd.Flag(FlagLocal).Value.String()) + } + + // check FlagCommit + if cmd.Flag(FlagCommit).Value.String() != tt.opts.Commit { + t.Errorf("expected FlagCommit to be %q, but got %q", tt.opts.Commit, cmd.Flag(FlagCommit).Value.String()) + } + + // check FlagLogLevel + if cmd.Flag(FlagLogLevel).Value.String() != tt.opts.LogLevel { + t.Errorf("expected FlagLogLevel to be %q, but got %q", tt.opts.LogLevel, cmd.Flag(FlagLogLevel).Value.String()) + } + + // check FlagNPM + if cmd.Flag(FlagNPM).Value.String() != tt.opts.NPM { + t.Errorf("expected FlagNPM to be %q, but got %q", tt.opts.NPM, cmd.Flag(FlagNPM).Value.String()) + } + + // check FlagPyPI + if cmd.Flag(FlagPyPI).Value.String() != tt.opts.PyPI { + t.Errorf("expected FlagPyPI to be %q, but got %q", tt.opts.PyPI, cmd.Flag(FlagPyPI).Value.String()) + } + + // check FlagRubyGems + if cmd.Flag(FlagRubyGems).Value.String() != tt.opts.RubyGems { + t.Errorf("expected FlagRubyGems to be %q, but got %q", tt.opts.RubyGems, cmd.Flag(FlagRubyGems).Value.String()) + } + + var e1 []string + for _, f := range strings.Split(cmd.Flag(FlagChecks).Value.String(), ",") { + f = strings.TrimPrefix(f, "[") + f = strings.TrimSuffix(f, "]") + e1 = append(e1, f) + } + if !cmp.Equal(e1, tt.opts.ChecksToRun) { + t.Errorf("expected FlagChecks to be %q, but got %q", tt.opts.ChecksToRun, e1) + } + // check FlagFormat + if cmd.Flag(FlagFormat).Value.String() != tt.opts.Format { + t.Errorf("expected FlagFormat to be %q, but got %q", tt.opts.Format, cmd.Flag(FlagFormat).Value.String()) + } + }) + } +} + +func TestOptions_AddFlags_ChecksToRun(t *testing.T) { + tests := []struct { + name string + opts *Options + expected []string + }{ + { + name: "custom options", + opts: &Options{ + ChecksToRun: []string{"check1", "check2"}, + }, + expected: []string{"check1", "check2"}, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + e := []string{} + cmd := &cobra.Command{} + tt.opts.AddFlags(cmd) + for _, f := range strings.Split(cmd.Flag(FlagChecks).Value.String(), ",") { + f = strings.TrimPrefix(f, "[") + f = strings.TrimSuffix(f, "]") + e = append(e, f) + } + if !cmp.Equal(e, tt.expected) { + t.Errorf("expected FlagChecks to be %q, but got %q", tt.expected, e) + } + }) + } +} + +func TestOptions_AddFlags_Format(t *testing.T) { + t.Parallel() + tests := []struct { + name string + opts *Options + expected []string + }{ + { + name: "default options", + opts: &Options{}, + expected: []string{}, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + cmd := &cobra.Command{} + tt.opts.AddFlags(cmd) + if !cmp.Equal(cmd.Flag(FlagFormat).Value.String(), strings.Join(tt.expected, ", ")) { + t.Errorf("expected FlagFormat to be %q, but got %q", strings.Join(tt.expected, ", "), cmd.Flag(FlagFormat).Value.String()) //nolint:lll + } + }) + } +} From 9ba0665b0ac90b5c9266f866c13ee21b6c3ac113 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Fri, 2 Jun 2023 18:38:19 -0400 Subject: [PATCH 240/316] =?UTF-8?q?=F0=9F=8C=B1=20GitLab:=20add=20gitlab?= =?UTF-8?q?=20auth=20token=20to=20cron=20worker=20env=20(#3117)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Raghav Kaul --- cron/k8s/worker.release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cron/k8s/worker.release.yaml b/cron/k8s/worker.release.yaml index d5497df9ef2..b7f5e4a3fda 100644 --- a/cron/k8s/worker.release.yaml +++ b/cron/k8s/worker.release.yaml @@ -52,6 +52,11 @@ spec: secretKeyRef: name: github key: installation_id + - name: GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: gitlab + key: auth_token - name: "SCORECARD_API_RESULTS_BUCKET_URL" value: "gs://ossf-scorecard-cron-releasetest-results" - name: "SCORECARD_EXPERIMENTAL" From fdfe2b9b9e32896b61db0cebd9626babd10fb361 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Sat, 3 Jun 2023 18:42:08 -0400 Subject: [PATCH 241/316] Don't run pat e2e on dependabot merges (#3119) Signed-off-by: Raghav Kaul --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d2e56277326..a3d6b75b8e8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -72,7 +72,7 @@ jobs: verbose: true - name: Run PAT Token E2E #using retry because the GitHub token is being throttled. uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd - if: ${{ github.event_name != 'pull_request' }} + if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} with: From d961dda3b2350d1484948bd2b7efa46210c47e41 Mon Sep 17 00:00:00 2001 From: Nicolas DUBIEN Date: Sun, 4 Jun 2023 19:40:18 +0200 Subject: [PATCH 242/316] =?UTF-8?q?=E2=9C=A8=20Detect=20fast-check=20PBT?= =?UTF-8?q?=20library=20for=20fuzz=20section=20(#3073)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ✨ Detect fast-check PBT library for fuzz section As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution. I also adapted the documentation related to fuzzing accordingly. Signed-off-by: Nicolas DUBIEN * Typo Signed-off-by: Nicolas DUBIEN * Update missing md files Signed-off-by: Nicolas DUBIEN --------- Signed-off-by: Nicolas DUBIEN --- README.md | 2 +- checks/raw/fuzzing.go | 36 +++++++++++++--- checks/raw/fuzzing_test.go | 74 ++++++++++++++++++++++++++++++++ docs/checks.md | 4 +- docs/checks/internal/checks.yaml | 4 +- 5 files changed, 112 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a36a9763342..2055a4751f7 100644 --- a/README.md +++ b/README.md @@ -457,7 +457,7 @@ Name | Description | Risk Level | Token Req [Contributors](docs/checks.md#contributors) | Does the project have contributors from at least two different organizations? | Low | PAT, GITHUB_TOKEN | Validating | [Dangerous-Workflow](docs/checks.md#dangerous-workflow) | Does the project avoid dangerous coding patterns in GitHub Action workflows? | Critical | PAT, GITHUB_TOKEN | Unsupported | [Dependency-Update-Tool](docs/checks.md#dependency-update-tool) | Does the project use tools to help update its dependencies? | High | PAT, GITHUB_TOKEN | Unsupported | -[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz)? | Medium | PAT, GITHUB_TOKEN | Validating +[Fuzzing](docs/checks.md#fuzzing) | Does the project use fuzzing tools, e.g. [OSS-Fuzz](https://github.com/google/oss-fuzz), [QuickCheck](https://hackage.haskell.org/package/QuickCheck) or [fast-check](https://fast-check.dev/)? | Medium | PAT, GITHUB_TOKEN | Validating [License](docs/checks.md#license) | Does the project declare a license? | Low | PAT, GITHUB_TOKEN | Validating | [Maintained](docs/checks.md#maintained) | Is the project at least 90 days old, and maintained? | High | PAT, GITHUB_TOKEN | Validating | [Pinned-Dependencies](docs/checks.md#pinned-dependencies) | Does the project declare and pin [dependencies](https://docs.github.com/en/free-pro-team@latest/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)? | Medium | PAT, GITHUB_TOKEN | Validating | diff --git a/checks/raw/fuzzing.go b/checks/raw/fuzzing.go index 8f01595881b..a8a161d9847 100644 --- a/checks/raw/fuzzing.go +++ b/checks/raw/fuzzing.go @@ -28,11 +28,13 @@ import ( ) const ( - fuzzerOSSFuzz = "OSSFuzz" - fuzzerClusterFuzzLite = "ClusterFuzzLite" - oneFuzz = "OneFuzz" - fuzzerBuiltInGo = "GoBuiltInFuzzer" - fuzzerPropertyBasedHaskell = "HaskellPropertyBasedTesting" + fuzzerOSSFuzz = "OSSFuzz" + fuzzerClusterFuzzLite = "ClusterFuzzLite" + oneFuzz = "OneFuzz" + fuzzerBuiltInGo = "GoBuiltInFuzzer" + fuzzerPropertyBasedHaskell = "HaskellPropertyBasedTesting" + fuzzerPropertyBasedJavaScript = "JavaScriptPropertyBasedTesting" + fuzzerPropertyBasedTypeScript = "TypeScriptPropertyBasedTesting" // TODO: add more fuzzing check supports. ) @@ -87,6 +89,30 @@ var languageFuzzSpecs = map[clients.LanguageName]languageFuzzConfig{ "Property-based testing in Haskell generates test instances randomly or exhaustively " + "and test that specific properties are satisfied."), }, + // Fuzz patterns for JavaScript and TypeScript based on property-based testing. + // + // Based on the import of one of these packages: + // * https://fast-check.dev/ + // + // This is not an exhaustive list. + clients.JavaScript: { + filePattern: "*.js", + // Look for direct imports of fast-check. + funcPattern: `(from\s+['"]fast-check['"]|require\(\s*['"]fast-check['"]\s*\))`, + Name: fuzzerPropertyBasedJavaScript, + Desc: asPointer( + "Property-based testing in JavaScript generates test instances randomly or exhaustively " + + "and test that specific properties are satisfied."), + }, + clients.TypeScript: { + filePattern: "*.ts", + // Look for direct imports of fast-check. + funcPattern: `(from\s+['"]fast-check['"]|require\(\s*['"]fast-check['"]\s*\))`, + Name: fuzzerPropertyBasedTypeScript, + Desc: asPointer( + "Property-based testing in TypeScript generates test instances randomly or exhaustively " + + "and test that specific properties are satisfied."), + }, // TODO: add more language-specific fuzz patterns & configs. } diff --git a/checks/raw/fuzzing_test.go b/checks/raw/fuzzing_test.go index 5804a30c62a..c0a06edfe72 100644 --- a/checks/raw/fuzzing_test.go +++ b/checks/raw/fuzzing_test.go @@ -413,6 +413,80 @@ func Test_checkFuzzFunc(t *testing.T) { }, fileContent: "import Test.Hspec", }, + { + name: "JavaScript fast-check via require", + want: true, + fileName: []string{"main.spec.js"}, + langs: []clients.Language{ + { + Name: clients.JavaScript, + NumLines: 50, + }, + }, + fileContent: "const fc = require('fast-check');", + }, + { + name: "JavaScript fast-check via import", + want: true, + fileName: []string{"main.spec.js"}, + langs: []clients.Language{ + { + Name: clients.JavaScript, + NumLines: 50, + }, + }, + fileContent: "import fc from \"fast-check\";", + }, + { + name: "JavaScript with no property-based testing", + want: false, + fileName: []string{"main.spec.js"}, + wantErr: true, + langs: []clients.Language{ + { + Name: clients.JavaScript, + NumLines: 50, + }, + }, + fileContent: "const fc = require('fast-other');", + }, + { + name: "TypeScript fast-check via require", + want: true, + fileName: []string{"main.spec.ts"}, + langs: []clients.Language{ + { + Name: clients.TypeScript, + NumLines: 50, + }, + }, + fileContent: "const fc = require('fast-check');", + }, + { + name: "TypeScript fast-check via import", + want: true, + fileName: []string{"main.spec.ts"}, + langs: []clients.Language{ + { + Name: clients.TypeScript, + NumLines: 50, + }, + }, + fileContent: "import fc from \"fast-check\";", + }, + { + name: "TypeScript with no property-based testing", + want: false, + fileName: []string{"main.spec.ts"}, + wantErr: true, + langs: []clients.Language{ + { + Name: clients.TypeScript, + NumLines: 50, + }, + }, + fileContent: "const fc = require('fast-other');", + }, } for _, tt := range tests { tt := tt diff --git a/docs/checks.md b/docs/checks.md index 7db3d80baf7..406bb213f1b 100644 --- a/docs/checks.md +++ b/docs/checks.md @@ -338,7 +338,9 @@ This check tries to determine if the project uses 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; 3. if there are user-defined language-specified fuzzing functions in the repository. - - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/) and a limited set of property-based testing libraries for Haskell. + - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/), + - a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck), + - a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/). 4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz); Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data diff --git a/docs/checks/internal/checks.yaml b/docs/checks/internal/checks.yaml index 7b8ad4eca13..406d9871b60 100644 --- a/docs/checks/internal/checks.yaml +++ b/docs/checks/internal/checks.yaml @@ -398,7 +398,9 @@ checks: 1. if the repository name is included in the [OSS-Fuzz](https://github.com/google/oss-fuzz) project list; 2. if [ClusterFuzzLite](https://google.github.io/clusterfuzzlite/) is deployed in the repository; 3. if there are user-defined language-specified fuzzing functions in the repository. - - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/) and a limited set of property-based testing libraries for Haskell. + - currently only supports [Go fuzzing](https://go.dev/doc/fuzz/), + - a limited set of property-based testing libraries for Haskell including [QuickCheck](https://hackage.haskell.org/package/QuickCheck), [Hedgehog](https://hedgehog.qa/), [validity](https://hackage.haskell.org/package/validity) or [SmallCheck](https://hackage.haskell.org/package/smallcheck), + - a limited set of property-based testing libraries for JavaScript and TypeScript including [fast-check](https://fast-check.dev/). 4. if it contains a [OneFuzz](https://github.com/microsoft/onefuzz) integration [detection file](https://github.com/microsoft/onefuzz/blob/main/docs/getting-started.md#detecting-the-use-of-onefuzz); Fuzzing, or fuzz testing, is the practice of feeding unexpected or random data From a0ae3cee287ad9bda9666c87d1a3213e25877602 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 6 Jun 2023 15:27:55 -0700 Subject: [PATCH 243/316] :seedling: temporarily disable failing e2e tests so we don't block all PRs. (#3130) Signed-off-by: Spencer Schrock --- e2e/attestor_policy_test.go | 142 ++++++++++++++++++------------------ e2e/ci_tests_test.go | 1 + 2 files changed, 73 insertions(+), 70 deletions(-) diff --git a/e2e/attestor_policy_test.go b/e2e/attestor_policy_test.go index 56c7ec5691e..e0837b76ada 100644 --- a/e2e/attestor_policy_test.go +++ b/e2e/attestor_policy_test.go @@ -111,76 +111,78 @@ var _ = Describe("E2E TEST PAT: scorecard-attestor policy", func() { }, expected: policy.Pass, }, - { - name: "test repo with simple code review requirements", - repoURL: "https://github.com/ossf/scorecard", - commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - policy: policy.AttestationPolicy{ - EnsureCodeReviewed: true, - CodeReviewRequirements: policy.CodeReviewRequirements{ - MinReviewers: 1, - }, - }, - expected: policy.Pass, - }, - { - name: "test code reviews required but repo doesn't have code reviews", - repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", - policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - PreventKnownVulnerabilities: true, - PreventUnpinnedDependencies: true, - EnsureCodeReviewed: true, - }, - expected: policy.Fail, - }, - { - name: "test code reviews required with min reviewers", - repoURL: "https://github.com/ossf/scorecard", - commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - PreventKnownVulnerabilities: false, - PreventUnpinnedDependencies: true, - EnsureCodeReviewed: true, - CodeReviewRequirements: policy.CodeReviewRequirements{ - MinReviewers: 1, - }, - }, - expected: policy.Pass, - }, - { - name: "test code reviews required with min reviewers and required reviewers", - repoURL: "https://github.com/ossf/scorecard", - commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - PreventKnownVulnerabilities: false, - PreventUnpinnedDependencies: true, - EnsureCodeReviewed: true, - CodeReviewRequirements: policy.CodeReviewRequirements{ - MinReviewers: 1, - RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, - }, - }, - expected: policy.Pass, - }, - { - name: "test code reviews required with too many min reviewers but matching required reviewers", - repoURL: "https://github.com/ossf/scorecard", - commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - PreventKnownVulnerabilities: false, - PreventUnpinnedDependencies: true, - EnsureCodeReviewed: true, - CodeReviewRequirements: policy.CodeReviewRequirements{ - MinReviewers: 2, - RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, - }, - }, - expected: policy.Fail, - }, + // TODO(https://github.com/ossf/scorecard/issues/3129) temporarily skipping code review tests + // + // { + // name: "test repo with simple code review requirements", + // repoURL: "https://github.com/ossf/scorecard", + // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", + // policy: policy.AttestationPolicy{ + // EnsureCodeReviewed: true, + // CodeReviewRequirements: policy.CodeReviewRequirements{ + // MinReviewers: 1, + // }, + // }, + // expected: policy.Pass, + // }, + // { + // name: "test code reviews required but repo doesn't have code reviews", + // repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", + // policy: policy.AttestationPolicy{ + // PreventBinaryArtifacts: true, + // PreventKnownVulnerabilities: true, + // PreventUnpinnedDependencies: true, + // EnsureCodeReviewed: true, + // }, + // expected: policy.Fail, + // }, + // { + // name: "test code reviews required with min reviewers", + // repoURL: "https://github.com/ossf/scorecard", + // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", + // policy: policy.AttestationPolicy{ + // PreventBinaryArtifacts: true, + // PreventKnownVulnerabilities: false, + // PreventUnpinnedDependencies: true, + // EnsureCodeReviewed: true, + // CodeReviewRequirements: policy.CodeReviewRequirements{ + // MinReviewers: 1, + // }, + // }, + // expected: policy.Pass, + // }, + // { + // name: "test code reviews required with min reviewers and required reviewers", + // repoURL: "https://github.com/ossf/scorecard", + // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", + // policy: policy.AttestationPolicy{ + // PreventBinaryArtifacts: true, + // PreventKnownVulnerabilities: false, + // PreventUnpinnedDependencies: true, + // EnsureCodeReviewed: true, + // CodeReviewRequirements: policy.CodeReviewRequirements{ + // MinReviewers: 1, + // RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, + // }, + // }, + // expected: policy.Pass, + // }, + // { + // name: "test code reviews required with too many min reviewers but matching required reviewers", + // repoURL: "https://github.com/ossf/scorecard", + // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", + // policy: policy.AttestationPolicy{ + // PreventBinaryArtifacts: true, + // PreventKnownVulnerabilities: false, + // PreventUnpinnedDependencies: true, + // EnsureCodeReviewed: true, + // CodeReviewRequirements: policy.CodeReviewRequirements{ + // MinReviewers: 2, + // RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, + // }, + // }, + // expected: policy.Fail, + // }, } for _, tc := range tt { diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 9730e4e432a..30ff953c192 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -79,6 +79,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { Expect(repoClient.Close()).Should(BeNil()) }) It("Should return absence of CI tests in a repo with unsquashed merges", func() { + Skip("TODO(https://github.com/ossf/scorecard/issues/3129) temporarily skipping") dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("duo-labs/parliament") Expect(err).Should(BeNil()) From 082c79306b3fa700e7a1fe2b3299d243408a357c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 09:10:48 +0000 Subject: [PATCH 244/316] :seedling: Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f08bbd93f58..44a289387fc 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/onsi/gomega v1.27.7 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a - github.com/sirupsen/logrus v1.9.2 + github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 diff --git a/go.sum b/go.sum index efa24a6caba..3d98f4930f5 100644 --- a/go.sum +++ b/go.sum @@ -1864,8 +1864,8 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y= -github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= From f43c9c9a61dd5a1d29eb7cba2b4b654371faff46 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 7 Jun 2023 07:09:01 -0500 Subject: [PATCH 245/316] i:seedling: Ignore all pb files for test (#3127) - Update .codecov.yml to ignore additional files Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .codecov.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.codecov.yml b/.codecov.yml index 8185f5d689b..1f7a7c9fc2b 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -5,7 +5,7 @@ codecov: require_ci_to_pass: yes ignore: - - "*.pb.go" + - "**/*.pb.go" - "cron/**/*" - "clients/mockclients/**/*" # ignoring them as these are internal tools for generating docs. From ab0d078a2bcd700a1e37b0688b1d60c85876cd52 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 7 Jun 2023 07:23:15 -0500 Subject: [PATCH 246/316] :seedling: Deprecate dependencydiff package and add access token requirement (#3125) - Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function - Add a line to the `.codecov.yml` to ignore the `dependencydiff` package Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .codecov.yml | 2 ++ dependencydiff/dependencydiff.go | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.codecov.yml b/.codecov.yml index 1f7a7c9fc2b..b49dfb9e315 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -12,6 +12,8 @@ ignore: - "docs/**/*" # this is the runner - "main.go" + # this package is deprecated and going to be removed. + - "dependencydiff/**/*" coverage: precision: 2 diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go index ed0f9774092..78012426ad0 100644 --- a/dependencydiff/dependencydiff.go +++ b/dependencydiff/dependencydiff.go @@ -12,6 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. +// Deprecated: This is going to be removed in the future. package dependencydiff import ( @@ -29,7 +30,9 @@ import ( ) // Depdiff is the exported name for dependency-diff. -const Depdiff = "Dependency-diff" +const ( + Depdiff = "Dependency-diff" +) // A private context struct used for GetDependencyCheckResults. type dependencydiffContext struct { @@ -47,6 +50,7 @@ type dependencydiffContext struct { results []pkg.DependencyCheckResult } +// Deprecated: This is going to be removed in the future. // GetDependencyDiffResults gets dependency changes between two given code commits BASE and HEAD // along with the Scorecard check results of the dependencies, and returns a slice of DependencyCheckResult. // TO use this API, an access token must be set. See https://github.com/ossf/scorecard#authentication. From f293779ec21153b533c4a76728903dd68aa9ec51 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Wed, 7 Jun 2023 11:15:39 -0700 Subject: [PATCH 247/316] =?UTF-8?q?=E2=9C=A8=20[experimental]=20Support=20?= =?UTF-8?q?for=20new=20`--format=20probe`=20(#3048)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon --- checker/raw_result.go | 5 +++ pkg/json_probe_results.go | 56 ++++++++++++++++++++++++ pkg/scorecard.go | 48 +++++++++++++++++++- pkg/scorecard_result.go | 4 ++ probes/toolDependabotInstalled/impl.go | 2 +- probes/toolPyUpInstalled/impl.go | 2 +- probes/toolRenovateInstalled/impl.go | 2 +- probes/toolSonatypeLiftInstalled/impl.go | 2 +- 8 files changed, 116 insertions(+), 5 deletions(-) create mode 100644 pkg/json_probe_results.go diff --git a/checker/raw_result.go b/checker/raw_result.go index 37dfcbd3e4f..621c84eb8ad 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -43,6 +43,11 @@ type RawResults struct { LicenseResults LicenseData TokenPermissionsResults TokenPermissionsData CITestResults CITestData + Metadata MetadataData +} + +type MetadataData struct { + Metadata map[string]string } type RevisionCIInfo struct { diff --git a/pkg/json_probe_results.go b/pkg/json_probe_results.go new file mode 100644 index 00000000000..633d39a47d4 --- /dev/null +++ b/pkg/json_probe_results.go @@ -0,0 +1,56 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package pkg + +import ( + "encoding/json" + "fmt" + "io" + + sce "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/finding" +) + +// JSONScorecardProbeResult exports results as JSON for flat findings without checks. +// +//nolint:govet +type JSONScorecardProbeResult struct { + Date string `json:"date"` + Repo jsonRepoV2 `json:"repo"` + Scorecard jsonScorecardV2 `json:"scorecard"` + Findings []finding.Finding `json:"findings"` +} + +func (r *ScorecardResult) AsPJSON(writer io.Writer) error { + encoder := json.NewEncoder(writer) + out := JSONScorecardProbeResult{ + Repo: jsonRepoV2{ + Name: r.Repo.Name, + Commit: r.Repo.CommitSHA, + }, + Scorecard: jsonScorecardV2{ + Version: r.Scorecard.Version, + Commit: r.Scorecard.CommitSHA, + }, + Date: r.Date.Format("2006-01-02"), + Findings: r.Findings, + } + + if err := encoder.Encode(out); err != nil { + return sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("encoder.Encode: %v", err)) + } + + return nil +} diff --git a/pkg/scorecard.go b/pkg/scorecard.go index dbf7ef570c9..d44976bf8a7 100644 --- a/pkg/scorecard.go +++ b/pkg/scorecard.go @@ -19,6 +19,8 @@ import ( "context" "errors" "fmt" + "os" + "strings" "sync" "time" @@ -27,6 +29,10 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/clients" sce "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/finding" + "github.com/ossf/scorecard/v4/options" + "github.com/ossf/scorecard/v4/probes" + "github.com/ossf/scorecard/v4/probes/zrunner" ) func runEnabledChecks(ctx context.Context, @@ -102,6 +108,15 @@ func RunScorecard(ctx context.Context, if err != nil || commitSHA == "" { return ScorecardResult{}, err } + defaultBranch, err := repoClient.GetDefaultBranchName() + if err != nil { + if !errors.Is(err, clients.ErrUnsupportedFeature) { + return ScorecardResult{}, + sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("GetDefaultBranchName:%v", err.Error())) + } + defaultBranch = "unknown" + } + versionInfo := version.GetVersionInfo() ret := ScorecardResult{ Repo: RepoInfo{ @@ -115,11 +130,42 @@ func RunScorecard(ctx context.Context, Date: time.Now(), } resultsCh := make(chan checker.CheckResult) - go runEnabledChecks(ctx, repo, &ret.RawResults, checksToRun, repoClient, ossFuzzRepoClient, + + // Set metadata for all checks to use. This is necessary + // to create remediations from the probe yaml files. + ret.RawResults.Metadata.Metadata = map[string]string{ + "repository.host": repo.Host(), + "repository.name": strings.TrimPrefix(repo.URI(), repo.Host()+"/"), + "repository.uri": repo.URI(), + "repository.sha1": commitSHA, + "repository.defaultBranch": defaultBranch, + } + + go runEnabledChecks(ctx, repo, &ret.RawResults, checksToRun, + repoClient, ossFuzzRepoClient, ciiClient, vulnsClient, resultsCh) for result := range resultsCh { ret.Checks = append(ret.Checks, result) } + + if value, _ := os.LookupEnv(options.EnvVarScorecardExperimental); value == "1" { + // Run the probes. + var findings []finding.Finding + // TODO(#3049): only run the probes for checks. + // NOTE: We will need separate functions to support: + // - `--probes X,Y` + // - `--check-definitions-file path/to/config.yml + // NOTE: we discard the returned error because the errors are + // already cotained in the findings and we want to return the findings + // to users. + // See https://github.com/ossf/scorecard/blob/main/probes/zrunner/runner.go#L34-L45. + // Note: we discard the error because each probe's error is reported within + // the probe and we don't want the entire scorecard run to fail if a single error + // is encountered. + //nolint:errcheck + findings, _ = zrunner.Run(&ret.RawResults, probes.All) + ret.Findings = findings + } return ret, nil } diff --git a/pkg/scorecard_result.go b/pkg/scorecard_result.go index 2fd0c67e4fb..c30167c5293 100644 --- a/pkg/scorecard_result.go +++ b/pkg/scorecard_result.go @@ -25,6 +25,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/docs/checks" sce "github.com/ossf/scorecard/v4/errors" + "github.com/ossf/scorecard/v4/finding" "github.com/ossf/scorecard/v4/log" "github.com/ossf/scorecard/v4/options" spol "github.com/ossf/scorecard/v4/policy" @@ -50,6 +51,7 @@ type ScorecardResult struct { Scorecard ScorecardInfo Checks []checker.CheckResult RawResults checker.RawResults + Findings []finding.Finding Metadata []string } @@ -119,6 +121,8 @@ func FormatResults( err = results.AsJSON2(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) case options.FormatFJSON: err = results.AsFJSON(opts.ShowDetails, log.ParseLevel(opts.LogLevel), doc, os.Stdout) + case options.FormatPJSON: + err = results.AsPJSON(os.Stdout) case options.FormatRaw: err = results.AsRawJSON(os.Stdout) default: diff --git a/probes/toolDependabotInstalled/impl.go b/probes/toolDependabotInstalled/impl.go index 1ca92087e10..d89ba6c9140 100644 --- a/probes/toolDependabotInstalled/impl.go +++ b/probes/toolDependabotInstalled/impl.go @@ -1,4 +1,4 @@ -// Copyright 2022 OpenSSF Scorecard Authors +// Copyright 2023 OpenSSF Scorecard Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/probes/toolPyUpInstalled/impl.go b/probes/toolPyUpInstalled/impl.go index 41c58db88a1..42adb82685d 100644 --- a/probes/toolPyUpInstalled/impl.go +++ b/probes/toolPyUpInstalled/impl.go @@ -1,4 +1,4 @@ -// Copyright 2022 OpenSSF Scorecard Authors +// Copyright 2023 OpenSSF Scorecard Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/probes/toolRenovateInstalled/impl.go b/probes/toolRenovateInstalled/impl.go index a35f91662cc..1c3d0b91161 100644 --- a/probes/toolRenovateInstalled/impl.go +++ b/probes/toolRenovateInstalled/impl.go @@ -1,4 +1,4 @@ -// Copyright 2022 OpenSSF Scorecard Authors +// Copyright 2023 OpenSSF Scorecard Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/probes/toolSonatypeLiftInstalled/impl.go b/probes/toolSonatypeLiftInstalled/impl.go index a7c258fb9e8..98d0363ae72 100644 --- a/probes/toolSonatypeLiftInstalled/impl.go +++ b/probes/toolSonatypeLiftInstalled/impl.go @@ -1,4 +1,4 @@ -// Copyright 2022 OpenSSF Scorecard Authors +// Copyright 2023 OpenSSF Scorecard Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. From 42cec81709a0fde819d5e842de10e71a43cf096a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 19:15:20 +0000 Subject: [PATCH 248/316] :seedling: Bump distroless/base (#3122) Bumps distroless/base from `10985f0` to `c623859`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 3954471e98b..781d46cc58f 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -24,6 +24,6 @@ ARG TARGETOS ARG TARGETARCH RUN CGO_ENABLED=0 make build-github-server -FROM gcr.io/distroless/base:nonroot@sha256:10985f0577b62767a2f0218bff7dec33c59a5ef9a587d889bf0861e0c3123d57 +FROM gcr.io/distroless/base:nonroot@sha256:c62385962234a3dae5c9e9777dedc863d99f676b7202cd073e90b06e46021994 COPY --from=authserver /src/clients/githubrepo/roundtripper/tokens/server/github-auth-server clients/githubrepo/roundtripper/tokens/server/github-auth-server ENTRYPOINT ["clients/githubrepo/roundtripper/tokens/server/github-auth-server"] From f2d0bc9eb1d61eb61929e1d9349da74a318ffe73 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 7 Jun 2023 13:44:44 -0700 Subject: [PATCH 249/316] :seedling: Ignore deprecation warning for dependencydiff tests. (#3136) Signed-off-by: Spencer Schrock --- e2e/dependencydiff_test.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/e2e/dependencydiff_test.go b/e2e/dependencydiff_test.go index 5b0e1da69ea..49c375cc676 100644 --- a/e2e/dependencydiff_test.go +++ b/e2e/dependencydiff_test.go @@ -21,6 +21,7 @@ import ( . "github.com/onsi/gomega" "github.com/ossf/scorecard/v4/checks" + //nolint:staticcheck // we know it's deprecated and the tests will be removed when the package is "github.com/ossf/scorecard/v4/dependencydiff" ) @@ -40,6 +41,7 @@ var _ = Describe("E2E TEST:"+dependencydiff.Depdiff, func() { changeTypesToCheck := []string{ "removed", // Only checking those removed ones will make this test faster. } + //nolint:staticcheck // we know it's deprecated and the tests will be removed when the package is results, err := dependencydiff.GetDependencyDiffResults( ctx, repoURI, @@ -58,6 +60,7 @@ var _ = Describe("E2E TEST:"+dependencydiff.Depdiff, func() { changeTypesToCheck := []string{ "removed", } + //nolint:staticcheck // we know it's deprecated and the tests will be removed when the package is results, err := dependencydiff.GetDependencyDiffResults( ctx, repoURI, @@ -76,6 +79,7 @@ var _ = Describe("E2E TEST:"+dependencydiff.Depdiff, func() { changeTypesToCheck := []string{ "removed", } + //nolint:staticcheck // we know it's deprecated and the tests will be removed when the package is _, err := dependencydiff.GetDependencyDiffResults( ctx, repoURI, From cf103dea9e010c79c286c1217d77a8f043a0ca86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 08:57:28 +0000 Subject: [PATCH 250/316] :seedling: Bump tj-actions/changed-files from 36.0.15 to 36.0.18 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.15 to 36.0.18. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/5d2fcdb4cbef720a52f49fd05d8c7edd18a64758...07e0177b72d3640efced741cae32f9861eee1367) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 694508f8131..d74379004b8 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@5d2fcdb4cbef720a52f49fd05d8c7edd18a64758 #v36.0.15 + uses: tj-actions/changed-files@07e0177b72d3640efced741cae32f9861eee1367 #v36.0.18 with: files_ignore: '**.md' - id: docs_only_check From 0424fdfc954201435f91ce852a79d204058026b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 12:45:56 +0000 Subject: [PATCH 251/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 4 ++-- tools/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 5e2c28edf04..518a912f316 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.9.7 + github.com/onsi/ginkgo/v2 v2.10.0 google.golang.org/protobuf v1.30.0 ) @@ -356,7 +356,7 @@ require ( golang.org/x/term v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.9.1 // indirect + golang.org/x/tools v0.9.3 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.121.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/tools/go.sum b/tools/go.sum index fbc02982a78..875fcb16d03 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1998,8 +1998,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= -github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= +github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs= +github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -3115,8 +3115,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= -golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 4c255a777134c103cfd85d4074e20c240ae96a3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 12:47:21 +0000 Subject: [PATCH 252/316] :seedling: Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3 to 1.3.4. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 19 ++++++++++--------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 44a289387fc..94f59d45c75 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.3 + github.com/google/osv-scanner v1.3.4 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.9.7 github.com/otiai10/copy v1.11.0 @@ -58,7 +58,7 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/containeranalysis v0.9.0 // indirect cloud.google.com/go/kms v1.10.2 // indirect - github.com/BurntSushi/toml v1.2.1 // indirect + github.com/BurntSushi/toml v1.3.0 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect github.com/andybalholm/brotli v1.0.4 // indirect @@ -99,7 +99,7 @@ require ( github.com/prometheus/prometheus v0.42.0 // indirect github.com/skeema/knownhosts v1.1.1 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect - github.com/spdx/tools-golang v0.5.0 // indirect + github.com/spdx/tools-golang v0.5.1 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/term v0.8.0 // indirect @@ -170,7 +170,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect golang.org/x/crypto v0.9.0 // indirect - golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.8.0 golang.org/x/sync v0.2.0 // indirect diff --git a/go.sum b/go.sum index 3d98f4930f5..801869a264d 100644 --- a/go.sum +++ b/go.sum @@ -500,8 +500,9 @@ github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9s github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1/go.mod h1:4qFor3D/HDsvBME35Xy9rwW9DecL+M2sNw1ybjPtwA0= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.0 h1:Ws8e5YmnrGEHzZEzg0YvK/7COGYtTC5PbaH9oSSbgfA= +github.com/BurntSushi/toml v1.3.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE= github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps= @@ -1204,8 +1205,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.3 h1:CeMeaCHPKx1jWb5b1ksTA3YOt7SNWjjW7tFltK6FOFU= -github.com/google/osv-scanner v1.3.3/go.mod h1:kDFfINeXZDv/q5ZnNzIkMzi5X92INdMz1ohJsq9Z1eM= +github.com/google/osv-scanner v1.3.4 h1:OHy7cazw2IDgqijnhTZFBV0jH9Xe3f/GvnK/F4aZQ0Y= +github.com/google/osv-scanner v1.3.4/go.mod h1:lic9NGB9H6AF6XxDVGYg2guvjgfEbSXigOaSyrF93Vc= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1877,8 +1878,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/tools-golang v0.5.0 h1:/fqihV2Jna7fmow65dHpgKNsilgLK7ICpd2tkCnPEyY= -github.com/spdx/tools-golang v0.5.0/go.mod h1:kkGlrSXXfHwuSzHQZJRV3aKu9ZXCq/MSf2+xyiJH1lM= +github.com/spdx/tools-golang v0.5.1 h1:fJg3SVOGG+eIva9ZUBm/hvyA7PIPVFjRxUKe6fdAgwE= +github.com/spdx/tools-golang v0.5.1/go.mod h1:/DRDQuBfB37HctM29YtrX1v+bXiVmT2OpQDalRmX9aU= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -1930,8 +1931,8 @@ github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -2173,8 +2174,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea h1:vLCWI/yYrdEHyN2JzIzPO3aaQJHQdp89IZBA/+azVC4= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= From 829de1bd8f04aecd20d3a2a936e315012ff4b23d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 12:58:34 +0000 Subject: [PATCH 253/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 94f59d45c75..a78fd180c09 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.4 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.9.7 + github.com/onsi/ginkgo/v2 v2.10.0 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 801869a264d..09b4dc2b2c3 100644 --- a/go.sum +++ b/go.sum @@ -1662,8 +1662,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.9.7 h1:06xGQy5www2oN160RtEZoTvnP2sPhEfePYmCDc2szss= -github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= +github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs= +github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From aef28d998d42351e568ff84a83b649f60f46be81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 13:11:08 +0000 Subject: [PATCH 254/316] :seedling: Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a78fd180c09..51303f7b65d 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/jszwec/csvutil v1.8.0 github.com/moby/buildkit v0.11.6 github.com/olekukonko/tablewriter v0.0.5 - github.com/onsi/gomega v1.27.7 + github.com/onsi/gomega v1.27.8 github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a github.com/sirupsen/logrus v1.9.3 diff --git a/go.sum b/go.sum index 09b4dc2b2c3..f26577548d6 100644 --- a/go.sum +++ b/go.sum @@ -1681,8 +1681,8 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= -github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= From 2734a0c841a0628391b0a547e604ba6fdeaa7503 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 18:02:42 +0000 Subject: [PATCH 255/316] :seedling: Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 4b214723caa..038e7d2ee9a 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -72,7 +72,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index bef97f17571..af4806478cb 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -29,7 +29,7 @@ jobs: contents: write actions: read needs: args - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.6.0 #7f4fdb871876c23e455853d694197440c5a91506 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 #7f4fdb871876c23e455853d694197440c5a91506 with: go-version: 1.19 evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}" From ab1c515c304d2abc3af2af00142147821cc9586d Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 8 Jun 2023 14:07:46 -0500 Subject: [PATCH 256/316] :seedling: Increase test coverage for finding outcomes (#3142) * Increase test coverage for finding outcomes - Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updates based on Codereview - Update `Outcome` variable in `finding/finding_test.go` - Add `t.Parallel()` for test parallelization - Add comparison using `cmp.Diff` to test for mismatches - Update test cases for various outcomes Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- finding/finding_test.go | 93 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/finding/finding_test.go b/finding/finding_test.go index bda8e7405a5..50f1a7b1934 100644 --- a/finding/finding_test.go +++ b/finding/finding_test.go @@ -21,6 +21,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "gopkg.in/yaml.v3" "github.com/ossf/scorecard/v4/finding/probe" ) @@ -198,3 +199,95 @@ func Test_FromBytes(t *testing.T) { }) } } + +func TestOutcome_UnmarshalYAML(t *testing.T) { + t.Parallel() + type args struct { + n *yaml.Node + } + tests := []struct { //nolint:govet + name string + wantOutcome Outcome + args args + wantErr bool + }{ + { + name: "positive outcome", + wantOutcome: OutcomePositive, + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "Positive", + }, + }, + wantErr: false, + }, + { + name: "negative outcome", + wantOutcome: OutcomeNegative, + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "Negative", + }, + }, + wantErr: false, + }, + { + name: "NotAvailable outcome", + wantOutcome: OutcomeNotAvailable, + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "NotAvailable", + }, + }, + wantErr: false, + }, + { + name: "NotSupported outcome", + wantOutcome: OutcomeNotSupported, + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "NotSupported", + }, + }, + wantErr: false, + }, + { + name: "Unknown error", + wantOutcome: OutcomeError, + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "Error", + }, + }, + wantErr: false, + }, + { + name: "Unknown outcome", + args: args{ + n: &yaml.Node{ + Kind: yaml.ScalarNode, + Value: "Unknown", + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + var v Outcome + if err := v.UnmarshalYAML(tt.args.n); (err != nil) != tt.wantErr { + t.Errorf("Outcome.UnmarshalYAML() error = %v, wantErr %v", err, tt.wantErr) + } + if diff := cmp.Diff(tt.wantOutcome, v); diff != "" { + t.Errorf("mismatch (-want +got):\n%s", diff) + } + }) + } +} From 0d84edf76aeb306c823edc21f035d3c4addf5ec6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 10:54:18 -0500 Subject: [PATCH 257/316] :seedling: Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.18 to 36.1.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/07e0177b72d3640efced741cae32f9861eee1367...fb20f4d24890fadc539505b1746d260504b213d0) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d74379004b8..682b2e27939 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@07e0177b72d3640efced741cae32f9861eee1367 #v36.0.18 + uses: tj-actions/changed-files@fb20f4d24890fadc539505b1746d260504b213d0 #v36.1.0 with: files_ignore: '**.md' - id: docs_only_check From 3d89c43f06404272509148b01e09d6b5c9186c86 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Fri, 9 Jun 2023 11:44:34 -0700 Subject: [PATCH 258/316] :seedling: Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144) * re-enable skipped ci test Signed-off-by: Spencer Schrock * re-enable skipped attestor test. switch to ossf-tests repo Signed-off-by: Spencer Schrock * remove extra policies from tests that only look at code review. Signed-off-by: Spencer Schrock * remove unneeded policies from binary artifact tests. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock --- e2e/attestor_policy_test.go | 136 +++++++++++++++--------------------- e2e/ci_tests_test.go | 1 - 2 files changed, 58 insertions(+), 79 deletions(-) diff --git a/e2e/attestor_policy_test.go b/e2e/attestor_policy_test.go index e0837b76ada..b11f2978374 100644 --- a/e2e/attestor_policy_test.go +++ b/e2e/attestor_policy_test.go @@ -58,18 +58,16 @@ var _ = Describe("E2E TEST PAT: scorecard-attestor policy", func() { name: "test bad repo with ignored binary artifact", repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - AllowedBinaryArtifacts: []string{"test-binary-artifact-*"}, - PreventKnownVulnerabilities: true, + PreventBinaryArtifacts: true, + AllowedBinaryArtifacts: []string{"test-binary-artifact-*"}, }, expected: policy.Pass, }, { - name: "test bad repo with ignored binary artifact", + name: "test bad repo with binary artifact", repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", policy: policy.AttestationPolicy{ - PreventBinaryArtifacts: true, - PreventKnownVulnerabilities: true, + PreventBinaryArtifacts: true, }, expected: policy.Fail, }, @@ -111,78 +109,60 @@ var _ = Describe("E2E TEST PAT: scorecard-attestor policy", func() { }, expected: policy.Pass, }, - // TODO(https://github.com/ossf/scorecard/issues/3129) temporarily skipping code review tests - // - // { - // name: "test repo with simple code review requirements", - // repoURL: "https://github.com/ossf/scorecard", - // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - // policy: policy.AttestationPolicy{ - // EnsureCodeReviewed: true, - // CodeReviewRequirements: policy.CodeReviewRequirements{ - // MinReviewers: 1, - // }, - // }, - // expected: policy.Pass, - // }, - // { - // name: "test code reviews required but repo doesn't have code reviews", - // repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", - // policy: policy.AttestationPolicy{ - // PreventBinaryArtifacts: true, - // PreventKnownVulnerabilities: true, - // PreventUnpinnedDependencies: true, - // EnsureCodeReviewed: true, - // }, - // expected: policy.Fail, - // }, - // { - // name: "test code reviews required with min reviewers", - // repoURL: "https://github.com/ossf/scorecard", - // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - // policy: policy.AttestationPolicy{ - // PreventBinaryArtifacts: true, - // PreventKnownVulnerabilities: false, - // PreventUnpinnedDependencies: true, - // EnsureCodeReviewed: true, - // CodeReviewRequirements: policy.CodeReviewRequirements{ - // MinReviewers: 1, - // }, - // }, - // expected: policy.Pass, - // }, - // { - // name: "test code reviews required with min reviewers and required reviewers", - // repoURL: "https://github.com/ossf/scorecard", - // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - // policy: policy.AttestationPolicy{ - // PreventBinaryArtifacts: true, - // PreventKnownVulnerabilities: false, - // PreventUnpinnedDependencies: true, - // EnsureCodeReviewed: true, - // CodeReviewRequirements: policy.CodeReviewRequirements{ - // MinReviewers: 1, - // RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, - // }, - // }, - // expected: policy.Pass, - // }, - // { - // name: "test code reviews required with too many min reviewers but matching required reviewers", - // repoURL: "https://github.com/ossf/scorecard", - // commit: "fa0592fab28aa92560f04e1ae8649dfff566ae2b", - // policy: policy.AttestationPolicy{ - // PreventBinaryArtifacts: true, - // PreventKnownVulnerabilities: false, - // PreventUnpinnedDependencies: true, - // EnsureCodeReviewed: true, - // CodeReviewRequirements: policy.CodeReviewRequirements{ - // MinReviewers: 2, - // RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38"}, - // }, - // }, - // expected: policy.Fail, - // }, + { + name: "test repo with simple code review requirements", + repoURL: "https://github.com/ossf-tests/scorecard-attestor-code-review-e2e", + policy: policy.AttestationPolicy{ + EnsureCodeReviewed: true, + CodeReviewRequirements: policy.CodeReviewRequirements{ + MinReviewers: 1, + }, + }, + expected: policy.Pass, + }, + { + name: "test code reviews required but repo doesn't have code reviews", + repoURL: "https://github.com/ossf-tests/scorecard-binauthz-test-bad", + policy: policy.AttestationPolicy{ + EnsureCodeReviewed: true, + }, + expected: policy.Fail, + }, + { + name: "test code reviews required with min reviewers", + repoURL: "https://github.com/ossf-tests/scorecard-attestor-code-review-e2e", + policy: policy.AttestationPolicy{ + EnsureCodeReviewed: true, + CodeReviewRequirements: policy.CodeReviewRequirements{ + MinReviewers: 1, + }, + }, + expected: policy.Pass, + }, + { + name: "test code reviews required with min reviewers and required reviewers", + repoURL: "https://github.com/ossf-tests/scorecard-attestor-code-review-e2e", + policy: policy.AttestationPolicy{ + EnsureCodeReviewed: true, + CodeReviewRequirements: policy.CodeReviewRequirements{ + MinReviewers: 1, + RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38", "raghavkaul"}, + }, + }, + expected: policy.Pass, + }, + { + name: "test code reviews required with too many min reviewers but matching required reviewers", + repoURL: "https://github.com/ossf-tests/scorecard-attestor-code-review-e2e", + policy: policy.AttestationPolicy{ + EnsureCodeReviewed: true, + CodeReviewRequirements: policy.CodeReviewRequirements{ + MinReviewers: 2, + RequiredApprovers: []string{"spencerschrock", "laurentsimon", "naveensrinivasan", "azeemshaikh38", "raghavkaul"}, + }, + }, + expected: policy.Fail, + }, } for _, tc := range tt { diff --git a/e2e/ci_tests_test.go b/e2e/ci_tests_test.go index 30ff953c192..9730e4e432a 100644 --- a/e2e/ci_tests_test.go +++ b/e2e/ci_tests_test.go @@ -79,7 +79,6 @@ var _ = Describe("E2E TEST:"+checks.CheckCITests, func() { Expect(repoClient.Close()).Should(BeNil()) }) It("Should return absence of CI tests in a repo with unsquashed merges", func() { - Skip("TODO(https://github.com/ossf/scorecard/issues/3129) temporarily skipping") dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("duo-labs/parliament") Expect(err).Should(BeNil()) From cc6705b1c502b00e23af38171f0c99e2036f4981 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 09:00:39 +0000 Subject: [PATCH 259/316] :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 781d46cc58f..24fa77641a8 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From bb0b73a409062a64233e198f3420cec13e9a3363 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 13:37:30 +0000 Subject: [PATCH 260/316] :seedling: Bump golang in /cron/internal/worker Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/worker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index e7d46c7dcc9..f2c673b4b99 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 24bfffbcaaa8fc6a984dea820e2e0da10f5fe036 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 13:48:39 +0000 Subject: [PATCH 261/316] :seedling: Bump golang from `690e413` to `4b1fc02` in /cron/internal/cii Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/cii/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 7053fc42c0e..89702c88b17 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 4ab0643083c48318fe542a9c27523f16b5574481 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:04:53 +0000 Subject: [PATCH 262/316] :seedling: Bump golang in /cron/internal/controller Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/controller/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index ce9a2022cf4..712cbad85fb 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 9dee205a3cca52d32619a5cdd3a1dc36c847da7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 08:57:12 +0000 Subject: [PATCH 263/316] :seedling: Bump github/codeql-action from 2.3.6 to 2.13.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...cdcdbb579706841c47f7063dda365e292e5cad7a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard-analysis.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e4a2ac34298..477bebaf936 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 + uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v1 with: languages: ${{ matrix.language }} queries: +security-extended @@ -74,7 +74,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 + uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v1 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -88,4 +88,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 + uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v1 diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 697720dd9d9..d1b706e6ba7 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -47,6 +47,6 @@ jobs: retention-days: 5 - name: "Upload SARIF results" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v1 + uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v1 with: sarif_file: results.sarif From cea2ffedb4112645a1b51da5446f336147f2f654 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 09:17:35 +0000 Subject: [PATCH 264/316] :seedling: Bump golang in /cron/internal/webhook (#3152) Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- cron/internal/webhook/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index efed742e75e..19365ee511a 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From ccbb4cde6ed514617382aa4c63a490800a8fbe6c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 09:19:07 +0000 Subject: [PATCH 265/316] :seedling: Bump golang from `690e413` to `4b1fc02` in /cron/internal/bq Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- cron/internal/bq/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index c7566715f1c..f9a28324527 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 5640cfe41837b8901dec761f6c5a5f6ea9786b9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 09:28:43 +0000 Subject: [PATCH 266/316] :seedling: Bump golang from `690e413` to `4b1fc02` Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 997431cebe8..b022ac10441 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. # golang:1.19 -FROM golang@sha256:690e4135bf2a4571a572bfd5ddfa806b1cb9c3dea0446ebadaf32bc2ea09d4f9 AS base +FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From 5ef319fb8079d5233e27c83aeaf9d72a4f3225c0 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Tue, 13 Jun 2023 13:29:10 -0400 Subject: [PATCH 267/316] =?UTF-8?q?=E2=9C=A8=20GitLab:=20Add=205000=20repo?= =?UTF-8?q?s=20to=20nightly=20worker=20run=20(#3137)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * increase project count in the nightly Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- .../data/gitlab-projects-selected.csv | 5251 ++++++++++++++++- 1 file changed, 5250 insertions(+), 1 deletion(-) diff --git a/cron/internal/data/gitlab-projects-selected.csv b/cron/internal/data/gitlab-projects-selected.csv index 0fa9195a82e..8bcef93d30e 100644 --- a/cron/internal/data/gitlab-projects-selected.csv +++ b/cron/internal/data/gitlab-projects-selected.csv @@ -249,5 +249,5254 @@ https://gitlab.com/isard/isardvdi, https://gitlab.com/lmco/hoppr/hoppr, https://gitlab.com/JacobLinCool/bahamut-automation, https://gitlab.com/hoppr/hoppr-cop, -https://gitlab.com/hoppr/hoppr-cyclonedx-models, https://gitlab.com/hoppr/droppr, +https://gitlab.com/mindfulness-at-the-computer/mindfulness-at-the-computer, +https://gitlab.com/commonground/nlx/nlx, +https://gitlab.com/dalibo/dramatiq-pg, +https://gitlab.com/dodgyville/pygltflib, +https://gitlab.com/lramage/mkdocs-gitbook-theme, +https://gitlab.com/microo8/ratt, +https://gitlab.com/wholegrain/granola, +https://gitlab.com/termoshtt/accel, +https://gitlab.com/UnicodeLabs/OpenRPA, +https://gitlab.com/vuedoc/md, +https://gitlab.com/eyeo/adblockplus/abc/adblockpluscore, +https://gitlab.com/realismusmodding/fs19_rm_seasons, +https://gitlab.com/appsemble/appsemble, +https://gitlab.com/philbooth/check-types.js, +https://gitlab.com/Rich-Harris/rollup-plugin-buble, +https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler, +https://gitlab.com/icm-institute/aramislab/leaspy, +https://gitlab.com/mike01/pypacker, +https://gitlab.com/pragmaticreviews/golang-gin-poc, +https://gitlab.com/NonFactors/AspNetCore.Grid, +https://gitlab.com/trixnity/trixnity, +https://gitlab.com/taricorp/llvm-sys.rs, +https://gitlab.com/ternaris/marv-robotics, +https://gitlab.com/datadrivendiscovery/d3m, +https://gitlab.com/deadcanaries/kadence, +https://gitlab.com/causal/ananke, +https://gitlab.com/NickCao/RAIT, +https://gitlab.com/gomidi/midi, +https://gitlab.com/egh/ledger-autosync, +https://gitlab.com/brycedorn/gitlab-corners, +https://gitlab.com/rak-n-rok/krake, +https://gitlab.com/teskje/microfft-rs, +https://gitlab.com/tspiteri/fixed, +https://gitlab.com/cunity/gitlab-python-runner, +https://gitlab.com/jesselcorbett/diskord, +https://gitlab.com/burke-software/django-report-builder, +https://gitlab.com/karroffel/contracts, +https://gitlab.com/commonshost/server, +https://gitlab.com/saltstack/pop/tiamat, +https://gitlab.com/SUSE-UIUX/eos-icons, +https://gitlab.com/gitlab-org/gitlab_git, +https://gitlab.com/pgjones/quart-trio, +https://gitlab.com/alexgleason/wagtailfontawesome, +https://gitlab.com/adam.stanek/nanit, +https://gitlab.com/fitmulticell/fit, +https://gitlab.com/quantify-os/quantify-core, +https://gitlab.com/alelec/gitlab-release, +https://gitlab.com/pymarc/pymarc, +https://gitlab.com/guardianproject/NetCipher, +https://gitlab.com/sumner/sublime-music, +https://gitlab.com/Rich-Harris/phonograph, +https://gitlab.com/inorton/junit2html, +https://gitlab.com/robcresswell/vue-material-design-icons, +https://gitlab.com/flattrack/flattrack, +https://gitlab.com/gitbuilding/gitbuilding, +https://gitlab.com/4degrees/lucidity, +https://gitlab.com/anarcat/feed2exec, +https://gitlab.com/shellyBits/v-chacheli, +https://gitlab.com/picos-api/picos, +https://gitlab.com/etke.cc/postmoogle, +https://gitlab.com/danielquinn/majel, +https://gitlab.com/eyeo/adblockplus/adblockpluscore, +https://gitlab.com/neachdainn/nng-rs, +https://gitlab.com/DGothrek/ipyaggrid, +https://gitlab.com/Thann/pingg, +https://gitlab.com/unit410/tezos-hsm-signer, +https://gitlab.com/takluyver/jeepney, +https://gitlab.com/gitlab-org/project-templates/go-micro, +https://gitlab.com/ratio-case/python/raplan, +https://gitlab.com/coroner/cryptolyzer, +https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer, +https://gitlab.com/dslackw/sun, +https://gitlab.com/gitlab-org/security-products/analyzers/semgrep, +https://gitlab.com/andrewbanchich/forty-jekyll-theme, +https://gitlab.com/flarenetwork/flare, +https://gitlab.com/isbg/isbg, +https://gitlab.com/bluebank/braid, +https://gitlab.com/libvirt/libvirt-rust, +https://gitlab.com/NebulousLabs/siastream, +https://gitlab.com/crespum/polaris, +https://gitlab.com/codsen/codsen, +https://gitlab.com/gemseo/dev/gemseo, +https://gitlab.com/mvysny/konsume-xml, +https://gitlab.com/yaal/canaille, +https://gitlab.com/thiagocsf/nexus3-cli, +https://gitlab.com/tango-controls/pytango, +https://gitlab.com/timvisee/prs, +https://gitlab.com/wyrcan/wyrcan, +https://gitlab.com/ApexAI/ade-cli, +https://gitlab.com/gitlab-org/gl-openshift/gitlab-operator, +https://gitlab.com/mattbas/Qt-Color-Widgets, +https://gitlab.com/beenje/gidgetlab, +https://gitlab.com/sscherfke/typed-settings, +https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium, +https://gitlab.com/liquid-design/liquid-design-react, +https://gitlab.com/nitk-nest/nest, +https://gitlab.com/hpierce1102/ClassFinder, +https://gitlab.com/susurrus/gattii, +https://gitlab.com/agrumery/aGrUM, +https://gitlab.com/rmaguiar/hugo-theme-color-your-world, +https://gitlab.com/IvanSanchez/Leaflet.TileLayer.GL, +https://gitlab.com/demsking/image-downloader, +https://gitlab.com/sj1k/gorice, +https://gitlab.com/catamphetamine/write-excel-file, +https://gitlab.com/jtaimisto/bluewalker, +https://gitlab.com/coderscare/gridelements, +https://gitlab.com/AGausmann/rustberry, +https://gitlab.com/openpgp-ca/openpgp-ca, +https://gitlab.com/tangibleai/qary, +https://gitlab.com/TheYardVFX/mangrove, +https://gitlab.com/microo8/photon, +https://gitlab.com/slon/shad-go, +https://gitlab.com/computationalmaterials/clease, +https://gitlab.com/flippidippi/download-git-repo, +https://gitlab.com/selfagency/utfu, +https://gitlab.com/cloudb0x/trackarr, +https://gitlab.com/librespacefoundation/satnogs/satnogs-client, +https://gitlab.com/obnam/obnam, +https://gitlab.com/service-work/is-loading, +https://gitlab.com/gitlab-org/security-products/gemnasium-db, +https://gitlab.com/tenzing/shared-array, +https://gitlab.com/vuedoc/parser, +https://gitlab.com/ra_kete/microfft-rs, +https://gitlab.com/srrg-software/srrg_hbst, +https://gitlab.com/sequoia-pgp/sequoia-octopus-librnp, +https://gitlab.com/opennota/tl, +https://gitlab.com/dunloplab/delta, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-data-rs, +https://gitlab.com/nbdkit/nbdkit, +https://gitlab.com/bor-sh/git-gitlab, +https://gitlab.com/mikerockett/weasyprint, +https://gitlab.com/bichon-project/bichon, +https://gitlab.com/remote-apis-testing/remote-apis-testing, +https://gitlab.com/gitlab-org/security-products/analyzers/common, +https://gitlab.com/mutt_data/muttlib, +https://gitlab.com/deltares/imod/imod-python, +https://gitlab.com/az67128/svelte-atoms, +https://gitlab.com/jiaan/gitlab-pipeline-dashboard, +https://gitlab.com/PoroCYon/PokeApi.NET, +https://gitlab.com/gitlabracadabra/gitlabracadabra, +https://gitlab.com/hydroqc/hydroqc2mqtt, +https://gitlab.com/objrs/objrs, +https://gitlab.com/eyeo/adblockplus/abc/webext-sdk, +https://gitlab.com/tumult-labs/analytics, +https://gitlab.com/vicky5124/lavalink-rs, +https://gitlab.com/woolf/RTSPbrute, +https://gitlab.com/thelabnyc/django-logpipe, +https://gitlab.com/mb-saces/synatainer, +https://gitlab.com/dslackw/sbo-templates, +https://gitlab.com/cznic/cc, +https://gitlab.com/serebit/strife, +https://gitlab.com/polavieja_lab/idtrackerai, +https://gitlab.com/Go101/go101, +https://gitlab.com/smueller18/pylint-gitlab, +https://gitlab.com/alienscience/mailin, +https://gitlab.com/m03geek/fastify-oas, +https://gitlab.com/recommend.games/board-game-scraper, +https://gitlab.com/ornamentist/un-algebra, +https://gitlab.com/cest-group/boss, +https://gitlab.com/hindawi/xpub/xpub-review, +https://gitlab.com/commonground/don/developer.overheid.nl, +https://gitlab.com/iam-cms/kadi, +https://gitlab.com/passelecasque/varroa, +https://gitlab.com/PanierAvide/geovisio, +https://gitlab.com/gonoware/laravel-maps, +https://gitlab.com/obviate.io/pyleglight, +https://gitlab.com/xiayesuifeng/gopanel, +https://gitlab.com/tslocum/godoc-static, +https://gitlab.com/tglman/structsy, +https://gitlab.com/davidmreed/amaxa, +https://gitlab.com/mortengjerding/asr, +https://gitlab.com/mailman/django-mailman3, +https://gitlab.com/hydroqc/hydroqc, +https://gitlab.com/mhammons/slinc, +https://gitlab.com/asciidoc3/asciidoc3, +https://gitlab.com/mmalawski/openapi-validator, +https://gitlab.com/rjurga/ludget, +https://gitlab.com/kylehqcom/stencil, +https://gitlab.com/hieulw/cicflowmeter, +https://gitlab.com/meltano/sdk, +https://gitlab.com/localg-host/watchghost, +https://gitlab.com/bradwood/git-lab-rust, +https://gitlab.com/stevecu/xloil, +https://gitlab.com/chrisrabotin/nyx, +https://gitlab.com/df_storyteller/df-storyteller, +https://gitlab.com/celliern/scikit-fdiff, +https://gitlab.com/polychainlabs/tezos-network-monitor, +https://gitlab.com/gitlab-org/gitaly-proto, +https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz, +https://gitlab.com/axet/libtorrent, +https://gitlab.com/relief-melone/vue-mapbox-ts, +https://gitlab.com/slepc/slepc, +https://gitlab.com/betse/betse, +https://gitlab.com/librespacefoundation/satnogs/satnogs-decoders, +https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/gitrob, +https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gitrob, +https://gitlab.com/mertbakir/resume-a4, +https://gitlab.com/gitlab-com/marketing/digital-experience/slippers-ui, +https://gitlab.com/gitlab-org/csslab, +https://gitlab.com/thelabnyc/wagtail_blog, +https://gitlab.com/zach-geek/vartiste, +https://gitlab.com/tdiekmann/safety-guard, +https://gitlab.com/toryanderson/hugo-icarus, +https://gitlab.com/volian/rust-apt, +https://gitlab.com/bzim/lockfree, +https://gitlab.com/nvidia/container-toolkit/container-toolkit, +https://gitlab.com/deadcanaries/orc, +https://gitlab.com/cpvpn/cpyvpn, +https://gitlab.com/JakobDev/minecraft-launcher-lib, +https://gitlab.com/ikus-soft/tkvue, +https://gitlab.com/ecp-ci/jacamar-ci, +https://gitlab.com/quantify-os/quantify-scheduler, +https://gitlab.com/qonfucius/aragog, +https://gitlab.com/felipe_public/badges-gitlab, +https://gitlab.com/Pythia8/releases, +https://gitlab.com/hashbangfr/coldcms, +https://gitlab.com/govbr-ds/dev/govbr-ds-dev-core, +https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter, +https://gitlab.com/ideasman42/blender-mathutils, +https://gitlab.com/blurt/blurt, +https://gitlab.com/ahogen/cppcheck-codequality, +https://gitlab.com/gitlab-org/opstrace/opstrace-ui, +https://gitlab.com/corthbandt/shinglify, +https://gitlab.com/librespacefoundation/satnogs/satnogs-db, +https://gitlab.com/rysiekpl/libresilient, +https://gitlab.com/baxe/rv, +https://gitlab.com/kornelski/cargo-xcode, +https://gitlab.com/cznic/tcl, +https://gitlab.com/freckles-io/freckles, +https://gitlab.com/hkex/resipy, +https://gitlab.com/vmware/idem/idem-aws, +https://gitlab.com/yhtang/graphdot, +https://gitlab.com/VSI-TUGraz/Dynasaur, +https://gitlab.com/ydkn/capistrano-rails-console, +https://gitlab.com/george/shoya-go, +https://gitlab.com/brianodonnell/pod_feeder_v2, +https://gitlab.com/greut/eclint, +https://gitlab.com/hadrien/aws_lambda_logging, +https://gitlab.com/sthesing/zettels, +https://gitlab.com/avron/gruvhugo, +https://gitlab.com/saltstack/pop/heist, +https://gitlab.com/deeploy-ml/deeploy-python-client, +https://gitlab.com/t0xic0der/obserware, +https://gitlab.com/bloom42/bitflow, +https://gitlab.com/pgjones/quart-schema, +https://gitlab.com/mironet/magnolia-helm, +https://gitlab.com/apgoucher/lifelib, +https://gitlab.com/rhab/PyOTRS, +https://gitlab.com/l_sim/bigdft-suite, +https://gitlab.com/dns2utf8/sudo.rs, +https://gitlab.com/gabmus/hugo-ficurinia, +https://gitlab.com/SkynetLabs/skyd, +https://gitlab.com/fommil/shapely, +https://gitlab.com/datadrivendiscovery/common-primitives, +https://gitlab.com/sri-at-gitlab/projects/remote-pipeline-test-framework/framework, +https://gitlab.com/dashwav/gila, +https://gitlab.com/vibes-developers/vibes, +https://gitlab.com/under-test/undertest.strategy.selenium, +https://gitlab.com/wordpress-premium/advanced-custom-fields-pro, +https://gitlab.com/thelabnyc/wagtail-spa-integration, +https://gitlab.com/unidata-community-group/unidata-platform-ui, +https://gitlab.com/tastapod/jgotesting, +https://gitlab.com/tschorr/pyruvate, +https://gitlab.com/mrossinek/cobib, +https://gitlab.com/boldhearts/ros2_v4l2_camera, +https://gitlab.com/paolobenve/myphotoshare, +https://gitlab.com/phlint/phlint, +https://gitlab.com/latex-rubber/rubber, +https://gitlab.com/beenje/jupyterlab-gitlab, +https://gitlab.com/franksh/amphetype, +https://gitlab.com/ra_kete/structview-rs, +https://gitlab.com/maicos-devel/maicos, +https://gitlab.com/risse/pino, +https://gitlab.com/jeffdn/rust-canteen, +https://gitlab.com/pidila/scampi, +https://gitlab.com/commonground/haven/haven, +https://gitlab.com/crossref/crossref_commons_py, +https://gitlab.com/NebulousLabs/go-upnp, +https://gitlab.com/pokstad1/goprogs, +https://gitlab.com/catamphetamine/virtual-scroller, +https://gitlab.com/coala/coala-utils, +https://gitlab.com/qosenergy/squalus, +https://gitlab.com/catamphetamine/react-time-ago, +https://gitlab.com/sgrignard/serpyco, +https://gitlab.com/eyeo/adblockplus/ABPKit, +https://gitlab.com/kornelski/dunce, +https://gitlab.com/pulsechaincom/compressed-allocations, +https://gitlab.com/equilibrator/equilibrator-api, +https://gitlab.com/StanfordLegion/legion, +https://gitlab.com/mbedsys/citbx4gitlab, +https://gitlab.com/balping/ticketit-app, +https://gitlab.com/sfsm/sfsm, +https://gitlab.com/4U6U57/wsl-open, +https://gitlab.com/PerplexedPeach/dynamic-avatar-drawer, +https://gitlab.com/gitlab-org/gitlabktl, +https://gitlab.com/DigonIO/scheduler, +https://gitlab.com/gitlab-org/security-products/analyzers/secrets, +https://gitlab.com/ska-telescope/external/rascil, +https://gitlab.com/ymd_h/cpprb, +https://gitlab.com/tripetto/builder, +https://gitlab.com/viper-staking/cardano-tools, +https://gitlab.com/thelabnyc/wagtail-nav-menus, +https://gitlab.com/under-test/undertest.nuke, +https://gitlab.com/godot-stuff/gs-project-manager, +https://gitlab.com/penolove15/witness, +https://gitlab.com/SNCF/wcs, +https://gitlab.com/opennota/screengen, +https://gitlab.com/mexus/futures-retry, +https://gitlab.com/opennota/fb2index, +https://gitlab.com/inivation/dv/dv-python, +https://gitlab.com/stavros/pysignald, +https://gitlab.com/aidaspace/aidapy, +https://gitlab.com/datadrivendiscovery/automl-rpc, +https://gitlab.com/0bs1d1an/sr2t, +https://gitlab.com/MeldCE/first-draft, +https://gitlab.com/categulario/tiempo-rs, +https://gitlab.com/mbarkhau/markdown-katex, +https://gitlab.com/libvirt/libvirt-go, +https://gitlab.com/shaoxc/qepy, +https://gitlab.com/sebdeckers/tls-keygen, +https://gitlab.com/galacteek/galacteek, +https://gitlab.com/d3tn/ud3tn, +https://gitlab.com/huia-lang/stack-vm, +https://gitlab.com/alelec/pip-system-certs, +https://gitlab.com/blue-dragon/laravel-routes, +https://gitlab.com/bztsrc/model3d, +https://gitlab.com/hacklunch/ntsclient, +https://gitlab.com/giro3d/giro3d, +https://gitlab.com/noppo/gevent-websocket, +https://gitlab.com/gitlab-org/vulnerability-research/foss/lingo, +https://gitlab.com/lightning-signer/validating-lightning-signer, +https://gitlab.com/semkodev/nelson.cli, +https://gitlab.com/mbarkhau/pycalver, +https://gitlab.com/larswirzenius/obnam, +https://gitlab.com/antonok/taro, +https://gitlab.com/camlcase-dev/kotlin-tezos, +https://gitlab.com/benkuly/trixnity, +https://gitlab.com/dovereem/xtcetools, +https://gitlab.com/jkuebart/Leaflet.VectorTileLayer, +https://gitlab.com/sio4/code/alloc-counter, +https://gitlab.com/preserves/preserves, +https://gitlab.com/initforthe/stimulus-reveal, +https://gitlab.com/commonground/nlx, +https://gitlab.com/cryzed/hydrus-api, +https://gitlab.com/mauricemolli/petitRADTRANS, +https://gitlab.com/etke.cc/honoroit, +https://gitlab.com/silwol/freenukum, +https://gitlab.com/under-test/undertest.featurelint, +https://gitlab.com/tumult-labs/core, +https://gitlab.com/william.belanger/primenote, +https://gitlab.com/tangram-vision-oss/realsense-rust, +https://gitlab.com/twittner/minicbor, +https://gitlab.com/Kanedias/html2md, +https://gitlab.com/dr.sybren/skyfill, +https://gitlab.com/nul.one/rundoc, +https://gitlab.com/olaris/olaris-rename, +https://gitlab.com/mitchhentges/pip-compile-cross-platform, +https://gitlab.com/junte/junte-ui, +https://gitlab.com/energyincities/besos, +https://gitlab.com/jason-rumengan/pyarma, +https://gitlab.com/alantrick/django-agenda, +https://gitlab.com/GitLabRGI/erdc/geopackage-python, +https://gitlab.com/ayanaware/bento, +https://gitlab.com/nightlycommit/twing, +https://gitlab.com/kskarthik/monopriv, +https://gitlab.com/nerdocs/gdaps, +https://gitlab.com/leo.cazenille/qdpy, +https://gitlab.com/samthursfield/calliope, +https://gitlab.com/hectorjsmith/csharp-excel-vba-sync, +https://gitlab.com/clb1/svelte-ethers-store, +https://gitlab.com/smc/mlmorph, +https://gitlab.com/kaushalmodi/hugo-theme-refined, +https://gitlab.com/shaktiproject/tools/aapg, +https://gitlab.com/kris.leech/ma, +https://gitlab.com/python-actorio/actorio, +https://gitlab.com/openbridge/openbridge-css, +https://gitlab.com/hyask/swaysome, +https://gitlab.com/sebdeckers/unbundle, +https://gitlab.com/burrbull/softposit-rs, +https://gitlab.com/muspectre/muspectre, +https://gitlab.com/potato-oss/google-cloud/gcloud-tasks-emulator, +https://gitlab.com/m03geek/fastify-metrics, +https://gitlab.com/hoyle.hoyle/pynvr, +https://gitlab.com/cznic/b, +https://gitlab.com/brickhill/open-source/node-hill, +https://gitlab.com/gitlab-org/ci-cd/runner-tools/tlsctl, +https://gitlab.com/jarvis-network/apps/exchange/mono-repo, +https://gitlab.com/eshard/scared, +https://gitlab.com/crates.rs/cargo_toml, +https://gitlab.com/elixxir/crypto, +https://gitlab.com/ramiel/caravaggio, +https://gitlab.com/SiLA2/sila_java, +https://gitlab.com/pgjones/quart-auth, +https://gitlab.com/cab404/wg-bond, +https://gitlab.com/AmosEgel/smuthi, +https://gitlab.com/robigalia/sel4-sys, +https://gitlab.com/changelogs/changelog-manager, +https://gitlab.com/Shinobi-Systems/Shinobi-Installer, +https://gitlab.com/ing_rpaa/probatus, +https://gitlab.com/zaquestion/lab, +https://gitlab.com/thiblahute/mesonpep517, +https://gitlab.com/WhyNotHugo/shotman, +https://gitlab.com/thelabnyc/django-shopify-sync, +https://gitlab.com/truestream/tsfpga, +https://gitlab.com/william.belanger/qoob, +https://gitlab.com/pika-lab/tuprolog/2p-in-kotlin, +https://gitlab.com/Mojeer/django_components, +https://gitlab.com/rarenet/dfak, +https://gitlab.com/kskarthik/resto-hugo, +https://gitlab.com/ppopescu/logmasker, +https://gitlab.com/jorgecarleitao/starlette-oauth2-api, +https://gitlab.com/redwarn/redwarn-web, +https://gitlab.com/guballa/SubstitutionBreaker, +https://gitlab.com/Polkabot/polkabot, +https://gitlab.com/montag/vue-cli-plugin-gitlab-pages, +https://gitlab.com/polymer-kb/firmware/polymer, +https://gitlab.com/rweda/makerchip-app, +https://gitlab.com/gitlab-org/prometheus-client-mmap, +https://gitlab.com/bloom42/phaser, +https://gitlab.com/jonatasgrosman/findpapers, +https://gitlab.com/SirEdvin/sanic-oauth, +https://gitlab.com/kris.leech/wisper_next, +https://gitlab.com/gitlab-org/charts/components/gitlab-operator, +https://gitlab.com/companionlabs-opensource/classy-fastapi, +https://gitlab.com/gitlab-com/marketing/inbound-marketing/slippers-ui, +https://gitlab.com/mailman/mailman-hyperkitty, +https://gitlab.com/stavros/itsalive, +https://gitlab.com/rosaenlg-projects/rosaenlg, +https://gitlab.com/Emilv2/huawei-solar, +https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit, +https://gitlab.com/EuropeanSpaceAgency/PyHole, +https://gitlab.com/mcoffin/fanctl, +https://gitlab.com/c1560/cryptofiscafacile, +https://gitlab.com/rndusr/i3barfodder, +https://gitlab.com/fluidattacks/product, +https://gitlab.com/ayanaware/bentocord, +https://gitlab.com/mosajjal/dnsmonster, +https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan, +https://gitlab.com/datadrivendiscovery/ta3ta2-api, +https://gitlab.com/jeffrey-xiao/probabilistic-collections-rs, +https://gitlab.com/ahau/whakapapa-ora, +https://gitlab.com/jerometwell/pynonymizer, +https://gitlab.com/sbeniamine/gitlab2zenodo, +https://gitlab.com/iam-cms/kadi-apy, +https://gitlab.com/annie-elequin/rn-matrix, +https://gitlab.com/cznic/libc, +https://gitlab.com/costrouc/pysrim, +https://gitlab.com/mexus/sedregex, +https://gitlab.com/synsense/rockpool, +https://gitlab.com/4degrees/clique, +https://gitlab.com/hsleisink/banshee, +https://gitlab.com/kornelski/wild, +https://gitlab.com/eladmaz/SSL-API, +https://gitlab.com/annyong/yeoboseyo, +https://gitlab.com/leadiq-oss/reactivemongo-zio, +https://gitlab.com/harth/superouter, +https://gitlab.com/leonhard-llc/ops, +https://gitlab.com/DarrienG/term-fireworks, +https://gitlab.com/etke.cc/ansible, +https://gitlab.com/beeper/linkedin, +https://gitlab.com/scpcorp/ScPrime, +https://gitlab.com/efunb/read_input, +https://gitlab.com/fpdpy/fpd, +https://gitlab.com/jochen.keil/dtlapse, +https://gitlab.com/tackv/spintop-openhtf, +https://gitlab.com/thorchain/midgard, +https://gitlab.com/testapp-system/file_picker_cross, +https://gitlab.com/ViDA-NYU/auctus/auctus, +https://gitlab.com/toby3d/telegram, +https://gitlab.com/tprodanov/bam, +https://gitlab.com/toby3d/telegraph, +https://gitlab.com/unit410/key-encoder, +https://gitlab.com/thelabnyc/django-vault-helpers, +https://gitlab.com/trupill/kind-generics, +https://gitlab.com/gitlab-ci-utils/pa11y-ci-reporter-html, +https://gitlab.com/pgjones/quart-cors, +https://gitlab.com/gitlab-org/security-products/security-report-schemas, +https://gitlab.com/EAVISE/brambox, +https://gitlab.com/avatar-cli/avatar-cli, +https://gitlab.com/rmcgregor/aio-msgpack-rpc, +https://gitlab.com/catamphetamine/javascript-time-ago, +https://gitlab.com/frissdiegurke/vuex-aspect, +https://gitlab.com/cznic/goyacc, +https://gitlab.com/reefphp/reef, +https://gitlab.com/frozo/noak, +https://gitlab.com/msvechla/es-rollover-controller, +https://gitlab.com/altom/altwalker/altwalker, +https://gitlab.com/castlecraft/building-blocks, +https://gitlab.com/matthiaseiholzer/mathru, +https://gitlab.com/lebedev.games/botox-di, +https://gitlab.com/relmendorp/avlwrapper, +https://gitlab.com/LMSAL_HUB/aia_hub/aiapy, +https://gitlab.com/dennis-hamester/dacite, +https://gitlab.com/soong_etl/soong, +https://gitlab.com/jonas.jasas/httprelay, +https://gitlab.com/davidpett/ember-cli-gitlab-ci, +https://gitlab.com/pac85/GameKernel, +https://gitlab.com/elvet/elvet, +https://gitlab.com/mkdocs-i18n/mkdocs-i18n, +https://gitlab.com/scmodding/frameworks/scdatatools, +https://gitlab.com/alantrick/django-vox, +https://gitlab.com/e257/accounting/tackler, +https://gitlab.com/Linaro/tuxsuite, +https://gitlab.com/gitlab-org/gitter/env, +https://gitlab.com/Mando75/typeorm-graphql-loader, +https://gitlab.com/cznic/golex, +https://gitlab.com/gitlab-org/configure/examples/kubernetes-agent, +https://gitlab.com/limira-rs/simi-project, +https://gitlab.com/jgreeley-group/graph-theory-surfaces, +https://gitlab.com/rhythnic/vuelidate-messages, +https://gitlab.com/recommend.games/board-game-recommender, +https://gitlab.com/2WeltenChris/openapi-red, +https://gitlab.com/SiLA2/sila_base, +https://gitlab.com/gparent/f1-2020-telemetry, +https://gitlab.com/andrewfulrich/barleytea, +https://gitlab.com/Freso/spotify2musicbrainz, +https://gitlab.com/nicocool84/spectrum2_signald, +https://gitlab.com/metasyntactical/composer-plugin-license-check, +https://gitlab.com/retnikt/flake9, +https://gitlab.com/radiology/infrastructure/xnatpy, +https://gitlab.com/kgroat/cypress-iframe, +https://gitlab.com/masaeedu/docker-client, +https://gitlab.com/dvolgyes/zenodo_get, +https://gitlab.com/IvanSanchez/Leaflet.TileLayer.MBTiles, +https://gitlab.com/Jellby/Pegamoid, +https://gitlab.com/moodlenet/moodlenet, +https://gitlab.com/stephane.ludwig/zeebe_python_grpc, +https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib, +https://gitlab.com/limira-rs/simi, +https://gitlab.com/granitosaurus/scrapy-test, +https://gitlab.com/bit-refined/ranges, +https://gitlab.com/fkrull/ostree-rs, +https://gitlab.com/akita/akita, +https://gitlab.com/gitlab-com/gl-infra/woodhouse, +https://gitlab.com/Queuecumber/torchjpeg, +https://gitlab.com/subplot/subplot, +https://gitlab.com/keatontaylor/alexapy, +https://gitlab.com/itayronen/gulp-uglify-es, +https://gitlab.com/non.est.sacra/zoomba, +https://gitlab.com/utopia-project/utopya, +https://gitlab.com/velocidex/velociraptor, +https://gitlab.com/utopia-project/dantro, +https://gitlab.com/ultreiaio/jgit-flow, +https://gitlab.com/wirepair/browserker, +https://gitlab.com/valeth/javelin, +https://gitlab.com/torresoftware/ubl21dian, +https://gitlab.com/videlec/pplpy, +https://gitlab.com/Tomkoid/blokator, +https://gitlab.com/tgc-dk/pysword, +https://gitlab.com/uninen/push-to-repo, +https://gitlab.com/woshilapin/cargo-sonar, +https://gitlab.com/wizlighting/wiz-local-control, +https://gitlab.com/under-test/undertest.featuretransform, +https://gitlab.com/wernerhp/load-shedding, +https://gitlab.com/timrs2998/newsie, +https://gitlab.com/jk0ne/DTL, +https://gitlab.com/g-braeunlich/ipyopt, +https://gitlab.com/diw-evu/emobpy/emobpy, +https://gitlab.com/mbarkhau/lib3to6, +https://gitlab.com/alelec/python-certifi-win32, +https://gitlab.com/sctlib/matrix-room-element, +https://gitlab.com/lockhead/odd-folk, +https://gitlab.com/esr/shimmer, +https://gitlab.com/nitsuga5124/lavalink-rs, +https://gitlab.com/jensj/myqueue, +https://gitlab.com/markuspichler/swmm_api, +https://gitlab.com/incoresemi/riscof, +https://gitlab.com/anarcat/undertime, +https://gitlab.com/hindawi/phenom, +https://gitlab.com/stavros/caduceus, +https://gitlab.com/skyhuborg/tracker, +https://gitlab.com/jakelazaroff/narrows, +https://gitlab.com/gitlab-de/go-excusegen, +https://gitlab.com/CinCan/cincan-command, +https://gitlab.com/domaindrivenarchitecture/dda-python-terraform, +https://gitlab.com/mpapp-public/prosemirror-recreate-steps, +https://gitlab.com/ales.genova/pbcpy, +https://gitlab.com/alelec/mpy_cross, +https://gitlab.com/4geit/react-packages, +https://gitlab.com/degoos/WetSponge, +https://gitlab.com/guywillett/django-searchable-encrypted-fields, +https://gitlab.com/Oslandia/pyris, +https://gitlab.com/elixxir/primitives, +https://gitlab.com/haggl/dotmgr, +https://gitlab.com/opengeoweb/opengeoweb, +https://gitlab.com/IvanSanchez/Leaflet.GLMarkers, +https://gitlab.com/kornelski/cargo-upgrades, +https://gitlab.com/fekits/mc-ratio, +https://gitlab.com/drosseau/degob, +https://gitlab.com/midigator/python_opentracing_async_instrumentation, +https://gitlab.com/pennersr/shove, +https://gitlab.com/orcalabs/public/dockertest-rs, +https://gitlab.com/pinage404/git-gamble, +https://gitlab.com/biomedit/sett, +https://gitlab.com/gitlab-org/incubation-engineering/ai-assist/dockter, +https://gitlab.com/elixxir/client, +https://gitlab.com/accumulatenetwork/accumulate, +https://gitlab.com/aweframework/awe, +https://gitlab.com/golangdojo/youtube, +https://gitlab.com/ahau/ssb-crut, +https://gitlab.com/mkit/open-source/gatsby-theme-password-protect, +https://gitlab.com/efficientip/solidserverrest, +https://gitlab.com/oddnetworks/oddworks/core, +https://gitlab.com/kqhivemind/hivemind, +https://gitlab.com/altispeed/linux-delta, +https://gitlab.com/nomadic-labs/resto, +https://gitlab.com/scion-scxml/scion, +https://gitlab.com/RemixDev/deezer-js, +https://gitlab.com/ouestware/neo4j-elasticsearch, +https://gitlab.com/pdftools/python-ghostscript, +https://gitlab.com/Makman2/respice, +https://gitlab.com/datadrivendiscovery/metadata, +https://gitlab.com/aroffringa/aoflagger, +https://gitlab.com/asuran-rs/libasuran, +https://gitlab.com/q-dev/q-client, +https://gitlab.com/kornelski/http-serde, +https://gitlab.com/monogoto.io/node-red-contrib-flow-manager, +https://gitlab.com/ipyopt-devs/ipyopt, +https://gitlab.com/dlr-ve/vencopy, +https://gitlab.com/nekokatt/hikari, +https://gitlab.com/djencks/asciidoctor-mathjax.js, +https://gitlab.com/imp/chrono-humanize-rs, +https://gitlab.com/dicr/yii2-telegram, +https://gitlab.com/cgps/nf-batch-runner, +https://gitlab.com/pharmony/active_record_migration_ui, +https://gitlab.com/IvanSanchez/glii, +https://gitlab.com/hepcedar/lhapdf, +https://gitlab.com/dlalic/gitlab-clippy, +https://gitlab.com/radek-sprta/mariner, +https://gitlab.com/allianceauth/django-esi, +https://gitlab.com/moneropay/moneropay, +https://gitlab.com/gitlab-org/git, +https://gitlab.com/etke.cc/buscarron, +https://gitlab.com/uweschmitt/pytest-regtest, +https://gitlab.com/thorchain/tss/go-tss, +https://gitlab.com/universis/universis, +https://gitlab.com/ViDA-NYU/d3m/alphad3m, +https://gitlab.com/zach-geek/hyper-launch-menu, +https://gitlab.com/yaroslaff/hashget, +https://gitlab.com/vstconsulting/vstutils, +https://gitlab.com/tripetto/editor, +https://gitlab.com/zerobias/effector, +https://gitlab.com/xmpp-rs/tokio-xmpp, +https://gitlab.com/tmuguet/hugo-split-gallery, +https://gitlab.com/what-digital/django-privacy-mgmt, +https://gitlab.com/tom.davidson/lolaus, +https://gitlab.com/ydkn/capistrano-git-copy, +https://gitlab.com/tezos-domains/client, +https://gitlab.com/Tuuux/galaxie-curses, +https://gitlab.com/tobias47n9e/wikibase_rs, +https://gitlab.com/oliasoft-open-source/react-ui-library, +https://gitlab.com/midas-mosaik/midas, +https://gitlab.com/shinzao/laravel-activation, +https://gitlab.com/ecocommons-australia/lib/drf-keycloak-auth, +https://gitlab.com/hindawi/phenom-types, +https://gitlab.com/librecube/lib/python-linkpredict, +https://gitlab.com/regen-network/regen-ledger, +https://gitlab.com/barfuin/text-tree, +https://gitlab.com/b0/libqtolm, +https://gitlab.com/JOSM/gradle-josm-plugin, +https://gitlab.com/gitlab-org/security-products/ci-templates, +https://gitlab.com/protesilaos/tempus-themes-generator, +https://gitlab.com/SiLA2/sila_csharp, +https://gitlab.com/hipsquare/strapi-plugin-keycloak, +https://gitlab.com/pgjones/quart-rate-limiter, +https://gitlab.com/biomedit/gpg-lite, +https://gitlab.com/bor-sh-infrastructure/libsaas_gitlab, +https://gitlab.com/haynes/libsass-maven-plugin, +https://gitlab.com/jfolz/simplejpeg, +https://gitlab.com/macmv/sugarcane, +https://gitlab.com/imp/cargo-info, +https://gitlab.com/mcepl/json_diff, +https://gitlab.com/qblox/packages/software/qblox_instruments, +https://gitlab.com/esa/pyxel, +https://gitlab.com/stevebob/mos6502, +https://gitlab.com/SiLA2/vendors/sila_tecan, +https://gitlab.com/bern-rtos/bern-rtos, +https://gitlab.com/hindawi/xpub/xpub-screening, +https://gitlab.com/Hares-Lab/openapi-parser, +https://gitlab.com/oscar6echo/ipyauth, +https://gitlab.com/cogment/cogment, +https://gitlab.com/stone.code/scov, +https://gitlab.com/sctlib/libli, +https://gitlab.com/remal/gradle-plugins, +https://gitlab.com/imbev/pywebcanvas, +https://gitlab.com/gitlab-org/security-products/analyzers/mobsf, +https://gitlab.com/RKIBioinformaticsPipelines/ncov_minipipe, +https://gitlab.com/cardoe/enum-primitive-derive, +https://gitlab.com/aboutyou/cloud-core/backbone-ts, +https://gitlab.com/mech-lang/core, +https://gitlab.com/dalibo/pglift, +https://gitlab.com/SiLA2/sila_python, +https://gitlab.com/Patiga/twmap, +https://gitlab.com/librespacefoundation/python-satellitetle, +https://gitlab.com/amv213/jumbo, +https://gitlab.com/ing_rpaa/ing_theme_matplotlib, +https://gitlab.com/qvex/vex-rt, +https://gitlab.com/appian-oss/appian-locust, +https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs, +https://gitlab.com/gitlab-org/gitlab-eslint-config, +https://gitlab.com/2WeltenChris/pekfinger-red, +https://gitlab.com/antora/antora-assembler, +https://gitlab.com/guystreeter/python-hwloc, +https://gitlab.com/alantrick/august, +https://gitlab.com/naqll/dynamodb-table-explorer, +https://gitlab.com/polyapp-open-source/polyapp, +https://gitlab.com/guballa/tlsmate, +https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg, +https://gitlab.com/jeyred/schedic, +https://gitlab.com/Mayan-EDMS-NG/mayan-edms-ng, +https://gitlab.com/energyincities/python-ehub, +https://gitlab.com/lavitto/typo3-form-to-database, +https://gitlab.com/anphi/homeassistant-mqtt-binding, +https://gitlab.com/hectorjsmith/grafana-matrix-forwarder, +https://gitlab.com/bent10/stacked-menu, +https://gitlab.com/GeneralProtocols/anyhedge/library, +https://gitlab.com/andrejr/csnake, +https://gitlab.com/fabernovel/heart, +https://gitlab.com/gitlab-org/rubocop-gitlab-security, +https://gitlab.com/df-modding-tools/df-raw-language-server, +https://gitlab.com/arcfire/rumba, +https://gitlab.com/krr/IDP-Z3, +https://gitlab.com/h3/django-emailhub, +https://gitlab.com/etke.cc/miounne, +https://gitlab.com/axet/android-pdfium, +https://gitlab.com/prettyetc/prettyetc, +https://gitlab.com/nvidia/container-toolkit/libnvidia-container, +https://gitlab.com/infra.run/public/b3scale, +https://gitlab.com/paessler-labs/prtg-pyprobe, +https://gitlab.com/clock-8001/clock-8001, +https://gitlab.com/chrisrabotin/hyperdual, +https://gitlab.com/simspace-oss/xio, +https://gitlab.com/golang-commonmark/mdtool, +https://gitlab.com/limira-rs/mika, +https://gitlab.com/daingun/automatica, +https://gitlab.com/sqwishy/impetuous, +https://gitlab.com/abrosimov.a.a/qlua, +https://gitlab.com/gitlab-org/configure/examples/gitops-project, +https://gitlab.com/openbridge/openbridge-web-components, +https://gitlab.com/nvidia/container-toolkit/nvidia-docker, +https://gitlab.com/katyukha/odoo-rpc-client, +https://gitlab.com/l0nax/changelog-go, +https://gitlab.com/gridbugs/mos6502, +https://gitlab.com/Appirio/sfdx-node, +https://gitlab.com/gitlab-com/gl-infra/oncall-robot-assistant, +https://gitlab.com/golangdojo/bootcamp, +https://gitlab.com/OctoNezd/loggui, +https://gitlab.com/mailman/mailman-web, +https://gitlab.com/ferreum/trampoline, +https://gitlab.com/dansanti/facturacion_electronica, +https://gitlab.com/frihsb/rettij, +https://gitlab.com/MartijnBraam/wiremapper, +https://gitlab.com/altek/eventually, +https://gitlab.com/IvanSanchez/Leaflet.Marker.SlideTo, +https://gitlab.com/yaq/yaq-python, +https://gitlab.com/tpfeiffe/ctl, +https://gitlab.com/ysb33rOrg/grolifant, +https://gitlab.com/vocdoni/go-dvote, +https://gitlab.com/vincenttunru/tripledoc, +https://gitlab.com/vmware/pop/pop-config, +https://gitlab.com/tezos-dappetizer/dappetizer, +https://gitlab.com/twittner/cbor-codec, +https://gitlab.com/the-language/the-language, +https://gitlab.com/tozd/go/mediawiki, +https://gitlab.com/walterebert/wordpress-project, +https://gitlab.com/vedvyas/doxytag2zealdb, +https://gitlab.com/v01d-gl/number-base-converter, +https://gitlab.com/writeonlyhugo/up-business-theme, +https://gitlab.com/tglman/mdbook-variables, +https://gitlab.com/wiechapeter/pyGDM2, +https://gitlab.com/tornado-torrent/transmission-rs, +https://gitlab.com/thelabnyc/angular-wagtail, +https://gitlab.com/tornado-torrent/transmission-sys, +https://gitlab.com/torkleyy/cargo-publish-all, +https://gitlab.com/wallzero/jsplumb-react, +https://gitlab.com/testload/jmeter-listener, +https://gitlab.com/thelabnyc/django-oscar/django-oscar-api-checkout, +https://gitlab.com/vindarel/bookshops, +https://gitlab.com/mergetb/tech/raven, +https://gitlab.com/NodeGuy/channel, +https://gitlab.com/jackatbancast/manifesto, +https://gitlab.com/chaica/boost, +https://gitlab.com/john_t/shellfish, +https://gitlab.com/ErikKalkoken/aa-structures, +https://gitlab.com/dennis-hamester/vks, +https://gitlab.com/subnetzero/palladium, +https://gitlab.com/snowgoonspub/avr-oxide, +https://gitlab.com/GeneralProtocols/electrum-cash/library, +https://gitlab.com/koala-lms/django-learning, +https://gitlab.com/polychainlabs/horcrux, +https://gitlab.com/mappies/configurapi, +https://gitlab.com/granitosaurus/minds-cli, +https://gitlab.com/maciej.gol/op-askpass, +https://gitlab.com/mbukatov/pytest-ansible-playbook, +https://gitlab.com/mobivia-design/roadtrip/components, +https://gitlab.com/moshmage/rxjs-socket.io, +https://gitlab.com/packt-cli/packt-cli, +https://gitlab.com/mike7b4/usbapi-rs, +https://gitlab.com/mvysny/slf4j-handroid, +https://gitlab.com/modulispaces/admcycles, +https://gitlab.com/ahmedcharles/lua-rs, +https://gitlab.com/csb.ethz/pta, +https://gitlab.com/robotmay/chunky_cache, +https://gitlab.com/luminovo/public/midnite, +https://gitlab.com/opennota/unmht, +https://gitlab.com/sermos/sermos-tools, +https://gitlab.com/MartijnBraam/powersupply, +https://gitlab.com/systra/qeto/lib/django-oauth2-authcodeflow, +https://gitlab.com/riseup/up1-cli-client-nodejs, +https://gitlab.com/codebryo/pleasejs, +https://gitlab.com/datadrivendiscovery/primitive-interfaces, +https://gitlab.com/jlalande/vue-auth-image, +https://gitlab.com/gauntletwizard_net/kubetls, +https://gitlab.com/rocketwave-tech/airway, +https://gitlab.com/govbr-ds/dev/react/react-components, +https://gitlab.com/danielhones/pycategories, +https://gitlab.com/DeveloperC/conventional_commits_next_version, +https://gitlab.com/empaia/integration/frontend-workspace, +https://gitlab.com/fbisti/navarp, +https://gitlab.com/steveazz-blog/go-performance-tools-cheat-sheet, +https://gitlab.com/adrian.budau/ia-sandbox, +https://gitlab.com/gmgeo/osmic, +https://gitlab.com/ottr/lutra/lutra, +https://gitlab.com/mlgenetics/dnadna, +https://gitlab.com/mallumo/mallumo, +https://gitlab.com/hyperion-gray/googlespider, +https://gitlab.com/janhelke/cal, +https://gitlab.com/Kirire/x250, +https://gitlab.com/peczony/chgksuite, +https://gitlab.com/recpack-maintainers/recpack, +https://gitlab.com/monochromata-de/cucumber-reporting-plugin, +https://gitlab.com/cerlane/SoftPosit-Python, +https://gitlab.com/fethalen/phylopypruner, +https://gitlab.com/rocketduck/python-unpoly, +https://gitlab.com/hydrothermal-openfoam/scipyfoam, +https://gitlab.com/sscherfke/django-sphinxdoc, +https://gitlab.com/potato-oss/google-cloud/django-gcloud-connectors, +https://gitlab.com/nsf-noirlab/csdc/antares/client, +https://gitlab.com/biotransistor/bokehheat, +https://gitlab.com/engje/cmif, +https://gitlab.com/gitlab-org/gitlab-metrics-exporter, +https://gitlab.com/sermos/sermos, +https://gitlab.com/serpro/fatiador, +https://gitlab.com/nerd-vision/opensource/gitlab-js, +https://gitlab.com/limira-rs/wasm-logger, +https://gitlab.com/openpgp-card/openpgp-card, +https://gitlab.com/pjrpc/pjrpc, +https://gitlab.com/ca-iot/homebridge-shelly-doorbell, +https://gitlab.com/oddjobz/pynndb2, +https://gitlab.com/cordite/braid, +https://gitlab.com/kurant-open/m3d, +https://gitlab.com/crafty-controller/crafty-client, +https://gitlab.com/bzim/trampoline-rs, +https://gitlab.com/Blockdaemon/ubiquity/ubiquity-go-client, +https://gitlab.com/arnapou/jqcron, +https://gitlab.com/littlesaints/functional-streams, +https://gitlab.com/nikkofox/gomeme-api, +https://gitlab.com/iam-cms/workflows/workflow-nodes, +https://gitlab.com/jspngh/rfid-rs, +https://gitlab.com/mjbecze/GeoJSON-Validation, +https://gitlab.com/jiri.hajek/eztoggl, +https://gitlab.com/sugarcube/sugarcube, +https://gitlab.com/sequoia-pgp/nettle-sys, +https://gitlab.com/ae-dir/web2ldap, +https://gitlab.com/seancl/screeps-autobahn, +https://gitlab.com/divisadero/cloud-functions-python-emulator, +https://gitlab.com/flywheel-io/public/python-cli, +https://gitlab.com/pretty-angular-components/slider, +https://gitlab.com/stemcellbioengineering/context-explorer, +https://gitlab.com/fdroid/sdkmanager, +https://gitlab.com/Plasticity/magnitude, +https://gitlab.com/Screwtapello/bdflib, +https://gitlab.com/ostrokach/gitlab-versioned-pages, +https://gitlab.com/beginbot/beginsounds, +https://gitlab.com/MatteoCampinoti94/FALocalRepo, +https://gitlab.com/cocainefarm/pastor, +https://gitlab.com/pyshacks/pnio_dcp, +https://gitlab.com/brandondyer64/wcpp, +https://gitlab.com/gomidi/rtmididrv, +https://gitlab.com/cc-ru/luaparse-rs, +https://gitlab.com/equilibrator/component-contribution, +https://gitlab.com/mbryant/aoc-2021, +https://gitlab.com/catamphetamine/input-format, +https://gitlab.com/i80and/pypledge, +https://gitlab.com/s1-etad/s1-etad, +https://gitlab.com/Einhornstyle/nldsl, +https://gitlab.com/FraME-projects/PyFraME, +https://gitlab.com/Notify.me/me.notify.public, +https://gitlab.com/gitlab-org/declarative-policy, +https://gitlab.com/gitlab-org/prometheus-storage-migrator, +https://gitlab.com/dacs-hpi/hiclass, +https://gitlab.com/q-dev/system-contracts, +https://gitlab.com/ddb_db/piawgcli, +https://gitlab.com/flywheel-io/public/gear-toolkit, +https://gitlab.com/iiit-public/plenpy, +https://gitlab.com/kamichal/airium, +https://gitlab.com/fgmarand/gocoverstats, +https://gitlab.com/bboehmke/raspi-alpine-builder, +https://gitlab.com/duelpy/duelpy, +https://gitlab.com/plantingspace/mangrove, +https://gitlab.com/initforthe/stimulus-remote, +https://gitlab.com/odousse/online-choir, +https://gitlab.com/Naqwada/TapoPlug-Rest-API, +https://gitlab.com/cznic/memory, +https://gitlab.com/pgerber/s4, +https://gitlab.com/gitzone/npmts, +https://gitlab.com/axet/android-fbreader-library, +https://gitlab.com/soul-codes/ts-deep-pick, +https://gitlab.com/rod2ik/mkdocs-graphviz, +https://gitlab.com/ericlathrop/phoenix-js-react-hooks, +https://gitlab.com/mergetb/portal/services, +https://gitlab.com/johanngyger/gilp, +https://gitlab.com/inkscape/extras/extension-manager, +https://gitlab.com/djencks/antora-pdf, +https://gitlab.com/semantic-jail/php-ivoox-api, +https://gitlab.com/KatHamer/katfetch, +https://gitlab.com/project-emco/core/emco-base, +https://gitlab.com/crawfordleeds/crawfish, +https://gitlab.com/granitosaurus/minds-api, +https://gitlab.com/cosmicchipsocket/keeshond, +https://gitlab.com/cznic/tk, +https://gitlab.com/glts/spf-milter, +https://gitlab.com/aaronkho/GPR1D, +https://gitlab.com/mwbot-rs/mwbot, +https://gitlab.com/nvidia/container-infrastructure/aws-kube-ci, +https://gitlab.com/libvirt/libvirt-ci, +https://gitlab.com/elixxir/server, +https://gitlab.com/RoPP/flake8-use-pathlib, +https://gitlab.com/openchvote/cryptographic-protocol, +https://gitlab.com/libvirt/libvirt-go-module, +https://gitlab.com/ayana/libs/bento, +https://gitlab.com/ikhemissi/gitlab-ci-releaser, +https://gitlab.com/jeffrey-xiao/kademlia-dht-rs, +https://gitlab.com/jfolz/datadings, +https://gitlab.com/distilled/distilled, +https://gitlab.com/potato-oss/ace/ace, +https://gitlab.com/nvidia/container-toolkit/container-runtime, +https://gitlab.com/lanzara-group/python-arpes, +https://gitlab.com/dns2utf8/color_blinder, +https://gitlab.com/schoolmouv-open-source/vue-log-worker, +https://gitlab.com/clorichel/vue-gitlab-api, +https://gitlab.com/larsfp/checkmk-commander, +https://gitlab.com/american-space-software/large, +https://gitlab.com/miicat/sauce-finder, +https://gitlab.com/janoskut/picoslave, +https://gitlab.com/registerMap/registermap, +https://gitlab.com/axual-public/axual-client-python, +https://gitlab.com/categulario/pizarra, +https://gitlab.com/almaember/pcremote, +https://gitlab.com/machina_ex/adaptor_ex/adaptor_ex_server, +https://gitlab.com/maxburon/microformats-parser, +https://gitlab.com/ManfredTremmel/gwt-bean-validators, +https://gitlab.com/YottaDB/Lang/YDBGo, +https://gitlab.com/unboundedsystems/adapt, +https://gitlab.com/tango-controls/jive, +https://gitlab.com/tslocum/harmony, +https://gitlab.com/unit410/threshold-ed25519, +https://gitlab.com/yariv.luts/firestore-orm, +https://gitlab.com/thorchain/tss/tss-lib, +https://gitlab.com/vanandrew/omni, +https://gitlab.com/tspiteri/az, +https://gitlab.com/xiayesuifeng/goblog, +https://gitlab.com/xmpp-rs/xmpp-parsers, +https://gitlab.com/zehkira/pytyle1x, +https://gitlab.com/tornado-torrent/libevent-sys, +https://gitlab.com/zanny/oidc-reqwest, +https://gitlab.com/ykyuen/golang-echo-template-example, +https://gitlab.com/xilix-systems-llc/go-native-ads, +https://gitlab.com/yamato97/current-calculations-for-proteins, +https://gitlab.com/tangram-vision-oss/rsbadges, +https://gitlab.com/tamaas/tamaas, +https://gitlab.com/tripetto/runners/autoscroll, +https://gitlab.com/wirevpn/react-native-wireguard, +https://gitlab.com/tspiteri/gmp-mpfr-sys, +https://gitlab.com/united-travel-tickets/common/nats-streaming-ui, +https://gitlab.com/valeth/discord-rpc-client.rs, +https://gitlab.com/tandemdude/lightbulb, +https://gitlab.com/team-supercharge/oasg, +https://gitlab.com/jv110/darkengine, +https://gitlab.com/stoempdev/insomnia-plugin-xdebug, +https://gitlab.com/jo314schmitt/admcycles, +https://gitlab.com/fdroid/php-fdroid, +https://gitlab.com/pharmony/restful-json-api-client, +https://gitlab.com/mirkoboehm/pandoc-acronyms, +https://gitlab.com/JakobDev/jdNBTExplorer, +https://gitlab.com/dacevedo/enet-js, +https://gitlab.com/librecube/lib/python-sle-user, +https://gitlab.com/flokno/hilde, +https://gitlab.com/alelec/jupyter_micropython_remote, +https://gitlab.com/stavros/django-webauthin, +https://gitlab.com/jorispio/ccsds2czml, +https://gitlab.com/mipimipi/smsync, +https://gitlab.com/akita/mem, +https://gitlab.com/pawelbbdrozd/eslint-plugin-markdownlint, +https://gitlab.com/s3a/s3a, +https://gitlab.com/deadcanaries/granax, +https://gitlab.com/burke-software/nativescript-foss-sidedrawer, +https://gitlab.com/cznic/kv, +https://gitlab.com/cnri/cordra/cordra, +https://gitlab.com/arep-dev/pyViewFactor, +https://gitlab.com/base.io/react-native-httpserver, +https://gitlab.com/2WeltenChris/svelte-integration-red, +https://gitlab.com/oer/org-re-reveal-ref, +https://gitlab.com/mozgurbayhan/nosqlmodel, +https://gitlab.com/nslr/nslr, +https://gitlab.com/peryl/peryl, +https://gitlab.com/aidaspace/heliopy_multid, +https://gitlab.com/beneath-hq/beneath, +https://gitlab.com/bees-algorithm/bees_algorithm_python, +https://gitlab.com/jcorry/cars, +https://gitlab.com/herman2019/i2p-tools, +https://gitlab.com/gitlab-org/security-products/analyzers/kics, +https://gitlab.com/ethz_hvl/hvl_ccb, +https://gitlab.com/fverdugo/jin2for, +https://gitlab.com/dmoonfire/commitlint-gitlab-ci, +https://gitlab.com/gitlab-com/marketing/digital-experience/navigation, +https://gitlab.com/beeper/discord, +https://gitlab.com/commonshost/gaufre, +https://gitlab.com/digested/node-digest, +https://gitlab.com/european-language-grid/platform/python-client, +https://gitlab.com/apps_education/peertube/plugin-transcription, +https://gitlab.com/classroomcode/py2cfg, +https://gitlab.com/album-app/album, +https://gitlab.com/geolandia/openlog/xplordb, +https://gitlab.com/jacob.brazeal/ksonpy, +https://gitlab.com/JonathonReinhart/adman, +https://gitlab.com/alephledger/consensus-go, +https://gitlab.com/atrus6/pynoise, +https://gitlab.com/desupervised/borch, +https://gitlab.com/DavideGalilei/chameleongram, +https://gitlab.com/fee1-dead/coffer, +https://gitlab.com/nilshelmig/barenet, +https://gitlab.com/commonshost/core, +https://gitlab.com/manhquangit/input-device, +https://gitlab.com/osm-ui/react, +https://gitlab.com/kevincox/hard-xml, +https://gitlab.com/biaslab/onlinehd, +https://gitlab.com/philbooth/unicode-bom, +https://gitlab.com/modmyclassic/sega-mega-drive-mini/marchive-batch-tool, +https://gitlab.com/getreu/tp-note, +https://gitlab.com/gitlab-org/security-products/demos/coverage-fuzzing/go-fuzzing-example, +https://gitlab.com/fpotter/tools/busy, +https://gitlab.com/msts-public/general/typescript-cacheable, +https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile, +https://gitlab.com/obsessivefacts/memespeech, +https://gitlab.com/lightning-signer/rust-lightning-signer, +https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven, +https://gitlab.com/CeREF/muphyn, +https://gitlab.com/etke.cc/ttm, +https://gitlab.com/genomeinformatics/xengsort, +https://gitlab.com/michenriksen/gitlab-file-finder, +https://gitlab.com/olekdia/common/libraries/sound-pool, +https://gitlab.com/mikeramsey/wizardwebssh, +https://gitlab.com/ita-ml/pyhard, +https://gitlab.com/opensic/pyflosic2, +https://gitlab.com/ccrpc/ccrpc-charts, +https://gitlab.com/mygnu/spark_post, +https://gitlab.com/L0gIn/git-file-downloader, +https://gitlab.com/bgez/bgez, +https://gitlab.com/matilda.peak/yacker, +https://gitlab.com/crates.rs/render_readme, +https://gitlab.com/aquator/node-get-keycloak-public-key, +https://gitlab.com/lienvdsteen/linter, +https://gitlab.com/paulkiddle/activitypub-http-signatures, +https://gitlab.com/jeffrey-xiao/hash-rings-rs, +https://gitlab.com/samsartor/reax, +https://gitlab.com/obob/pymatreader, +https://gitlab.com/go-box/pongo2gin, +https://gitlab.com/cipres/aioipfs, +https://gitlab.com/kirbyzone/formbuilder, +https://gitlab.com/antoreep_jana/quick_ml, +https://gitlab.com/imp/requests-rs, +https://gitlab.com/gitlab-org/fleeting/fleeting-plugin-aws, +https://gitlab.com/axet/android-audio-library, +https://gitlab.com/liamwarfield/pdc, +https://gitlab.com/nathanfaucett/rs-lexer, +https://gitlab.com/gaia-x/data-infrastructure-federation-services/cam, +https://gitlab.com/ayanaware/logger, +https://gitlab.com/gitlab-org/security-products/analyzers/nodejs-scan, +https://gitlab.com/takluyver/enboard, +https://gitlab.com/crates.rs/style, +https://gitlab.com/gitlab-merge-tool/glmt, +https://gitlab.com/ilgilenio/Otag, +https://gitlab.com/barry.van.acker/phreak-rs, +https://gitlab.com/ponci-berlin/phpbaercode, +https://gitlab.com/petoknm/r2d2-mongodb, +https://gitlab.com/developersforfuture/profile-generator-frontend, +https://gitlab.com/inivation/dv-python, +https://gitlab.com/iosa/iosacal, +https://gitlab.com/BradleyKirton/djangovue, +https://gitlab.com/p-avital/secded-rs, +https://gitlab.com/ponylin1985/ZayniFramework, +https://gitlab.com/cdlr75/aio-task, +https://gitlab.com/skitai/skitai, +https://gitlab.com/gitlab-org/ci-cd/gcp-exporter, +https://gitlab.com/distributed_lab/logan, +https://gitlab.com/skitai/sqlphile, +https://gitlab.com/equilibrator/equilibrator-pathway, +https://gitlab.com/djencks/antora-schematics, +https://gitlab.com/documatt/sphinx-reredirects, +https://gitlab.com/niksaak/lofi, +https://gitlab.com/burke-software/django-server-side-matomo, +https://gitlab.com/Sineos/filemanager-bundle, +https://gitlab.com/Rich-Harris/svg-parser, +https://gitlab.com/serial-lab/EPCPyYes, +https://gitlab.com/qemu-project/python-qemu-qmp, +https://gitlab.com/neachdainn/aspen, +https://gitlab.com/digitaloak/node-red-contrib-digitaloak-postgresql, +https://gitlab.com/nwmitchell/pylint-print, +https://gitlab.com/sorcero/community/go-cat, +https://gitlab.com/hfyngvason/kubectl-gitlab, +https://gitlab.com/kermit-js/kermit, +https://gitlab.com/HomebrewSoft/sat_ws_api, +https://gitlab.com/axet/android-firebase-fake, +https://gitlab.com/swcafe/rgpsd, +https://gitlab.com/fholmer/getpodcast, +https://gitlab.com/burke-software/django-server-side-piwik, +https://gitlab.com/remmer.wilts/moin, +https://gitlab.com/experimentslabs/engine_elabs, +https://gitlab.com/dangass/plum, +https://gitlab.com/hxss-linux/folderpreview, +https://gitlab.com/baldurmen/metalfinder, +https://gitlab.com/mindig.marton/emulated_roku, +https://gitlab.com/staltz/unist-util-flatmap, +https://gitlab.com/gitlab-org/security-products/analyzers/kubesec, +https://gitlab.com/ParComb/usain-boltz, +https://gitlab.com/incytestudios/ddv, +https://gitlab.com/NoahGray/final-orm, +https://gitlab.com/permafrostnet/teaspoon, +https://gitlab.com/oz123/blogit, +https://gitlab.com/kornelski/cloudflare-zlib-sys, +https://gitlab.com/sebdeckers/express-history-api-fallback, +https://gitlab.com/jondo2010/rust-fmi, +https://gitlab.com/axet/android-opus, +https://gitlab.com/staltz/ssb-to-graphml, +https://gitlab.com/initforthe/stimulus-data-bindings, +https://gitlab.com/cosapp/cosapp_lab, +https://gitlab.com/mkleehammer/autoconfig, +https://gitlab.com/pipe3d/pyPipe3D, +https://gitlab.com/kaliko/mkdocs-cluster, +https://gitlab.com/rdbende/chlorophyll, +https://gitlab.com/jokeyrhyme/xdp-hook-rs, +https://gitlab.com/petsc/petsc4py, +https://gitlab.com/roundearth/civicrm-composer-plugin, +https://gitlab.com/janispritzkau/rcon-client, +https://gitlab.com/glts/indymilter, +https://gitlab.com/mbarkhau/straitjacket, +https://gitlab.com/htgoebel/managesieve, +https://gitlab.com/bednic/json-api, +https://gitlab.com/roivant/oss/django-dataclasses, +https://gitlab.com/nanodeath/phaserkt, +https://gitlab.com/aiakos/django-auth-oidc, +https://gitlab.com/kabo/serverless-cf-vars, +https://gitlab.com/mysticsystems/home, +https://gitlab.com/ericvsmith/toposort, +https://gitlab.com/KirMozor/YandexMusicApi, +https://gitlab.com/aki237/pin, +https://gitlab.com/quantlane/libs/aiodebug, +https://gitlab.com/mrman/kcup-rust, +https://gitlab.com/jlecomte/python/torxtools, +https://gitlab.com/axet/android-library, +https://gitlab.com/enitoni-gears/gears, +https://gitlab.com/smoores/ode, +https://gitlab.com/BVollmerhaus/statis, +https://gitlab.com/ocaml-rust/ocaml-boxroot, +https://gitlab.com/hipdevteam/elementor-pro, +https://gitlab.com/noppo/ember-quill, +https://gitlab.com/geeks4change/hubs4change/enzian, +https://gitlab.com/lovasb/django-brython, +https://gitlab.com/nfraprado/cardapio-unicamp, +https://gitlab.com/commonshost/short, +https://gitlab.com/BradleyKirton/django-bootstrap-navbar, +https://gitlab.com/bennyp/rollup-plugin-workbox, +https://gitlab.com/gitlab-org/security-products/analyzers/gosec, +https://gitlab.com/kisters/kisters.water.time_series, +https://gitlab.com/hotlittlewhitedog/BibleMultiTheSonOfMan, +https://gitlab.com/nilclass/rust-linuxfb, +https://gitlab.com/potato-oss/google-cloud/gcloud-storage-emulator, +https://gitlab.com/passelecasque/propolis, +https://gitlab.com/chris-morgan/symlink, +https://gitlab.com/antora/antora-collector-extension, +https://gitlab.com/blender/playsync, +https://gitlab.com/smueller18/cert-manager-webhook-inwx, +https://gitlab.com/srwalker101/rust-jupyter-client, +https://gitlab.com/maribedran/tapioca-senado, +https://gitlab.com/sosy-lab/software/paralleljbdd, +https://gitlab.com/efficiently/stimulus-invoke, +https://gitlab.com/mobivia-design/roadtrip/css, +https://gitlab.com/commonground/xbrp/desq, +https://gitlab.com/drupalspoons/composer-plugin, +https://gitlab.com/caiofilus1/moleculer-sequelize, +https://gitlab.com/devbench/uibuilder, +https://gitlab.com/ezlo.picori/gps_tracker, +https://gitlab.com/everest-code/tree-db/server, +https://gitlab.com/nycex/axosnake, +https://gitlab.com/sdc-suite/sdc-ri, +https://gitlab.com/jlecomte/ansible/ansible-roster, +https://gitlab.com/satelligence/classifier, +https://gitlab.com/eidheim/react-simplified, +https://gitlab.com/Syroot/BinaryData, +https://gitlab.com/caml/basc, +https://gitlab.com/blueberry-studio/hermes/hermes-api, +https://gitlab.com/nats/deptreeviz, +https://gitlab.com/osaki-lab/wru, +https://gitlab.com/nbs-it/ng-ui-library, +https://gitlab.com/beeper/chatwoot, +https://gitlab.com/autofitcloud/git-remote-aws, +https://gitlab.com/nash-io-public/nash-protocol, +https://gitlab.com/catamphetamine/imageboard, +https://gitlab.com/AdriaanRol/example-gitlab-python-project, +https://gitlab.com/mjwhitta/zoom, +https://gitlab.com/gitlab-data/gitlab-data-utils, +https://gitlab.com/koalalorenzo/backpack, +https://gitlab.com/MatteoCampinoti94/FAAPI, +https://gitlab.com/balping/artisan-bash-completion, +https://gitlab.com/hyperd/venvctl, +https://gitlab.com/MinaPecheux/rune-core, +https://gitlab.com/bchplease/nitojs, +https://gitlab.com/Seballot/gogocarto-js, +https://gitlab.com/5d-chess/5d-chess-js, +https://gitlab.com/ID4me/id4me-rp-client-python, +https://gitlab.com/onegreyonewhite/configparserc, +https://gitlab.com/hieu3011999/code-base, +https://gitlab.com/tue-umphy/software/parmesan, +https://gitlab.com/zoomonit/greenpepper, +https://gitlab.com/YottaDB/Lang/YDBRust, +https://gitlab.com/zephyrtronium/spirv, +https://gitlab.com/xlab-steampunk/steampunk-spotter-client/spotter-cli, +https://gitlab.com/typeorm-faker/typeorm-faker, +https://gitlab.com/ViDA-NYU/d3m/d3m_interface, +https://gitlab.com/x4ku/panki, +https://gitlab.com/yaal/sheraf, +https://gitlab.com/zenotta/chi, +https://gitlab.com/zipizap/gmailchatlib, +https://gitlab.com/trainline-eu/stand, +https://gitlab.com/wski/SimpleState, +https://gitlab.com/tpart/classy, +https://gitlab.com/trantor/hummin, +https://gitlab.com/thecyberd3m0n/ui-rustreamer, +https://gitlab.com/v1olen/dateless, +https://gitlab.com/tallero/daty, +https://gitlab.com/TetradotoxinaOficial/gtts4j, +https://gitlab.com/yelosan/hugo-semantic-web, +https://gitlab.com/vmware/idem/idem-gcp, +https://gitlab.com/totakoko/onetimesecret, +https://gitlab.com/ulysses.codes/node-red-contrib-notion, +https://gitlab.com/teensy-rs/teensy-loader-rs, +https://gitlab.com/vechain.energy/common/hardhat-thor, +https://gitlab.com/yaq/yaqc-python, +https://gitlab.com/valerio-vaccaro/writeonchain, +https://gitlab.com/wangchristine/api-response, +https://gitlab.com/Toriniasty/reprap_notify, +https://gitlab.com/uptimeventures/gotham-middleware-jwt, +https://gitlab.com/vborrasc/vue-simple-gallery, +https://gitlab.com/TriaStudios/socket-packages-lib, +https://gitlab.com/trustpayments-public/mobile-sdk/android, +https://gitlab.com/tobias47n9e/wkdr, +https://gitlab.com/xxaccexx/lit-extended, +https://gitlab.com/zefiris/tenhou-client, +https://gitlab.com/thorchain/asgardex-common/asgardex-util, +https://gitlab.com/tjian-darzacq-lab/Spot-On-cli, +https://gitlab.com/winniehell/file-name-linter, +https://gitlab.com/xoria/raining-cards, +https://gitlab.com/tripetto/collectors/rolling, +https://gitlab.com/vladodriver/uld, +https://gitlab.com/thelabnyc/wagtail_polls, +https://gitlab.com/uniroma3/compunet/networks/mrtsharp, +https://gitlab.com/tripetto/runner-foundation, +https://gitlab.com/thibauddauce/laravel-mattermost-logger, +https://gitlab.com/unibuc/graphomaly/dictionary-learning, +https://gitlab.com/tonyfinn/kdbx-rs, +https://gitlab.com/thekelvinliu/rollup-plugin-static-site, +https://gitlab.com/TIBHannover/orkg/nlp/orkg-nlp-pypi, +https://gitlab.com/worr/rust-kqueue, +https://gitlab.com/wondermonger/koa-session-mongoose, +https://gitlab.com/xamn/terminal-menu-rs, +https://gitlab.com/warsaw/public, +https://gitlab.com/tripetto/collector, +https://gitlab.com/typo3-upgrade-tools/migrate-redirects, +https://gitlab.com/thorchain/asgardex-common/asgardex-midgard, +https://gitlab.com/yorickpeterse/ruby-ll, +https://gitlab.com/thorchain/byzantine-module, +https://gitlab.com/wrobell/rbfly, +https://gitlab.com/tango-controls/JSSHTerminal, +https://gitlab.com/ViDA-NYU/auctus/datamart-geo, +https://gitlab.com/XenGi/kicad-footprint-viewer.js, +https://gitlab.com/thelabnyc/wagtailcloudinary, +https://gitlab.com/wpify/wpify-custom-fields, +https://gitlab.com/zero-gravity/zero-gravity-cms, +https://gitlab.com/tonyg/preserves, +https://gitlab.com/tozd/gitlab/release, +https://gitlab.com/neohubapi/neohubapi, +https://gitlab.com/Eusebius1920/ember-cli-build-variants, +https://gitlab.com/jamadazi/core_memo, +https://gitlab.com/calincs/cwrc/leaf-writer/leaf-writer, +https://gitlab.com/carles.mateo/cmemgzip, +https://gitlab.com/ErikKalkoken/aa-memberaudit, +https://gitlab.com/cjaikaeo/wsnsimpy, +https://gitlab.com/ferreum/distanceutils, +https://gitlab.com/andreas-h/pyatran, +https://gitlab.com/archlinux-co/frases-de-fortuna, +https://gitlab.com/jlecomte/python/flask-gordon, +https://gitlab.com/pommalabs/codeproject/object-pool, +https://gitlab.com/hershaw/novamud, +https://gitlab.com/Orange-OpenSource/lfn/onap/python-onapsdk, +https://gitlab.com/opengeoweb/geoweb-core, +https://gitlab.com/mc706/functional-pipeline, +https://gitlab.com/mcepl/bayeux, +https://gitlab.com/msvechla/mux-prometheus, +https://gitlab.com/resif/obsinfo, +https://gitlab.com/inko-lang/ivm, +https://gitlab.com/inklabapp/pyora, +https://gitlab.com/dvenkatsagar/python-yad, +https://gitlab.com/MazeChaZer/json-bouncer, +https://gitlab.com/memogarcia/doc-fzf, +https://gitlab.com/alexives/cncjs-mqtt, +https://gitlab.com/hvalick2111/cutter, +https://gitlab.com/kblobr/rust-docker, +https://gitlab.com/francesco-calcavecchia/features_factory, +https://gitlab.com/crocodile2u/laravel-docker, +https://gitlab.com/bitcoinunlimited/rostrum, +https://gitlab.com/m03geek/fastify-feature-flags, +https://gitlab.com/dhardy/kas, +https://gitlab.com/probator/probator, +https://gitlab.com/ceda_ei/verlauf, +https://gitlab.com/devowlio/node-gitlab-ci, +https://gitlab.com/remipassmoilesel/notes, +https://gitlab.com/michal-bryxi/open-source/ember-template-lint-plugin-tailwindcss, +https://gitlab.com/ptapping/thorlabs-apt-device, +https://gitlab.com/commonground/core/design-system, +https://gitlab.com/ifosim/finesse/finesse3, +https://gitlab.com/flatspin/flatspin, +https://gitlab.com/bancast/streamtools/twitch-tools, +https://gitlab.com/squarealfa/dart_framework, +https://gitlab.com/sjorspolman/homebridge-zigbee-v2, +https://gitlab.com/shezi/GPIOSimulator, +https://gitlab.com/colcrunch/fittings, +https://gitlab.com/ahau/ssb-hyper-blobs, +https://gitlab.com/shindagger/string-color, +https://gitlab.com/contextualcode/platform_cc, +https://gitlab.com/saltstack/pop/idem-aws, +https://gitlab.com/msrelectronics/python-ft4222, +https://gitlab.com/meskio/almanac, +https://gitlab.com/medikura/libs/redact-secrets, +https://gitlab.com/ginkgo-project/ginkgo-public-ci, +https://gitlab.com/adalongcorp/widget, +https://gitlab.com/remcohaszing/koas, +https://gitlab.com/sequoia-pgp/sequoia-wot, +https://gitlab.com/brainbit-inc/brainbit-sdk, +https://gitlab.com/eBardie/topplot, +https://gitlab.com/cg909/rust-hybrid-rc, +https://gitlab.com/dungnt12/mobx-model-xd, +https://gitlab.com/opensic/fodMC, +https://gitlab.com/DylanHamel/netests, +https://gitlab.com/bv-dr/Snoopy, +https://gitlab.com/codingpaws/gitlab-feature, +https://gitlab.com/alexmascension/bigmpi4py, +https://gitlab.com/MatteoCampinoti94/falocalrepo-server, +https://gitlab.com/jlecomte/python/flasket, +https://gitlab.com/andach/ipfs-laravel, +https://gitlab.com/opennota/pushkin, +https://gitlab.com/reddish/f1-2019-telemetry, +https://gitlab.com/finding-ray/antikythera, +https://gitlab.com/sanjay_nitsan/ns_basetheme, +https://gitlab.com/redsharpbyte/fets, +https://gitlab.com/penkit/penkit, +https://gitlab.com/kaictl/node/mock-local-storage, +https://gitlab.com/DreamyTZK/ispeak-bber, +https://gitlab.com/commonshost/cli, +https://gitlab.com/jlecomte/projects/ansible/ansible-roster, +https://gitlab.com/Bottersnike/crypko.py, +https://gitlab.com/ccondry/cucm-axl, +https://gitlab.com/spearman/sorted-vec, +https://gitlab.com/Boojum/python-securepay, +https://gitlab.com/siam-sc/spux, +https://gitlab.com/ponci-berlin/ponci, +https://gitlab.com/agates/pyplexo, +https://gitlab.com/mbukatov/pylatest, +https://gitlab.com/smartcontractlabs/tezos-uri, +https://gitlab.com/sheepitrenderfarm/blend-reader, +https://gitlab.com/efronlicht/dither, +https://gitlab.com/mergetb/xir, +https://gitlab.com/5783354/awokado, +https://gitlab.com/l214/msender, +https://gitlab.com/flukejones/tiny_ecs, +https://gitlab.com/fame-framework/fame-io, +https://gitlab.com/gomidi/portmididrv, +https://gitlab.com/royragsdale/ctfdfetch, +https://gitlab.com/flywheel-io/public/migration-toolkit, +https://gitlab.com/biomedit/libbiomedit, +https://gitlab.com/archer-oss/form-builder/form-builder-core, +https://gitlab.com/cznic/strutil, +https://gitlab.com/nextdft/simpledft, +https://gitlab.com/bitcoin/gentoo, +https://gitlab.com/brainelectronics/lightweight-versioned-gitlab-pages, +https://gitlab.com/getanthill/datastore, +https://gitlab.com/codecamp-de/vaadin-flow-dui, +https://gitlab.com/nl-design-system/nl-design-system, +https://gitlab.com/eigan/changelog, +https://gitlab.com/bnewbold/adenosine, +https://gitlab.com/crates.rs/cargo_author, +https://gitlab.com/memorize_it/memorize, +https://gitlab.com/mc706/data-records, +https://gitlab.com/polymer-kb/firmware/embedded-executor, +https://gitlab.com/hxss-linux/desktop-notify, +https://gitlab.com/gitlab-org/security-products/analyzers/brakeman, +https://gitlab.com/otevrenamesta/praha3/vyuctovani-vodafone, +https://gitlab.com/grdl/gitlab-mirror-maker, +https://gitlab.com/beehiveor/gazefilter, +https://gitlab.com/gitlab-org/security-products/gitlab-depscan, +https://gitlab.com/braniii/prettypyplot, +https://gitlab.com/speedpycom/speedpycom, +https://gitlab.com/clastjs/clast, +https://gitlab.com/afshar-oss/b8, +https://gitlab.com/integration_seon/libs/application/clockify, +https://gitlab.com/evernym/verity/vdr-tools, +https://gitlab.com/idoko/letterpress, +https://gitlab.com/betse/betsee, +https://gitlab.com/mironet/magnolia-bootstrap, +https://gitlab.com/ignitionrobotics/web/cloudsim, +https://gitlab.com/chemsoftware/python/pycaltransfer, +https://gitlab.com/malie-library/netfleece, +https://gitlab.com/drobilla/mda-lv2, +https://gitlab.com/2WeltenChris/kdbx-red, +https://gitlab.com/atviriduomenys/spinta, +https://gitlab.com/lynnpepin/reso, +https://gitlab.com/pci-driver/pci-driver, +https://gitlab.com/bigit/vokativ, +https://gitlab.com/esign/webpack-blade-native-loader, +https://gitlab.com/ErikKalkoken/django-eveuniverse, +https://gitlab.com/d5b4b2/ascii-table, +https://gitlab.com/mattkasa/tfplantool, +https://gitlab.com/gorilladev/pupygrib, +https://gitlab.com/kornelski/mandown, +https://gitlab.com/max-tet/gconf, +https://gitlab.com/kshib/fdpm, +https://gitlab.com/larswirzenius/vmadm, +https://gitlab.com/siege-insights/r6tab-java-api-client, +https://gitlab.com/cerfacs/flint, +https://gitlab.com/frontierdevelopmentlab/space-resources/mapstery, +https://gitlab.com/srikanthlogic/gstin-validator, +https://gitlab.com/powsrv.io/js/iota.lib.js.powsrvio, +https://gitlab.com/emergence-engineering/prosemirror-image-plugin, +https://gitlab.com/imda-dsl/intelligent-sensing-toolbox, +https://gitlab.com/mikeramsey/whois-alt-for-python, +https://gitlab.com/bloodyhealth/sympto, +https://gitlab.com/Chips4Makers/c4m-flexcell, +https://gitlab.com/simspace-oss/collections, +https://gitlab.com/dannywillems/ocaml-bls12-381, +https://gitlab.com/mraisadlani/golang-blog-with-mux-and-jwt-token, +https://gitlab.com/chrisrabotin/graco, +https://gitlab.com/nop_thread/dendron, +https://gitlab.com/bhavyanshu/chatbase-php, +https://gitlab.com/GeneralProtocols/priceoracle/library, +https://gitlab.com/csb.ethz/PolyRound, +https://gitlab.com/blueoakinteractive/boi_ci, +https://gitlab.com/shiros/luna/luna, +https://gitlab.com/beyondtracks/spritezero-cli, +https://gitlab.com/2WeltenChris/collection-red, +https://gitlab.com/Syroot/Worms, +https://gitlab.com/soykje/lscss, +https://gitlab.com/imp/pager-rs, +https://gitlab.com/hfiguiere/midi-control, +https://gitlab.com/benvial/pygetdp, +https://gitlab.com/iam-cms/workflows/xmlhelpy, +https://gitlab.com/markdown-meta-extension/markdown-meta-extension, +https://gitlab.com/robot_accomplice/configamajig, +https://gitlab.com/kraxel/virt-firmware, +https://gitlab.com/nickshine/glt, +https://gitlab.com/n1_/eagle, +https://gitlab.com/JakobDev/jdMinecraftLauncher, +https://gitlab.com/Arno500/plex-richpresence, +https://gitlab.com/sunpeek/sunpeek, +https://gitlab.com/jamietanna/httptest-openapi, +https://gitlab.com/beyondbitcoin/wlsjs, +https://gitlab.com/opennota/widdly, +https://gitlab.com/opencraft/dev/providence, +https://gitlab.com/rhksm4/rhksm4, +https://gitlab.com/maximdeclercq/parsli-rs, +https://gitlab.com/dpizetta/mrsprint, +https://gitlab.com/Stuermer/pyechelle, +https://gitlab.com/scion-scxml/core, +https://gitlab.com/deviosec/octp, +https://gitlab.com/leipert-projects/npm-packages, +https://gitlab.com/stinovlas/django-dkim, +https://gitlab.com/MatteoCampinoti94/falocalrepo-database, +https://gitlab.com/hfernh/iwdgui, +https://gitlab.com/r-iendo/v_eval, +https://gitlab.com/LMSAL_HUB/iris_hub/irispy-lmsal, +https://gitlab.com/itentialopensource/adapter-utils, +https://gitlab.com/purdue-informatics/studiokit/studiokit-scaffolding-js, +https://gitlab.com/sequence/core, +https://gitlab.com/elise/pwn-helper, +https://gitlab.com/creato/pub-sub, +https://gitlab.com/Chips4Makers/c4m-pdk-freepdk45, +https://gitlab.com/organon-os/autonon, +https://gitlab.com/pwoolcoc/cmudict, +https://gitlab.com/joelostblom/session_info, +https://gitlab.com/commonshost/goh, +https://gitlab.com/Syroot/KnownFolders, +https://gitlab.com/chartwerk/line-pod, +https://gitlab.com/reviewdog/reviewdog, +https://gitlab.com/stanislavhacker/servant, +https://gitlab.com/jsass/jsass, +https://gitlab.com/SaikoJosh/safe-env-vars, +https://gitlab.com/bbbatscale/bbbatscale-agent, +https://gitlab.com/hyper-expanse/open-source/npm-deploy-git-tag, +https://gitlab.com/elyez/gateway, +https://gitlab.com/fame-framework/fame-core, +https://gitlab.com/evernym/mobile/react-native-white-label-app, +https://gitlab.com/pushrocks/gulp-function, +https://gitlab.com/4degrees/riffle, +https://gitlab.com/burke-software/django-rest-mfa, +https://gitlab.com/attakei/yagura, +https://gitlab.com/leschiassons/tools/mir, +https://gitlab.com/DeqiTang/pymatflow, +https://gitlab.com/le7el/build/web3_wallet, +https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python, +https://gitlab.com/rubdos/pyreflink, +https://gitlab.com/rust-kqueue/rust-kqueue, +https://gitlab.com/eyeo/machine-learning/admincer, +https://gitlab.com/benoit.lavorata/node-red-contrib-mattermost-ws, +https://gitlab.com/eputs/ev-fleet-sim, +https://gitlab.com/rodrigobuas/microservice-controller, +https://gitlab.com/healthdatahub/tsfaker, +https://gitlab.com/chaica/remindr, +https://gitlab.com/Chips4Makers/PDKMaster, +https://gitlab.com/mayan-edms/exif, +https://gitlab.com/neogrid-technologies-public/preheat-open-python, +https://gitlab.com/nfriend/ts-key-enum, +https://gitlab.com/gitlab-org/allocations, +https://gitlab.com/dns2utf8/parse_int, +https://gitlab.com/stopdiiacity/stopdiiacity.netlify.app, +https://gitlab.com/nbdkit/libnbd, +https://gitlab.com/rathil/rdi, +https://gitlab.com/etherlab.org/pdcom, +https://gitlab.com/dadangnh/djp-iam, +https://gitlab.com/MassiminoilTrace/airone, +https://gitlab.com/ccrpc/webmapgl, +https://gitlab.com/eyeo/auxiliary/eyeo-coding-style, +https://gitlab.com/sequoia-pgp/nettle-rs, +https://gitlab.com/simspace-oss/trout, +https://gitlab.com/hyper-expanse/open-source/configuration-packages/gitlab-config, +https://gitlab.com/jplusplus/sanitize-filename, +https://gitlab.com/eliasdorneles/beyondvcr, +https://gitlab.com/namnh240795/react-native-simple-code-input, +https://gitlab.com/everyonecancontribute/workshops/kube-simplify/k8s-o11y-2022, +https://gitlab.com/ijackson/rust-shellexpand, +https://gitlab.com/sebdeckers/babel-plugin-transform-commonjs-es2015-modules, +https://gitlab.com/itorre/diffusive_solver, +https://gitlab.com/mocchapi/pyterminal, +https://gitlab.com/rodrigo.schwencke/mkdocs-graphviz, +https://gitlab.com/guilhermigg/notyon, +https://gitlab.com/redballoonsecurity/synthol, +https://gitlab.com/rodrigobuas/micro-domain, +https://gitlab.com/rvdg/ajsonapi, +https://gitlab.com/gitlab-org/professional-services-automation/tools/utilities/evaluate, +https://gitlab.com/rapiddweller/benerator/rapiddweller-benerator-ce, +https://gitlab.com/distributed_lab/figure, +https://gitlab.com/shop-system2/go-libs, +https://gitlab.com/radiology/infrastructure/fastr, +https://gitlab.com/spirostack/saltlab, +https://gitlab.com/gabeguz/ecowitt, +https://gitlab.com/erictgrubaugh/jsdoc-plugin-suitescript, +https://gitlab.com/oleksandromelchuk/rust-osm-reader, +https://gitlab.com/bearjaws/cluttr, +https://gitlab.com/mekagoza/rando, +https://gitlab.com/kirbyzone/sitemapper, +https://gitlab.com/piglet-plays/serverboy.js, +https://gitlab.com/euri10/aiosqlembic, +https://gitlab.com/skosh/falcon-helpers, +https://gitlab.com/mechaxl/dds-rs, +https://gitlab.com/openpatch/ui-core, +https://gitlab.com/ra_kete/android-sparse-rs, +https://gitlab.com/sbaeumlisberger/virtualizing-wrap-panel, +https://gitlab.com/minds/web3modal-ts, +https://gitlab.com/cyberbudy/django-vuejs-translate, +https://gitlab.com/gitlab-org/gitlab-test, +https://gitlab.com/cyverse/cacao, +https://gitlab.com/dheid/colorpicker, +https://gitlab.com/naufraghi/gitlab-butler, +https://gitlab.com/pika-lab/tuprolog/2p, +https://gitlab.com/spatialnetworkslab/florence, +https://gitlab.com/commonshost/goth, +https://gitlab.com/Marrigoni/spinney, +https://gitlab.com/staltz/vue-lens-mixin, +https://gitlab.com/GrosSacASac/blog-engine-z, +https://gitlab.com/coroner/cryptoparser, +https://gitlab.com/alienspaces/arena-tactics, +https://gitlab.com/Chill-Projet/chill-bundles, +https://gitlab.com/heingroup/hein_utilities, +https://gitlab.com/ase/ase_ext, +https://gitlab.com/dAnjou/mountebank-ldap, +https://gitlab.com/pedropombeiro/qnapexporter, +https://gitlab.com/mgoral/twc, +https://gitlab.com/cvejarano-oss/cmapy, +https://gitlab.com/samaresengineeringpublic/samaresmbseframework, +https://gitlab.com/keithasaurus/simple_html, +https://gitlab.com/domatskiy/laravel-html-cache, +https://gitlab.com/ayanaware/bento-rest, +https://gitlab.com/nTopus/cy-mobile-commands, +https://gitlab.com/mexus/rustup-components-availability, +https://gitlab.com/htgoebel/OSD-Neo2, +https://gitlab.com/guenoledc-perso/keycloak/rest-authenticator, +https://gitlab.com/nathanfaucett/rs-specs_sprite, +https://gitlab.com/qwolphin/django-shts3, +https://gitlab.com/mikk150/yii2-asset-manager-flysystem, +https://gitlab.com/gitlab-org/frontend/eslint-plugin-i18n, +https://gitlab.com/energievalsabbia/aurorapy, +https://gitlab.com/jfolz/crumpets, +https://gitlab.com/frontierdevelopmentlab/space-resources/graphery, +https://gitlab.com/chartwerk/core, +https://gitlab.com/gambry/pattern-twig-extension, +https://gitlab.com/nash-io-public/api-client-typescript, +https://gitlab.com/glts/viaspf, +https://gitlab.com/elixxir/comms, +https://gitlab.com/newebtime/pyrocms/portfolio-module, +https://gitlab.com/alelec/aioeasywebdav, +https://gitlab.com/news-flash/feedly_api, +https://gitlab.com/sequoia-pgp/keyring-linter, +https://gitlab.com/jeffrey-xiao/neso-rs, +https://gitlab.com/adaptivestone/framework, +https://gitlab.com/gemte/evagjs, +https://gitlab.com/eeriksp/django-model-choices, +https://gitlab.com/sebdeckers/fastify-tls-keygen, +https://gitlab.com/alcastle/dyndns, +https://gitlab.com/contextualcode/ezplatform-content-packages, +https://gitlab.com/pomma89/troschuetz-random, +https://gitlab.com/lionsracing/candas, +https://gitlab.com/gitlab-org/security-products/analyzers/klar, +https://gitlab.com/NonFactors/AspNetCore.Lookup, +https://gitlab.com/alelec/nuitka-setuptools, +https://gitlab.com/fantaz/simple_shock_tube_calculator, +https://gitlab.com/geomdata/hiveplotlib, +https://gitlab.com/ian-s-mcb/smigle-hugo-theme, +https://gitlab.com/mburkard/chroma-formatter, +https://gitlab.com/camd/qeh, +https://gitlab.com/martinbaun/swat-em, +https://gitlab.com/dannymatkovsky/strapi-plugin-html-wysiwyg, +https://gitlab.com/shdh/falcon-prometheus, +https://gitlab.com/ncbipy/entrezpy, +https://gitlab.com/Redrield/nt-rs, +https://gitlab.com/cyberbudy/django-postie, +https://gitlab.com/salvo981/sonicparanoid2, +https://gitlab.com/jakelazaroff/radish, +https://gitlab.com/demita/egglib, +https://gitlab.com/Friz64/erupt-bootstrap, +https://gitlab.com/andrewleech/devpi-gitlab-auth, +https://gitlab.com/Rich-Harris/pathologist, +https://gitlab.com/mbarkhau/pretty-traceback, +https://gitlab.com/bioslide/slideio, +https://gitlab.com/digiresilience/link/quepasa, +https://gitlab.com/avarf/code2graph, +https://gitlab.com/klikini/doorbirdpy, +https://gitlab.com/gitlab-org/gitlab_emoji, +https://gitlab.com/gitlab-org/vulnerability-research/foss/vulninfo/vulninfo-go, +https://gitlab.com/coboxcoop/server, +https://gitlab.com/ruivieira/matplotrust, +https://gitlab.com/bashy/Laravel-CampaignMonitor, +https://gitlab.com/elrnv/gut, +https://gitlab.com/jaxnet/jaxnetd, +https://gitlab.com/hackancuba/blake2signer, +https://gitlab.com/mironet/magnolia-backup, +https://gitlab.com/librecube/lib/python-cfdp, +https://gitlab.com/legoktm/subdown3, +https://gitlab.com/damiencalloway/tasket, +https://gitlab.com/fame2/fame-py, +https://gitlab.com/oer/oer-reveal, +https://gitlab.com/dragonblade/luallaby, +https://gitlab.com/r3dlight/leguichet, +https://gitlab.com/flomertens/nenucal-cd, +https://gitlab.com/pentagonum/gled, +https://gitlab.com/orbica/vue-form-wizard-2, +https://gitlab.com/nextdft/eminus, +https://gitlab.com/Chips4Makers/c4m-pdk-sky130, +https://gitlab.com/mjwhitta/win, +https://gitlab.com/hectorjsmith/csharp-performance-recorder, +https://gitlab.com/2411eliko/tele, +https://gitlab.com/sthesing/libzettels, +https://gitlab.com/Dominik1123/dipas, +https://gitlab.com/slyatwork/photobook, +https://gitlab.com/rust-algorithms/queues, +https://gitlab.com/documatt/sphinxcontrib-constdata, +https://gitlab.com/defcronyke/signal-gen-cjds66, +https://gitlab.com/malie-library/malie, +https://gitlab.com/coderscare/l10nmgr, +https://gitlab.com/hatricker/etherbeat, +https://gitlab.com/librecube/lib/python-sle, +https://gitlab.com/firelizzard/vscode-go-test-adapter, +https://gitlab.com/metahkg/metahkg-web, +https://gitlab.com/blacknet-ninja/blacknetjs-lib, +https://gitlab.com/serpro/double-agent-validator, +https://gitlab.com/nesstero/Al-Quran-Rofi, +https://gitlab.com/kauriid/schnorrpy, +https://gitlab.com/nmb94/link-preview, +https://gitlab.com/xuri/excelize, +https://gitlab.com/victor-engmark/vcard, +https://gitlab.com/tekne/rain, +https://gitlab.com/tenkiv/software/kuantify, +https://gitlab.com/yakshaving.art/hurrdurr, +https://gitlab.com/taurus-org/taurus_pyqtgraph, +https://gitlab.com/wwnorton/platform/design-system, +https://gitlab.com/uncrns/gitlab-job-exec, +https://gitlab.com/twoBirds/twobirds-core, +https://gitlab.com/thelabnyc/django-shopify-abandoned-checkout, +https://gitlab.com/Toru3/momen, +https://gitlab.com/tokend/tokend-cli, +https://gitlab.com/the-plant/raspi-lora, +https://gitlab.com/the-language/lua2rust, +https://gitlab.com/wholesail-oss/assisted-inject, +https://gitlab.com/timvisee/wikitrans, +https://gitlab.com/vmedea/rexpaint-rs, +https://gitlab.com/thainph/i18n-generator, +https://gitlab.com/twittner/holly, +https://gitlab.com/wpk-/alwaysdata-api, +https://gitlab.com/vmware/idem/idem-codegen, +https://gitlab.com/tripetto/runners/classic, +https://gitlab.com/tkog/pydecs, +https://gitlab.com/timvisee/version-compare, +https://gitlab.com/xxaccexx/tester, +https://gitlab.com/WoWnikCompany/frontend-core, +https://gitlab.com/terraria-converters/terraria-pc-player-api, +https://gitlab.com/tymonx/go-logger, +https://gitlab.com/xiayesuifeng/gopanel-web, +https://gitlab.com/thibaudlabat/paf, +https://gitlab.com/universa/universa, +https://gitlab.com/td7x/s6, +https://gitlab.com/tisaac/recursivenodes, +https://gitlab.com/ydkn/capistrano-git-copy-bundle, +https://gitlab.com/vicary/appsync-schema-converter, +https://gitlab.com/zerok/kubeselect, +https://gitlab.com/tripetto/blocks/boilerplate, +https://gitlab.com/ydkn/capistrano-logtail, +https://gitlab.com/ymd_h/gym-notebook-wrapper, +https://gitlab.com/worldbug/storage-examples, +https://gitlab.com/yorickpeterse/wepoll-binding, +https://gitlab.com/unit410/gcp-ssh-ca, +https://gitlab.com/tendsinmende/dager, +https://gitlab.com/tarcisioe/carl, +https://gitlab.com/thorchain/bifrost/txscript, +https://gitlab.com/TecHoof/v-lang-plugin, +https://gitlab.com/tuflow/tfv, +https://gitlab.com/tdely/freischutz, +https://gitlab.com/webuby/mangakakalot.py, +https://gitlab.com/tkaratug/titan, +https://gitlab.com/zach-geek/aframe-enviropacks, +https://gitlab.com/zacryol/butlerswarm, +https://gitlab.com/tardi/medusa, +https://gitlab.com/unit410/vault-shamir, +https://gitlab.com/wildland/corex/wildland-core, +https://gitlab.com/timvisee/chbs, +https://gitlab.com/zeen3/md-clone, +https://gitlab.com/totol.toolsuite/instagram-graph-fetcher-js, +https://gitlab.com/zetok/epaste, +https://gitlab.com/thelabnyc/instrumented-soap, +https://gitlab.com/vladaburian/pyfrpc, +https://gitlab.com/tymonx/xlogic-toolchain, +https://gitlab.com/xano/js-sdk, +https://gitlab.com/Wacton/Desu, +https://gitlab.com/wallzero/ui-router-react-digest, +https://gitlab.com/vsichka/ua-en-translit.npm, +https://gitlab.com/zeograd/rnsutils, +https://gitlab.com/wizbii-open-source/mongo-bundle, +https://gitlab.com/tjvb/laravel-dashboard-packagist-tile, +https://gitlab.com/tkutcher/prettyrepo, +https://gitlab.com/tglman/persy_expimp, +https://gitlab.com/universal-playlist/pls2upl, +https://gitlab.com/ultreiaio/gitlab-maven-plugin, +https://gitlab.com/yetopen/yii2-usuario-ldap, +https://gitlab.com/wordpress-premium/wpseo-premium, +https://gitlab.com/vip93951247/lavi, +https://gitlab.com/toastal/dhall-webmanifest, +https://gitlab.com/whyhankee/wlg, +https://gitlab.com/Toru3/ring-algorithm, +https://gitlab.com/yogeshkamble/flask-filters, +https://gitlab.com/yang.wu/antiaddiction, +https://gitlab.com/zaaksysteem/zaaksysteem-frontend-mono, +https://gitlab.com/VitorVasconcellos/secure_context, +https://gitlab.com/thvdveld/canvasapi, +https://gitlab.com/thainph/filemanager, +https://gitlab.com/uptodown/random-username-generator, +https://gitlab.com/tspiteri/rox, +https://gitlab.com/timvisee/rust-clipboard-ext, +https://gitlab.com/xgqt/mydot, +https://gitlab.com/usaepay/sdk/php, +https://gitlab.com/twentyeight7/alexa-app-savant, +https://gitlab.com/umitop/umid, +https://gitlab.com/testycool/server, +https://gitlab.com/tramwayjs/tramway-core, +https://gitlab.com/x.laylatichy.x/nano, +https://gitlab.com/what-digital/djangocms-helpers, +https://gitlab.com/yaal/readonlystorage, +https://gitlab.com/ugachain/generator-jhipster-blockchain, +https://gitlab.com/Valtech-Amsterdam/AspnetCoreHoneyPot, +https://gitlab.com/thelabnyc/django-exact-target, +https://gitlab.com/ulrichntella/laravel5-repository, +https://gitlab.com/zyrorl/broadlink, +https://gitlab.com/WillDaSilva/flit_scm, +https://gitlab.com/vmedea/glk-rs, +https://gitlab.com/zedtux/changelog-notifier, +https://gitlab.com/vinm/vinm-cli, +https://gitlab.com/Taywee/asyncinotify, +https://gitlab.com/xythrez/musct, +https://gitlab.com/yaal/pytest-libfaketime, +https://gitlab.com/tripetto/runners/chat, +https://gitlab.com/takluyver/keyring_jeepney, +https://gitlab.com/vstconsulting/polemarch-ansible, +https://gitlab.com/yaq/yaqd-core-python, +https://gitlab.com/unibuc/graphomaly/graphomaly, +https://gitlab.com/vmware/pop/rend, +https://gitlab.com/zedtux/restful-json-api-client, +https://gitlab.com/TincaTibo/timeline, +https://gitlab.com/timvisee/copypasta-ext, +https://gitlab.com/verenigingcoin-public/coin-sdk-python, +https://gitlab.com/vmware/idem/idem-azure, +https://gitlab.com/thelabnyc/certbot-django, +https://gitlab.com/thelabnyc/wagtail-links, +https://gitlab.com/x-doggy/border-comment-builder, +https://gitlab.com/waser-technologies/technologies/assistant, +https://gitlab.com/tmkn/django-basic-auth-ip-whitelist, +https://gitlab.com/valeth/wanikani.rs, +https://gitlab.com/william-richard/chili-pepper, +https://gitlab.com/tramwayjs/tramway-core-dependency-injector, +https://gitlab.com/tango-controls/tango-rs, +https://gitlab.com/theplenkov-npm/express-sapui5, +https://gitlab.com/tobias47n9e/angular-fluent, +https://gitlab.com/teknopaul/romp, +https://gitlab.com/truthy/truth-runner, +https://gitlab.com/valerio-vaccaro/liquidissuer, +https://gitlab.com/tozd/go/errors, +https://gitlab.com/vkrava4/avro-converter, +https://gitlab.com/tezos-paris-hub/rarible/rarible-backend, +https://gitlab.com/yaq/yaqd-control, +https://gitlab.com/ultreiaio/ifremer-cali, +https://gitlab.com/yookoala/scraparser, +https://gitlab.com/yaq/thorlabs-apt-protocol, +https://gitlab.com/viu/launchpad, +https://gitlab.com/zef1r/mockify, +https://gitlab.com/whom/shs, +https://gitlab.com/tanna.dev/renovate-graph, +https://gitlab.com/what-digital/djangocms-link-all, +https://gitlab.com/forkbomb9/human_bytes-rs, +https://gitlab.com/semkodev/field.cli, +https://gitlab.com/ngxa/testing, +https://gitlab.com/csb.ethz/efmtool, +https://gitlab.com/initforthe/stimulus-existence, +https://gitlab.com/parkerowan/librtx, +https://gitlab.com/mcepl/lua_table, +https://gitlab.com/soxzz/openrp, +https://gitlab.com/grizzzly/kalibri, +https://gitlab.com/megabyte-labs/go/cli/bodega, +https://gitlab.com/rh-kernel-stqe/python-stqe, +https://gitlab.com/jacksarick/elding, +https://gitlab.com/dacs-hpi/deepac, +https://gitlab.com/jrobsonchase/async-codec, +https://gitlab.com/griest/vue-component-proxy, +https://gitlab.com/aochoae/gitlab-api-php, +https://gitlab.com/e.ribeirosabidussi/emcqmri, +https://gitlab.com/enitoni-gears/gears-discordjs, +https://gitlab.com/elad.noor/equilibrator-cache, +https://gitlab.com/natade-coco/pocket-sdk, +https://gitlab.com/ArthurCrl/endymion, +https://gitlab.com/mergetb/site, +https://gitlab.com/AnDroidEL/requestcep, +https://gitlab.com/ml4science/mldas, +https://gitlab.com/Maarrk/lidia, +https://gitlab.com/easy-ansi/easy-ansi, +https://gitlab.com/LCaraccio/tes-lib, +https://gitlab.com/andreas_krueger_py/adif_io, +https://gitlab.com/mpapp-public/manuscripts-json-schema, +https://gitlab.com/libreops/doh-cli, +https://gitlab.com/prarit/rhstatus, +https://gitlab.com/heingroup/new_era, +https://gitlab.com/facingBackwards/enquiries, +https://gitlab.com/chrysn/eltakobus, +https://gitlab.com/jexler/grengine, +https://gitlab.com/hipdevteam/advanced-custom-fields-pro, +https://gitlab.com/nescience/machine_learning, +https://gitlab.com/mbarkhau/pylint-ignore, +https://gitlab.com/rotty/cargo-parcel, +https://gitlab.com/paveltizek/gitlab-api, +https://gitlab.com/rethink-wordpress/wpvm, +https://gitlab.com/sray/cmu-ta2, +https://gitlab.com/barry.van.acker/generational-indextree, +https://gitlab.com/floers/gtk-rust-app, +https://gitlab.com/avandesa/candid-rs, +https://gitlab.com/newbranltd/server-io-core, +https://gitlab.com/ayana/tools/eslint-config, +https://gitlab.com/cortext/cortext-methods/parscival, +https://gitlab.com/cantonios/eigen, +https://gitlab.com/gerbolyze/gerbonara, +https://gitlab.com/ruivieira/random-forests, +https://gitlab.com/cocainefarm/libquassel, +https://gitlab.com/john.carroll.p/ts-decoders, +https://gitlab.com/MiMiC-projects/mimicpy, +https://gitlab.com/modding-openmw/modhelpertool, +https://gitlab.com/otafablab/otarustlings, +https://gitlab.com/eliobones/bones, +https://gitlab.com/genesismobo/gmqtt, +https://gitlab.com/lercher/temporal-sqls, +https://gitlab.com/dmatryus.sqrt49/stat_box, +https://gitlab.com/coboxcoop/multifeed, +https://gitlab.com/sgrignard/sqlite_numpy, +https://gitlab.com/0bs1d1an/thns, +https://gitlab.com/acoustofluidics/osaft, +https://gitlab.com/parob/graphql-api, +https://gitlab.com/studentmain/socks6, +https://gitlab.com/JoD/exact, +https://gitlab.com/ixti/redis-throttle, +https://gitlab.com/rubdos/cffipp, +https://gitlab.com/horihiro/osc-client-theta_s, +https://gitlab.com/rki_bioinformatics/DeePaC, +https://gitlab.com/mreijnders/crowdgo, +https://gitlab.com/Humanfork/bootconfig2adoc, +https://gitlab.com/SchoolOrchestration/libs/dj-actions, +https://gitlab.com/jdesodt/seneca-entity-crud, +https://gitlab.com/litesync/litesync-python3, +https://gitlab.com/lavitto/typo3-icon-content, +https://gitlab.com/MatthiasLohr/helm-sign, +https://gitlab.com/logotype/fixparser, +https://gitlab.com/eburling/grapheno, +https://gitlab.com/msrd0/gotham-restful, +https://gitlab.com/artgam3s/public-libraries/rust/rpa, +https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-sdmxjs, +https://gitlab.com/ei-dev/scitu/oauth2/django-tuauth, +https://gitlab.com/fatihirday/fthelper, +https://gitlab.com/hkos/openpgp-card, +https://gitlab.com/braniii/decorit, +https://gitlab.com/globalid/opensource/web-client-launcher, +https://gitlab.com/jesseds/apav, +https://gitlab.com/da_doomer/hyperdim, +https://gitlab.com/slugbugblue/trax, +https://gitlab.com/eyeo/developer-experience/get-browser-binary, +https://gitlab.com/mcmfb/lambda-calculator, +https://gitlab.com/protobuf-tools/proto_domain_converter, +https://gitlab.com/artur-scholz/stretchy-client, +https://gitlab.com/jimsy/wrc, +https://gitlab.com/cjmchad/homebridge-mca66-plugin, +https://gitlab.com/news-flash/greader_api, +https://gitlab.com/jules.rigaudie/dnsfaster, +https://gitlab.com/pyus/pyus, +https://gitlab.com/francesco-calcavecchia/model_quality_report, +https://gitlab.com/olanguage/olang, +https://gitlab.com/finally-a-fast/fafcms, +https://gitlab.com/cerfacs/h5cross, +https://gitlab.com/pycqa/flake8-polyfill, +https://gitlab.com/symetrical/symetrical, +https://gitlab.com/maniascript/mslint, +https://gitlab.com/mkleehammer/pepperssh, +https://gitlab.com/nobodyinperson/thunar-plugins, +https://gitlab.com/ArcaneSoftware/svelte-notion, +https://gitlab.com/pvst/asi, +https://gitlab.com/Shinobi-Systems/shinobi-worker, +https://gitlab.com/scgps-data-pub-api/telemetry-general, +https://gitlab.com/jcarr0/moving_gc_arena, +https://gitlab.com/MaienM/pytest-depends, +https://gitlab.com/demsking/vue-cli-plugin-env-validator, +https://gitlab.com/scythe-infra/scythe, +https://gitlab.com/cznic/y, +https://gitlab.com/oscar6echo/ipyiframe, +https://gitlab.com/qualikiz-group/QLKNN-fortran, +https://gitlab.com/ACP3/cms, +https://gitlab.com/dark0dave/reversible-human-readable-id, +https://gitlab.com/plopgrizzly/audio/pitch, +https://gitlab.com/mbarkhau/markdown-svgbob, +https://gitlab.com/misp44/telepathy, +https://gitlab.com/mburkard/cloud-eventful, +https://gitlab.com/eyeo/adblockplus/abc/abp2dnr, +https://gitlab.com/hadi.aghandeh/iranshippingprice, +https://gitlab.com/somberdemise/discord-rpc.py, +https://gitlab.com/rockettpw/seo/jumplinks-one, +https://gitlab.com/amentis/oapi_generator, +https://gitlab.com/seamsay/reingold-tilford, +https://gitlab.com/gitlab-org/fleeting/fleeting, +https://gitlab.com/monogoto.io/node-red-contrib-context-editor, +https://gitlab.com/ccckmit/ph6, +https://gitlab.com/sis-cc/.stat-suite/dotstatsuite-visions, +https://gitlab.com/Aubichol/hrishi-backend, +https://gitlab.com/linkfast/oss/exengine, +https://gitlab.com/dicr/yii2-exchange1c, +https://gitlab.com/refurbed-community/oss/protoc-gen-go-hash, +https://gitlab.com/arbitrix/winlog, +https://gitlab.com/ricvelozo/brids-rs, +https://gitlab.com/sverweij/state-machine-cat, +https://gitlab.com/maruru/hashnodeapi, +https://gitlab.com/mburkard/chroma-logging, +https://gitlab.com/jsonsonson/wily-cli, +https://gitlab.com/nathanfaucett/rs-polygon2, +https://gitlab.com/maribedran/tapioca-camara, +https://gitlab.com/rapiddweller/benerator/rd-lib-common, +https://gitlab.com/babiaxr/aframe-babia-components, +https://gitlab.com/mbarkhau/markdown_aafigure, +https://gitlab.com/jgonggrijp/wontache, +https://gitlab.com/american-space-software/mfdb, +https://gitlab.com/hyperd/piphyperd, +https://gitlab.com/manuel.richter95/leaflet.notifications, +https://gitlab.com/koalalorenzo/gomeme, +https://gitlab.com/aapjeisbaas/bol, +https://gitlab.com/digitalarc/simplepki, +https://gitlab.com/ssprang/langtons-termite, +https://gitlab.com/cadix/flysystem-sharepoint-adapter, +https://gitlab.com/keltiotechnology/keltio-products/secenv, +https://gitlab.com/gitlab-com/gl-infra/esquery, +https://gitlab.com/magnum.np/magnum.np, +https://gitlab.com/square-game-liberation-front/jubeatools, +https://gitlab.com/nunet/nunet-token-contracts, +https://gitlab.com/metafence/kvledger, +https://gitlab.com/salaxy/salaxy-lib-ng1, +https://gitlab.com/marcianobarros/python4dbi, +https://gitlab.com/gitlab-org/security-products/analyzers/report, +https://gitlab.com/coala/coala-json, +https://gitlab.com/mergetb/tech/cogs, +https://gitlab.com/mousetail/simple-flask-cms, +https://gitlab.com/robigalia/sel4, +https://gitlab.com/CalyxOS/device-flasher, +https://gitlab.com/benkuly/matrix-spring-boot-sdk, +https://gitlab.com/cleaninsights/clean-insights-android-sdk, +https://gitlab.com/david.lucsanyi/cosmix, +https://gitlab.com/adrian.budau/input-stream, +https://gitlab.com/alienspaces/go-mud, +https://gitlab.com/news-flash/article_scraper, +https://gitlab.com/proscom/ui, +https://gitlab.com/samueldumont/python-cowboy-bike, +https://gitlab.com/Linaro/tuxpub, +https://gitlab.com/fpob-dev/yumemi, +https://gitlab.com/jtimmons/nestjs-grpc-reflection-module, +https://gitlab.com/kuadrado-software/mentalo-engine, +https://gitlab.com/cznic/mathutil, +https://gitlab.com/qualified/attach, +https://gitlab.com/skynxt/migretor, +https://gitlab.com/miam/ng-miam-sdk, +https://gitlab.com/colcrunch/aa-moonstuff, +https://gitlab.com/accumulatenetwork/accumulate.js, +https://gitlab.com/mnemotix/weever-community/weever-core, +https://gitlab.com/kamichal/yawrap, +https://gitlab.com/FeniXEngineMV/plugins, +https://gitlab.com/fame-framework/fame-gui, +https://gitlab.com/flakroup/flakessentials, +https://gitlab.com/bahmutov/batched-semantic-release, +https://gitlab.com/littlefork/littlefork, +https://gitlab.com/geoadmin-opensource/django-tilestache, +https://gitlab.com/saibatizoku/font8x8-rs, +https://gitlab.com/ix.ai/crypto-exporter, +https://gitlab.com/rockettpw/seo/markup-sitemap, +https://gitlab.com/go-box/ginraymond, +https://gitlab.com/mkourim/cfme-testcases, +https://gitlab.com/DPDmancul/fidx, +https://gitlab.com/eddi.bravo/checkerbl, +https://gitlab.com/metahkg/metahkg-server, +https://gitlab.com/aboutyou/public/admin-api-php-sdk, +https://gitlab.com/itentialopensource/applications/app-network_tools, +https://gitlab.com/itentialopensource/pre-built-automations/cisco-ios-xr-upgrade, +https://gitlab.com/bit-refined/meiosis, +https://gitlab.com/BrightOpen/BackYard/termit, +https://gitlab.com/mpv-ipc/mpvipc, +https://gitlab.com/commonshost/sherlock, +https://gitlab.com/DmnChzl/CRA-Template-Monument-Valley, +https://gitlab.com/lu-ka/geopipe, +https://gitlab.com/datadrivendiscovery/tests-data, +https://gitlab.com/rapiddweller/benerator/rd-lib-jdbacl, +https://gitlab.com/lramage/mkdocs-cordova-plugin, +https://gitlab.com/libresat/libresat, +https://gitlab.com/BuildStream/bst-plugins-container, +https://gitlab.com/coliss86/go-gallery, +https://gitlab.com/shardus/archive/archive-server, +https://gitlab.com/gitlab-org/ci-cd/gitlab-runner-ubi-images, +https://gitlab.com/nesstero/quran-id, +https://gitlab.com/integer32llc/cargo-doc-coverage, +https://gitlab.com/jespertheend/homebridge-nuimo-click, +https://gitlab.com/heingroup/ismatec, +https://gitlab.com/matpi/html-diff, +https://gitlab.com/jomcraft-sources/defaultsettings, +https://gitlab.com/alelec/structured_config, +https://gitlab.com/lapt0r/border-collie, +https://gitlab.com/NERSC/pandas-sacct, +https://gitlab.com/mkleehammer/servant, +https://gitlab.com/guitcastro/idw, +https://gitlab.com/beeper/standupbot, +https://gitlab.com/evoc-learn-group/evoc-learn-core, +https://gitlab.com/IvanSanchez/arrugator, +https://gitlab.com/serial-lab/quartet_epcis, +https://gitlab.com/gitlab-org/security-products/analyzers/eslint, +https://gitlab.com/empa503/remote-sensing/ddeq, +https://gitlab.com/benjamin.lemelin/dodo, +https://gitlab.com/codesigntheory/python-sslcommerz-client, +https://gitlab.com/scphantm/antora-apidocs-extension, +https://gitlab.com/jlecomte/projects/python/flasket, +https://gitlab.com/finite-loop/flutils, +https://gitlab.com/schrieveslaach/oxidized-mdf, +https://gitlab.com/frond/coordinate-formats, +https://gitlab.com/dr.sybren/blender-asset-tracer, +https://gitlab.com/itentialopensource/pre-built-automations/cisco-ios-upgrade, +https://gitlab.com/kastielspb/django-script-pattern, +https://gitlab.com/sensative/strips-lora-translator-open-source, +https://gitlab.com/onepoint/junit-5-extensions, +https://gitlab.com/mjwhitta/artty, +https://gitlab.com/mrvik/jdrive, +https://gitlab.com/babaMar/soundfactory, +https://gitlab.com/arvidnl/pygments-michelson, +https://gitlab.com/gitlab-org/ci-cd/runner-tools/gitlab-changelog, +https://gitlab.com/rcmz0/libfivepy, +https://gitlab.com/andreas-mausch/exposed-migrations, +https://gitlab.com/ahau/ssb-profile, +https://gitlab.com/polychainlabs/gcp-ssh-ca, +https://gitlab.com/floers/minicaldav, +https://gitlab.com/ryanpavlik/proclamation, +https://gitlab.com/matzkin/headctools, +https://gitlab.com/nathanfaucett/rs-specs_time, +https://gitlab.com/cerfacs/ms_thermo, +https://gitlab.com/hermes-php/hermes-micro, +https://gitlab.com/janslow/gitlab-ci-variables, +https://gitlab.com/itentialopensource/adapters/devops-netops/adapter-github, +https://gitlab.com/Jlucas87/databaser, +https://gitlab.com/basraah/standingsrequests, +https://gitlab.com/distributed_lab/running, +https://gitlab.com/heyitscassio/deezgo, +https://gitlab.com/empowerlab/example, +https://gitlab.com/meaningfuldata/vula, +https://gitlab.com/ngx-library/ngx-library, +https://gitlab.com/IonicZoo/bird-format-pipe, +https://gitlab.com/heiw/uxcrudible, +https://gitlab.com/dirn/flake8-confusables, +https://gitlab.com/fabinfra/fabaccess/nfc_rs, +https://gitlab.com/axet/wget, +https://gitlab.com/acaijs/modules/server, +https://gitlab.com/guichet-entreprises.fr/information/reference, +https://gitlab.com/scemama/resultsFile, +https://gitlab.com/france-identite/rendez-vous-mairie, +https://gitlab.com/mpapp-public/sachs, +https://gitlab.com/sweetgum/nuxt-izitoast, +https://gitlab.com/Elypia/comcord, +https://gitlab.com/commonshost/gopherhole, +https://gitlab.com/smozjo/bridge-advanced, +https://gitlab.com/peter-rybar/peryl, +https://gitlab.com/garybell/password-validation, +https://gitlab.com/dawn_app/enum_delegate, +https://gitlab.com/kanban/kanban, +https://gitlab.com/eleanorofs/rescript-notifications, +https://gitlab.com/sebdeckers/base-emoji-512, +https://gitlab.com/nuno.miranda/s1-etad, +https://gitlab.com/nestlab/google-recaptcha, +https://gitlab.com/aldo.reset/c600g, +https://gitlab.com/julianthome/lingo-example, +https://gitlab.com/elixxir/gateway, +https://gitlab.com/fehrlich/vscode-debug-visualizer-py, +https://gitlab.com/smpkdev/compic10, +https://gitlab.com/florian.feppon/null-space-optimizer, +https://gitlab.com/saltstack/pop/grains, +https://gitlab.com/dlr-sc/gitcalendar, +https://gitlab.com/jlecomte/python/imxdparser, +https://gitlab.com/cap-public/coding-standard, +https://gitlab.com/gitlab-org/security-products/analyzers/flawfinder, +https://gitlab.com/priezz/color-term-console, +https://gitlab.com/rocket-boosters/pipper, +https://gitlab.com/MartijnBraam/pockethernet-protocol, +https://gitlab.com/Swedneck/simplematrixlib, +https://gitlab.com/mexus/fields-converter, +https://gitlab.com/griest/pixi-actor, +https://gitlab.com/Chrismettal/threedeploy, +https://gitlab.com/gitlab-org/frontend/eslint-plugin, +https://gitlab.com/passit/simple-asymmetric-js, +https://gitlab.com/shebinleovincent/pdf2html, +https://gitlab.com/nathanfaucett/rs-data_structure_traits, +https://gitlab.com/FCOO/ncgrow, +https://gitlab.com/szs/lic, +https://gitlab.com/redArch/wayland-screencopy-utilities, +https://gitlab.com/ivybus/ivy-python, +https://gitlab.com/djbaldey/django-directapps, +https://gitlab.com/IT-Berater/twblockchain, +https://gitlab.com/blackprotocol/monero-rpc, +https://gitlab.com/gitlab-com/gl-infra/redis-keyspace-analyzer, +https://gitlab.com/dsklar/pyrrha, +https://gitlab.com/tahoma-robotics/bear-simulation, +https://gitlab.com/mandalore/veritas, +https://gitlab.com/gitops-demo/apps/my-go-app5, +https://gitlab.com/cyclikal/cyckei, +https://gitlab.com/nunet/device-management-service, +https://gitlab.com/InstaffoOpenSource/DataScience/jsonschema-to-openapi, +https://gitlab.com/recommend.games/board-game-utils, +https://gitlab.com/alcibiade/midpoint-cli, +https://gitlab.com/ndmspc/react-ndmspc-core, +https://gitlab.com/codesketch/dino-express, +https://gitlab.com/schrieveslaach/NLPf, +https://gitlab.com/murchik/django-smelly-tokens, +https://gitlab.com/nathanfaucett/rs-bezier2, +https://gitlab.com/etke.cc/website, +https://gitlab.com/moduon/mrchef, +https://gitlab.com/chrisw/sheetsdb, +https://gitlab.com/leglesslamb/cellrs, +https://gitlab.com/sqs/web, +https://gitlab.com/rapiddweller/benerator/rd-lib-contiperf, +https://gitlab.com/gitlab-org/security-products/analyzers/bandit, +https://gitlab.com/papahippo/MusicRaft, +https://gitlab.com/dinhbinh1610/ejs-layout, +https://gitlab.com/MatteoCampinoti94/thetrove-downloader, +https://gitlab.com/dglaeser/fieldcompare, +https://gitlab.com/afshari9978/avishan, +https://gitlab.com/drb-python/drb, +https://gitlab.com/kevincox/simple-config-rs, +https://gitlab.com/larswirzenius/summain, +https://gitlab.com/CHESYA/vue-slim-stackedbar, +https://gitlab.com/fboisselier52/nestjs-console-oclif, +https://gitlab.com/havenofcode/challenge-run-counter/client, +https://gitlab.com/ayanaware/logger-api, +https://gitlab.com/slondr/rust-guile, +https://gitlab.com/kornelski/aom-decode, +https://gitlab.com/slax0rr/go-beer-api, +https://gitlab.com/monnify-public/monnify-android-sdk, +https://gitlab.com/h5cli/h5cli, +https://gitlab.com/gitlab-org/vulnerability-research/foss/go-fastregexp, +https://gitlab.com/quantlane/libs/aiopubsub, +https://gitlab.com/mayan-edms/document_renaming, +https://gitlab.com/lukas.bromig/sila2lib_implementations, +https://gitlab.com/flib99/i3-workspace-names, +https://gitlab.com/jarvis-network/core/market/ui, +https://gitlab.com/dmoonfire/semantic-release-dotnet, +https://gitlab.com/edthamm/fact-explorer, +https://gitlab.com/golinnstrument/linnstrument, +https://gitlab.com/ionburst/ionburst-sdk-net, +https://gitlab.com/sofer_mahir/escriptorium_python_connector, +https://gitlab.com/BrawlDB/brawlhalla-api, +https://gitlab.com/jeffrey-xiao/extended-collections-rs, +https://gitlab.com/geeks4change/hubs4change/h4c, +https://gitlab.com/nazarmx/mega, +https://gitlab.com/phs-rcg/data-forge, +https://gitlab.com/pgampe/authenticator, +https://gitlab.com/saltstack/pop/pop-create-idem, +https://gitlab.com/postadress/robotframework/robotframework-camunda, +https://gitlab.com/odoo-openupgrade-wizard/odoo-openupgrade-wizard, +https://gitlab.com/luminovo/public/reliesl, +https://gitlab.com/levinsen-software/warehouse-python, +https://gitlab.com/king011/go-socks5, +https://gitlab.com/mergetb/tech/rtnl, +https://gitlab.com/albalitz/mdbook-rss, +https://gitlab.com/ska-telescope/sdc/sdc2-scoring-utils, +https://gitlab.com/nazarmx/odbc-futures, +https://gitlab.com/genesismobo/gmqtt-client, +https://gitlab.com/nomalism-develop/api, +https://gitlab.com/burstdigital/open-source/burst-drupal-distribution, +https://gitlab.com/StraightOuttaCrompton/example-typescript-react-component-library, +https://gitlab.com/elioschemers/bones, +https://gitlab.com/geoip.network/cidr_man, +https://gitlab.com/qonfucius/kcfg, +https://gitlab.com/andwj/jeutool, +https://gitlab.com/protis/protis, +https://gitlab.com/c4341/easchersim, +https://gitlab.com/flomertens/ps_eor, +https://gitlab.com/larswirzenius/subplot, +https://gitlab.com/openmof/porE, +https://gitlab.com/freelancy/sxwnl4j, +https://gitlab.com/fboisselier52/eureka-synchronizer, +https://gitlab.com/radish/PyV4L2Camera, +https://gitlab.com/Rairden/sc2-replay-go, +https://gitlab.com/k377u/hiddenv, +https://gitlab.com/public-mint-community/publicmint-web3.js, +https://gitlab.com/alda78/auto-group, +https://gitlab.com/IPMsim/Virtual-IPM, +https://gitlab.com/nfriend/wordle-solver, +https://gitlab.com/ongresinc/scram, +https://gitlab.com/sebdeckers/cache-digest-immutable, +https://gitlab.com/hectorjsmith/excel-change-handler, +https://gitlab.com/igorzash/react-multi-thumb-slider, +https://gitlab.com/canarduck/systranio, +https://gitlab.com/md2x/md2pdf-client, +https://gitlab.com/nicocool84/pysignald-async, +https://gitlab.com/nannos/nannos, +https://gitlab.com/daffie/drumongous, +https://gitlab.com/RKIBioinformaticsPipelines/president, +https://gitlab.com/danieljrmay/pyinilint, +https://gitlab.com/lepovirta/netlify-deployer, +https://gitlab.com/max-centre/components/devicexlib, +https://gitlab.com/buzzcat/hexo-cookieconsent, +https://gitlab.com/balping/json-raw-encoder, +https://gitlab.com/rapiddweller/benerator/rd-lib-script, +https://gitlab.com/mohamnag/javafx-webview-debugger, +https://gitlab.com/Atrate/libgencheck, +https://gitlab.com/elixxir/ekv, +https://gitlab.com/sommd/certbot-gitlab, +https://gitlab.com/ccrpc/tip, +https://gitlab.com/chrisspen/burlap, +https://gitlab.com/ralf1307/ytcore, +https://gitlab.com/kockahonza/gbarpgmaker, +https://gitlab.com/biomedit/sett-rs, +https://gitlab.com/littlefork/littlefork-core, +https://gitlab.com/stater/node-bridge, +https://gitlab.com/staltz/too-hot, +https://gitlab.com/mmandrille/django-backup2csv, +https://gitlab.com/metahkg/metahkg-api, +https://gitlab.com/govbr-ds/dev/wbc/govbr-ds-wbc, +https://gitlab.com/marvin.vanaalst/moped, +https://gitlab.com/binarymist/mocksse, +https://gitlab.com/318h7/nlink, +https://gitlab.com/irsn/snitch-ci, +https://gitlab.com/samsartor/dynpool, +https://gitlab.com/staltz/pull-cpu-throttle, +https://gitlab.com/reactant/reactant, +https://gitlab.com/apti/apti, +https://gitlab.com/m03geek/fastify-rbac, +https://gitlab.com/notpushkin/docker-amend, +https://gitlab.com/sargunv-mc-mods/modsman, +https://gitlab.com/Makman2/qrpic, +https://gitlab.com/Owez/climake, +https://gitlab.com/lsascha/gitlab-slackbot, +https://gitlab.com/ongresinc/pgconfig-validator, +https://gitlab.com/ndmspc/react-ndmbase, +https://gitlab.com/nfriend/ts-git, +https://gitlab.com/Elypia/webhooker, +https://gitlab.com/spadarian/map-engine, +https://gitlab.com/gitlab-org/fleeting/fleeting-plugin-googlecompute, +https://gitlab.com/PunitSoniME/ng-password-validation, +https://gitlab.com/goxp/cloud0, +https://gitlab.com/cvpines/pysamplespace, +https://gitlab.com/dlr-ve/esy/amiris/examples, +https://gitlab.com/4geit/swagger-packages, +https://gitlab.com/dantuck/monee, +https://gitlab.com/ionburst/ionburst-sdk-go, +https://gitlab.com/jfolz/yfcc100m, +https://gitlab.com/KitaitiMakoto/epub-cfi, +https://gitlab.com/sequence/connectors/nuix, +https://gitlab.com/cryptexlabs/public/plagiarize, +https://gitlab.com/schmidt.simon/hypothesis-drf, +https://gitlab.com/phillipcouto/clean-workspace, +https://gitlab.com/Hares-Lab/http-server-base, +https://gitlab.com/panasas/minio, +https://gitlab.com/AnderwanSAM/danger-plugin-commitlint-gitlab, +https://gitlab.com/ebenhoeh/modelbase, +https://gitlab.com/alienspaces/holyragingmages, +https://gitlab.com/alfiedotwtf/file-lock, +https://gitlab.com/mlaopane/formhook, +https://gitlab.com/grrfe/cockli-gen, +https://gitlab.com/FirstTerraner/proclubs-api, +https://gitlab.com/marvin.vanaalst/qtb-plot, +https://gitlab.com/NamingThingsIsHard/linky, +https://gitlab.com/sw8fbar/bhav, +https://gitlab.com/mcepl/pyg, +https://gitlab.com/florezjose/django_ui, +https://gitlab.com/michalSolarz/pikachu-test-passed, +https://gitlab.com/heathercreech/dappy, +https://gitlab.com/sdfsdfsdf1234/lavalink, +https://gitlab.com/scmodding/frameworks/pyrsi, +https://gitlab.com/ip-fabric/integrations/python-ipfabric, +https://gitlab.com/friendly-facts/fact-explorer, +https://gitlab.com/sbitio/terraform-provider-hiera5, +https://gitlab.com/pleasantone/intel-times, +https://gitlab.com/albertosanmartinmartinez/django-dashboards, +https://gitlab.com/elad.noor/equilibrator-assets, +https://gitlab.com/luislui/distributed_lock_helper, +https://gitlab.com/phata/hook, +https://gitlab.com/rigogsilva/graph-polisher, +https://gitlab.com/foxnewsnetwork/ember-gitlab-pages, +https://gitlab.com/staltz/multiserver-rn-channel, +https://gitlab.com/JakobDev/jdAnimatedImageEditor, +https://gitlab.com/oz123/grafzahl, +https://gitlab.com/admicos/nts, +https://gitlab.com/marzzzello/ipa-dumper, +https://gitlab.com/recommend.games/board-game-bot, +https://gitlab.com/mcl1v3/ruc-dni, +https://gitlab.com/morimekta/utils-file, +https://gitlab.com/coboxcoop/kappa-drive, +https://gitlab.com/re-sol/re-sol, +https://gitlab.com/dreamer-labs/libraries/jinja2-ansible-filters, +https://gitlab.com/codingcoffeebean/edwardsserial, +https://gitlab.com/rstolle/kafujo, +https://gitlab.com/grammm/php-gram/phpgram, +https://gitlab.com/digitalia/fatturapa, +https://gitlab.com/softbutterfly/glovo-api-python, +https://gitlab.com/Elypia/commandler, +https://gitlab.com/betamax/serializers, +https://gitlab.com/gretchenfrage/winit-main, +https://gitlab.com/aplus-framework/libraries/language, +https://gitlab.com/elaspic/elaspic2, +https://gitlab.com/blender-institute/blender-id-oauth-client, +https://gitlab.com/apinest/apinest, +https://gitlab.com/jigar_xyz/my-awesome-project, +https://gitlab.com/Hatscat/metalthea, +https://gitlab.com/datev/vuepress-plugin-offlinesearch, +https://gitlab.com/jondo2010/boomerang, +https://gitlab.com/bobble-public/backend/go-utils, +https://gitlab.com/nickmertin/safe-modular-arithmetic, +https://gitlab.com/permafrostnet/pfit, +https://gitlab.com/gexuy/public-libraries/rust/rpa, +https://gitlab.com/etonomy/riot-wrappers, +https://gitlab.com/eshard/estraces, +https://gitlab.com/miam/kmm-miam-sdk, +https://gitlab.com/mateuszjaje/gitlab4s, +https://gitlab.com/jdesodt/seneca-triggers, +https://gitlab.com/axual/public/axual-client-dotnet, +https://gitlab.com/dropfort/dropfort_build, +https://gitlab.com/exadra37-docker/php/docker-stack, +https://gitlab.com/Marvin-Brouwer/azure-keyvault-emulator, +https://gitlab.com/mrvik/go-pid1, +https://gitlab.com/bluetrumpets/opensource/ensemble, +https://gitlab.com/bradwood/pyskyq, +https://gitlab.com/oscargt90/sfdao, +https://gitlab.com/benyanke/kionctl, +https://gitlab.com/okannen/likely, +https://gitlab.com/baasgeo/ng-openlayers, +https://gitlab.com/jfolz/sqltrack, +https://gitlab.com/andybalaam/rust-smpp, +https://gitlab.com/equilibrator/equilibrator-cache, +https://gitlab.com/porky11/pn-editor, +https://gitlab.com/data-leakage-protection/signatures, +https://gitlab.com/neachdainn/easy-error, +https://gitlab.com/aaronuv/arby, +https://gitlab.com/shekhand/mcda, +https://gitlab.com/ntninja/flake8-tabs, +https://gitlab.com/NamingThingsIsHard/collaboration/fork2gitlab, +https://gitlab.com/jrobsonchase/openssl-async, +https://gitlab.com/nameserver-systems/pdns-distribute, +https://gitlab.com/rhythnic/vuex-intern, +https://gitlab.com/JamesRezo/supported-versions, +https://gitlab.com/slon/shad-grader, +https://gitlab.com/london-gophers/study-group, +https://gitlab.com/safesurfer/go-http-server, +https://gitlab.com/bvanwouwen/editorjs-button, +https://gitlab.com/ManfredTremmel/gwt-webworker, +https://gitlab.com/chartwerk/bar-pod, +https://gitlab.com/structural-fragment-search/super, +https://gitlab.com/evandro-crr/qsystem, +https://gitlab.com/drutopia/drutopia_template, +https://gitlab.com/bienvenu/matpopmod, +https://gitlab.com/dspechnikov/django-slugger, +https://gitlab.com/mcepl/hexo-renderer-restructuredtext, +https://gitlab.com/alehd/hd-lib, +https://gitlab.com/shop-system2/gateway, +https://gitlab.com/or-software/source-code/routify-plugin-sitemap, +https://gitlab.com/awacha/gmxbatch, +https://gitlab.com/janriemer/csv-diff, +https://gitlab.com/alexbay218/5d-chess-js, +https://gitlab.com/aa900031/react-native-mindwave-mobile, +https://gitlab.com/chevdor/substrate-runtime-hasher, +https://gitlab.com/ndmspc/react-jsroot, +https://gitlab.com/anthony-tron/mp3cut, +https://gitlab.com/captray/crankin, +https://gitlab.com/keyboard0/jxon, +https://gitlab.com/noahhsmith/statespace, +https://gitlab.com/BioAI/libMI, +https://gitlab.com/shar-workflow/shar, +https://gitlab.com/minds/web3modal-angular, +https://gitlab.com/sat-mtl/tools/scenic/scenic-core, +https://gitlab.com/krnekhelesh/pdfpug, +https://gitlab.com/blsqr/paramspace, +https://gitlab.com/Ovenbird-j/chonf, +https://gitlab.com/info.tontransport/welshguard, +https://gitlab.com/dicr/yii2-pochta, +https://gitlab.com/dicr/yii2-payparts, +https://gitlab.com/iocbio/sparks, +https://gitlab.com/gecko.io/geckoBNDEquinox, +https://gitlab.com/essere.lab.public/arcan, +https://gitlab.com/opennota/morph, +https://gitlab.com/2WeltenChris/do-red, +https://gitlab.com/sequoia-pgp/sequoia-sop, +https://gitlab.com/antonok/jni_fn, +https://gitlab.com/leonard.ehrenfried/scalac-profiling, +https://gitlab.com/amv213/pycotech, +https://gitlab.com/dead10ck/uwc, +https://gitlab.com/andreafavia/yaket, +https://gitlab.com/crikit/crikit, +https://gitlab.com/staltz/xstream-sample, +https://gitlab.com/fastjet/fastjet, +https://gitlab.com/cdlr75/changelogfromtags, +https://gitlab.com/mtlg-framework/mtlg-gameframe, +https://gitlab.com/ErikKalkoken/aa-killtracker, +https://gitlab.com/nesstero/jadwal-shalat, +https://gitlab.com/firerainos/firerain-web-go, +https://gitlab.com/nicofonk/pytest-dockerc, +https://gitlab.com/arrow.down/flog, +https://gitlab.com/pleasantone/slack-groupmgr, +https://gitlab.com/algo2t/shoonyapy, +https://gitlab.com/nobodyinperson/python3-openrepos-webclient, +https://gitlab.com/a-boudi/airbrush, +https://gitlab.com/nathanfaucett/rs-specs_guided_join, +https://gitlab.com/dslackw/USBdev, +https://gitlab.com/ionburst/ionburst-sdk-javascript, +https://gitlab.com/gabraken/olympipe, +https://gitlab.com/rapiddweller/benerator/rd-lib-format, +https://gitlab.com/rackn/provision, +https://gitlab.com/artsoftwar3/public-libraries/rust/rpa, +https://gitlab.com/razcore/bpsproxy, +https://gitlab.com/carles.mateo/carleslibs, +https://gitlab.com/ErikKalkoken/aa-freight, +https://gitlab.com/passit/passit-sdk-js, +https://gitlab.com/deltares/imod/qgis-tim, +https://gitlab.com/afzp99/pygans, +https://gitlab.com/scoopgroup-public/scoop-template-engine, +https://gitlab.com/dotpe/mindbenders, +https://gitlab.com/gabraken/olympict, +https://gitlab.com/BertBruynooghe/vuex-orm-sugar, +https://gitlab.com/gyptis/gyptis, +https://gitlab.com/nop_thread/treena, +https://gitlab.com/jorgecarleitao/starlette-oauth2, +https://gitlab.com/MartijnBraam/factorytest, +https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven-plugin, +https://gitlab.com/morimekta/providence, +https://gitlab.com/2WeltenChris/shuttle-red, +https://gitlab.com/computationalmaterials/clease-gui, +https://gitlab.com/honour/logo-generator, +https://gitlab.com/mike7b4/dfuflash, +https://gitlab.com/mschleeweiss/mdx_spanner, +https://gitlab.com/awesome-nodes/object, +https://gitlab.com/dheid/fontchooser, +https://gitlab.com/autokent/crawler-request, +https://gitlab.com/srcgo/gopt, +https://gitlab.com/commonshost/edge, +https://gitlab.com/etnbrd/fisca.js, +https://gitlab.com/jfolz/simplebloom, +https://gitlab.com/jorispio/realoot, +https://gitlab.com/jokeyrhyme/user-acpid-rs, +https://gitlab.com/09jwater/Needle, +https://gitlab.com/jrobsonchase/slog-scope-futures, +https://gitlab.com/dpizetta/helpdev, +https://gitlab.com/glts/milter, +https://gitlab.com/SunyataZero/remembering, +https://gitlab.com/itentialopensource/pre-built-automations/artifact-wizard, +https://gitlab.com/openteams/scrud-django, +https://gitlab.com/nobodyinperson/python3-meteorology, +https://gitlab.com/Arcaik/targetd-provisioner, +https://gitlab.com/brukhabtu/femtow, +https://gitlab.com/AdrianDC/gitlab-issues-sync, +https://gitlab.com/accommerce/authentication, +https://gitlab.com/stepandalecky/kml-parser, +https://gitlab.com/duelinmarkers/steel-cent, +https://gitlab.com/mailman/hksync, +https://gitlab.com/hoppr/hoppr-cyclonedx-models, +https://gitlab.com/leonhard-llc/safe-regex-rs, +https://gitlab.com/Bernt/MITOS, +https://gitlab.com/rigogsilva/polisher, +https://gitlab.com/mrnagydavid/typic, +https://gitlab.com/JorFriendlyDev/c-serial-reader, +https://gitlab.com/Elypia/elypiai, +https://gitlab.com/noctisyeung/holiday-hk, +https://gitlab.com/nuinalp/nuiverse/icons, +https://gitlab.com/pantacor/pantahub-base, +https://gitlab.com/iciq-tcc/nlopez-group/pyrdtp, +https://gitlab.com/luerhard/pyintergraph, +https://gitlab.com/jorgeecardona/frankfurt, +https://gitlab.com/genesismobo/schemafy-cli, +https://gitlab.com/LordGaav/alfen-eve, +https://gitlab.com/dl_monte/dlmontepython, +https://gitlab.com/szhizhenko/quirco.cqrs, +https://gitlab.com/DigonIO/imgreg, +https://gitlab.com/martinzuern/homebridge-artnet, +https://gitlab.com/samsartor/inpt, +https://gitlab.com/Swizi/swizi-community/swizi-community-plugin, +https://gitlab.com/bliss-design-system/components, +https://gitlab.com/lavitto/typo3-gridgallery, +https://gitlab.com/SmirnGreg/diskchef, +https://gitlab.com/ADanianZE/amcess, +https://gitlab.com/ringods/starterkit-zoho-sites, +https://gitlab.com/d-e/dx-eurocode, +https://gitlab.com/antipy/antibuild/cli, +https://gitlab.com/ratson/cordova-admob-sdk, +https://gitlab.com/mgoral/subconvert, +https://gitlab.com/chevdor/confmgr, +https://gitlab.com/jlecomte/projects/ansible-roster, +https://gitlab.com/joeysbytes/easy-ansi, +https://gitlab.com/smc/mlphon, +https://gitlab.com/ludo237/laravel-eloquent-traits, +https://gitlab.com/AcceleratXR/composerjs/composer-core, +https://gitlab.com/Buger-od-ua/java-object-patcher, +https://gitlab.com/byterain/moleculer-discord, +https://gitlab.com/conradoqg/doc-server, +https://gitlab.com/gitlab-org/security-products/analyzers/npm-audit, +https://gitlab.com/lu-ci/kyanite, +https://gitlab.com/jeang3nie/gfret, +https://gitlab.com/prettyetc/prettyetc-core, +https://gitlab.com/neutrinoparticles/neutrinoparticles.js, +https://gitlab.com/staltz/multiserver-electron-ipc, +https://gitlab.com/liveontape/hungerhaken-sqs-sdk, +https://gitlab.com/jcain/router-ss, +https://gitlab.com/ManfredTremmel/gwt-commons-lang3, +https://gitlab.com/semakov_andrey/sa-template-1, +https://gitlab.com/Pierre_VF/seedftw, +https://gitlab.com/redhuntlabs-open-source/keypoke, +https://gitlab.com/leonhard-llc/safina-rs, +https://gitlab.com/mpapp-public/manuscripts-manuscript-editor, +https://gitlab.com/archaeohelper/photorectify, +https://gitlab.com/derpystuff/discord-experiments, +https://gitlab.com/mvysny/jdbi-orm, +https://gitlab.com/hammie/php-algorithms, +https://gitlab.com/osci/ansible-roles-ctl, +https://gitlab.com/jlecomte/projects/python/flask-gordon, +https://gitlab.com/Patiga/twmap-py, +https://gitlab.com/simtopy/kickast, +https://gitlab.com/staltz/remark-linkify-regex, +https://gitlab.com/andrewheberle/duplicacy-fuse, +https://gitlab.com/aquachain/aquachain, +https://gitlab.com/soratidus999/aa-gdpr, +https://gitlab.com/gitlab-org/security-products/analyzers/sobelow, +https://gitlab.com/joelostblom/sinfo, +https://gitlab.com/core-utils/core-utils, +https://gitlab.com/Rickdkk/worklab, +https://gitlab.com/3askaal/generator-3oilerplate, +https://gitlab.com/stone.code/catch, +https://gitlab.com/esanum/ui, +https://gitlab.com/skorov/ffsendclient, +https://gitlab.com/gondolyr/mangadex-api, +https://gitlab.com/somanyaircraft/xmptools, +https://gitlab.com/rveach/bookstack-dl, +https://gitlab.com/mburkard/openrpc, +https://gitlab.com/nomalism-develop/types, +https://gitlab.com/gitlab-org/gitlab-terminal, +https://gitlab.com/pommalabs/thumbnailer, +https://gitlab.com/coffeemaninc/parler-api, +https://gitlab.com/mkourim/pytest-polarion-collect, +https://gitlab.com/chrysn/std-embedded-nal, +https://gitlab.com/philbooth/hoopy, +https://gitlab.com/anarcat/stressant, +https://gitlab.com/gtomato-web/gtw-ui, +https://gitlab.com/m03geek/fast-rbac, +https://gitlab.com/gui-vista/guivista-gui, +https://gitlab.com/oscar6echo/jupyter-widget-d3-slider, +https://gitlab.com/cervoneluca/openbits-cli, +https://gitlab.com/planetsoni/youtubeplaylistdownloader, +https://gitlab.com/arnedesmedt/vue-ads-table-tree, +https://gitlab.com/daffie/mongodb, +https://gitlab.com/opennota/fl, +https://gitlab.com/nhsbsa/libraries/hof-govfrontend-v3, +https://gitlab.com/jitesoft/open-source/javascript/cookie-consent, +https://gitlab.com/accommerce/helpers, +https://gitlab.com/nathanfaucett/rs-gmath, +https://gitlab.com/juicyluv/syur-gallery, +https://gitlab.com/elast0ny/wamp_async-rs, +https://gitlab.com/leonhard-llc/fixed-buffer-rs, +https://gitlab.com/edneville/netrs, +https://gitlab.com/paulnoth/slovak-holidays, +https://gitlab.com/a6094/afl_appstract_framework_library, +https://gitlab.com/mmillerbkg/chartjs-adapter-dayjs, +https://gitlab.com/co-stack.com/co-stack.com/typo3-extensions/logs, +https://gitlab.com/kornelski/openmp-rs, +https://gitlab.com/shinzao/laravel-helper, +https://gitlab.com/CardboardTurkey/pdgid, +https://gitlab.com/morimekta/utils-collect, +https://gitlab.com/avijayr/linq-query-specification, +https://gitlab.com/pscott/descent, +https://gitlab.com/scito-performance/keycloak-admin, +https://gitlab.com/msvechla/go-vulncheck-gitlab, +https://gitlab.com/rakenodiax/rust-client, +https://gitlab.com/antoinecaron/eratum, +https://gitlab.com/documatt/sphinx-themes, +https://gitlab.com/golang-studies/introdution, +https://gitlab.com/sat-mtl/telepresence/scenic-core, +https://gitlab.com/sasriawesome/simpellab, +https://gitlab.com/avandesa/geojson-antimeridian-cut, +https://gitlab.com/mycf.sg/challenges/devops-checkin, +https://gitlab.com/rashad2985/react-material-table, +https://gitlab.com/Open-Interject/Beetle-ETL, +https://gitlab.com/optix-app/php-client, +https://gitlab.com/loers/gtk-rust-app, +https://gitlab.com/netzwerk2/crystal_ball, +https://gitlab.com/epinxteren/ts-eventsourcing, +https://gitlab.com/oer/org-re-reveal-citeproc, +https://gitlab.com/openpgp-card/ssh-agent, +https://gitlab.com/news-flash/feedbin_api, +https://gitlab.com/koober-sas/react-native-markup-view, +https://gitlab.com/heingroup/aghplctools, +https://gitlab.com/bbmsoft.net/audio-controls, +https://gitlab.com/anarcat/pubpaste, +https://gitlab.com/florent.legname/go-fail2ban-exporter, +https://gitlab.com/jenx/baconify, +https://gitlab.com/priestine/semantics, +https://gitlab.com/signald/signald-go, +https://gitlab.com/jigal/t3adminer, +https://gitlab.com/blackprotocol/blacknode, +https://gitlab.com/dAnjou/fs-code, +https://gitlab.com/sue445/tanuki_reminder, +https://gitlab.com/jlecomte/projects/python/torxtools, +https://gitlab.com/dropworks-oss/networkmanager-dbus, +https://gitlab.com/gitlab-org/ci-cd/ecs, +https://gitlab.com/cathaldallan/saltypie, +https://gitlab.com/gitlab-org/visual-review-tools, +https://gitlab.com/uhh-gwd/lpsd, +https://gitlab.com/yarbelk/slimbox, +https://gitlab.com/tobifinn/torch-assimilate, +https://gitlab.com/tmladek/upend, +https://gitlab.com/XenGi/dotfiles, +https://gitlab.com/veloren/serverbrowser, +https://gitlab.com/Verner/pyvallex, +https://gitlab.com/territoires/caligram-react, +https://gitlab.com/zygoon/go-hawkbit, +https://gitlab.com/vocdoni/dvote-js, +https://gitlab.com/thekitchenagency/swiss-post-labels, +https://gitlab.com/valuer/main, +https://gitlab.com/vifros/blueprints/serverless-service-blueprint, +https://gitlab.com/wavestream-public/wavestream-sdk-ts, +https://gitlab.com/tud-mst/ptvpy, +https://gitlab.com/xoria/nodekey, +https://gitlab.com/typexs/typexs, +https://gitlab.com/tkil/use-state-validate, +https://gitlab.com/xonq/mycotools, +https://gitlab.com/Zer1t0/urld, +https://gitlab.com/wpdesk/wp-settings, +https://gitlab.com/thelabnyc/django-auth-logger, +https://gitlab.com/VadVergasov/ulam, +https://gitlab.com/zigara/gircd, +https://gitlab.com/tomasjmonteiro/angular-utils, +https://gitlab.com/toptalo/gulp-twig2html, +https://gitlab.com/yii2-module/yii2-insee-ban, +https://gitlab.com/zeen3/miniotp, +https://gitlab.com/ten.pavouk/pavouk-ecs, +https://gitlab.com/vstconsulting/tabsignal, +https://gitlab.com/telco/yii2-category-module, +https://gitlab.com/vitus133/vl6180x_multi, +https://gitlab.com/uptodown/equalable, +https://gitlab.com/uxf-npm/wysiwyg, +https://gitlab.com/xyield/xumm-go-client, +https://gitlab.com/whitelizard/ploson, +https://gitlab.com/workbench2/workbench-plugins/wbpnamespace, +https://gitlab.com/wilfer9008/annotation-tool, +https://gitlab.com/tymonx/go-id, +https://gitlab.com/texperience/pythonanywhereapiclient, +https://gitlab.com/xianbin.yong13/OpFlowLab, +https://gitlab.com/yuan116/ci3-enhance, +https://gitlab.com/workbench2/wbbase, +https://gitlab.com/thelabnyc/django-oscar/django-oscar-reports, +https://gitlab.com/TankerHQ/sdk-python, +https://gitlab.com/thorchain/asgardex-common/asgardex-theme, +https://gitlab.com/wwnorton/style/eslint-config-norton, +https://gitlab.com/vgarcia.dev/gitlab-ci-npm-ts, +https://gitlab.com/yaq/yaqd-acton, +https://gitlab.com/xylok/networkparse, +https://gitlab.com/vnphp/media-extension-bundle, +https://gitlab.com/Toru3/auto-impl-ops, +https://gitlab.com/thomaswucher/sphinx-mathjax-offline, +https://gitlab.com/talendant/json-schema-to-es-index, +https://gitlab.com/ydkn/redmine_airbrake_backend, +https://gitlab.com/takluyver/modeltee, +https://gitlab.com/yahya-abou-imran/hybridset, +https://gitlab.com/web-novel/syosetsu, +https://gitlab.com/testing-system/invoker, +https://gitlab.com/zw277856645/docsify-demo-box-angular, +https://gitlab.com/worr/node-imdb-api, +https://gitlab.com/xpro1/wsproxyxpro, +https://gitlab.com/TomasHubelbauer/net-tree, +https://gitlab.com/tripetto/blocks/date, +https://gitlab.com/warsaw/world, +https://gitlab.com/xi0s/aws-simple-auth, +https://gitlab.com/vnphp/presenter-bundle, +https://gitlab.com/workbench2/workbench-plugins/wbpwidgetinspector, +https://gitlab.com/vikingmakt/lagertha, +https://gitlab.com/zephinzer/codepr.ac, +https://gitlab.com/ubiqsecurity/ubiq-ruby, +https://gitlab.com/tci-dev/tubs, +https://gitlab.com/zwelf/teehistorian, +https://gitlab.com/TheChuckMo/d6dice, +https://gitlab.com/toptalo/twig-renderer, +https://gitlab.com/wolfgang.wagner/wwonepagetemplate, +https://gitlab.com/zw277856645/cmjs-lib, +https://gitlab.com/ydkn/jquery-watcher, +https://gitlab.com/transact/node-transact, +https://gitlab.com/utmist/mistr, +https://gitlab.com/vnphp/geocoder-bundle, +https://gitlab.com/uppt/core, +https://gitlab.com/yaq/yaqd-system-monitor, +https://gitlab.com/thorchain/binance/tendermint, +https://gitlab.com/thorchain/bifrost/ltcd-txscript, +https://gitlab.com/thelabnyc/certbot-openshift, +https://gitlab.com/ZiggyQubert/do, +https://gitlab.com/vsichka/salted-md5.npm, +https://gitlab.com/yukka/yukka-jigsaw-template, +https://gitlab.com/TheDrone7/jsonstore-io, +https://gitlab.com/TimothyZhou/uiuc_api, +https://gitlab.com/yo/react-humanize-url, +https://gitlab.com/yack/pyramid-helpers, +https://gitlab.com/yaq/yaqd-fakes, +https://gitlab.com/YSX/eventloop, +https://gitlab.com/xx_network/comms, +https://gitlab.com/w0lff/swayws, +https://gitlab.com/wpdesk/wp-autoloader, +https://gitlab.com/thayne/xdgterm, +https://gitlab.com/wobcom/iot/chirpstack-gitops, +https://gitlab.com/vl4deee11/ipx, +https://gitlab.com/whitelizard/tri-fp, +https://gitlab.com/TomasHubelbauer/qr-channel, +https://gitlab.com/YipengUva/end2endml_pkg, +https://gitlab.com/yo/yoginth, +https://gitlab.com/tekton/wp-analytics, +https://gitlab.com/toolkit3/xml-things, +https://gitlab.com/wordpress-premium/font-awesome-pro, +https://gitlab.com/voxrow/voxrow, +https://gitlab.com/tecnos/material-icons-base64, +https://gitlab.com/zeen3/mangaplus-parser, +https://gitlab.com/tripetto/demo, +https://gitlab.com/yoginth/yoginth, +https://gitlab.com/upe-consulting/npm/ngx/forms, +https://gitlab.com/ydkn/pulumi-resources, +https://gitlab.com/uxf/gen, +https://gitlab.com/yaq/yaqd-ekspla, +https://gitlab.com/xcoponet/doxyxml, +https://gitlab.com/yaq/yaqd-seabreeze, +https://gitlab.com/wraugh/defphp, +https://gitlab.com/ufoot/confitdb, +https://gitlab.com/ulvido/sayi-oku, +https://gitlab.com/tamasd/ab, +https://gitlab.com/too-many-programmers/pytest-ref, +https://gitlab.com/wobcom/diplomat, +https://gitlab.com/testellator/core, +https://gitlab.com/ytopia/ops/snip, +https://gitlab.com/too-many-programmers/pytest-plugin-helpers, +https://gitlab.com/tramwayjs/tramway-callback-adapter, +https://gitlab.com/xfbs/xfpl, +https://gitlab.com/uxf/uxf-base-npm, +https://gitlab.com/wpdesk/wp-mutex, +https://gitlab.com/voxspace/geo-rust, +https://gitlab.com/Teigi/sipyconfig, +https://gitlab.com/ubiqsecurity/ubiq-node, +https://gitlab.com/zw277856645/ngx-list-filter, +https://gitlab.com/vmware/pop/pop-create, +https://gitlab.com/ubiqsecurity/ubiq-java, +https://gitlab.com/terminus-zinobe/flask-feature-flag, +https://gitlab.com/tangibleai/nlpia2, +https://gitlab.com/tekne/rdx, +https://gitlab.com/vnphp/calendar, +https://gitlab.com/workbench2/workbench-plugins/wbploglist, +https://gitlab.com/TheNicholi/Serilog.Exceptions.MongoDb, +https://gitlab.com/tekton/wordpress, +https://gitlab.com/unkwn1/dorkscan, +https://gitlab.com/yeetsquared/arcsquared, +https://gitlab.com/vsichka/encrypted-jwt.npm, +https://gitlab.com/zach-geek/vartiste-extras, +https://gitlab.com/thelabnyc/django-oscar/django-oscar-cch, +https://gitlab.com/uxf/datagrid, +https://gitlab.com/ubalot/opensubtitles_downloader, +https://gitlab.com/yelosan/hugo-shortcodes, +https://gitlab.com/xoria/revently, +https://gitlab.com/tgtmedialtd/smartcloud/core, +https://gitlab.com/wpdesk/wp-basic-requirements, +https://gitlab.com/vscode1/text-edit-manager, +https://gitlab.com/yelosan/hugo-feeds, +https://gitlab.com/tramwayjs/tramway-router-react-strategy, +https://gitlab.com/yii2-module/yii2-insee-naf, +https://gitlab.com/wakataw/pyproc, +https://gitlab.com/TC01/python-bautils, +https://gitlab.com/xlogic/tool/rdl2nd, +https://gitlab.com/xianbin.yong13/opticalflow3d, +https://gitlab.com/wpdesk/wc-helpers, +https://gitlab.com/viart/vintage-admin, +https://gitlab.com/xlogic/compiler, +https://gitlab.com/zeen3/ganganonline-parser, +https://gitlab.com/verygoodsoftwarenotvirus/naff, +https://gitlab.com/youronlyone/images, +https://gitlab.com/warsaw/flufl.i18n, +https://gitlab.com/xMAC94x/prometheus-hyper, +https://gitlab.com/trollodel/html2py, +https://gitlab.com/ZaberTech/zaber-motion-lib, +https://gitlab.com/unaisaralegui/redcapy, +https://gitlab.com/thefinn93/alertmanager-signald, +https://gitlab.com/ydkn/rails-menu-manager, +https://gitlab.com/tsfp/ethr, +https://gitlab.com/tjvb/laravel-mail-catchall, +https://gitlab.com/vladku/bigt, +https://gitlab.com/v.grigoryevskiy/json-flattifier, +https://gitlab.com/ubiqsecurity/ubiq-go, +https://gitlab.com/vkahl/apparat, +https://gitlab.com/vstconsulting/vstcompile, +https://gitlab.com/wpdesk/wc-tests, +https://gitlab.com/zecchan/amaterasu, +https://gitlab.com/zolteam/kulla, +https://gitlab.com/youronlyone/content, +https://gitlab.com/weview/mozzart, +https://gitlab.com/version-up/version-up, +https://gitlab.com/UncleThaodan/datapack_visualizer, +https://gitlab.com/the-language/igcc, +https://gitlab.com/vue-admin/vue-admin, +https://gitlab.com/twoBirds/twobirds-cli, +https://gitlab.com/tjvb/gitlab-webhooks-receiver-for-laravel, +https://gitlab.com/workbench2/workbench-plugins/wbpfilebrowser, +https://gitlab.com/thayne/refcapsule, +https://gitlab.com/xen-project/misc/rust-gitforge, +https://gitlab.com/wakataw/ipython-dawet-sql, +https://gitlab.com/thelabnyc/angular-tiny-cloudinary, +https://gitlab.com/yo/react-number-names, +https://gitlab.com/yii2-module/yii2-insee-sirene, +https://gitlab.com/tokyjo/novaposhta-rs, +https://gitlab.com/x3ro/bs62-rs, +https://gitlab.com/yaroslav-kulpan/create-react-yaros-app, +https://gitlab.com/wikiti-random-stuff/hxini, +https://gitlab.com/tdely/luhn-php, +https://gitlab.com/workbench2/workbench-plugins/wbpshell, +https://gitlab.com/voltfang-public/yew-scanner, +https://gitlab.com/ydkn/pulumi-components, +https://gitlab.com/talentrydev/error-handling, +https://gitlab.com/tdely/zsv.ticker, +https://gitlab.com/yolenoyer/color-print, +https://gitlab.com/vlsh/dvk, +https://gitlab.com/thorchain/bifrost/dogd-txscript, +https://gitlab.com/walter76/pandoc-simplecite, +https://gitlab.com/worr/rust-kqueue-sys, +https://gitlab.com/utf-crawler/utf-crawler, +https://gitlab.com/worr/rcstring, +https://gitlab.com/vnphp/fineproxy, +https://gitlab.com/volkerweissmann/fast_ode, +https://gitlab.com/TobiP64/vkgen, +https://gitlab.com/voicemod/agora/releases, +https://gitlab.com/zolotov/uamutils, +https://gitlab.com/tripetto/runners/classic-fluentui, +https://gitlab.com/tkil/tmpl-cli, +https://gitlab.com/xgrg/bx, +https://gitlab.com/yaal/pytest-ldap, +https://gitlab.com/takluyver/kartoffel, +https://gitlab.com/vsichka/type-should-be.npm, +https://gitlab.com/ubiqsecurity/ubiq-fpe-java, +https://gitlab.com/vanxhyt/fortnite-api-manager, +https://gitlab.com/TayfunTurgut/promise-train, +https://gitlab.com/viraptor/netdevice, +https://gitlab.com/wldhx/yadisk-direct, +https://gitlab.com/tobyb121/aws-vpn-client-patch, +https://gitlab.com/tspiteri/sconcat, +https://gitlab.com/yaq/yaqd-becker-hickl, +https://gitlab.com/ufoot/fakesite, +https://gitlab.com/ubiqsecurity/ubiq-fpe-go, +https://gitlab.com/torbmol/pairlock, +https://gitlab.com/vsichka/request-many.npm, +https://gitlab.com/thriftplus/thriftapis, +https://gitlab.com/zuern/graphqlviz, +https://gitlab.com/wobcom/ssh-exporter, +https://gitlab.com/theias/di/infoblox, +https://gitlab.com/voxrow/library, +https://gitlab.com/ubports/installer/android-tools-bin, +https://gitlab.com/thorchain/bepswap/asgardex-common, +https://gitlab.com/vmedea/glulxe-rs, +https://gitlab.com/thht_django/django-auto-webassets, +https://gitlab.com/ttpcodes/youtube-dl-go, +https://gitlab.com/zw277856645/ngx-form-helper, +https://gitlab.com/uptimeventures/gatsby-source-rss, +https://gitlab.com/ViDA-NYU/reproserver, +https://gitlab.com/zw277856645/ngx-textarea-auto-height, +https://gitlab.com/weitzman/logintrait, +https://gitlab.com/unit410/edwards25519, +https://gitlab.com/tvo/csharpimmutabilitytest, +https://gitlab.com/treet/rhapsody-scraper, +https://gitlab.com/WoWnikCompany/eslint_config, +https://gitlab.com/tybrown/go-samver, +https://gitlab.com/vmware/pop/pop-tree, +https://gitlab.com/tobias47n9e/wikibase_rs_rocket_example, +https://gitlab.com/yaq/yaqd-thorlabs, +https://gitlab.com/tkaratug/titan-core, +https://gitlab.com/xseman/bysquare, +https://gitlab.com/tyrelsouza/django-dbfilestorage, +https://gitlab.com/too-many-programmers/pytest-reporting, +https://gitlab.com/woshilapin/dyn-iter, +https://gitlab.com/Yinebeb-01/ethiopiandateconverter, +https://gitlab.com/wictornogueira/suap-api, +https://gitlab.com/thorchain/asgardex-common/asgardex-crypto, +https://gitlab.com/vnphp/request-logger-bundle, +https://gitlab.com/tarcisioe/ampdup, +https://gitlab.com/weary/gocord, +https://gitlab.com/vector.kerr/flask-jsonschema-validator, +https://gitlab.com/yii2-extended/yii2-psr6-cache-bridge, +https://gitlab.com/zotakuxy-node-lib/util, +https://gitlab.com/tekne/elysees, +https://gitlab.com/topten-dev/topten-br-theme, +https://gitlab.com/vue-admin/vue-cli-plugin-vue-admin, +https://gitlab.com/ydkn/dns-injector, +https://gitlab.com/tmantas/shimr, +https://gitlab.com/tildah/mdi-component, +https://gitlab.com/yo/react-auth-pages, +https://gitlab.com/Timmy1e/ruri, +https://gitlab.com/terraria-converters/terraria-xbox360-player-api, +https://gitlab.com/umcdev/meansd, +https://gitlab.com/yunta/hakuban, +https://gitlab.com/wpdesk/wp-view, +https://gitlab.com/yleso/capacitor-callkit-voip, +https://gitlab.com/yawning/nyquist, +https://gitlab.com/xmpp-rs/jid-rs, +https://gitlab.com/vaardan/ytmonetizer, +https://gitlab.com/zcabjro/either-js, +https://gitlab.com/xlogic/mono, +https://gitlab.com/yjagdale/siem-data-producer, +https://gitlab.com/ulysses.codes/nodysseus, +https://gitlab.com/wyday/turboactivate-go, +https://gitlab.com/zegerius/netatmo-to-influxdb, +https://gitlab.com/ubiqsecurity/ubiq-python, +https://gitlab.com/thomhuds/acacia, +https://gitlab.com/tehidev/go/tbot, +https://gitlab.com/wpdesk/wp-builder, +https://gitlab.com/tspens/dblogging, +https://gitlab.com/the-language/lua2php, +https://gitlab.com/toys-projects/Apache-Local-Domain, +https://gitlab.com/vnphp/fragment-bundle, +https://gitlab.com/Zer1t0/iplist, +https://gitlab.com/zeen3/uuidgen4, +https://gitlab.com/zeroplus/django/django-coreplus, +https://gitlab.com/WhiterBlack/reactstrap-alert, +https://gitlab.com/yo/react-humanize-number, +https://gitlab.com/ufoot/vclock, +https://gitlab.com/youronlyone/defaults, +https://gitlab.com/thatscloud/pubj, +https://gitlab.com/yo/react-suffix-number, +https://gitlab.com/thelabnyc/django-ups-tnt, +https://gitlab.com/yo/react-titleize, +https://gitlab.com/teward/dmarcmsg, +https://gitlab.com/wordpress-premium/backupbuddy, +https://gitlab.com/toolkit3/js-analyzer, +https://gitlab.com/vladcalin/itsdevtime, +https://gitlab.com/zertex/zxcms, +https://gitlab.com/vladku/regexer, +https://gitlab.com/Telectron/telectron, +https://gitlab.com/tangibleai/community/aima, +https://gitlab.com/vue-admin/vue-admin-commands, +https://gitlab.com/whoatemybutter/letterbomb, +https://gitlab.com/wsw0108/go-proj4, +https://gitlab.com/vsichka/multiconf.npm, +https://gitlab.com/thornjad/filefile, +https://gitlab.com/yo/react-humanize-string, +https://gitlab.com/tandd.packages/fullwidth-halfwidth-converter, +https://gitlab.com/timvisee/took-rs, +https://gitlab.com/vasille-js/vasille-js, +https://gitlab.com/TomasHubelbauer/markdown-dom, +https://gitlab.com/zoiosilva/oo-sped-nfe, +https://gitlab.com/yii-ui/yii2-flag-icon-css-widget, +https://gitlab.com/xdegaye/etcmaint, +https://gitlab.com/taskord/unleash, +https://gitlab.com/webjs/sourcedata, +https://gitlab.com/yii2-module/yii2-insee-cog, +https://gitlab.com/yehushua.ben.david/kvfile, +https://gitlab.com/zireael9797/search-with-google, +https://gitlab.com/yo/react-pretty-ms, +https://gitlab.com/vifros/serverless/serverless-json-api, +https://gitlab.com/zeastman/s_and_p_500_grabber, +https://gitlab.com/zero-gravity/zero-gravity-cms-bundle, +https://gitlab.com/yamilovs/insomnia-exporter, +https://gitlab.com/yorickpeterse/wepoll-sys, +https://gitlab.com/ubiqsecurity/ubiq-dotnet, +https://gitlab.com/zcdziura/lycan, +https://gitlab.com/williamyaoh/arg_input, +https://gitlab.com/thejsguys/donejs-user-media-selector, +https://gitlab.com/xdc.one/todo, +https://gitlab.com/widgitlabs/wordpress/simple-settings, +https://gitlab.com/ZuruApps/backend-nodejs-cli, +https://gitlab.com/tc-dev/libs/swagger-express-mw, +https://gitlab.com/tiagocoutinho/scpi-protocol, +https://gitlab.com/ydkn/logged, +https://gitlab.com/the-language/the-language-jit, +https://gitlab.com/tymonx/go-error, +https://gitlab.com/zen-tools/py-mocp, +https://gitlab.com/whacks/cava, +https://gitlab.com/TECHNOFAB/amongusio, +https://gitlab.com/uxf-npm/wysiwyg-mui4-plugins, +https://gitlab.com/zyfdegl/yagirl, +https://gitlab.com/Tom_Fryers/activate, +https://gitlab.com/tjvb/testreportmixer, +https://gitlab.com/texperience/texsite, +https://gitlab.com/yuna.sulfur/components, +https://gitlab.com/thorchain/bifrost/bchd-txscript, +https://gitlab.com/ttblt-oss/hass/mqtt-hass-base, +https://gitlab.com/waser-technologies/technologies/listen, +https://gitlab.com/two-thirds/eloquent-traits, +https://gitlab.com/yaq/yaqd-rpi-gpio, +https://gitlab.com/unkwn1/backpack-backup, +https://gitlab.com/yartash/apricot, +https://gitlab.com/usi-si-oss/codelounge/jSicko, +https://gitlab.com/yaq/yaqd-pmc, +https://gitlab.com/tdameritrade-tools/tdameritrade-cli, +https://gitlab.com/viggge/fib-o-mat, +https://gitlab.com/twittner/json-codec, +https://gitlab.com/zdragnar/redux-tcomb-actions, +https://gitlab.com/tramwayjs/tramway-core-router, +https://gitlab.com/Vinnl/react-static-plugin-favicons, +https://gitlab.com/vitoyucepi/audio-player, +https://gitlab.com/verenigingcoin-public/coin-sdk-nodejs, +https://gitlab.com/thatsed/django-wireguard, +https://gitlab.com/the_speedball/redis.cache.py, +https://gitlab.com/Verner/django-assets-livereload, +https://gitlab.com/Vinnl/react-static-plugin-markdown, +https://gitlab.com/wangchristine/commander, +https://gitlab.com/xananax-npm/convenient, +https://gitlab.com/tobias_kay/saml-solver, +https://gitlab.com/thyseus/yii2-auth0, +https://gitlab.com/waser-technologies/technologies/say, +https://gitlab.com/verenigingcoin-public/coin-sdk-dotnet, +https://gitlab.com/thorchain/asgardex-common/asgardex-bitcoin, +https://gitlab.com/tramwayjs/tramway-command, +https://gitlab.com/tekne/typed-generational-arena, +https://gitlab.com/zacharykeeton/har2artillery, +https://gitlab.com/yaq/yaqd-zaber, +https://gitlab.com/wpdesk/wp-dataset, +https://gitlab.com/tramwayjs/tramway-connection-rest-api, +https://gitlab.com/verygoodsoftwarenotvirus/todo, +https://gitlab.com/vmaillart/openapi-swagger-editor-live, +https://gitlab.com/traxam/patreon.js, +https://gitlab.com/vmware/idem/idem-azure-auto, +https://gitlab.com/taktlause/sheatless, +https://gitlab.com/thorchain/asgardex-common/asgardex-ethereum, +https://gitlab.com/uva-arc/hobo-request, +https://gitlab.com/texperience/pyquickstart, +https://gitlab.com/wangenau/variational_mesh, +https://gitlab.com/tangram-vision-oss/tangram-vision-sdk, +https://gitlab.com/tgeorgel/object-press, +https://gitlab.com/taranjeet.singh.3312/pycargo, +https://gitlab.com/tango-controls/hdbpp/hdbpp-viewer, +https://gitlab.com/wpdesk/library/plugin-template, +https://gitlab.com/tozd/vue/snackbar-queue, +https://gitlab.com/vmware/pop/pytest-pop, +https://gitlab.com/Vinnl/wdio-webpack-dev-server-service, +https://gitlab.com/wikiti-random-stuff/roxlib, +https://gitlab.com/texperience/django-bootstrap-ui, +https://gitlab.com/vmeurisse/monitor-commander, +https://gitlab.com/tezos/tzt-reference-test-suite, +https://gitlab.com/to1source-open-source/jsonqltools, +https://gitlab.com/zaber-core-libs/zaber-motion-lib, +https://gitlab.com/timosaarinen/flickr-rust, +https://gitlab.com/yaq/yaqd-newport, +https://gitlab.com/warsquid/smallerize, +https://gitlab.com/thelabnyc/python-tls-syslog, +https://gitlab.com/verenigingcoin-public/coin-sdk-php, +https://gitlab.com/yuvallanger/rusty-diceware, +https://gitlab.com/willmitchell/secret_runner_aws, +https://gitlab.com/wtfgraciano/embaralha, +https://gitlab.com/xamcosta/Anafit, +https://gitlab.com/tjaart/python-timew, +https://gitlab.com/ttpcodes/prismriver, +https://gitlab.com/tcherivan/ice-db, +https://gitlab.com/thibaultB/transformers, +https://gitlab.com/yahya-abou-imran/checktypes, +https://gitlab.com/tonyfinn/xray, +https://gitlab.com/tmkn/wagtail-storages, +https://gitlab.com/unlogic/versup, +https://gitlab.com/Telokis/embed-i18n-webpack-plugin, +https://gitlab.com/tanna.dev/openapi-doc-http-handler, +https://gitlab.com/Toru3/polynomial-ring, +https://gitlab.com/wufz/io-close, +https://gitlab.com/theclocktwister/aeros, +https://gitlab.com/theadib/JSonRPCPlugin, +https://gitlab.com/terryp/terry, +https://gitlab.com/xiretza/gavel, +https://gitlab.com/warsaw/flufl.lock, +https://gitlab.com/yaq/yaqd-attune, +https://gitlab.com/xxaccexx/match-box, +https://gitlab.com/thallian/gog-sync, +https://gitlab.com/TollStudios/justanothernetworklib, +https://gitlab.com/yaq/yaqd-gage, +https://gitlab.com/wiggins.jonathan/plutus, +https://gitlab.com/themineraria/strapi_mysql_files, +https://gitlab.com/zedtux/nobrainer-rspec, +https://gitlab.com/thesilk/privlib, +https://gitlab.com/yawning/utls, +https://gitlab.com/yaq/yaqd-ni, +https://gitlab.com/vigo360/vigo360.es, +https://gitlab.com/tenkiv/software/physikal, +https://gitlab.com/tenkiv/software/coral, +https://gitlab.com/wwwouter/run-if-changed, +https://gitlab.com/zcash/zcashd_exporter, +https://gitlab.com/yaq/yaqd-picotech, +https://gitlab.com/the-networkers/netaudithor/netapi, +https://gitlab.com/tango-controls/Astor, +https://gitlab.com/tronied/slop, +https://gitlab.com/vdimensions/frameworks/axle/axle, +https://gitlab.com/warsaw/pynche, +https://gitlab.com/tdameritrade-tools/tdameritrade-client, +https://gitlab.com/trustgit/nodebot, +https://gitlab.com/unode/jug_schedule, +https://gitlab.com/ttc/transmark, +https://gitlab.com/writeonlyhugo/writeonlyhugo-theme, +https://gitlab.com/tjaart/pomw, +https://gitlab.com/xuhdev/poorconn, +https://gitlab.com/tue-umphy/co2mofetten/software/python3-sensemapi, +https://gitlab.com/wangenau/eminus, +https://gitlab.com/YottaDB/Lang/YDBPython, +https://gitlab.com/fuentelibre/rapydscriptify-ng, +https://gitlab.com/alienscience/cyclic-poly-23, +https://gitlab.com/las-nq/nqontrol, +https://gitlab.com/kimlab/kmtools, +https://gitlab.com/educelab/sfm-utils, +https://gitlab.com/ljcode/tiled-json-rs, +https://gitlab.com/apollo-api/minerva, +https://gitlab.com/ench0/icci-prayer-timetable-mosque, +https://gitlab.com/one-eye/drunkenfall, +https://gitlab.com/mazmrini/bin, +https://gitlab.com/goern/bn-bruecken, +https://gitlab.com/remram44/ngram-search, +https://gitlab.com/ae-group/ae_deep, +https://gitlab.com/hartsfield/fd, +https://gitlab.com/kbotdev/kbot-plugins, +https://gitlab.com/GCSBOSS/confort, +https://gitlab.com/licorna/kubeobject, +https://gitlab.com/oscar6echo/ipyupload, +https://gitlab.com/breaker1/unfurl, +https://gitlab.com/NSSTC/app-shell, +https://gitlab.com/gtomato-web/sass2js, +https://gitlab.com/lnts/svga-check-memory, +https://gitlab.com/rainbird-ai/sdk-go, +https://gitlab.com/redsky_public/framework, +https://gitlab.com/dgibson/abstractgraph, +https://gitlab.com/DLF/allmytoes, +https://gitlab.com/dispanel/sharding-manager-adapter, +https://gitlab.com/BotolBaba/bind, +https://gitlab.com/awesome-nodes/mvvm, +https://gitlab.com/hacklunch/ntskeserver, +https://gitlab.com/mgsearch/colorizrr, +https://gitlab.com/happycodingsarl/civicrm-core-for-drupal, +https://gitlab.com/hfernh/krapplet, +https://gitlab.com/r-w-x/netbeans/netesta, +https://gitlab.com/mbukatov/ocp-network-split, +https://gitlab.com/daraghhartnett/tpot-ta2, +https://gitlab.com/drFaustroll/dlpoly-py, +https://gitlab.com/gaiaz-tabby/swagger-ui, +https://gitlab.com/kybernetics/hypershot, +https://gitlab.com/eic/escalate/ejpm, +https://gitlab.com/eliosin/sassy-fibonacciness, +https://gitlab.com/ENDERZOMBI102/pyrinth, +https://gitlab.com/mchlumsky/cloudsctl, +https://gitlab.com/ndmspc/ndmvr, +https://gitlab.com/danieljrmay/sampled_data_duration, +https://gitlab.com/koober-sas/project-config, +https://gitlab.com/leopardm/dnd, +https://gitlab.com/pirahansiah/farshid, +https://gitlab.com/bff/rn, +https://gitlab.com/Marix/zypper-patch-status-collector, +https://gitlab.com/envis10n/dukbind, +https://gitlab.com/msvechla/rio-gameserver, +https://gitlab.com/alex-tsarkov/iterators, +https://gitlab.com/scku208/matplotlib-taiwan-font, +https://gitlab.com/inkscape/extras/inkscape-import-clipart, +https://gitlab.com/metapensiero/SoL, +https://gitlab.com/kingDeveloper_21th/react-native-google-places, +https://gitlab.com/riovir/wc-fontawesome, +https://gitlab.com/robert_curran/ngx-simple-logger, +https://gitlab.com/kimlu/utils-txt, +https://gitlab.com/janispritzkau/mc-status, +https://gitlab.com/octomy/common, +https://gitlab.com/itorre/journal-styles, +https://gitlab.com/octomy/batch, +https://gitlab.com/openflexure/microscope-extensions/camera-stage-mapping, +https://gitlab.com/Mumba/node-config-vault, +https://gitlab.com/PMLefra/pmhttp, +https://gitlab.com/bue/mplexable, +https://gitlab.com/coderscare/localizer_beebox, +https://gitlab.com/lumi/sasl-rs, +https://gitlab.com/CEMRACS17/shapley-effects, +https://gitlab.com/Skelp/protonsynth, +https://gitlab.com/romaricpascal/javastick, +https://gitlab.com/pshw/wakfulib, +https://gitlab.com/mjwhitta/gomk, +https://gitlab.com/Otag/Nesne, +https://gitlab.com/neuralwrappers/nwdata, +https://gitlab.com/rasmusmerzin/paperplane, +https://gitlab.com/marwynnsomridhivej/setuppanel, +https://gitlab.com/openmairie/openmairie-composer-installers, +https://gitlab.com/o-cloud/cwl, +https://gitlab.com/ggpack/logchain-go, +https://gitlab.com/Hares/typing-tools, +https://gitlab.com/andrewlader/go-copy, +https://gitlab.com/dream-Y/cookie-y, +https://gitlab.com/linalinn/webhook-debugger, +https://gitlab.com/eleanorofs/bs-notifications, +https://gitlab.com/splashx/notification-mq-bundle, +https://gitlab.com/altom/altwalker/dotnet-executor, +https://gitlab.com/nathanfaucett/rs-virtual_view_dom, +https://gitlab.com/platrock/platrock, +https://gitlab.com/deliberist/vim4browser, +https://gitlab.com/chrysn/embedded-nal-minimal-coapserver, +https://gitlab.com/jakej230196/trading-infrastructure, +https://gitlab.com/SchoolOrchestration/libs/dj-testreporter, +https://gitlab.com/citygro/vdata, +https://gitlab.com/fton/const-frac, +https://gitlab.com/elioangels/sassy-fibonacciness, +https://gitlab.com/junioalmeida/slim-framework-swagger-json-and-viewer, +https://gitlab.com/avandesa/ichwh-rs, +https://gitlab.com/salaxy/salaxy-lib-core, +https://gitlab.com/pyload/pyload, +https://gitlab.com/renestalder/eleventy-plugin-kirby, +https://gitlab.com/phkiener/swallow.validation, +https://gitlab.com/brekk/ljs2, +https://gitlab.com/mshepherd/scrapy-extensions, +https://gitlab.com/ae-dir/python-aedir, +https://gitlab.com/pythondude325/imgtiger, +https://gitlab.com/noleme/noleme-commons, +https://gitlab.com/nolash/swarm-lowlevel-js, +https://gitlab.com/deltares/skeletonizer, +https://gitlab.com/marsault/cyphsem, +https://gitlab.com/phanda/phanda, +https://gitlab.com/CodeursEnLiberte/gtfs-to-geojson, +https://gitlab.com/div-solutions/div-chat, +https://gitlab.com/smsnotif/smsnotif, +https://gitlab.com/apollo-api/core, +https://gitlab.com/fgebhart/workoutizer, +https://gitlab.com/gnaar/edge, +https://gitlab.com/cocainefarm/julianday, +https://gitlab.com/spearman/fixed-sqrt-rs, +https://gitlab.com/itentialopensource/adapters/itsm-testing/adapter-jira, +https://gitlab.com/grautxo/tpyl, +https://gitlab.com/libvirt/libvirt-go-xml-module, +https://gitlab.com/blurt/blurt-rosetta, +https://gitlab.com/marshall007/enhancements, +https://gitlab.com/ckhurewa/pyroot-zen, +https://gitlab.com/eljoth/tickity, +https://gitlab.com/onikolas/gapbuffer, +https://gitlab.com/abrosimov.a.a/pclog, +https://gitlab.com/lansharkconsulting/django/django3-flatpages-tinymce, +https://gitlab.com/seeklay/MCRP, +https://gitlab.com/ce72/vja, +https://gitlab.com/flywheel-io/flywheel-apps/templates/skeleton, +https://gitlab.com/oliviermialon/wagtailtwbsicons, +https://gitlab.com/bednic/json-api-client-js, +https://gitlab.com/JakobDev/jdReplace, +https://gitlab.com/dupkey/typescript/payload, +https://gitlab.com/ayana/libs/logger-api, +https://gitlab.com/commonground/cg-design-system, +https://gitlab.com/mexus/and-then2, +https://gitlab.com/billow-thunder/easy-route, +https://gitlab.com/evernym/mobile/react-native-evernym-sdk, +https://gitlab.com/stembord/libs/ts-router, +https://gitlab.com/schmidmt/spokes, +https://gitlab.com/krizar/pydelica, +https://gitlab.com/romikus/route-maker.js, +https://gitlab.com/Cyb3r-Jak3/exifreader, +https://gitlab.com/dfmeyer/wagtail_gallery, +https://gitlab.com/hylkedonker/statkit, +https://gitlab.com/arugaz/translate, +https://gitlab.com/costrouc/dftfit, +https://gitlab.com/j3a-solutions/bs-xstream, +https://gitlab.com/crai0/project-foundry, +https://gitlab.com/aj.labarre/happier-server, +https://gitlab.com/henxing/wordle_helper, +https://gitlab.com/kalilinux/packages/responder, +https://gitlab.com/stembord/libs/ts-hash, +https://gitlab.com/kalilinux/packages/nuclei, +https://gitlab.com/openstreetcraft/overpass-api, +https://gitlab.com/news-flash/miniflux_api, +https://gitlab.com/r-iendo/v_escape, +https://gitlab.com/letsgoi/areq, +https://gitlab.com/bhbk/3as8kpsf, +https://gitlab.com/janispritzkau/mc-chat-format, +https://gitlab.com/balasankarc/gemfileparser, +https://gitlab.com/kerkmann/cliblur, +https://gitlab.com/miatel/go/log, +https://gitlab.com/ht-ui-components/automatic-semantic-release, +https://gitlab.com/martimarkov/postgresify, +https://gitlab.com/adralioh/ytdl-server, +https://gitlab.com/dogma-project/dogma-player, +https://gitlab.com/Elypia/converters4deltaspike, +https://gitlab.com/bitnomos/akomando, +https://gitlab.com/nikko.miu/jest-simple-summary, +https://gitlab.com/artegha/create-node-server, +https://gitlab.com/bff/tubular-rs, +https://gitlab.com/kuketo/kuketo, +https://gitlab.com/ID4me/django-allauth-id4me, +https://gitlab.com/jcain/asserts-lr, +https://gitlab.com/hirschenberger/pylon, +https://gitlab.com/DeveloperC/conventional_commits_linter, +https://gitlab.com/morimekta/utils-testing, +https://gitlab.com/biaslab/hd-clustering, +https://gitlab.com/categulario/csvsc, +https://gitlab.com/megabyte-labs/python/ansibler, +https://gitlab.com/imp/httptin, +https://gitlab.com/lirnril/ograc, +https://gitlab.com/systent/dj_auth, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/source-organization/bk-manager/bk-config-service, +https://gitlab.com/openclinical/proformajs-vue, +https://gitlab.com/morganrallen/pos2charmhigh, +https://gitlab.com/atila-ext/atila-vue, +https://gitlab.com/LUI-3/components/icons-fontawesome, +https://gitlab.com/alxrem/html2tg, +https://gitlab.com/MoistSenpai/API_Wrapper, +https://gitlab.com/strum-rb/strum-pipe, +https://gitlab.com/gamesite6/games/fox-in-the-forest, +https://gitlab.com/goldenm-software/open-source-libraries/django-i18n, +https://gitlab.com/nerdcademydev/notes-app, +https://gitlab.com/dleske/mergeconf, +https://gitlab.com/bearrobotics-public/api-client, +https://gitlab.com/gmtjuyn/go/http/request, +https://gitlab.com/mzdrale/ecs-manager, +https://gitlab.com/deftware/homebridge-automate, +https://gitlab.com/efunb/shadow-clone, +https://gitlab.com/scGatewayOS/react-native-smallcase-gateway, +https://gitlab.com/eutampieri/chordcalc, +https://gitlab.com/hsmit/pixelink, +https://gitlab.com/coboxcoop/cli, +https://gitlab.com/nomnomdata/tools/nomnomdata-engine, +https://gitlab.com/jimper/mongo_ftdc, +https://gitlab.com/bertof/sbf-rs, +https://gitlab.com/dockable/dockable, +https://gitlab.com/Baiira/easy-hotkey, +https://gitlab.com/flying-anvil/badge-generator, +https://gitlab.com/a-z/node-declare, +https://gitlab.com/coldevel/react-pure-loadable, +https://gitlab.com/localmed/django-method-override, +https://gitlab.com/liqiangxo/calculator-by-str, +https://gitlab.com/deliberist/xdgenvpy, +https://gitlab.com/rodrigobuas/memocache, +https://gitlab.com/commiebstrd/gssapi-rs, +https://gitlab.com/mlgenetics/jsonschema-pyref, +https://gitlab.com/plopgrizzly/multimedia/afi, +https://gitlab.com/cmick/tensorcore, +https://gitlab.com/pustotnik/zenmake, +https://gitlab.com/michal-bryxi/open-source/ember-safe-button, +https://gitlab.com/kauriid/sspyjose, +https://gitlab.com/emerac/tkinter-sudoku-solver, +https://gitlab.com/FeFB/ionic-calendar-ptbr, +https://gitlab.com/arham.anwar/cordova-plugin-mockchecker, +https://gitlab.com/christoph.fink/python-emojientities, +https://gitlab.com/frier17/django_builder, +https://gitlab.com/mahdiranjbar8/mahdi-picker, +https://gitlab.com/legoktm/semver-checker, +https://gitlab.com/aicacia/ts-state-react, +https://gitlab.com/nfriend/semantic-release-test-project, +https://gitlab.com/dodgyville/pypsxlib, +https://gitlab.com/Elypia/yaml4deltaspike, +https://gitlab.com/fkrull/deploy-ostree, +https://gitlab.com/itentialopensource/adapters/devops-netops/adapter-gitlab, +https://gitlab.com/o5slab/mcore, +https://gitlab.com/manishoo/react-native-olm, +https://gitlab.com/safety-data/cloakroom, +https://gitlab.com/romikus/pg-adapter, +https://gitlab.com/benjamin.andersen/react-packages, +https://gitlab.com/engrave/ledger/hive-ledger-cli, +https://gitlab.com/nesstero/gnpp, +https://gitlab.com/bcharlier/keops, +https://gitlab.com/ngerritsen/sync-task-queue, +https://gitlab.com/lv2/sratom, +https://gitlab.com/suitably-squishy/qspin-engine, +https://gitlab.com/limira-rs/simi-cli, +https://gitlab.com/loers/minicaldav, +https://gitlab.com/dogma-project/dogma-socket.io-api, +https://gitlab.com/leesongun/rust-bnc, +https://gitlab.com/akita/navisim, +https://gitlab.com/Egenskaber/pyserialsensors, +https://gitlab.com/okannen/undo_2, +https://gitlab.com/saltstack/open/docs/sphinx-material-saltstack, +https://gitlab.com/sequoia-pgp/sop-rs, +https://gitlab.com/GuilleW/mock-rest-server, +https://gitlab.com/gluons/prettier-config-gluons, +https://gitlab.com/Jfaibussowitsch/pyhesive, +https://gitlab.com/sat-mtl/tools/scenic/scenic-api, +https://gitlab.com/mwarnerdotme/go-mime, +https://gitlab.com/mushroomlabs/hub20/checkout20, +https://gitlab.com/mycf.sg/lib-ui, +https://gitlab.com/alensiljak/moneymanagerexlib, +https://gitlab.com/am.driver/gosql, +https://gitlab.com/bitbeter/ng4-persian, +https://gitlab.com/scull7/bs-crud-functors, +https://gitlab.com/rmoe/c2log, +https://gitlab.com/leo108/geolite2-db, +https://gitlab.com/sturm/vps-deploy, +https://gitlab.com/kiwi-ninja/werkzeug-graphql, +https://gitlab.com/rubiconbot/RubiconPlugin, +https://gitlab.com/cadyrov/boilerplate, +https://gitlab.com/kschibli/isa-l-rs, +https://gitlab.com/d-e/dx-base, +https://gitlab.com/flywheel-io/public/bids-client, +https://gitlab.com/natade-coco/hub-sdk, +https://gitlab.com/potato-oss/djangae/djangae, +https://gitlab.com/drosalys-web/object-extensions, +https://gitlab.com/demilletech/access-control.rs, +https://gitlab.com/jckimble/golibsignal, +https://gitlab.com/dkx/angular/json-api, +https://gitlab.com/fame-framework/fame-protobuf, +https://gitlab.com/lepe/m2d2, +https://gitlab.com/sol-courtney/python-packages/gituptools, +https://gitlab.com/macklenc/mtnlion, +https://gitlab.com/chinoio-public/chino-java, +https://gitlab.com/ntjess/utilitys, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/scheme-process, +https://gitlab.com/alexandre-perrin1/jenkins-lockable-resources, +https://gitlab.com/hmartinet/django-pfx, +https://gitlab.com/foo-jin/txtar, +https://gitlab.com/ignis-build/ignis-resharper-reporter, +https://gitlab.com/nul.one/tiv, +https://gitlab.com/codibly/public/generator-codibly-ts-library, +https://gitlab.com/bern-rtos/kernel/bern-kernel, +https://gitlab.com/KomBioMol/molywood, +https://gitlab.com/synsense/sinabs-dynapcnn, +https://gitlab.com/gitlab-org/fleeting/nesting, +https://gitlab.com/gmtjuyn/go/crypto/binance, +https://gitlab.com/stembord/libs/ts-location, +https://gitlab.com/kao98/minispec, +https://gitlab.com/elad.noor/optslope, +https://gitlab.com/lgnap/roadbook-creator, +https://gitlab.com/deft-plus/cover-ui, +https://gitlab.com/geometalab/pgsynthdata, +https://gitlab.com/sat-mtl/telepresence/ui-components, +https://gitlab.com/Seirdy/func-analysis, +https://gitlab.com/oceanweb/azuretablestoragecache, +https://gitlab.com/reinis-mazeiks/event_types, +https://gitlab.com/443id/public/443id-cli, +https://gitlab.com/itorre/bandstructure-calculation, +https://gitlab.com/janecekpetr/embedded-postgresql-maven-plugin, +https://gitlab.com/mitya-borodin/rearguard, +https://gitlab.com/Rich-Harris/talk-to-my-agent, +https://gitlab.com/jrobsonchase/async-stdio, +https://gitlab.com/langlois.dev/is-a, +https://gitlab.com/ey_datakalab/json_manager, +https://gitlab.com/gfxlabs/gfximg, +https://gitlab.com/sovnarkom/remak8s, +https://gitlab.com/blazon/psr11-monolog, +https://gitlab.com/dominicp/get-video-mime, +https://gitlab.com/rodrigobuas/fluxios, +https://gitlab.com/design-pattern-application/tov, +https://gitlab.com/biomedit/django-identities, +https://gitlab.com/parrabalh/jwst_fov_plots, +https://gitlab.com/itentialopensource/adapters/cloud/adapter-128technology, +https://gitlab.com/codingms/typo3-public/additional_tca, +https://gitlab.com/ahmed.medhat/unifonic-next-gen, +https://gitlab.com/samurailink3/podcastmaker, +https://gitlab.com/carboncollins-cloud/cicd/gitlab-runner-container, +https://gitlab.com/so_literate/genmock, +https://gitlab.com/radek-sprta/SSLCheck, +https://gitlab.com/Emilv2/pyodstibmivb, +https://gitlab.com/metahkg/metahkg-links, +https://gitlab.com/brotherzone/nodebb-plugin-leech-tool, +https://gitlab.com/gitlab-org/go-mimedb, +https://gitlab.com/portmod/importmod, +https://gitlab.com/geotom/modeltasks, +https://gitlab.com/rockerest/bowwow, +https://gitlab.com/laundmo/rawg-python-wrapper, +https://gitlab.com/ovsinc/errors, +https://gitlab.com/pablodiehl/darkute, +https://gitlab.com/hxss/desktop-notify, +https://gitlab.com/jenx/rectify, +https://gitlab.com/intellisrc/common, +https://gitlab.com/staltz/ssb-cached-about, +https://gitlab.com/shubham.s2/pyqueue-celery-processor, +https://gitlab.com/kimlu/utils-json, +https://gitlab.com/cldy/public/storm, +https://gitlab.com/enlaps-public/web/cloud_queue_worker, +https://gitlab.com/ptapping/trspectrometer, +https://gitlab.com/cdlr75/aio-kraken-ws, +https://gitlab.com/mschlueter/laravel-backend, +https://gitlab.com/itentialopensource/pre-built-automations/error-handling, +https://gitlab.com/fooxly/translations/translations-core, +https://gitlab.com/lunik1/pokerust, +https://gitlab.com/baus/compute-histogram, +https://gitlab.com/johnivore/gitstat, +https://gitlab.com/lucaapp/cwa-event, +https://gitlab.com/dfmeyer/wagtail_podcast, +https://gitlab.com/derlarsen/node-bunny-hole, +https://gitlab.com/cvejic-group/scaespy, +https://gitlab.com/abittner/poissondisksampling, +https://gitlab.com/systent/dj_chart, +https://gitlab.com/alinex/node-server, +https://gitlab.com/passcreator/passcreator.passwordvalidation, +https://gitlab.com/rockerest/eslintrc, +https://gitlab.com/aeonrush/ngx-pathmatcher, +https://gitlab.com/endlessthemes/endless-profile, +https://gitlab.com/ergoithz/lfudacache, +https://gitlab.com/DocVander/odin, +https://gitlab.com/newbranltd/gulp-server-io, +https://gitlab.com/abraxos/click-path, +https://gitlab.com/infinity-interactive/eleventy-plugin-injector, +https://gitlab.com/LUI-3/components/forms-base, +https://gitlab.com/pwoolcoc/rocket-slog-fairing, +https://gitlab.com/bliss-design-system/iconsets, +https://gitlab.com/mjwhitta/log, +https://gitlab.com/mcepl/gg_scraper, +https://gitlab.com/mosaic_group/mosaic_framework/main, +https://gitlab.com/patrickett/newget, +https://gitlab.com/IT-Berater/node-red-contrib-cryptography, +https://gitlab.com/inetmock/inetmock, +https://gitlab.com/dejan/kvdr, +https://gitlab.com/pommalabs/dessert, +https://gitlab.com/eoq/js/eoq2, +https://gitlab.com/hearthero/feh-db-porter, +https://gitlab.com/sensio_group/network-js, +https://gitlab.com/kiwi-ninja/objectql-extensions/objectql-datarm, +https://gitlab.com/gitlab-com/gl-infra/cloudflare-audit, +https://gitlab.com/evatix-go/strhelper, +https://gitlab.com/nkls/memoize-last, +https://gitlab.com/flon-lang/pyflon, +https://gitlab.com/janscholten/veazy, +https://gitlab.com/cybaerfly/apify-robot, +https://gitlab.com/commonshost/configuration, +https://gitlab.com/bugeye/th, +https://gitlab.com/php-extended/php-api-fr-insee-cog-interface, +https://gitlab.com/meesvandongen/kurasu, +https://gitlab.com/janispritzkau/websocket-proxy, +https://gitlab.com/stembord/libs/ts-debounce, +https://gitlab.com/anchal-physics/csdTools, +https://gitlab.com/ccondry/hydra, +https://gitlab.com/sumner/tracktime, +https://gitlab.com/erloom-dot-id/go/echo-go-middleware, +https://gitlab.com/apinephp/legacy-framework, +https://gitlab.com/deliberist/mongo_rest, +https://gitlab.com/orthecreedence/vf, +https://gitlab.com/pretty-angular-components/slide-block-2, +https://gitlab.com/easymov/openapi_generator, +https://gitlab.com/magnus.odman/audentes, +https://gitlab.com/exytech/community/slim-css/slim-core, +https://gitlab.com/fastintegration/fastintegration-interface, +https://gitlab.com/bbrc/xnat/bx, +https://gitlab.com/sophosoft/vue-meta-decorator, +https://gitlab.com/cpteam/libs/strict, +https://gitlab.com/gitlab-org/security-products/analyzers/retire.js, +https://gitlab.com/blazon/psr11-symfony-cache, +https://gitlab.com/nathanfaucett/rs-messenger, +https://gitlab.com/cznic/zappy, +https://gitlab.com/qemu-project/libvfio-user, +https://gitlab.com/jlecomte/projects/python/pylint-codeclimate, +https://gitlab.com/cervoneluca/vue-plugin-arweave, +https://gitlab.com/hetwaterschapshuis/kenniscentrum/tooling/dijkprofile-annotator, +https://gitlab.com/miguelcumpa/django-ubigeo-peru, +https://gitlab.com/amayer5125/galley, +https://gitlab.com/decisionforest/decisionforest-python, +https://gitlab.com/hakkropolis/configstacker, +https://gitlab.com/ek5000/async-job-iterator, +https://gitlab.com/alanxuliang/a1610_learn2map, +https://gitlab.com/gmtjuyn/go/utils/config, +https://gitlab.com/john89/api_open_studio, +https://gitlab.com/mmemmew/rlist, +https://gitlab.com/ruivieira/naive-bayes, +https://gitlab.com/parob/graphql-http-server, +https://gitlab.com/deeva/Night-to-Day-Image-translation, +https://gitlab.com/pushrocks/early, +https://gitlab.com/pwoolcoc/cargo-toml-builder, +https://gitlab.com/kshib/wanda, +https://gitlab.com/ska-telescope/sdi/ska-cicd-makefile, +https://gitlab.com/staltz/pull-backoff, +https://gitlab.com/Kores/junitify, +https://gitlab.com/mgoral/feed-commas, +https://gitlab.com/radiology/infrastructure/study-governor, +https://gitlab.com/nathanfaucett/rs-specs_transform, +https://gitlab.com/codesigntheory/django-rest-mediabrowser, +https://gitlab.com/otimizysistemas/rdstation-laravel, +https://gitlab.com/bzim/owned-alloc, +https://gitlab.com/IonicZoo/eagle-map-component, +https://gitlab.com/reedrichards/org_todo_metrics, +https://gitlab.com/pedro.paiva/ncafs, +https://gitlab.com/LUI-3/components/phone-navbar, +https://gitlab.com/openresources/resourcehub_distribution, +https://gitlab.com/gecko.io/geckoEMF, +https://gitlab.com/jlecomte/projects/flasket, +https://gitlab.com/kamichal/grot, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/bk-management-process, +https://gitlab.com/liontechnyc/stacks/gemini, +https://gitlab.com/mech-lang/examples, +https://gitlab.com/ed0zer-projects/pyfoobar2k, +https://gitlab.com/hashbeam/boltlight, +https://gitlab.com/npm--packages/xlsx2json, +https://gitlab.com/Claytone/vox2obj, +https://gitlab.com/pavul/illusionts, +https://gitlab.com/commonshost/ddns, +https://gitlab.com/infra.run/public/bbb-selenium-exporter, +https://gitlab.com/alinex/node-async, +https://gitlab.com/kori-irrlicht/project-open-monster, +https://gitlab.com/infor-cloud/martian-cloud/tharsis/go-redisstore, +https://gitlab.com/sparkserver/sbrwxmpp, +https://gitlab.com/takluyver/envzigzag, +https://gitlab.com/SaQQ/telerehab, +https://gitlab.com/andrew_ryan/useful_macro, +https://gitlab.com/Deathrage/pragmaticview-loader, +https://gitlab.com/nCrazed/XCOM2-Mod-Synchronizer, +https://gitlab.com/mrvik/loadlify, +https://gitlab.com/quebin31/diffimg-rs, +https://gitlab.com/coopon/reusable-libs/python/msg91-otp, +https://gitlab.com/guedel87/microtest, +https://gitlab.com/gudi89/django_image_sourceset, +https://gitlab.com/ndmspc/react-ndmspc, +https://gitlab.com/mshepherd/no-thanks, +https://gitlab.com/StevenPG/customspringaopannotation, +https://gitlab.com/dirn/doozerify, +https://gitlab.com/RenovoSolutions/rl-data-model, +https://gitlab.com/optiframe/basic-project, +https://gitlab.com/LivoCloud/MT940-Parser, +https://gitlab.com/LUI-3/components/forms-extras, +https://gitlab.com/commonshost/tls-router, +https://gitlab.com/goldenm-software/open-source-libraries/vuetify-datetime-picker, +https://gitlab.com/ErikKalkoken/aa-standingsrequests, +https://gitlab.com/dkreeft/zoek, +https://gitlab.com/IT-Berater/twmavencommandplugin, +https://gitlab.com/stphn/jarida, +https://gitlab.com/git-compose/git-compose, +https://gitlab.com/LUI-3/components/tables, +https://gitlab.com/fboaventura/upytimerobot, +https://gitlab.com/DrPhilEvans/swifttools, +https://gitlab.com/apifie/nodems/node-microservice, +https://gitlab.com/markushx/opentrust, +https://gitlab.com/serial-lab/quartet_output, +https://gitlab.com/L0gIn/git-npm-version-checker, +https://gitlab.com/phalcony/phalcony, +https://gitlab.com/MaxIV/lib-maxiv-svgsynoptic, +https://gitlab.com/cs2go/cs2go-graphics, +https://gitlab.com/kornelski/exclude_from_backups, +https://gitlab.com/artdeco/envariable, +https://gitlab.com/FHI-aims-club/utilities/clims, +https://gitlab.com/nuget-packages/image-orchestrator, +https://gitlab.com/junquera/c-lock, +https://gitlab.com/peachtree-analytics/websockets, +https://gitlab.com/nathanfaucett/rs-number_traits, +https://gitlab.com/polymer-kb/firmware/cortex-m-async, +https://gitlab.com/gamesite6/games/liars-dice, +https://gitlab.com/LUI-3/components/pagebars, +https://gitlab.com/gmtjuyn/go/crypto/p2pb2b, +https://gitlab.com/autokent/extract-email, +https://gitlab.com/scion-scxml/sciblog, +https://gitlab.com/diamondburned/arikawa, +https://gitlab.com/gamesite6/games/the-resistance, +https://gitlab.com/olroma123/youtube-grabber-nodejs, +https://gitlab.com/cinc-project/upstream/chef-workstation, +https://gitlab.com/Native-Coder/d3-react-component, +https://gitlab.com/gmtjuyn/go/utils/civil, +https://gitlab.com/slovell/google-hangout-webhook, +https://gitlab.com/MrHeliX/star-rating-calculator, +https://gitlab.com/knarkzel/procedural-generation, +https://gitlab.com/ccondry/cucm-ris, +https://gitlab.com/nerones/pdf-signature, +https://gitlab.com/nscau/nscau, +https://gitlab.com/monocycle/monocycle, +https://gitlab.com/hzc27180129/tp-hprose-swoole, +https://gitlab.com/machine-learning-helpers/model_quality_report, +https://gitlab.com/harpya/config-manager, +https://gitlab.com/aduard.kononov/strify, +https://gitlab.com/shiftlesscode/flask-view-counter, +https://gitlab.com/mkleehammer/runtasks, +https://gitlab.com/fwiwDev/pdf-extraction, +https://gitlab.com/gaia-x/data-infrastructure-federation-services/orc/lcm-service/terraform-lcm-service-api, +https://gitlab.com/Anvoker/NUnit.FixtureDependent, +https://gitlab.com/ManfredTremmel/gwt-commons-validator, +https://gitlab.com/oss10/math-utilities, +https://gitlab.com/cerebralpower/Variance, +https://gitlab.com/bath_open_instrumentation_group/git-building, +https://gitlab.com/hoogie/nestjs-redis-streams-transport, +https://gitlab.com/lebrun.noe/instagram-filters, +https://gitlab.com/eas-framework/eas-framework, +https://gitlab.com/IT-Berater/node-red-contrib-cryptography-address-check, +https://gitlab.com/maxpolun/salmo, +https://gitlab.com/eval/pipeclient, +https://gitlab.com/heingroup/vapourtec, +https://gitlab.com/prince_bett/deckster, +https://gitlab.com/distributed_lab/ape, +https://gitlab.com/emlalock/api, +https://gitlab.com/l3178/sdk-go, +https://gitlab.com/festo-research/electric-automation/festo-edcon, +https://gitlab.com/bostonwalker/requezts, +https://gitlab.com/djbaldey/django-textrank, +https://gitlab.com/offis.energy/mosaik/mosaik.scenario-tools, +https://gitlab.com/Dominik1123/madplot, +https://gitlab.com/stavros/assault-and-battery, +https://gitlab.com/renatoaurefer/kmlwriter, +https://gitlab.com/not-good-igor/uniform.py, +https://gitlab.com/ccondry/cuic-ui-client, +https://gitlab.com/ovsinc/memory-rate-limits, +https://gitlab.com/mnsig/mnsig-client-js, +https://gitlab.com/mathadvance/mapm/cli, +https://gitlab.com/lucaapp/web-eudgc, +https://gitlab.com/d3sker/desker, +https://gitlab.com/b0661/cogeno, +https://gitlab.com/pleasantone/intelurls, +https://gitlab.com/liguros/ego, +https://gitlab.com/dmfay/rhizo, +https://gitlab.com/gmtjuyn/go/utils/amount, +https://gitlab.com/eh5/libldac, +https://gitlab.com/flowolf/yessssms, +https://gitlab.com/crossref/citation_style_classifier, +https://gitlab.com/gamesite6/games/love-letter, +https://gitlab.com/ellipsenpark/vom.rs, +https://gitlab.com/stembord/libs/ts-memoize, +https://gitlab.com/0xCCF4/expkit, +https://gitlab.com/dbash-public/de-identify-sql, +https://gitlab.com/cn-ds/moz-readability-node, +https://gitlab.com/jerplab/xml-stream-js, +https://gitlab.com/point1304/serverless-psycopg2, +https://gitlab.com/sehnem/pynmet, +https://gitlab.com/Lucidiot/pylspci, +https://gitlab.com/obenyaish/react-filter-builder-input, +https://gitlab.com/kabaretstudio/kabaret.ingrid, +https://gitlab.com/diamondburned/tview-sixel, +https://gitlab.com/acbarrigon/qocttools, +https://gitlab.com/inklabapp/pyprocreate, +https://gitlab.com/andr1i/submerger, +https://gitlab.com/ndmspc/react-eos, +https://gitlab.com/axet/android-lame, +https://gitlab.com/rust-algorithms/modular, +https://gitlab.com/mech-lang/docs, +https://gitlab.com/mac_doggie/currency-converter, +https://gitlab.com/seangenabe/apkg, +https://gitlab.com/exotec/questionaire, +https://gitlab.com/harudagondi/alg-grid, +https://gitlab.com/optiframe/service, +https://gitlab.com/kurdy/sha3sum, +https://gitlab.com/Akm0d/idem-salt, +https://gitlab.com/joshwillik/docker-ssh, +https://gitlab.com/flameit-os/go-owfs, +https://gitlab.com/solarliner/django-populate, +https://gitlab.com/ekinox-io/ekinox-libraries/pilotis-io, +https://gitlab.com/silwol/terender, +https://gitlab.com/mrvik/mdns-proxy, +https://gitlab.com/mikeramsey/gitjirabot, +https://gitlab.com/kaliticspackages/gedbundle, +https://gitlab.com/jtl-software/jtl-fulfillment/api-sdk, +https://gitlab.com/durko/flake8-pyprojecttoml, +https://gitlab.com/qbjs_deserializer/json_to_qbjs_converter, +https://gitlab.com/MaxSchambach/mdbh, +https://gitlab.com/bmwinger/roundtripini, +https://gitlab.com/ggiesen/salt-ext-bitwarden, +https://gitlab.com/Otag/O.Disk, +https://gitlab.com/beelzy/mithril-dnd, +https://gitlab.com/pegn/spec, +https://gitlab.com/drb-python/impl/aws3, +https://gitlab.com/remcohaszing/gitlab-artifact-report, +https://gitlab.com/saltstack/pop/pyls-pop, +https://gitlab.com/SunyataZero/website-generator, +https://gitlab.com/psynet.me/php-struct, +https://gitlab.com/risserlabs/nestjs/prisma-generator-nestjs-dto, +https://gitlab.com/aepsil0n/orq, +https://gitlab.com/o-cloud/catalog, +https://gitlab.com/blocksq/secretd-client-go, +https://gitlab.com/programaker-project/bridges/programaker-python-lib, +https://gitlab.com/scherand/woohoo-pdns-gui, +https://gitlab.com/serkurnikov/paint, +https://gitlab.com/jussiarpalahti/getup, +https://gitlab.com/a-novel/go-tools/anvil, +https://gitlab.com/redfield/netctl, +https://gitlab.com/diffy0712/openapi-ts-sync, +https://gitlab.com/keychest/whois-alt-for-python, +https://gitlab.com/eyeres/eoglib, +https://gitlab.com/postmarketOS/gnss-share, +https://gitlab.com/kooki/kooki, +https://gitlab.com/lae/java-stack-source, +https://gitlab.com/cznic/fsm, +https://gitlab.com/chris.oleary/pyautoai, +https://gitlab.com/gemseo/dev/gemseo-petsc, +https://gitlab.com/mediasoep/gutenberg-blocks, +https://gitlab.com/jcain/paths-tg, +https://gitlab.com/holgerk/pdo-replay, +https://gitlab.com/michaelbarton/gaet, +https://gitlab.com/sjsone/node-mvv-api, +https://gitlab.com/jdesodt/easy-log-watcher, +https://gitlab.com/mnn/uncertain, +https://gitlab.com/straighter/klot, +https://gitlab.com/eratosthene/kmpc, +https://gitlab.com/geoip.network/cidr_bottle, +https://gitlab.com/Claytone/voxypy, +https://gitlab.com/nathanfaucett/rs-executable_memory, +https://gitlab.com/soluvas/soluvas-oss, +https://gitlab.com/programando-libreros/herramientas/hackpublishing, +https://gitlab.com/DominoTree/rs-ipfix, +https://gitlab.com/natade-coco/jpqr, +https://gitlab.com/carpentumpublic/sdk/payment-java, +https://gitlab.com/determinant/mxpassfile, +https://gitlab.com/grauwoelfchen/fourche, +https://gitlab.com/gmtjuyn/go/utils/epoch, +https://gitlab.com/cw-andrews/pc-backup, +https://gitlab.com/onprint_public/sdk-light-js, +https://gitlab.com/faulesocke/inwx-rs, +https://gitlab.com/modweb/redux-first-router-page, +https://gitlab.com/staltz/xstream-drop-repeats-by-keys, +https://gitlab.com/restomax-public/restomax-metadata, +https://gitlab.com/biehl/jscatter, +https://gitlab.com/ergoithz/unicategories, +https://gitlab.com/brd.com/partner-connector, +https://gitlab.com/aicacia/ts-hash, +https://gitlab.com/eventopist/cellar, +https://gitlab.com/sowebdev/battleship-game, +https://gitlab.com/qiaboujaoude/p4k-api, +https://gitlab.com/sleoh/delaunay-triangulation, +https://gitlab.com/confget/confget, +https://gitlab.com/david.scheliga/trashpanda, +https://gitlab.com/oyvindwe/jgit-flow, +https://gitlab.com/sumnerh1/pyparagraph, +https://gitlab.com/AlvarBer/kolore, +https://gitlab.com/coala/coala-bear-management, +https://gitlab.com/odooist/asterisk-calls-agent, +https://gitlab.com/SunyataZero/kammanta, +https://gitlab.com/drutopia/drutopia_dev_template, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/scheme-manager/scheme-process, +https://gitlab.com/nathanfaucett/rs-cast_trait, +https://gitlab.com/mc/foncy-nonce, +https://gitlab.com/jacabello/dpivsoft_python, +https://gitlab.com/iamawacko/palestine-memorial-rs, +https://gitlab.com/kornelski/evalchroma, +https://gitlab.com/ixl/tsneko, +https://gitlab.com/mjwhitta/obfs, +https://gitlab.com/g955/client, +https://gitlab.com/daktak/pebble-phone-batt-bar, +https://gitlab.com/aicacia/ts-state, +https://gitlab.com/garbee/medialibrary, +https://gitlab.com/cznic/gc, +https://gitlab.com/strictly/core, +https://gitlab.com/kurisuchan/advent-of-code-2019, +https://gitlab.com/kalilinux/packages/certgraph, +https://gitlab.com/heyAzhar/pincode-lookup-india, +https://gitlab.com/monaxon/dextractor, +https://gitlab.com/kevstewa/pymetrc, +https://gitlab.com/openstreetcraft/wms, +https://gitlab.com/onlime/roundcube-plugins/jwt-sso, +https://gitlab.com/gustavhaglandproject/gustav-page, +https://gitlab.com/prysmo/hello-prysmo, +https://gitlab.com/mglinski/laravel-crowd-auth, +https://gitlab.com/MiladK/verifiera.js, +https://gitlab.com/maternusherold/mvg-command-line-departure-monitor, +https://gitlab.com/miicat/refi, +https://gitlab.com/beenje/gidgetlab-kit, +https://gitlab.com/bbmsoft.net/iocfx, +https://gitlab.com/selfagency/typa, +https://gitlab.com/flywheel-io/tools/lib/fw-file, +https://gitlab.com/LUI-3/components/base, +https://gitlab.com/matclab/automattermostatus, +https://gitlab.com/bbworld1/trollformatter, +https://gitlab.com/devluke/hypnosdb, +https://gitlab.com/binarmorker/magic-mouth, +https://gitlab.com/mavpoint/gomavproxy, +https://gitlab.com/openrail/uk/referencedata-nodejs, +https://gitlab.com/philbooth/uaparser-rs, +https://gitlab.com/MAXIV-SCISW/JUPYTERHUB/jnbv, +https://gitlab.com/cerfacs/opentea3, +https://gitlab.com/personal-server-community/newebe, +https://gitlab.com/noleme/noleme-amaebi, +https://gitlab.com/Elypia/retropia, +https://gitlab.com/nlulic/jira-track, +https://gitlab.com/nikkofox/vk-wall-cleaner, +https://gitlab.com/Milka64/netbox-fusioninventory-plugin, +https://gitlab.com/halfmanhalfdonut/node-api-starter, +https://gitlab.com/bach.jetzt/next-bach-cantata, +https://gitlab.com/SpaceTrucker/modular-spring-contexts, +https://gitlab.com/apitheory/swagger-microservice-example-mock, +https://gitlab.com/d-e/dx-punch, +https://gitlab.com/cherrypulp/libraries/js-i18n, +https://gitlab.com/picter/frontier, +https://gitlab.com/favoritemedium-oss/stylelint-config-favoritemedium, +https://gitlab.com/abivia/configurable, +https://gitlab.com/contextualcode/ezplatform-aws-s3-adapter, +https://gitlab.com/news-flash/fever_api, +https://gitlab.com/aicacia/ts-memoize, +https://gitlab.com/4geit/angular/ngx-search-bar-component, +https://gitlab.com/Humanfork/springwebextension, +https://gitlab.com/bdfx-public/mergado-ui-kit, +https://gitlab.com/co-stack.com/co-stack.com/php-packages/lib, +https://gitlab.com/nobodyinperson/python3-numericalmodel, +https://gitlab.com/gamesite6/games/tichu, +https://gitlab.com/johnwebbcole/jscad-utils, +https://gitlab.com/Reivax/split_file_reader, +https://gitlab.com/NathanHand/expressui5, +https://gitlab.com/ongresinc/stringprep, +https://gitlab.com/holllo/opml-rs, +https://gitlab.com/enlaps-public/web/rabbitmq-worker, +https://gitlab.com/defcronyke/hob, +https://gitlab.com/shindagger/python-tfvars, +https://gitlab.com/chrysn/sealingslice, +https://gitlab.com/praegus/toolchain-fixtures/toolchain-fixtures, +https://gitlab.com/axet/android-djvulibre, +https://gitlab.com/gamesite6/games/no-thanks, +https://gitlab.com/kuenstler/yayi-rs, +https://gitlab.com/IonicZoo/pigeon-restful-provider, +https://gitlab.com/adynemo/maintenance-bundle, +https://gitlab.com/gitlab-org/security-products/tests/go-modules, +https://gitlab.com/link2xt/pwsafe-rs, +https://gitlab.com/pineiden/gus, +https://gitlab.com/gitlab-org/frontend/nuxt-edit-this-page, +https://gitlab.com/serphacker/webace, +https://gitlab.com/Hares-Lab/libraries/functional-python, +https://gitlab.com/kiwi-ninja/objectql, +https://gitlab.com/binero/android-bootimage, +https://gitlab.com/daveseidman/broadcast-desktop, +https://gitlab.com/artur.jablonski.pl/async-imap-client, +https://gitlab.com/bubblecode/DynamicCreateElement, +https://gitlab.com/cmdjulian/mopy, +https://gitlab.com/semkodev/nelson.gui, +https://gitlab.com/acromedia/mock-moodle, +https://gitlab.com/aicacia/ts-config-bundler, +https://gitlab.com/nebneb0703/bombs, +https://gitlab.com/jefvanhoyweghen/ng-parse, +https://gitlab.com/bvobart/mllint, +https://gitlab.com/drewlab/pdf-data-parser, +https://gitlab.com/mexus/take-some-rs, +https://gitlab.com/morimekta/utils-config, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-integration-rs, +https://gitlab.com/ptapping/andor3, +https://gitlab.com/sarys.inc/rose-framework, +https://gitlab.com/ggpack/monkey, +https://gitlab.com/pantacor/pvr, +https://gitlab.com/scion-scxml/vscode-preview, +https://gitlab.com/finwo/ws-rc4, +https://gitlab.com/pipocavsobake/shakal, +https://gitlab.com/protocol-octopus/backend/smart-contracts, +https://gitlab.com/mech-lang/wasm, +https://gitlab.com/autokent/email-syntax-check, +https://gitlab.com/gcdtech/morse, +https://gitlab.com/elika-projects/elika, +https://gitlab.com/nanlabs/rest-lib, +https://gitlab.com/rakshazi/mitufe, +https://gitlab.com/cocainefarm/gtree, +https://gitlab.com/loxosceles/configkeeper, +https://gitlab.com/nolith/lndfeesmanager, +https://gitlab.com/kholboevdostonbek/examplemicro, +https://gitlab.com/griest/generator-griest, +https://gitlab.com/4nd3rs0n/q, +https://gitlab.com/ludo444/aggregationbuilderpaginationbundle, +https://gitlab.com/nightlycommit/diderot, +https://gitlab.com/jfolz/augpy, +https://gitlab.com/jfaixo/cargo-merge, +https://gitlab.com/nexylan/svelty, +https://gitlab.com/justin_lehnen/zsim-cli, +https://gitlab.com/srfilipek/ftweet, +https://gitlab.com/FirstTerraner/vps, +https://gitlab.com/elioangels/sinsay, +https://gitlab.com/appsemble/mini-jsx, +https://gitlab.com/openstapps/core-tools, +https://gitlab.com/imageoptim/cocoa-image, +https://gitlab.com/proscom/react-uploadzone, +https://gitlab.com/ryanobeirne/holiday, +https://gitlab.com/abre/lorikeet, +https://gitlab.com/liguros/merge-scripts, +https://gitlab.com/t9973/the-trivia-api, +https://gitlab.com/hitchy/core, +https://gitlab.com/IT-Berater/twhackssl, +https://gitlab.com/haynes/orika-spring-boot-starter, +https://gitlab.com/Rich-Harris/reorder-topojson, +https://gitlab.com/lego_engineer/dst-server-deploy, +https://gitlab.com/biberklatsche/gitlabtimespend, +https://gitlab.com/empaia/services/workbench-service, +https://gitlab.com/seanchamberlain/long-drop, +https://gitlab.com/opennota/paste, +https://gitlab.com/kalatchev/arenal-client, +https://gitlab.com/helgihaf/CommandLineParser, +https://gitlab.com/glts/spamassassin-milter, +https://gitlab.com/stembord/libs/ts-state-forms, +https://gitlab.com/freect/freect, +https://gitlab.com/stanislavhacker/devlink, +https://gitlab.com/pararam-public/py-pararamio, +https://gitlab.com/kriegvk/kriegbot, +https://gitlab.com/opennota/phash, +https://gitlab.com/functio/functio, +https://gitlab.com/expressive-py/expressive, +https://gitlab.com/milkok/typeatlas, +https://gitlab.com/Catharsium/Catharsium.Util, +https://gitlab.com/node-packages-kirin/cyanprint, +https://gitlab.com/henry0475/components, +https://gitlab.com/romch007/duplicate-requests, +https://gitlab.com/bbmsoft.net/prand, +https://gitlab.com/disappointment-industries/ingatlan-scraper, +https://gitlab.com/paulkiddle/signed-fetch, +https://gitlab.com/aicacia/ts-string-fuzzy_equals, +https://gitlab.com/cstranex/alicorn-sqlalchemy, +https://gitlab.com/oscar6echo/ezdashboard, +https://gitlab.com/mf42/kea3, +https://gitlab.com/stone.code/assert, +https://gitlab.com/linuxfreak003/ballistic, +https://gitlab.com/efronlicht/estd, +https://gitlab.com/stembord/libs/ts-string-fuzzy_equals, +https://gitlab.com/kada-development/gatsby-source-facebook, +https://gitlab.com/JakobDev/minecraft-launcher-cmd, +https://gitlab.com/javawcy/rpc-client, +https://gitlab.com/jlecomte/projects/pycov-convert-relative-filenames, +https://gitlab.com/marsattak-studio-game/catana, +https://gitlab.com/dameon.andersen/cstriggers, +https://gitlab.com/morimekta/tiny-server, +https://gitlab.com/aew/repubmqtt, +https://gitlab.com/skitai/aquests, +https://gitlab.com/grauwoelfchen/overlap, +https://gitlab.com/msts-public/general/gomods, +https://gitlab.com/mpapp-public/manuscripts-json-schema-utils, +https://gitlab.com/mburkard/case-switcher, +https://gitlab.com/Jaumo/pyavro-gen, +https://gitlab.com/mshepherd/flamme-rouge, +https://gitlab.com/cznic/qbe, +https://gitlab.com/eugene.a.kazakov/id4me-rp-client-php, +https://gitlab.com/janslow/gitlab-swagger-client, +https://gitlab.com/ckoliber/KAuth, +https://gitlab.com/cmdjulian/pydockerfile, +https://gitlab.com/heingroup/sielc_dompser, +https://gitlab.com/nicolas.hainaux/cotinga, +https://gitlab.com/cjmatthy200/InternetOfUtilities, +https://gitlab.com/lighthouseit/packages/ignite-burnout, +https://gitlab.com/cznic/pcre2, +https://gitlab.com/jamietanna/spring-content-negotiator, +https://gitlab.com/simont3/hcptool, +https://gitlab.com/EdgarYepez/MultidimLib, +https://gitlab.com/evatix-go/core, +https://gitlab.com/cznic/ebnfutil, +https://gitlab.com/jacobrask/use-fullscreen, +https://gitlab.com/acetylene/acetylene-parser, +https://gitlab.com/MVMC-lab/hervor/asaloader, +https://gitlab.com/a/garfetch, +https://gitlab.com/ecruzolivera/yagenerator, +https://gitlab.com/acanto/framework, +https://gitlab.com/itentialopensource/adapters/cloud/adapter-docker, +https://gitlab.com/gherman/No.Comparers, +https://gitlab.com/jitesoft/open-source/php/validator, +https://gitlab.com/joelerego/ranger, +https://gitlab.com/scion-scxml/schviz, +https://gitlab.com/logius/cloud-native-overheid/tools/vcloud-cli, +https://gitlab.com/cervoneluca/vue-plugin-web3-providers, +https://gitlab.com/aloha68/django-static-markdown-blog, +https://gitlab.com/ftmazzone/bme680, +https://gitlab.com/lgwilliams/freesia, +https://gitlab.com/kesslerdev/kore-platform, +https://gitlab.com/Loicvh/quadproj, +https://gitlab.com/pfaffenrodt/authenticator, +https://gitlab.com/aicacia/ts-core, +https://gitlab.com/mech-lang/utilities, +https://gitlab.com/kermit-js/kermit-bunyan, +https://gitlab.com/parcifal/flask-security-txt, +https://gitlab.com/lgnap/a-gpx-fp, +https://gitlab.com/itentialopensource/adapters/cloud/adapter-aws_s3, +https://gitlab.com/aplus-framework/libraries/testing, +https://gitlab.com/oer/cs/functional-dependencies, +https://gitlab.com/stembord/libs/ts-config-bundler, +https://gitlab.com/jenue/grumphp-drupal, +https://gitlab.com/nul.one/markdown-rundoc, +https://gitlab.com/iamawacko/oniongen-rs, +https://gitlab.com/ds-go/data, +https://gitlab.com/jcarr0/singleton-trait, +https://gitlab.com/michael-johnson/git-me-hooked, +https://gitlab.com/gitm8/npmpty, +https://gitlab.com/devsdmf/instagram-php, +https://gitlab.com/dannosaur/django-dynamic-form-fields, +https://gitlab.com/rdoyle/sharemux, +https://gitlab.com/geoflector/geoflector, +https://gitlab.com/jaywink/federation, +https://gitlab.com/rbertoncelj/wildfly-singleton-service, +https://gitlab.com/nhiennn/packages_translates, +https://gitlab.com/burke-software/passit-typescript-sdk, +https://gitlab.com/lostleonardo/podcat, +https://gitlab.com/ptoner/space-mvc, +https://gitlab.com/HDegroote/hyperpubee-relay, +https://gitlab.com/gennesis.io/apocalipse, +https://gitlab.com/qtb-hhu/modelbase-software, +https://gitlab.com/adralioh/rtorrent-migrate, +https://gitlab.com/cppnet/nodebb/nodebb-plugin-user-badges, +https://gitlab.com/goreleaser/example, +https://gitlab.com/russofrancesco/sourcemerger, +https://gitlab.com/porto/vue-flex-layout, +https://gitlab.com/mergetb/python-client, +https://gitlab.com/distributed_lab/kit, +https://gitlab.com/kmbilly/type-graphql-query, +https://gitlab.com/devallama/use-carousel-hook, +https://gitlab.com/asp-devteam/laravel-repository, +https://gitlab.com/btpoe/react-carousel, +https://gitlab.com/guoyunhe/fetch-instagram-photos, +https://gitlab.com/go-emat/emat-kit, +https://gitlab.com/claudiomattera/rinfluxdb, +https://gitlab.com/adanilin/kazooapi-common, +https://gitlab.com/romikus/porm, +https://gitlab.com/pgrangeiro/python-coinmarketcap-client, +https://gitlab.com/devbit/dingjs, +https://gitlab.com/dsferruzza/sorry-im-off-today, +https://gitlab.com/gitlab-org/golang-cli-helpers, +https://gitlab.com/JakobDev/jdSimpleAutostart, +https://gitlab.com/dgriffen/windows-named-pipe, +https://gitlab.com/dnsheng/KomiDL, +https://gitlab.com/deseretbook/packages/solidus-sdk, +https://gitlab.com/netzlab/maicos, +https://gitlab.com/ledgit/bitcoin-node-monitor, +https://gitlab.com/Mumba/node-vault, +https://gitlab.com/placcd/tdxapi, +https://gitlab.com/aicacia/ts-debounce, +https://gitlab.com/pdobrovolny/quantity, +https://gitlab.com/itentialopensource/adapters/cloud/adapter-azure_aks, +https://gitlab.com/a3nm/frhyme, +https://gitlab.com/prefeituradeavare/envswitch, +https://gitlab.com/cznic/parser, +https://gitlab.com/pyda-group/spicypy, +https://gitlab.com/pgerber/zbase32-rust, +https://gitlab.com/jockel/config-env-parser, +https://gitlab.com/mozgurbayhan/simplejsonobject, +https://gitlab.com/dogma-project/dogma-core, +https://gitlab.com/porto/vue-jedi, +https://gitlab.com/crates.rs/lazyonce, +https://gitlab.com/deliberist/raspi-1wire-temp, +https://gitlab.com/cedrickrause/cmn-tls, +https://gitlab.com/drj11/pypng, +https://gitlab.com/rjmunhoz/expresso, +https://gitlab.com/kyb/autorsync, +https://gitlab.com/odetech/odecloud, +https://gitlab.com/caedes/workspace, +https://gitlab.com/screeps-domina/domina, +https://gitlab.com/rocket-boosters/a-ok, +https://gitlab.com/GeneralProtocols/eslint-config, +https://gitlab.com/aercloud-systems/music-lounge, +https://gitlab.com/oniqlab/capacitor-plugin-geocoder, +https://gitlab.com/cppnet/nodebb/nodebb-plugin-ban-privileges, +https://gitlab.com/romaaeterna/vocball, +https://gitlab.com/Sabati/goban, +https://gitlab.com/evantaylor/miprobe, +https://gitlab.com/contextualcode/ezplatform-richtext-template-extension, +https://gitlab.com/brekk/snang, +https://gitlab.com/clavem/clavem.gitlab.io, +https://gitlab.com/cdaringe/react-scripts-webpack-config-editor, +https://gitlab.com/jdouglass1/hotwireturbo, +https://gitlab.com/rytone/reflow, +https://gitlab.com/chrisspen/django-admin-steroids, +https://gitlab.com/non-creative-team/telegram-bot-api, +https://gitlab.com/dropsolid/unomi-sdk-php, +https://gitlab.com/necheffa/nsddyn, +https://gitlab.com/stembord/libs/ts-locales-bundler, +https://gitlab.com/haendlerbund/legal-text-api-connector, +https://gitlab.com/ribtoks/gitlab-tdg, +https://gitlab.com/elyez/meitrack, +https://gitlab.com/daamien/pandoc-extract-code, +https://gitlab.com/enriquepablo/modus_ponens, +https://gitlab.com/brycedorn/react-intense, +https://gitlab.com/rarifytech/ui-kit, +https://gitlab.com/systent/dj_dashboard, +https://gitlab.com/mycf.sg/authorization-scope, +https://gitlab.com/artdeco/clearr, +https://gitlab.com/klamonte/binarytelnet, +https://gitlab.com/ckhurewa/qhist, +https://gitlab.com/cblau/mdpeditor, +https://gitlab.com/finally-a-fast/fafcms-core, +https://gitlab.com/smallstack/infrastructure/wc-serve-cli, +https://gitlab.com/mergetb/api, +https://gitlab.com/guichet-entreprises.fr/tools/repo-tools, +https://gitlab.com/ae-dir/slapdcheck, +https://gitlab.com/PONCtech/meander, +https://gitlab.com/purpleteam-labs/purpleteam-logger, +https://gitlab.com/hashbeam/blitskrieg, +https://gitlab.com/gladykov/crowdlaw, +https://gitlab.com/restomax-public/restomax-deliverect, +https://gitlab.com/scotttrinh/number-ranges, +https://gitlab.com/ssofos/polypass, +https://gitlab.com/mshepherd/pytility, +https://gitlab.com/serg.masyutin/python-pptx-templating, +https://gitlab.com/spirited/portals, +https://gitlab.com/IonicZoo/chameleon-mask-directive, +https://gitlab.com/bidetaggle/bitstamp-player, +https://gitlab.com/hegdevinayi/kelpie, +https://gitlab.com/ethan.reesor/vscode-notebooks/go-playbooks, +https://gitlab.com/dashers/public/breakpoint-helper, +https://gitlab.com/ErikKalkoken/aa-standingssync, +https://gitlab.com/AegisFramework/Artemis, +https://gitlab.com/domatskiy/beeline-cloud-pbx, +https://gitlab.com/gaper-private/openjvs, +https://gitlab.com/gamechaingers/influence-api, +https://gitlab.com/le7el/build/crs, +https://gitlab.com/openteams/scrud-nuxt, +https://gitlab.com/khangtoh/fb-messenger-api, +https://gitlab.com/muhannad_alrusayni/khalas, +https://gitlab.com/lifemakers/meetpoint, +https://gitlab.com/Pixel-Mqster/appmaker, +https://gitlab.com/cleaninsights/clean-insights-python-sdk, +https://gitlab.com/Plogbilen/felcius, +https://gitlab.com/nightlycommit/vadilate, +https://gitlab.com/awesome-nodes/build-system, +https://gitlab.com/newebtime/pyrocms/repeatering-field_type, +https://gitlab.com/ledgit/krabber, +https://gitlab.com/computationalmaterials/dragonfruit, +https://gitlab.com/csu-tda/PersistenceImages, +https://gitlab.com/gallaecio/versiontracker, +https://gitlab.com/jamgo/jamgo-framework, +https://gitlab.com/garrog/rap, +https://gitlab.com/alinex/node-datastore, +https://gitlab.com/nathanfaucett/rs-specs_messenger, +https://gitlab.com/gennesis.io/basic, +https://gitlab.com/staltz/secret-stack-decorators, +https://gitlab.com/markok314/glucograph, +https://gitlab.com/hipdevteam/locations, +https://gitlab.com/balping/laravel-blade-function, +https://gitlab.com/larsyunker/unithandler, +https://gitlab.com/biffen/go-applause, +https://gitlab.com/gitlab-org/security-products/analyzers/template, +https://gitlab.com/cholmcc/hepdata, +https://gitlab.com/amorozov/decimate, +https://gitlab.com/mhuber84/randomizer, +https://gitlab.com/age-of-minds/aom-framework, +https://gitlab.com/binero/mpw, +https://gitlab.com/fuzzy-ai/web, +https://gitlab.com/strwrite/seed-icons, +https://gitlab.com/eddarmitage/photo-import, +https://gitlab.com/sensio_group/network-js-sdk, +https://gitlab.com/lemmsoft-public/docker-windows-detect-changes, +https://gitlab.com/frissdiegurke/ns-matcher, +https://gitlab.com/accu-trade/django-view-tracking, +https://gitlab.com/commonshost/manifest, +https://gitlab.com/itentialopensource/pre-built-automations/nso-device-onboarding, +https://gitlab.com/djencks/asciidoctor-highlight.js-build-time, +https://gitlab.com/iam-cms/workflows/extra-nodes/elabapy-cli, +https://gitlab.com/avalonparton/opendota2py, +https://gitlab.com/christoph.fink/wolkenbruch, +https://gitlab.com/davricha/softspot, +https://gitlab.com/jimsy/wag, +https://gitlab.com/BlackIQ/payamsms-sms, +https://gitlab.com/itentialopensource/adapters/devops-netops/adapter-ansible_tower, +https://gitlab.com/byron-framework/cli, +https://gitlab.com/kdvkrs/worksheet_grading, +https://gitlab.com/mech-lang/program, +https://gitlab.com/mbarkhau/sbk, +https://gitlab.com/mechaxl/lsystems, +https://gitlab.com/aalto-smartcom/dcc-api, +https://gitlab.com/gear54/go-skype, +https://gitlab.com/nolim1t/nodebackup, +https://gitlab.com/_doomy/commune, +https://gitlab.com/alda78/scanimage-webui, +https://gitlab.com/metahkg/rlp-proxy-rewrite, +https://gitlab.com/etke.cc/emm, +https://gitlab.com/bliss-design-system/tokens, +https://gitlab.com/prochac.dataddo/headless-go, +https://gitlab.com/mutaimwiti/rbactl, +https://gitlab.com/d_/dlc-gui, +https://gitlab.com/noleme/noleme-store, +https://gitlab.com/heartbeatgmbh/foss/loris, +https://gitlab.com/lsmoura/base36, +https://gitlab.com/codingms/typo3-public/view_statistics, +https://gitlab.com/cznic/pcre, +https://gitlab.com/gitlab-org/vulnerability-research/foss/semver_dialects, +https://gitlab.com/aa900031/vue-perfect-list, +https://gitlab.com/sat-polsl/gcs/gcs-cli, +https://gitlab.com/lightning-signer/serde-bolt, +https://gitlab.com/jernejz5/node-akamai-orchestrator, +https://gitlab.com/kjschiroo/horkos, +https://gitlab.com/jspiers/videoframes, +https://gitlab.com/crosscone/lib/tgbot, +https://gitlab.com/staltz/estimate-progress, +https://gitlab.com/openstapps/core, +https://gitlab.com/domatskiy/bitrix24, +https://gitlab.com/arabesque/core, +https://gitlab.com/elika-projects/elika.core, +https://gitlab.com/meaningfuldata/commitlint-config, +https://gitlab.com/revesansparole/glabpkg, +https://gitlab.com/moorepants/skijumpdesign, +https://gitlab.com/GCSBOSS/eclipt, +https://gitlab.com/Rich-Harris/stacking-order, +https://gitlab.com/GCSBOSS/mongo-redux, +https://gitlab.com/metakeule/config, +https://gitlab.com/sv4u/slippi-combo-detector, +https://gitlab.com/ethz_hvl/pymethes, +https://gitlab.com/mpapp-public/manuscripts-comment-editor, +https://gitlab.com/pijarowski.matthias/pytorch_trainer, +https://gitlab.com/morimekta/utils-proto, +https://gitlab.com/geldoronie/electron-updater-robby, +https://gitlab.com/matyashorky/latex-dirtree-gen, +https://gitlab.com/danieljrmay/audio-duration, +https://gitlab.com/Chips4Makers/c4m-flexmem, +https://gitlab.com/sjrowlinson/reslate, +https://gitlab.com/peter-rybar/prest-lib, +https://gitlab.com/crates-rs/reef, +https://gitlab.com/jamesaaron97248/system-cleaner-sesc191y, +https://gitlab.com/rockerest/fast-mersenne-twister, +https://gitlab.com/ptapping/datalogd, +https://gitlab.com/Ma27/eslint-plugin-varspacing, +https://gitlab.com/franck.simon/publicholidays, +https://gitlab.com/philbooth/surch, +https://gitlab.com/lookslikematrix/rpi-tm1637, +https://gitlab.com/j3a-solutions/timesource, +https://gitlab.com/NicolasJouanin/bs-pixl-xml, +https://gitlab.com/service-work/size-observer, +https://gitlab.com/doertydoerk/ddd, +https://gitlab.com/matthiaseiholzer/tinguely, +https://gitlab.com/johnfabbio/brackets-laravel-blade-5, +https://gitlab.com/dexterlabs/dexlib, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-execution-rs, +https://gitlab.com/nexa/nexaaddrjs, +https://gitlab.com/dhosterman/smat-cli, +https://gitlab.com/r-iendo/mathew, +https://gitlab.com/infor-cloud/martian-cloud/tharsis/graphql-query-complexity, +https://gitlab.com/flimzy/ale, +https://gitlab.com/jzacsh/runonchange, +https://gitlab.com/raphacosta/falconify-scaffolding, +https://gitlab.com/DigonIO/pypermission, +https://gitlab.com/ds-go/skeleton, +https://gitlab.com/kuadrado-software/fantomatic-engine, +https://gitlab.com/code_monk/json2bash, +https://gitlab.com/dysania/ssh-randomart, +https://gitlab.com/jlecomte/python/leela-doc, +https://gitlab.com/becheran/pysg, +https://gitlab.com/alexanderluettig/w2g-client, +https://gitlab.com/runarberg/trompt, +https://gitlab.com/mneumann_ntecs/tractor, +https://gitlab.com/jakej230196/gofinance, +https://gitlab.com/arps/arps, +https://gitlab.com/ballioli/runescape3-api, +https://gitlab.com/opentestfactory/tools, +https://gitlab.com/pixelbrackets/mattermost-poll, +https://gitlab.com/staltz/react-native-has-internet, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/financial-claim-request-service, +https://gitlab.com/cfreksen/llvm--emulator, +https://gitlab.com/artgam3s/public-libraries/rust/google_drive_client, +https://gitlab.com/nihilarr/parse-torrent-name, +https://gitlab.com/kalilinux/packages/sublist3r, +https://gitlab.com/askanna/askanna-python, +https://gitlab.com/kimlu/utils-guid, +https://gitlab.com/DmitriyZverev/typescript-config, +https://gitlab.com/studentennettwente/maildap, +https://gitlab.com/efil.kudret/sqlkata.modelhelper, +https://gitlab.com/jlecomte/projects/pylint-codeclimate, +https://gitlab.com/Patiga/twgpu, +https://gitlab.com/jrobsonchase/newtype, +https://gitlab.com/msts-public/plugins/invoiceme-magento2, +https://gitlab.com/envis10n/duktape-rs, +https://gitlab.com/aalok-sathe/pyMediaAnnotator, +https://gitlab.com/quantlane/meta/cq, +https://gitlab.com/somanyaircraft/rdfhelpers, +https://gitlab.com/john89/api_open_studio_admin, +https://gitlab.com/riovir/slush-vue-webpack, +https://gitlab.com/lbartoletti/portgraph, +https://gitlab.com/dogma-project/dogma-meta, +https://gitlab.com/srnb/nose, +https://gitlab.com/bgorkem/monorepo-trial, +https://gitlab.com/quantlane/meta/orange, +https://gitlab.com/pycqa/flake8-json, +https://gitlab.com/ethergem/go-egem, +https://gitlab.com/btleffler/node-prock, +https://gitlab.com/delopr/dlpr-favicons, +https://gitlab.com/elrnv/unroll, +https://gitlab.com/signalytics/signalyzer, +https://gitlab.com/arisilon/batcave, +https://gitlab.com/ribamar-org/ribamar, +https://gitlab.com/lighty/framework, +https://gitlab.com/iamawacko-oss/oniongen-rs, +https://gitlab.com/greggreg/tree-sitter-gleam, +https://gitlab.com/blad-mercenary/core, +https://gitlab.com/ergoithz/uactor, +https://gitlab.com/romaricpascal/domjure, +https://gitlab.com/dasnoo.official/arsocket, +https://gitlab.com/alinex/node-core, +https://gitlab.com/beblurt/dblurt, +https://gitlab.com/anthony-tron/create-pug-tailwind-starter, +https://gitlab.com/gitlab-com/gl-infra/jsonnet-tool, +https://gitlab.com/greg198584/gridclient, +https://gitlab.com/nbbeeken/dashmips, +https://gitlab.com/qcomputing/qprof/qprof, +https://gitlab.com/qemu-project/edk2, +https://gitlab.com/biotransistor/zerogravity, +https://gitlab.com/brd.com/brd.js, +https://gitlab.com/beautils/ipc, +https://gitlab.com/romanvolkov/VideoToGalleryPlugin, +https://gitlab.com/hr567/liboj, +https://gitlab.com/getanthill/event-source, +https://gitlab.com/kermit-js/kermit-bunny-hole, +https://gitlab.com/dr_carlos/pyg3a, +https://gitlab.com/rtwheato/openadr-ven, +https://gitlab.com/cunruh3760/reconcile, +https://gitlab.com/Emeraude/magic-models, +https://gitlab.com/kyb/git-rev-label, +https://gitlab.com/jitesoft/open-source/javascript/group-by, +https://gitlab.com/nycex/clicker, +https://gitlab.com/FRETS/frets, +https://gitlab.com/antoinecaron/toolbox, +https://gitlab.com/aw1cks/pyslam, +https://gitlab.com/loic.quertenmont/django_validated_jsonfield, +https://gitlab.com/HartkopfF/Purple, +https://gitlab.com/stanislavhacker/cuaatt, +https://gitlab.com/mickaelw/demo-clean-architecture-backend, +https://gitlab.com/LUI-3/components/labels, +https://gitlab.com/nealgeilen/crud, +https://gitlab.com/newebtime/pyrocms/agency-theme, +https://gitlab.com/davidjpeacock/shelbot-ii, +https://gitlab.com/jancraft888/radonjs, +https://gitlab.com/hct/m-mock, +https://gitlab.com/bsarter/Belote, +https://gitlab.com/openbridge/openbridge-exporter, +https://gitlab.com/notabene/open-source/javascript-sdk, +https://gitlab.com/ignitionrobotics/web/ign-go, +https://gitlab.com/sequence/utilities/autotheorygenerator, +https://gitlab.com/f17/wikijs-notify, +https://gitlab.com/NonFactors/Wellidate, +https://gitlab.com/chgrzegorz/dyplom-code, +https://gitlab.com/odooist/asterisk-odoo-agent, +https://gitlab.com/ericpugh/handy, +https://gitlab.com/deseretbook/packages/sdk-factory, +https://gitlab.com/commitman/jaap, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/scheme-service, +https://gitlab.com/slusheea/sevseg-3642bs, +https://gitlab.com/JonathonReinhart/passhashdb, +https://gitlab.com/Jaumo/avro-preprocessor, +https://gitlab.com/mervinzhu/react-native-pushy-mutirn, +https://gitlab.com/labo-pe/efficientip-go-client, +https://gitlab.com/marzzzello/mirror-monitor, +https://gitlab.com/baleada/vue-icons, +https://gitlab.com/lpmrfentazis/lorettorbital, +https://gitlab.com/jinyexin/corecli, +https://gitlab.com/dunj3/evtclib, +https://gitlab.com/arnedesmedt/vue-ads-pagination, +https://gitlab.com/alensuljkanovic/silvera, +https://gitlab.com/plantd/plantd, +https://gitlab.com/stevendobay/seed, +https://gitlab.com/koudelka.michal/mobx-realm, +https://gitlab.com/mcepl/epubgrep, +https://gitlab.com/dario.rieke/validation, +https://gitlab.com/iilonmasc/gocinga, +https://gitlab.com/openflexure/openflexure-microscope-pyclient, +https://gitlab.com/datopian/ckan-ng-harvest, +https://gitlab.com/gitote/cdn, +https://gitlab.com/paulkiddle/custom-fetch, +https://gitlab.com/ahmedcharles/mct, +https://gitlab.com/simtopy/moleculer-simple-runner, +https://gitlab.com/aedev-group/aedev_git_repo_manager, +https://gitlab.com/machine-learning-helpers/features_factory, +https://gitlab.com/ouya/node-red-contrib-iota-mam, +https://gitlab.com/arithmox/hyfive, +https://gitlab.com/morimekta/utils-strings, +https://gitlab.com/staltz/pull-drain-gently, +https://gitlab.com/prologin/eventsd, +https://gitlab.com/mpapp-public/manuscripts-manuscript-transform, +https://gitlab.com/agus_helfa/hospitalclass, +https://gitlab.com/bowlofeggs/rpick, +https://gitlab.com/burke-software/hubot-taiga, +https://gitlab.com/Oprax/backup-utils, +https://gitlab.com/mech-lang/syntax, +https://gitlab.com/lavitto/typo3-markdown-parser, +https://gitlab.com/everest-code/libraries/tornado-middlewares, +https://gitlab.com/realistschuckle/pygpeg, +https://gitlab.com/daily-five/framework, +https://gitlab.com/t8237/rpc_reader, +https://gitlab.com/kai.richard.koenig/easytainer-cli, +https://gitlab.com/NamingThingsIsHard/media_tools/mk_badge, +https://gitlab.com/gmtjuyn/go/utils/types, +https://gitlab.com/pyfox/ringding, +https://gitlab.com/MatthiasLohr/tololib, +https://gitlab.com/avitusit/svelte-request-helper, +https://gitlab.com/reederc42/wiki, +https://gitlab.com/flying-kestrel/schema_oxidation, +https://gitlab.com/itentialopensource/adapters/cloud/adapter-ns1_cloud, +https://gitlab.com/careyevans/embed-manifest, +https://gitlab.com/BobyMCbobs/node_dns_changer, +https://gitlab.com/brd.com/butter-vue, +https://gitlab.com/robertinc/cardlez-api, +https://gitlab.com/newebtime/pyrocms/streams-extra, +https://gitlab.com/ds-go/dispatcher, +https://gitlab.com/kalilinux/packages/enum4linux, +https://gitlab.com/brixel/brixel-styleguide-components, +https://gitlab.com/kobededecker/dataviewer, +https://gitlab.com/kermit-js/kermit-mongoose, +https://gitlab.com/monogoto.io/node-red-contrib-msg-tracer, +https://gitlab.com/romaaeterna/memoria, +https://gitlab.com/pegn/pegn-go, +https://gitlab.com/dacs-hpi/deepac-live, +https://gitlab.com/co-stack.com/co-stack.com/typo3-extensions/api, +https://gitlab.com/poulet_a/rubyhelper, +https://gitlab.com/DPDmancul/clap-serde-derive, +https://gitlab.com/infor-cloud/martian-cloud/tharsis/go-limiter, +https://gitlab.com/iternity/archlint.cs, +https://gitlab.com/lobaro/firefly-go, +https://gitlab.com/robigalia/freestanding-musl-malloc, +https://gitlab.com/cstranex/alicorn, +https://gitlab.com/outflow-project/outflow, +https://gitlab.com/mkourim/polarion-tools-common, +https://gitlab.com/ican.js/ican.js, +https://gitlab.com/licorna/shellwrap, +https://gitlab.com/firerainos/firerain-installer, +https://gitlab.com/eemj/anime-pack, +https://gitlab.com/nusphere/symfony-webpack-php-generator, +https://gitlab.com/fortitudetec/elucidation-project/elucidation, +https://gitlab.com/GCSBOSS/golog, +https://gitlab.com/dentsu-data-lab/adobe, +https://gitlab.com/claudiomattera/png2wasm4src, +https://gitlab.com/eclipse-expeditions/aa-blueprints, +https://gitlab.com/alinex/node-data, +https://gitlab.com/mospolydevs/kis_lab_1, +https://gitlab.com/pjbecotte/rye, +https://gitlab.com/koalalorenzo/twitch-meme-generator, +https://gitlab.com/stavros/parachute, +https://gitlab.com/epfl-center-for-imaging/orientationpy, +https://gitlab.com/a-la/alanode, +https://gitlab.com/AGausmann/actix-irc, +https://gitlab.com/larsfp/excom, +https://gitlab.com/compassione/apice, +https://gitlab.com/lpasselin/fshamer, +https://gitlab.com/gaming0skar123/go/modules/imgur, +https://gitlab.com/ds-go/router, +https://gitlab.com/a-robinson/firestoremq, +https://gitlab.com/fishbot/libs/context-selector, +https://gitlab.com/cfd-innovationoss/mya-public, +https://gitlab.com/fruitygo/pnutmux, +https://gitlab.com/nathanfaucett/rs-virtual_view, +https://gitlab.com/cznic/opt, +https://gitlab.com/paulisloud/next-graphql-static-export, +https://gitlab.com/ribtoks/tdg, +https://gitlab.com/sequence/connectors/pwsh, +https://gitlab.com/rbprogrammer/xdgenvpy, +https://gitlab.com/goquo/xpath-object-transform, +https://gitlab.com/brianegan/nuxt-milligram, +https://gitlab.com/Shauni/aurelia-smart-table, +https://gitlab.com/openreviewio/openreviewio_py, +https://gitlab.com/openresources/resourcehub_project, +https://gitlab.com/hestia-earth/hestia-calculation-engine, +https://gitlab.com/jamespole/cellmap, +https://gitlab.com/FloatFlow/colorblind, +https://gitlab.com/nathanfaucett/rs-bezier1, +https://gitlab.com/gomimir/server, +https://gitlab.com/erzo/git-viewer, +https://gitlab.com/gitlab-org/frontend/fonts, +https://gitlab.com/dumonts/hunspell-java, +https://gitlab.com/initforthe/stimulus-rails-ujs, +https://gitlab.com/numerous/numerous.sdk, +https://gitlab.com/gm666q/input-event-codes, +https://gitlab.com/jonas.jasas/httprelay-js, +https://gitlab.com/palvarez89/gitlabirced, +https://gitlab.com/ethan.reesor/vscode-notebooks/go-kernel, +https://gitlab.com/duobradovic/pydmarc, +https://gitlab.com/bttg_/gulp-minify-html-literals, +https://gitlab.com/gitlab-org/security-products/analyzers/command, +https://gitlab.com/octomy/clockwork, +https://gitlab.com/savushkin.i/package-local-publisher, +https://gitlab.com/ArthurdHerbemont/aimms-pygments-style, +https://gitlab.com/juergens/pfycat, +https://gitlab.com/lyda/gqgmc, +https://gitlab.com/stefan99353/cobble-core, +https://gitlab.com/chjordan/sslf, +https://gitlab.com/robigalia/virtio, +https://gitlab.com/ridesz/eslint-config-usual, +https://gitlab.com/resif/rsyncstats, +https://gitlab.com/sofer_mahir/text_alignment_tool, +https://gitlab.com/Giildo/rich-text_editor_vuetify, +https://gitlab.com/oppy-finance/oppychain, +https://gitlab.com/bn3t/mimus-serve, +https://gitlab.com/Otag/Otag, +https://gitlab.com/stat-89a/linalg_for_datasci, +https://gitlab.com/flywheel-io/flywheel-apps/dcm2niix, +https://gitlab.com/ShiningCrusader/codesmith, +https://gitlab.com/hestia-earth/hestia-glossary, +https://gitlab.com/amnes/amnes, +https://gitlab.com/noleme/noleme-console, +https://gitlab.com/aa900031/react-native-transfrom-view, +https://gitlab.com/general-purpose-libraries/graph, +https://gitlab.com/ribtoks/listing, +https://gitlab.com/gpaul.nel/threedvector, +https://gitlab.com/efaistos/ts-helper, +https://gitlab.com/kf5jwc/callpass-py, +https://gitlab.com/libvirt/libvirt-go-xml, +https://gitlab.com/flecsimodev/flecsimo, +https://gitlab.com/m4573rh4ck3r/getlab, +https://gitlab.com/LegionerRI/better.log, +https://gitlab.com/soanvig/binary-pipe, +https://gitlab.com/humb1t/typeform-rs, +https://gitlab.com/kael_k/python-redis-sentinel, +https://gitlab.com/lc-3/assembler, +https://gitlab.com/flimzy/transistor, +https://gitlab.com/gitlab-org/incubation-engineering/mlops/ipynbdiff, +https://gitlab.com/shokoohi/ter, +https://gitlab.com/ahau/ssb-crut-authors, +https://gitlab.com/geoadmin-opensource/django-file-context, +https://gitlab.com/blad-mercenary/eslint-config, +https://gitlab.com/pnmtjonahen/pepercoin, +https://gitlab.com/kamilnerBells/scheduler, +https://gitlab.com/budosystems/budosystems-core, +https://gitlab.com/samanthaAlison/cordova-plugin-pocketsphinx, +https://gitlab.com/initforthe/capistrano-docker-deploy, +https://gitlab.com/php-platform/restful, +https://gitlab.com/priezz/simple-react-mobx-router, +https://gitlab.com/mergetb/tech/sled, +https://gitlab.com/jakej230196/trading-protos, +https://gitlab.com/myrrlyn/endian_trait, +https://gitlab.com/nguyenhoangminhkk404/rn-x-toast, +https://gitlab.com/jello/radicale_auth_PAM, +https://gitlab.com/antoinecollet5/pyesmda, +https://gitlab.com/hibeekaey/s3-storage-manager, +https://gitlab.com/projectn-oss/projectn-bolt-python, +https://gitlab.com/alexandr.krucheniuk/ngx-signature-pad, +https://gitlab.com/rvaiya/gt, +https://gitlab.com/coyotebringsfire/generator-bugzy, +https://gitlab.com/aknudsen/hapi-cache-plugin, +https://gitlab.com/gomidi/midicatdrv, +https://gitlab.com/RenovoSolutions/rl-async-testing, +https://gitlab.com/cznic/freetype, +https://gitlab.com/relkom/syslog-rs, +https://gitlab.com/archer-oss/form-builder/dependency-checker-core, +https://gitlab.com/jdtech/pw4py, +https://gitlab.com/lilacashes/DuplicateImages, +https://gitlab.com/pushrocks/smartcli, +https://gitlab.com/monokuro/prinit, +https://gitlab.com/fehrlich/immoscout24-api-php, +https://gitlab.com/avalonparton/steam-shortcut-manager, +https://gitlab.com/slippers/gmc, +https://gitlab.com/riffard/job_farmer, +https://gitlab.com/salufast/markdown-plugins/micromark-extension-tooltip, +https://gitlab.com/hearthero/node-rompatcher, +https://gitlab.com/kizyanov/directbank, +https://gitlab.com/DeveloperC/cli_chess, +https://gitlab.com/favoritemedium-oss/eslint-config-favoritemedium-typescript, +https://gitlab.com/praveen_kumar_cp/ngx-simple-widgets, +https://gitlab.com/benvial/refidx, +https://gitlab.com/go-sys-mon/go-sys-mon, +https://gitlab.com/iidsgt/biocwl-dash, +https://gitlab.com/arcadbox/arcad, +https://gitlab.com/ds-go/storage, +https://gitlab.com/robjloranger/license, +https://gitlab.com/cedric/ip-link, +https://gitlab.com/ap3k/node_modules/adonis-rethinkdb, +https://gitlab.com/enjoyform/packages/moysklad, +https://gitlab.com/defcronyke/libhob, +https://gitlab.com/davedoesdev/webauthn-perk, +https://gitlab.com/nathanfaucett/rs-specs_bundler, +https://gitlab.com/phanda/framework, +https://gitlab.com/pgjones/quart-db, +https://gitlab.com/cznic/file, +https://gitlab.com/nasraldin/codezero, +https://gitlab.com/pgmtc-lib/turnstile, +https://gitlab.com/spearman/key-vec, +https://gitlab.com/codesketch/dino, +https://gitlab.com/porky11/dialogi, +https://gitlab.com/carmenbianca/en-pyssant, +https://gitlab.com/obsidianical/microbin, +https://gitlab.com/nilit/shuup-scatl, +https://gitlab.com/eyeswild/cloudconfig, +https://gitlab.com/hpux735/dbus-testwriter, +https://gitlab.com/jonafato/flake8-type-ignore, +https://gitlab.com/aetst-group/aetst, +https://gitlab.com/north-robotics/north_utils, +https://gitlab.com/sasja/lasik, +https://gitlab.com/flimzy/logrusentry, +https://gitlab.com/DamKoVosh/cellular_automaton, +https://gitlab.com/daxm/FreePBX_Bulk_Handler, +https://gitlab.com/GCSBOSS/load-m-up, +https://gitlab.com/erik_97/mpr121-driver, +https://gitlab.com/jlecomte/ansible/roster, +https://gitlab.com/selfagency/2famsg, +https://gitlab.com/caelum-tech/lorena/lorena-matrix-helpers, +https://gitlab.com/dbnZA/Jita, +https://gitlab.com/romaiiiinnn/imarac, +https://gitlab.com/coboxcoop/seeder, +https://gitlab.com/philn/CocoRicoFM, +https://gitlab.com/Danno131313/dfile-rs, +https://gitlab.com/systra/itsim/itsim_project_creation_library, +https://gitlab.com/bch-dev/bbnv, +https://gitlab.com/frankvanmeurs/redesigned-chainsaw, +https://gitlab.com/AbiramK/thanos-snap, +https://gitlab.com/open-galactic/satellite-constellation, +https://gitlab.com/Prantl/WebGLEngine, +https://gitlab.com/Lynnesbian/dota2cat, +https://gitlab.com/alfiedotwtf/gallop, +https://gitlab.com/famedly/company/backend/libraries/chashmap, +https://gitlab.com/flimzy/assert, +https://gitlab.com/almujib/almujib-cli, +https://gitlab.com/advian-oss/python-dsinfluxlogger, +https://gitlab.com/notabene/open-source/cli, +https://gitlab.com/north-robotics/north_devices, +https://gitlab.com/slippi-development/slippi-combo-detector, +https://gitlab.com/dlab-indecol/web_trawler, +https://gitlab.com/cleaninsights/derezzed, +https://gitlab.com/dlab-indecol/iam_tools, +https://gitlab.com/passcreator/passcreator.passwordhistory, +https://gitlab.com/cpteam/image, +https://gitlab.com/larswirzenius/roadmap, +https://gitlab.com/biotransistor/acpipe_acjson, +https://gitlab.com/schegge/double-array-trie, +https://gitlab.com/mvysny/vok-dataloader, +https://gitlab.com/lightim/light, +https://gitlab.com/sql-garble/mybatis-sql-garble, +https://gitlab.com/ModernisingMedicalMicrobiology/groupBug, +https://gitlab.com/f5-pwe/kog, +https://gitlab.com/autokent/email-domain-check, +https://gitlab.com/abstract-binary/nix-nar-rs, +https://gitlab.com/mpapp-public/manuscripts-sync, +https://gitlab.com/abdal-security-group/abdal-php-waf, +https://gitlab.com/plut0n/bcert, +https://gitlab.com/compphys-public/tinie, +https://gitlab.com/sand7/sand, +https://gitlab.com/superallan/fvscl, +https://gitlab.com/hest-lab/hest-plugin-fritzbox, +https://gitlab.com/LinKsKiLL/carbone-html, +https://gitlab.com/greizgh/bookshelf, +https://gitlab.com/michal.bryxi/ember-intl-changeset-validations, +https://gitlab.com/bhuwanpandey999/daemonic-progress, +https://gitlab.com/Shinobi-Systems/VideoSynopsis, +https://gitlab.com/deepsport/deepsport_utilities, +https://gitlab.com/phrz/mydy, +https://gitlab.com/julianbaumann/ionic-bottom-sheet-component, +https://gitlab.com/gitlab-org/ci-cd/runner-tools/release-index-generator, +https://gitlab.com/fuzzy-ai/microservice-client, +https://gitlab.com/asm-dtu/acat, +https://gitlab.com/popcop322/link-shortener, +https://gitlab.com/phkiener/swallow.chainofinjection, +https://gitlab.com/csb.ethz/enkie, +https://gitlab.com/potyl/aws-ssh-proxy, +https://gitlab.com/shardus/monitor-server, +https://gitlab.com/rpatterson/feed-archiver, +https://gitlab.com/radek-sprta/Cachalot, +https://gitlab.com/ersutton/modest-queue, +https://gitlab.com/bitmuster/pytest_system_test_plugin, +https://gitlab.com/gitlab-com/content-sites/docsy-gitlab, +https://gitlab.com/elazkani/rundeck-resources, +https://gitlab.com/GeneralProtocols/electrum-cash/servers, +https://gitlab.com/skalamark/glanguage, +https://gitlab.com/akarchwiss/hugo-fjord-akarchwiss, +https://gitlab.com/mech-lang/assets, +https://gitlab.com/GeneralProtocols/anyhedge/contracts, +https://gitlab.com/siteasservice/project-architecture/templates/template-svc-golang, +https://gitlab.com/schedule4j/schedule4j-cron, +https://gitlab.com/orumip/angular-miller-columns, +https://gitlab.com/grammm/rustgram/rustgram, +https://gitlab.com/kernal/kibin, +https://gitlab.com/LUI-3/components/buttons-extras, +https://gitlab.com/distributed_lab/urlval, +https://gitlab.com/cathaldallan/codebox, +https://gitlab.com/chameleoid/kymera/simulator, +https://gitlab.com/agustin.moyano/sfc, +https://gitlab.com/jblarsen/tidal-prediction-python, +https://gitlab.com/elbartus/yake, +https://gitlab.com/riovir/create-vue-app, +https://gitlab.com/HotChocJS/HotChocJS, +https://gitlab.com/code.max/generate-distro, +https://gitlab.com/Syroot/Windows, +https://gitlab.com/rileyvel-mediawiki-webdev/SimpleMWApi-js, +https://gitlab.com/bsara/eslint-config-bsara, +https://gitlab.com/eeriksp/factory-man, +https://gitlab.com/Baasie/cypress-serenity-reporter, +https://gitlab.com/mosaik/examples/cosima, +https://gitlab.com/kylehqcom/render, +https://gitlab.com/Gripexfc/gmgo-cli, +https://gitlab.com/nerding_it/paginated-table-webcomponent, +https://gitlab.com/chornsby/pytest-pikachu, +https://gitlab.com/gravadigital/generator-baucis, +https://gitlab.com/jcarr0/scell, +https://gitlab.com/nobodyinperson/python3-patatmo, +https://gitlab.com/danielneis/moodle-block_featuredcourses, +https://gitlab.com/patbator/activitystreams, +https://gitlab.com/gibberfish/python-matrixbot, +https://gitlab.com/jinyexin/wechat, +https://gitlab.com/conderls/boutpy, +https://gitlab.com/ModioAB/aiozabbix, +https://gitlab.com/gkovalechyn/tcs-battletracker-webrenderer, +https://gitlab.com/radiofrance/lemonldapng-operator, +https://gitlab.com/luddites/lud, +https://gitlab.com/rockerest/rollup-plugin-lit-html, +https://gitlab.com/faststan/faststan, +https://gitlab.com/hajnyon/uikit-icons-extended, +https://gitlab.com/noor-projects/django-static-webpack-plugin, +https://gitlab.com/stranskyjan/typedoc-plugin-katex, +https://gitlab.com/b5n/simplepkg, +https://gitlab.com/BonsaiDen/ts-doctest, +https://gitlab.com/radiology/infrastructure/task-manager, +https://gitlab.com/aiakos/spatnav, +https://gitlab.com/coveas/wordpress-template, +https://gitlab.com/haath/goirate, +https://gitlab.com/philbooth/tryer, +https://gitlab.com/alelec/gitlab-tags-to-pip-index, +https://gitlab.com/canarduck/flumel, +https://gitlab.com/ngocnh/laravel-highcharts, +https://gitlab.com/SchoolOrchestration/libs/microservicetool, +https://gitlab.com/mschleeweiss/ui5-middleware-simplesaml, +https://gitlab.com/advian-oss/python-datastreamservicelib, +https://gitlab.com/radiofrance/k8s-shields, +https://gitlab.com/ochienged/gitlab-runner-operator, +https://gitlab.com/spirostack/spirofs, +https://gitlab.com/nimblygames/steam, +https://gitlab.com/chronos.alfa/box_drawing, +https://gitlab.com/andrew_ryan/disk_list, +https://gitlab.com/peerdb/search, +https://gitlab.com/mschop/notee, +https://gitlab.com/johnny_barracuda/ripandtear, +https://gitlab.com/lesql/lesql, +https://gitlab.com/nicolasbonnici/restapibundle, +https://gitlab.com/inkscape/extras/extension-xaml, +https://gitlab.com/monnef/ts-opt, +https://gitlab.com/dev_ik/magazine-landing, +https://gitlab.com/stucamp/canvasscraper, +https://gitlab.com/monnef/beesn, +https://gitlab.com/a3nm/haspirater, +https://gitlab.com/nastulcik.michal/utils, +https://gitlab.com/agus_helfa/bpjsclass, +https://gitlab.com/minecraftchest1/nuget-packages, +https://gitlab.com/drom/jtag, +https://gitlab.com/monsterbitar/json-arraybuffer-reviver, +https://gitlab.com/prosocialai/proai, +https://gitlab.com/BenoitGielly/flake8-maya, +https://gitlab.com/janpb/ncbi-taxonomist, +https://gitlab.com/martinpham/react-360-keyboard-camera-controller, +https://gitlab.com/openspring-projects/springphp-framework, +https://gitlab.com/m_pchelnikov/vue-form-generator-graphql, +https://gitlab.com/redfield/split, +https://gitlab.com/honeyryderchuck/rodauth-select-account, +https://gitlab.com/pitipat.dop/nationalities, +https://gitlab.com/jespertheend/node-nuimo-click, +https://gitlab.com/liranc/pandas_scd, +https://gitlab.com/pristy-oss/pristy-libvue, +https://gitlab.com/gecko.io/jersey_jaxrs_whiteboard, +https://gitlab.com/radiobrowser/radiobrowser-lib-rust, +https://gitlab.com/joekaiser/fault-tolerance, +https://gitlab.com/geusebi/thermistor-utils, +https://gitlab.com/chaica/mastocount, +https://gitlab.com/MazeChaZer/webcomponent-ckeditor, +https://gitlab.com/payamak/payamak, +https://gitlab.com/dawn_app/sir, +https://gitlab.com/hyper-expanse/open-source/generator-python-library, +https://gitlab.com/cschram/drawgaiden, +https://gitlab.com/bch-dev/op-wallet, +https://gitlab.com/carmenbianca/changelogdir, +https://gitlab.com/hillar/naiive, +https://gitlab.com/JelleDev/notification, +https://gitlab.com/advian-oss/rust-datastreamcorelib, +https://gitlab.com/Creplav/mongo-curry, +https://gitlab.com/more-cores/discord-message-builder, +https://gitlab.com/nilit/shuup-attrim, +https://gitlab.com/brd.com/deploy-it, +https://gitlab.com/hylkedonker/harmonium-models, +https://gitlab.com/dogma-project/dogma-headless, +https://gitlab.com/CinCan/ioc_strings, +https://gitlab.com/datopian/ckan-ng-harvester-core, +https://gitlab.com/fish0373/ip-regex-generator, +https://gitlab.com/apinephp/http-message, +https://gitlab.com/robot_accomplice/jais, +https://gitlab.com/david.scheliga/arithmeticmeancurve, +https://gitlab.com/costrouc/lammps-cython, +https://gitlab.com/alienscience/mailing, +https://gitlab.com/media-cloud-ai/libraries/mcai-client, +https://gitlab.com/inivation/dv/dv-js, +https://gitlab.com/kkitahara/cif-tools, +https://gitlab.com/pyregression/pyregression, +https://gitlab.com/lpgroup/lpgroup, +https://gitlab.com/mburkard/jsonrpc2-objects, +https://gitlab.com/jojolebarjos/itembed, +https://gitlab.com/joetrollo/archie, +https://gitlab.com/michal-bryxi/open-source/ember-intl-changeset-validations, +https://gitlab.com/mpapp-public/manuscripts-examples, +https://gitlab.com/knaydenov/koolbox, +https://gitlab.com/rust-bitcoincash/rust-bitcoincash, +https://gitlab.com/parzh/re-scaled, +https://gitlab.com/bliss-design-system/test-utils, +https://gitlab.com/bliss-design-system/utility-css, +https://gitlab.com/abstraktor-production-delivery-public/actorjs, +https://gitlab.com/gomidi/webmididrv, +https://gitlab.com/dsgov-br/dsgov.br-webcomponents, +https://gitlab.com/gitlab-ci-utils/gitlab-releaser, +https://gitlab.com/mnn/mauspaf, +https://gitlab.com/GrumpyGameDev/fsharp/SDLFS, +https://gitlab.com/kozlovvski/cra-template-foolproof, +https://gitlab.com/foxenros/arena-core-net, +https://gitlab.com/mjbecze/sortedmap, +https://gitlab.com/cznic/ebnf, +https://gitlab.com/slepc/slepc4py, +https://gitlab.com/b4ckup/ts-tex, +https://gitlab.com/serial-lab/list_based_flavorpack, +https://gitlab.com/rendaw/decpac, +https://gitlab.com/pycqa/mccabe-console-script, +https://gitlab.com/amrelk/frcds, +https://gitlab.com/jcarnu/metarcollect, +https://gitlab.com/jkuebart/node-jslint-cli, +https://gitlab.com/ericpugh/handy-colors, +https://gitlab.com/lexobyte/svelte-well-formed, +https://gitlab.com/aquarthur/urlscan-io, +https://gitlab.com/Deathrage/mlg, +https://gitlab.com/iternity/plantuml.cs, +https://gitlab.com/gyunu/adonis-graphql-lucid-resolvers, +https://gitlab.com/pgabriel/kinectmatics, +https://gitlab.com/aicacia/ts-state-forms, +https://gitlab.com/burdzin/coded-error, +https://gitlab.com/derfenix/oapi2go, +https://gitlab.com/itentialopensource/adapters/persistence/adapter-db_mongo, +https://gitlab.com/pybe/PyBE, +https://gitlab.com/kyle-albert-oss/npm-packages/use-defaults, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/session-service, +https://gitlab.com/infor-cloud/martian-cloud/tharsis/tharsis-cli, +https://gitlab.com/axet/swap, +https://gitlab.com/KitaitiMakoto/uri-tag, +https://gitlab.com/alinex/node-gui, +https://gitlab.com/stembord/libs/ts-core, +https://gitlab.com/smallstack/infrastructure/cached-task-runner, +https://gitlab.com/prohousing-as/ph-dynamodb, +https://gitlab.com/akita/noc, +https://gitlab.com/ourstreets/plate-lookup, +https://gitlab.com/baleada/icons-vue, +https://gitlab.com/sylviiu/soundcloud-key-fetch, +https://gitlab.com/js2go/js2go, +https://gitlab.com/SophieBot/stf, +https://gitlab.com/staltz/remark-ssb-mentions, +https://gitlab.com/srcrr/historical_collection, +https://gitlab.com/diva.exchange/logger, +https://gitlab.com/magiklab/opsbot-py, +https://gitlab.com/remram44/dockerimage, +https://gitlab.com/opengeoweb/geoweb-spaceweather, +https://gitlab.com/DasLulilaan/yt2, +https://gitlab.com/davidgoitia/makemkv-utils, +https://gitlab.com/mmauderer/checkerboard-rs, +https://gitlab.com/aicacia/ts-locales-bundler, +https://gitlab.com/goncziakos/sylius-barion-payment-gateway, +https://gitlab.com/eic/ejpm, +https://gitlab.com/o-cloud/generic-backend, +https://gitlab.com/ftraxler-repos/power-mvvm, +https://gitlab.com/rockerBOO/typedoc-theme-dark, +https://gitlab.com/qbjs_deserializer/qbjs_deserializer, +https://gitlab.com/dts1/unet, +https://gitlab.com/obtusescholar/streamerretriever, +https://gitlab.com/olivernoth/markupcheck, +https://gitlab.com/rahul-mahato/hb-dashboard-rapid-redux, +https://gitlab.com/financial-sentiment/newscraping, +https://gitlab.com/robigalia/ssmarshal, +https://gitlab.com/scottjs/vcloudair, +https://gitlab.com/fudaa/fudaa-framework, +https://gitlab.com/dougalg/vue-in-out, +https://gitlab.com/las-nq/openqlab, +https://gitlab.com/horizon-republic/packages/nestjs-model-bind, +https://gitlab.com/lorenzo-de/pdf-viewer-web-component, +https://gitlab.com/starshell/question, +https://gitlab.com/hest-lab/eslint-config, +https://gitlab.com/nxt/public/o2b, +https://gitlab.com/newebtime/pyrocms/joomlamigrator-module, +https://gitlab.com/cmick/timeutils, +https://gitlab.com/nerdocs/medux/medux, +https://gitlab.com/gmtjuyn/go/store/qb, +https://gitlab.com/kornelski/open_in_editor, +https://gitlab.com/blauwe-knop/vorderingenoverzicht/bk-config-service, +https://gitlab.com/elixxir/registration, +https://gitlab.com/LUI-3/components/tabs, +https://gitlab.com/mathadvance/mast/mast-build, +https://gitlab.com/kubic-ci/k, +https://gitlab.com/ohemelaar/timestampcli, +https://gitlab.com/AcceleratXR/composerjs/composer-service-core, +https://gitlab.com/medmunds/aws-cfn-ses-domain, +https://gitlab.com/npm-zervise/npmjs-zervise, +https://gitlab.com/MasterOfTheTiger/openbibles, +https://gitlab.com/ayana/libs/di, +https://gitlab.com/happycodingsarl/civicrm-library-for-drupal, +https://gitlab.com/scpcorp/webwallet, +https://gitlab.com/nuinalp/open-source/ebanx-sdk, +https://gitlab.com/joermunG/tournament-tree, +https://gitlab.com/Alduino/humanizr-js, +https://gitlab.com/openteams/django-scoped-rbac, +https://gitlab.com/dAnjou/goup, +https://gitlab.com/alienscience/dnsclientx, +https://gitlab.com/Shiroy/cidr, +https://gitlab.com/pksunkara/aa-buybacks, +https://gitlab.com/neomyte/sonotoria, +https://gitlab.com/philbooth/FxHey, +https://gitlab.com/gerbolyze/gerbolyze-cpp-base64, +https://gitlab.com/david.scheliga/doctestprinter, +https://gitlab.com/jgxvx/cilician, +https://gitlab.com/SomeoneInParticular/rest_meets_djongo, +https://gitlab.com/AGausmann/pbnify, +https://gitlab.com/999eagle/notification-server, +https://gitlab.com/locuslabspublic/locusmaps-sdk, +https://gitlab.com/Socob/minimal-lagrangians, +https://gitlab.com/akita/vis, +https://gitlab.com/silkeh/alertmanager_matrix, +https://gitlab.com/RenovoSolutions/rl-http, +https://gitlab.com/nycex/yt-api, +https://gitlab.com/inorton/docker-scout, +https://gitlab.com/joe.wollard/node-simple-plist, +https://gitlab.com/leonhard-llc/logsley-rs, +https://gitlab.com/etonomy/riot-sys, +https://gitlab.com/jokeyrhyme/ssh-sensible-rs, +https://gitlab.com/hpo-uq/hyppo, +https://gitlab.com/johnhal/pose3d_python, +https://gitlab.com/knowlysis/external/nativescript-create-pdf, +https://gitlab.com/gmtjuyn/go/utils/buffer, +https://gitlab.com/frague59/django-delayed-notifications, +https://gitlab.com/empaia/services/wsi-service-plugin-isyntax, +https://gitlab.com/enixjin/corelib, +https://gitlab.com/jrollins/xotes, +https://gitlab.com/hesxenon/esbuild-plugin-simple-css-modules, +https://gitlab.com/GCSBOSS/cronenberg, +https://gitlab.com/miek770/energy_tools, +https://gitlab.com/hgdeoro/django-simple-trigger-audit, +https://gitlab.com/chjordan/cthulhu, +https://gitlab.com/octopus-code/postopus, +https://gitlab.com/statscloud.io/statscloud.io-nodejs-client, +https://gitlab.com/Deathrage/pragmaticview, +https://gitlab.com/seeklay/cubelib, +https://gitlab.com/rockerest/taproot, +https://gitlab.com/advantech-czech/node-red-contrib-loop, +https://gitlab.com/djencks/antora-aggregate-collector, +https://gitlab.com/fabernovel/heart/heart-server, +https://gitlab.com/carbans/pyvirtualname, +https://gitlab.com/davidbuzinski/oompa, +https://gitlab.com/rahasak-labs/rabbit, +https://gitlab.com/evatix-go/pathhelper, +https://gitlab.com/awesome-nodes/unittest, +https://gitlab.com/ryor-repos/ryor, +https://gitlab.com/javawcy/rpc-server, +https://gitlab.com/georgy.m/conorm, +https://gitlab.com/karlmarx80/palarust, +https://gitlab.com/pwoolcoc/ngrams, +https://gitlab.com/john_t/desmond, +https://gitlab.com/c410-f3r/mop, +https://gitlab.com/alinex/node-validator, +https://gitlab.com/frissdiegurke/vuepress-theme-portfolio, +https://gitlab.com/leith-john/django-story-builder, +https://gitlab.com/Popkornium18/audiotag, +https://gitlab.com/luxdvie/node-cue-sdk-2, +https://gitlab.com/deltares/wflow/pyflwdir, +https://gitlab.com/shamansanchez/sc2knews, +https://gitlab.com/kolab-roundcube-plugins/ude-login, +https://gitlab.com/arkindex/api-client, +https://gitlab.com/a-litinskiy/react-immutable-jss-data-table, +https://gitlab.com/gregseth/qcrop, +https://gitlab.com/pidrakin/dotfiles-cli, +https://gitlab.com/engel/bowhead, +https://gitlab.com/anthill-modules/ah-content-exporter, +https://gitlab.com/ndaidong/bellapy, +https://gitlab.com/scooter-phd/authboss-worked, +https://gitlab.com/greenhousecode/ai/apish, +https://gitlab.com/bath_open_instrumentation_group/sca2d, +https://gitlab.com/asplinsol/ooconvert, +https://gitlab.com/sebastianspies9/synchronizer-framework, +https://gitlab.com/robigalia/rust-bitmap, +https://gitlab.com/qemu-project/libslirp, +https://gitlab.com/jsonsonson/in-command, +https://gitlab.com/johnwebbcole/generator-jscad, +https://gitlab.com/infor-cloud/martian-cloud/tharsis/tharsis-sdk-go, +https://gitlab.com/spike77453/check_asterisk_siptrunk, +https://gitlab.com/buzzcat/hexo-lazysizes, +https://gitlab.com/cosban/endpoints, +https://gitlab.com/mahdaen/singclude, +https://gitlab.com/djencks/asciidoctor-report-support, +https://gitlab.com/mnemotix/synaptix.js, +https://gitlab.com/gargravarr/aws-node-decommissioner, +https://gitlab.com/mneumann_ntecs/carbon-components-solid, +https://gitlab.com/resif/resif-data-transfer, +https://gitlab.com/mnavarrocarter/symfony-hexagonal, +https://gitlab.com/larsyunker/PythoMS, +https://gitlab.com/naaspeksi/pretix-oidc, +https://gitlab.com/staltz/cycle-native-asyncstorage, +https://gitlab.com/osaki-lab/secondsight, +https://gitlab.com/djencks/asciidoctor-antora-indexer, +https://gitlab.com/c0b/promise-queue, +https://gitlab.com/jawira/phing-open-task, +https://gitlab.com/asp_net_otus_08_2021/123taxi, +https://gitlab.com/ootoovak/circle_boundary, +https://gitlab.com/apconsulting/pkgs/websocket, +https://gitlab.com/michal.bryxi/ember-template-lint-plugin-tailwindcss, +https://gitlab.com/packages-alen/validator, +https://gitlab.com/lew21/dockerd-py, +https://gitlab.com/NamingThingsIsHard/media_tools/peertube-uploader, +https://gitlab.com/gacybercenter/open/guacamole-api-wrapper, +https://gitlab.com/ltgiv/pyclone, +https://gitlab.com/bwidawsk-cxl/cxl_rs, +https://gitlab.com/gexuy/public-libraries/rust/google_drive_client, +https://gitlab.com/pmon/gitlab-api-js, +https://gitlab.com/mfgames-writing/mfgames-writing-format-js, +https://gitlab.com/frague59/conway, +https://gitlab.com/artdeco/pedantry, +https://gitlab.com/ficsresearch/s3a, +https://gitlab.com/kyle-albert-oss/w3d/w3d-data, +https://gitlab.com/nathanfaucett/rs-rand_num_gen, +https://gitlab.com/sedrubal/gitlabcicli, +https://gitlab.com/php-extended/php-http-client-simple-cache-psr16, +https://gitlab.com/kiwi-ninja/datarm, +https://gitlab.com/adrian.wozniak/wns, +https://gitlab.com/flipactual/ilo, +https://gitlab.com/arcoslab/arcos-kdl, +https://gitlab.com/enuage/bundles/version-updater, +https://gitlab.com/rocket-boosters/lobotomy, +https://gitlab.com/cunity/docker-image-pack, +https://gitlab.com/inayelle/anykit, +https://gitlab.com/cornerstonecms/cornerstonecms, +https://gitlab.com/acanto/laravel-frontend, +https://gitlab.com/jzacsh/punch, +https://gitlab.com/notpushkin/material-plausible-plugin, +https://gitlab.com/ergoithz/yatom, +https://gitlab.com/jinyexin/core, +https://gitlab.com/dmoonfire/mfgames-tasks-js-cli, +https://gitlab.com/Redpoll/changepoint, +https://gitlab.com/code.max/wp-plugin-env, +https://gitlab.com/blue-media/online-payments-php, +https://gitlab.com/mrman/maille, +https://gitlab.com/rs-guidon/guidon, +https://gitlab.com/dacs-hpi/hitac, +https://gitlab.com/mpapp-public/manuscripts-style-guide, +https://gitlab.com/n3dst4/investigator-fvtt-types, +https://gitlab.com/fahrenholz/pdo-database-bundle, +https://gitlab.com/idoko/birthdaystoday, +https://gitlab.com/kraevs/watermill, +https://gitlab.com/henry0475/protobufs, +https://gitlab.com/aicacia/ts-router, +https://gitlab.com/milliams/nbpretty, +https://gitlab.com/Shinobi-Systems/opencv-motion-detector, +https://gitlab.com/Skalman/eslint-plugin-escape, +https://gitlab.com/seam345/zigbee2mqtt-types, +https://gitlab.com/m03geek/fastify-status, +https://gitlab.com/jeffrey-xiao/robar-rs, +https://gitlab.com/nul.one/loz, +https://gitlab.com/nbs-it/helpers, +https://gitlab.com/sexycoders/libauth.js, +https://gitlab.com/hdsujnb/todorantgtk, +https://gitlab.com/Chips4Makers/c4m-flexio, +https://gitlab.com/operator-ict/golemio/code/modules/schema-definitions, +https://gitlab.com/openrail/uk/stomp-client-nodejs, +https://gitlab.com/real-value/real-value-lang, +https://gitlab.com/nop_thread/datetime-string, +https://gitlab.com/salufast/markdown-plugins/mdast-util-tooltip, +https://gitlab.com/reuse/reuse, +https://gitlab.com/snoopdouglas/dobro, +https://gitlab.com/nerdocs/gdaps-frontend-vue, +https://gitlab.com/rgarcia-herrera/pyveplot, +https://gitlab.com/amfiremage/gosit, +https://gitlab.com/360gaggi/discord-net-anarchy, +https://gitlab.com/4s1/conventional-commit-creator, +https://gitlab.com/ctap2-authenticator/chipfuzz, +https://gitlab.com/langloisdev/is-a, +https://gitlab.com/flimzy/testy, +https://gitlab.com/digiratory/biomedimaging/bcanalyzer, +https://gitlab.com/mm_arm/metax.api, +https://gitlab.com/afey13/gocommon, +https://gitlab.com/pagerwave/PagerWave, +https://gitlab.com/jensastrup/pyEchosign, +https://gitlab.com/django-authorship/django-authorship, +https://gitlab.com/angelo-v/molid-mock-solid-server, +https://gitlab.com/ganciaux/blackdynamite, +https://gitlab.com/mcepl/slovnik-seznam, +https://gitlab.com/bahlaouiyoussef/input-basic-validator.js, +https://gitlab.com/Mumba/typedef-sourced, +https://gitlab.com/akita/util, +https://gitlab.com/blad-mercenary/config, +https://gitlab.com/ravnmsg/ravn, +https://gitlab.com/jamietanna/cucumber-reporting-plugin, +https://gitlab.com/eevargas/indexy, +https://gitlab.com/gnaar/gear, +https://gitlab.com/ltgiv/polycephaly, +https://gitlab.com/LUI-3/components/messages, +https://gitlab.com/openmairie/openmairie-layout-legacy, +https://gitlab.com/synaestheory/synce, +https://gitlab.com/jaysaurus/jest-nuxt-helper, +https://gitlab.com/drad/cryptik, +https://gitlab.com/c33s-group/robofile, +https://gitlab.com/hackancuba/git-minisign, +https://gitlab.com/maksmikhalov/vault_search, +https://gitlab.com/Pixel-Mqster/File-Find, +https://gitlab.com/sagidayan/telme, +https://gitlab.com/linuxfreak003/go-ballistic, +https://gitlab.com/laurih/matid, +https://gitlab.com/megabyte-labs/documentation/npm, +https://gitlab.com/okannen/memory_slice, +https://gitlab.com/dgriffen/iron_session, +https://gitlab.com/dynamic-pipeline/javascript, +https://gitlab.com/nuinalp/open-source/atomvpn-nodejs-library, +https://gitlab.com/exhale-hu/alexandria, +https://gitlab.com/opencraft/dev/providence-demo, +https://gitlab.com/Speykious/arcthird, +https://gitlab.com/pakkaponeppp/asset_api, +https://gitlab.com/artemklevtsov/outline-community-servers, +https://gitlab.com/janispritzkau/nbt-ts, +https://gitlab.com/eduardo.marin/appconn, +https://gitlab.com/mnemotix/fegl-resource/weever, +https://gitlab.com/chpio/audio-conv, +https://gitlab.com/jimlloyd/ya-git-lab, +https://gitlab.com/hestia-earth/hestia-engine-models, +https://gitlab.com/gmtjuyn/go/gjpkg, +https://gitlab.com/burke-software/nativescript-libsodium, +https://gitlab.com/plaza-project/bridges/python-plaza-lib, +https://gitlab.com/scce/add-lib, +https://gitlab.com/php-mtg/mtg-api-com-scryfall-object, +https://gitlab.com/newebtime/pyrocms/grayscale-theme, +https://gitlab.com/achalkias/cypress-configuration-builder, +https://gitlab.com/openrail/uk/common-nodejs, +https://gitlab.com/living180/pyflame, +https://gitlab.com/roundearth/roundearth, +https://gitlab.com/biomedit/django-drf-utils, +https://gitlab.com/chiwaukee/chiwaukee-eslint-config, +https://gitlab.com/prohousing-as/ph-ksql, +https://gitlab.com/lcruzc/material-toolbox, +https://gitlab.com/aicacia/ts-changeset, +https://gitlab.com/development-incolume/incolumepy.utils, +https://gitlab.com/doug.shawhan/flask-commonmark, +https://gitlab.com/noraj/nvd_api, +https://gitlab.com/mschleeweiss/odata-entity-extractor, +https://gitlab.com/ccondry/uccx-chat-client, +https://gitlab.com/endlessthemes/endless-project, +https://gitlab.com/stembord/libs/ts-state, +https://gitlab.com/raspberry-pi-cast/node-omxplayer-raspberry-pi-cast, +https://gitlab.com/djacobs24/micro, +https://gitlab.com/Jon.Keatley.Folio/webstaterator, +https://gitlab.com/happycodingsarl/bvr, +https://gitlab.com/i14a45/yii2-adminlte-advanced-template, +https://gitlab.com/blurt/openblurt/blurtjs, +https://gitlab.com/mschleeweiss/eslint-plugin-ui5, +https://gitlab.com/nvllsvm/cloneholio, +https://gitlab.com/ACP3/module-seo, +https://gitlab.com/MaxIV/lib-maxiv-dsconfig, +https://gitlab.com/megabyte-labs/python/cli/ansible-keyring, +https://gitlab.com/jamietanna/jwks-ical, +https://gitlab.com/caelum-tech/caelum-parity, +https://gitlab.com/kalilinux/packages/ffuf, +https://gitlab.com/apalia/coredns-cloudstack, +https://gitlab.com/geoip.network/python-library, +https://gitlab.com/johnfromthefuture/splunk-hec-library, +https://gitlab.com/elixxir/gpumathsgo, +https://gitlab.com/silenteer-oss/tutum/titan, +https://gitlab.com/lthn.io/projects/chain/miner, +https://gitlab.com/bz1/aiida-castep, +https://gitlab.com/fortitudetec/elucidation, +https://gitlab.com/mschlueter/laravel-force-https, \ No newline at end of file From b3b93443ba89e9f471457fd8bc003ec2e676c862 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 17:52:06 +0000 Subject: [PATCH 268/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.84.0 to 0.85.0 (#3149) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.84.0 to 0.85.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.84.0...v0.85.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 51303f7b65d..548ac2135db 100644 --- a/go.mod +++ b/go.mod @@ -165,7 +165,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.3 // indirect - github.com/xanzy/go-gitlab v0.84.0 + github.com/xanzy/go-gitlab v0.85.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index f26577548d6..f6ca8065144 100644 --- a/go.sum +++ b/go.sum @@ -1969,8 +1969,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.84.0 h1:PdpCaskQSgcVDsx21c6ikf8Rfyo7SNtFAJwP9PrbCFE= -github.com/xanzy/go-gitlab v0.84.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.85.0 h1:E/wjnsd/mM5kV6O9y5+i6zxjx+wfAwa97sgcT1ETNwk= +github.com/xanzy/go-gitlab v0.85.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From d5ed41db02ed7c1bf8a73c874d93bfcdeccc52c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 18:06:39 +0000 Subject: [PATCH 269/316] :seedling: Bump actions/checkout from 3.5.2 to 3.5.3 (#3148) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/depsreview.yml | 2 +- .github/workflows/docker.yml | 16 +++++----- .github/workflows/gitlab.yml | 2 +- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 2 +- .github/workflows/main.yml | 40 ++++++++++++------------ .github/workflows/publishimage.yml | 2 +- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 2 +- 10 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 477bebaf936..c5f8407259e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -57,7 +57,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 96acffae5c2..ea8c3b2d09b 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -22,6 +22,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: 'Dependency Review' uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 682b2e27939..61604910603 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -37,7 +37,7 @@ jobs: docs_only: ${{ steps.docs_only_check.outputs.docs_only }} steps: - name: Check out code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab #v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 #v3.5.3 with: fetch-depth: 2 # needed to diff changed files - id: files @@ -70,7 +70,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -100,7 +100,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -130,7 +130,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -160,7 +160,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -190,7 +190,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -220,7 +220,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: @@ -250,7 +250,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index dac7926d520..890c12b28da 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -32,7 +32,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: fetch-depth: 0 diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 038e7d2ee9a..f55b98b9c9c 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -36,7 +36,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Set up Go diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index b51ac6d013a..a537fd65258 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -46,7 +46,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: pull_request actions/checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a3d6b75b8e8..39ff059db22 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -54,7 +54,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -115,7 +115,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -163,7 +163,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -198,7 +198,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -246,7 +246,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -294,7 +294,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -342,7 +342,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -390,7 +390,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -438,7 +438,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -486,7 +486,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -534,7 +534,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -582,7 +582,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -630,7 +630,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -678,7 +678,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -726,7 +726,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -761,7 +761,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -798,7 +798,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -845,7 +845,7 @@ jobs: restore-keys: | ${{ runner.os }}-go- - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -880,7 +880,7 @@ jobs: version: ${{ env.PROTOC_VERSION }} repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - name: Setup Go @@ -909,7 +909,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v2.2.0 with: go-version: ${{ env.GO_VERSION }} diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 249e588b7b3..8939f64cf09 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -37,7 +37,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 with: fetch-depth: 0 - name: Setup Go diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index d1b706e6ba7..92e0caad8d1 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -22,7 +22,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: "Run analysis" uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index af4806478cb..86cdc5e70c9 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -16,7 +16,7 @@ jobs: go-binary-name: ${{ steps.build.outputs.go-binary-name }} steps: - id: checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.3.4 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.3.4 with: fetch-depth: 0 - id: ldflags From 1336d9481c896e4a2a7cd94faf2e3672343a0f83 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 22:08:13 +0000 Subject: [PATCH 270/316] :seedling: Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/f82d6c1c344bcacabba2c841718984797f664a6b...336e29918d653399e599bfca99fadc1d7ffbc9f7) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index f55b98b9c9c..373e7ec54c8 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -49,7 +49,7 @@ jobs: run: echo "version_flags=$(./scripts/version-ldflags)" >> "$GITHUB_OUTPUT" - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v2.5.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v2.5.0 with: version: latest args: release --rm-dist From bc3bb2ebda8545c639cdd617d64991463f64b880 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 23:19:48 +0000 Subject: [PATCH 271/316] :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2 (#3160) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.4.0...v2.5.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 14 ++++++-------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 548ac2135db..75a90223343 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( cloud.google.com/go/trace v1.9.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 - github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 + github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 github.com/go-git/go-git/v5 v5.7.0 github.com/go-logr/logr v1.2.4 github.com/golang/mock v1.6.0 @@ -76,7 +76,7 @@ require ( github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-github/v52 v52.0.0 // indirect + github.com/google/go-github/v53 v53.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/google/s2a-go v0.1.4 // indirect diff --git a/go.sum b/go.sum index f6ca8065144..1a5f1ec7ac8 100644 --- a/go.sum +++ b/go.sum @@ -660,11 +660,12 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= -github.com/bradleyfalzon/ghinstallation/v2 v2.4.0 h1:zYSzkoIwekCQAr6GT6KxISLt4YRS6kd4/ixfzMN+7yc= -github.com/bradleyfalzon/ghinstallation/v2 v2.4.0/go.mod h1:4MwZLSgBJJgg4i3nJwZJ95AMooSqN8fJDmegLVn9Q2U= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= +github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/caarlos0/env/v6 v6.10.0 h1:lA7sxiGArZ2KkiqpOQNf8ERBRWI+v8MWIH+eGjSN22I= github.com/caarlos0/env/v6 v6.10.0/go.mod h1:hvp/ryKXKipEkcuYjs9mI4bBCg+UI0Yhgm5Zu0ddvwc= github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg= @@ -1183,8 +1184,8 @@ github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6 github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= -github.com/google/go-github/v52 v52.0.0 h1:uyGWOY+jMQ8GVGSX8dkSwCzlehU3WfdxQ7GweO/JP7M= -github.com/google/go-github/v52 v52.0.0/go.mod h1:WJV6VEEUPuMo5pXqqa2ZCZEdbQqua4zAk2MZTIo+m+4= +github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= +github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -2154,6 +2155,7 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= @@ -2300,7 +2302,6 @@ golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2334,7 +2335,6 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2512,7 +2512,6 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2527,7 +2526,6 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From ff68bfbef73b0ba300628ce5f69b4621e577dccf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 07:33:49 -0500 Subject: [PATCH 272/316] :seedling: Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#3163) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.8.0 to 0.9.0. - [Commits](https://github.com/golang/oauth2/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 19 ++++++++++++------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 75a90223343..92ba0d03872 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 gocloud.dev v0.29.0 - golang.org/x/text v0.9.0 + golang.org/x/text v0.10.0 golang.org/x/tools v0.9.3 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 @@ -102,7 +102,7 @@ require ( github.com/spdx/tools-golang v0.5.1 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.10.0 // indirect - golang.org/x/term v0.8.0 // indirect + golang.org/x/term v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -169,12 +169,12 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - golang.org/x/crypto v0.9.0 // indirect + golang.org/x/crypto v0.10.0 // indirect golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.8.0 + golang.org/x/net v0.11.0 // indirect + golang.org/x/oauth2 v0.9.0 golang.org/x/sync v0.2.0 // indirect - golang.org/x/sys v0.8.0 // indirect + golang.org/x/sys v0.9.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.124.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 1a5f1ec7ac8..c09254002a0 100644 --- a/go.sum +++ b/go.sum @@ -2158,8 +2158,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2302,8 +2302,9 @@ golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2335,8 +2336,9 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2512,8 +2514,9 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2526,8 +2529,9 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2544,8 +2548,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From e11fd2e80a46de35ef1378f3bd15c6c6068e74f6 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:07:38 -0500 Subject: [PATCH 273/316] =?UTF-8?q?=F0=9F=8C=B1=20=20Improve=20webhookHand?= =?UTF-8?q?ler=20E2E=20tests=20(#3157)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * :seelding: Improve webhookHandler E2E tests - Add e2e test for webhookHandler Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the location of skipif Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some cleanup Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/webhook_e2e_test.go | 62 ++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 clients/githubrepo/webhook_e2e_test.go diff --git a/clients/githubrepo/webhook_e2e_test.go b/clients/githubrepo/webhook_e2e_test.go new file mode 100644 index 00000000000..22c2a1ad4a8 --- /dev/null +++ b/clients/githubrepo/webhook_e2e_test.go @@ -0,0 +1,62 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.webhookHandler", func() { + var handler *webhookHandler + + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + client := github.NewClient(httpClient) + handler = &webhookHandler{ + ghClient: client, + ctx: ctx, + } + }) + Context("listWebhooks()", func() { + It("returns list of webhooks", func() { + skipIfTokenIsNot(patTokenType, "PAT only") + repoURL := repoURL{ + owner: "ossf-tests", + repo: "webhook-e2e", + commitSHA: clients.HeadSHA, + } + + handler.init(context.Background(), &repoURL) + resp, err := handler.listWebhooks() + Expect(err).NotTo(HaveOccurred()) + Expect(resp).NotTo(BeNil()) + Expect(len(resp)).To(Equal(1)) + Expect(handler.errSetup).Should(BeNil()) + }) + }) +}) From 4cd5446862ea4c470810fea81fc7f45a36d04dec Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 14 Jun 2023 11:13:20 -0400 Subject: [PATCH 274/316] =?UTF-8?q?=F0=9F=90=9B=20Code=20Review:=20Use=20p?= =?UTF-8?q?roportional=20scoring=20(#2882)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Code Review: Use proportional scoring Signed-off-by: Raghav Kaul * address cr comments Signed-off-by: Raghav Kaul * revert repo_client.go Signed-off-by: Raghav Kaul * update * exclude bot PRs from scoring * missing import from merge Signed-off-by: Raghav Kaul * update * changeset.Unknown Signed-off-by: Raghav Kaul * address pr comments Signed-off-by: Raghav Kaul * set field Signed-off-by: Raghav Kaul * fix unittests Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> --- checker/raw_result.go | 1 + checks/code_review_test.go | 4 +- checks/evaluation/code_review.go | 98 ++++++++++----------------- checks/evaluation/code_review_test.go | 27 +++++--- checks/raw/code_review.go | 2 +- e2e/code_review_test.go | 43 +++--------- 6 files changed, 67 insertions(+), 108 deletions(-) diff --git a/checker/raw_result.go b/checker/raw_result.go index 621c84eb8ad..2acaee17a47 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -176,6 +176,7 @@ const ( ReviewPlatformGerrit ReviewPlatform = "Gerrit" ReviewPlatformPhabricator ReviewPlatform = "Phabricator" ReviewPlatformPiper ReviewPlatform = "Piper" + ReviewPlatformUnknown ReviewPlatform = "Unknown" ) type Changeset struct { diff --git a/checks/code_review_test.go b/checks/code_review_test.go index afc52d84eb5..1b48c06093f 100644 --- a/checks/code_review_test.go +++ b/checks/code_review_test.go @@ -186,7 +186,7 @@ func TestCodereview(t *testing.T) { }, }, expected: checker.CheckResult{ - Score: 3, + Score: 5, }, }, { @@ -211,7 +211,7 @@ func TestCodereview(t *testing.T) { }, }, expected: checker.CheckResult{ - Score: 3, + Score: 5, }, }, { diff --git a/checks/evaluation/code_review.go b/checks/evaluation/code_review.go index 8c26295972c..4c84c92378b 100644 --- a/checks/evaluation/code_review.go +++ b/checks/evaluation/code_review.go @@ -16,7 +16,7 @@ package evaluation import ( "fmt" - "strings" + "math" "github.com/ossf/scorecard/v4/checker" sce "github.com/ossf/scorecard/v4/errors" @@ -39,89 +39,57 @@ func CodeReview(name string, dl checker.DetailLogger, r *checker.CodeReviewData) return checker.CreateRuntimeErrorResult(name, e) } - if len(r.DefaultBranchChangesets) == 0 { + N := len(r.DefaultBranchChangesets) + if N == 0 { return checker.CreateInconclusiveResult(name, "no commits found") } - foundHumanReviewActivity := false - foundBotReviewActivity := false - nUnreviewedHumanChanges := 0 - nUnreviewedBotChanges := 0 + nUnreviewedChanges := 0 + nChanges := 0 + foundHumanActivity := false - var unreviewedHumanRevisionIDs, unreviewedBotRevisionIDs []string for i := range r.DefaultBranchChangesets { cs := &r.DefaultBranchChangesets[i] - isReviewed := reviewScoreForChangeset(cs) >= changesReviewed - isBotCommit := cs.Author.IsBot - - switch { - case isReviewed && isBotCommit: - foundBotReviewActivity = true - case isReviewed && !isBotCommit: - foundHumanReviewActivity = true - case !isReviewed && isBotCommit: - nUnreviewedBotChanges += 1 - unreviewedBotRevisionIDs = append(unreviewedBotRevisionIDs, cs.RevisionID) - case !isReviewed && !isBotCommit: - nUnreviewedHumanChanges += 1 - unreviewedHumanRevisionIDs = append(unreviewedHumanRevisionIDs, cs.RevisionID) + isReviewed := reviewScoreForChangeset(cs, dl) >= changesReviewed + if isReviewed && cs.Author.IsBot { + continue // ignore reviewed bot commits (https://github.com/ossf/scorecard/issues/2450) } - } - // Let's include non-compliant revision IDs in details - if len(unreviewedHumanRevisionIDs) > 0 { - dl.Debug(&checker.LogMessage{ - Text: fmt.Sprintf("List of revision IDs not reviewed by humans:%s", strings.Join(unreviewedHumanRevisionIDs, ",")), - }) - } + nChanges += 1 - if len(unreviewedBotRevisionIDs) > 0 { - dl.Debug(&checker.LogMessage{ - Text: fmt.Sprintf("List of bot revision IDs not reviewed by humans:%s", strings.Join(unreviewedBotRevisionIDs, ",")), - }) - } + if !cs.Author.IsBot { + foundHumanActivity = true + } - if foundBotReviewActivity && !foundHumanReviewActivity { - reason := fmt.Sprintf("found no human review activity in the last %v changesets", len(r.DefaultBranchChangesets)) - return checker.CreateInconclusiveResult(name, reason) + if !isReviewed { + nUnreviewedChanges += 1 + } } switch { - case nUnreviewedBotChanges > 0 && nUnreviewedHumanChanges > 0: - return checker.CreateMinScoreResult( - name, - fmt.Sprintf("found unreviewed changesets (%v human %v bot)", nUnreviewedHumanChanges, nUnreviewedBotChanges), - ) - case nUnreviewedBotChanges > 0: - return checker.CreateResultWithScore( - name, - fmt.Sprintf("all human changesets reviewed, found %v unreviewed bot changesets", nUnreviewedBotChanges), - 7, - ) - case nUnreviewedHumanChanges > 0: - score := 3 - if len(r.DefaultBranchChangesets) == 1 || nUnreviewedHumanChanges > 1 { - score = 0 - } - return checker.CreateResultWithScore( + case nChanges == 0 || !foundHumanActivity: + reason := fmt.Sprintf("found no human review activity in the last %v changesets", N) + return checker.CreateInconclusiveResult(name, reason) + case nUnreviewedChanges > 0: + return checker.CreateProportionalScoreResult( name, - fmt.Sprintf( - "found %v unreviewed human changesets (%d total)", - nUnreviewedHumanChanges, len(r.DefaultBranchChangesets), - ), - score, + fmt.Sprintf("found %d unreviewed changesets out of %d", nUnreviewedChanges, nChanges), + int(math.Max(float64(nChanges-nUnreviewedChanges), 0)), + nChanges, ) } return checker.CreateMaxScoreResult(name, "all changesets reviewed") } -func reviewScoreForChangeset(changeset *checker.Changeset) (score reviewScore) { - if changeset.ReviewPlatform != "" && changeset.ReviewPlatform != checker.ReviewPlatformGitHub { +func reviewScoreForChangeset(changeset *checker.Changeset, dl checker.DetailLogger) (score reviewScore) { + plat := changeset.ReviewPlatform + if plat != checker.ReviewPlatformUnknown && + plat != checker.ReviewPlatformGitHub { return reviewedOutsideGithub } - if changeset.ReviewPlatform == checker.ReviewPlatformGitHub { + if plat == checker.ReviewPlatformGitHub { for i := range changeset.Reviews { review := changeset.Reviews[i] if review.State == "APPROVED" && review.Author.Login != changeset.Author.Login { @@ -130,5 +98,13 @@ func reviewScoreForChangeset(changeset *checker.Changeset) (score reviewScore) { } } + dl.Debug( + &checker.LogMessage{ + Text: fmt.Sprintf( + "couldn't find approvals for revision: %s platform: %s", + changeset.RevisionID, plat, + ), + }, + ) return noReview } diff --git a/checks/evaluation/code_review_test.go b/checks/evaluation/code_review_test.go index eaf7db8eaa7..bb17732e24d 100644 --- a/checks/evaluation/code_review_test.go +++ b/checks/evaluation/code_review_test.go @@ -51,15 +51,17 @@ func TestCodeReview(t *testing.T) { name: "NoReviews", expected: scut.TestReturn{ Score: checker.MinResultScore, - NumberOfDebug: 1, + NumberOfDebug: 2, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ { - Commits: []clients.Commit{{SHA: "a"}}, + ReviewPlatform: checker.ReviewPlatformUnknown, + Commits: []clients.Commit{{SHA: "a"}}, }, { - Commits: []clients.Commit{{SHA: "a"}}, + ReviewPlatform: checker.ReviewPlatformUnknown, + Commits: []clients.Commit{{SHA: "a"}}, }, }, }, @@ -68,15 +70,17 @@ func TestCodeReview(t *testing.T) { name: "Unreviewed human and bot changes", expected: scut.TestReturn{ Score: checker.MinResultScore, - NumberOfDebug: 1, + NumberOfDebug: 2, }, rawData: &checker.CodeReviewData{ DefaultBranchChangesets: []checker.Changeset{ { - Commits: []clients.Commit{{SHA: "a", Committer: clients.User{IsBot: true}}}, + ReviewPlatform: checker.ReviewPlatformUnknown, + Commits: []clients.Commit{{SHA: "a", Committer: clients.User{IsBot: true}}}, }, { - Commits: []clients.Commit{{SHA: "b"}}, + ReviewPlatform: checker.ReviewPlatformUnknown, + Commits: []clients.Commit{{SHA: "b"}}, }, }, }, @@ -84,7 +88,7 @@ func TestCodeReview(t *testing.T) { { name: "all human changesets reviewed, missing review on bot changeset", expected: scut.TestReturn{ - Score: 7, + Score: 5, NumberOfDebug: 1, }, rawData: &checker.CodeReviewData{ @@ -107,8 +111,9 @@ func TestCodeReview(t *testing.T) { }, }, { - Author: clients.User{Login: "alice-the-bot[bot]", IsBot: true}, - RevisionID: "b", + Author: clients.User{Login: "alice-the-bot[bot]", IsBot: true}, + ReviewPlatform: checker.ReviewPlatformUnknown, + RevisionID: "b", Commits: []clients.Commit{ { Committer: clients.User{Login: "alice-the-bot[bot]", IsBot: true}, @@ -173,7 +178,9 @@ func TestCodeReview(t *testing.T) { }, }, { - RevisionID: "b", + Author: clients.User{Login: "alice-the-bot[bot]", IsBot: true}, + ReviewPlatform: checker.ReviewPlatformUnknown, + RevisionID: "b", Commits: []clients.Commit{ { Committer: clients.User{Login: "alice-the-bot[bot]", IsBot: true}, diff --git a/checks/raw/code_review.go b/checks/raw/code_review.go index 55f6a499d27..e794773a5b3 100644 --- a/checks/raw/code_review.go +++ b/checks/raw/code_review.go @@ -141,7 +141,7 @@ func detectCommitRevisionInfo(c *clients.Commit) revisionInfo { return revisionInfo{checker.ReviewPlatformPiper, revisionID} } - return revisionInfo{} + return revisionInfo{checker.ReviewPlatformUnknown, ""} } // Group commits by the changeset they belong to diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index 871d75c43c2..be208388db4 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -32,34 +32,9 @@ import ( // TODO: use dedicated repo that don't change. var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Context("E2E TEST:Validating use of code reviews", func() { - It("Should return use of code reviews", func() { - dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") - Expect(err).Should(BeNil()) - repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) - err = repoClient.InitRepo(repo, clients.HeadSHA, 0) - Expect(err).Should(BeNil()) - - req := checker.CheckRequest{ - Ctx: context.Background(), - RepoClient: repoClient, - Repo: repo, - Dlogger: &dl, - } - expected := scut.TestReturn{ - Error: nil, - Score: checker.MinResultScore, - NumberOfWarn: 0, - NumberOfInfo: 0, - NumberOfDebug: 1, - } - result := checks.CodeReview(&req) - Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) - Expect(repoClient.Close()).Should(BeNil()) - }) It("Should return use of code reviews at commit", func() { dl := scut.TestDetailLogger{} - repo, err := githubrepo.MakeGithubRepo("ossf-tests/airflow") + repo, err := githubrepo.MakeGithubRepo("apache/airflow") Expect(err).Should(BeNil()) repoClient := githubrepo.CreateGithubRepoClient(context.Background(), logger) err = repoClient.InitRepo(repo, "0a6850647e531b08f68118ff8ca20577a5b4062c", 0) @@ -73,10 +48,10 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { } expected := scut.TestReturn{ Error: nil, - Score: checker.MinResultScore, + Score: 10, NumberOfWarn: 0, NumberOfInfo: 0, - NumberOfDebug: 1, + NumberOfDebug: 0, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) @@ -103,7 +78,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Expect(repoClient.Close()).Should(BeNil()) }) - It("Should return inconclusive results for a single-maintainer project with only self- or bot changesets", func() { + It("Should return min score for a single-maintainer project with only self- or bot changesets", func() { dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("Kromey/fast_poisson") Expect(err).Should(BeNil()) @@ -118,14 +93,14 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Score: checker.InconclusiveResultScore, - NumberOfDebug: 1, + Score: 0, + NumberOfDebug: 18, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) Expect(repoClient.Close()).Should(BeNil()) }) - It("Should return minimum score for a single-maintainer project with some unreviewed human changesets", func() { + It("Should return partial score for a single-maintainer project with some unreviewed human changesets", func() { dl := scut.TestDetailLogger{} repo, err := githubrepo.MakeGithubRepo("Kromey/fast_poisson") Expect(err).Should(BeNil()) @@ -140,8 +115,8 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { Dlogger: &dl, } expected := scut.TestReturn{ - Score: checker.MinResultScore, - NumberOfDebug: 1, + Score: 1, + NumberOfDebug: 10, } result := checks.CodeReview(&req) Expect(scut.ValidateTestReturn(nil, "use code reviews", &expected, &result, &dl)).Should(BeTrue()) From d72deff4091596871037a0d5f618d573bfc62283 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Thu, 15 Jun 2023 07:54:23 -0500 Subject: [PATCH 275/316] :seedling: Improve Githubrepo Releases handler E2E tests (#3164) - Add e2e test for githubrepo releases handler Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/releases_e2e_test.go | 60 +++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 clients/githubrepo/releases_e2e_test.go diff --git a/clients/githubrepo/releases_e2e_test.go b/clients/githubrepo/releases_e2e_test.go new file mode 100644 index 00000000000..0a611c6945d --- /dev/null +++ b/clients/githubrepo/releases_e2e_test.go @@ -0,0 +1,60 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.releasesHandler", func() { + var releaseHandler *releasesHandler + + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + client := github.NewClient(httpClient) + releaseHandler = &releasesHandler{ + client: client, + ctx: ctx, + } + }) + Context("getReleases()", func() { + It("returns releases", func() { + repoURL := repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + + releaseHandler.init(context.Background(), &repoURL) + resp, err := releaseHandler.getReleases() + Expect(err).NotTo(HaveOccurred()) + Expect(len(resp)).ShouldNot(Equal(0)) + Expect(releaseHandler.errSetup).Should(BeNil()) + }) + }) +}) From f928748c0eb30cc3307ee5e6d807b2d4545e3d40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 15:02:13 +0000 Subject: [PATCH 276/316] :seedling: Bump tj-actions/changed-files from 36.1.0 to 36.2.1 (#3169) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.1.0 to 36.2.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/fb20f4d24890fadc539505b1746d260504b213d0...c9124514c375de5dbb9697afa6f2e36a236ee58c) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 61604910603..d8146d2027e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@fb20f4d24890fadc539505b1746d260504b213d0 #v36.1.0 + uses: tj-actions/changed-files@c9124514c375de5dbb9697afa6f2e36a236ee58c #v36.2.1 with: files_ignore: '**.md' - id: docs_only_check From 8c9e552f68e5fd070692b8376ac51d2e8a7f0aaa Mon Sep 17 00:00:00 2001 From: Avishay Balter Date: Fri, 16 Jun 2023 02:13:41 +0300 Subject: [PATCH 277/316] =?UTF-8?q?=E2=9C=A8=20add=20--nuget=20package=20m?= =?UTF-8?q?anager=20flag=20(#3020)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add nuget package manager Signed-off-by: Avishay * fix pat test messages (#2987) * also fix pat tests Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Bump slsa-framework/slsa-github-generator from 1.5.0 to 1.6.0 Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump cloud.google.com/go/bigquery from 1.51.1 to 1.51.2 (#2984) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.1 to 1.51.2. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.1...bigquery/v1.51.2) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump golang.org/x/tools from 0.9.0 to 0.9.1 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :bug: Update osv-scanner dependency to include Vulnerabilities check fixes (#2981) * Update osv-scanner dependency to include Vulnerabilities check fixes Signed-off-by: Laurent Savaëte * Run go mod tidy Signed-off-by: Laurent Savaëte --------- Signed-off-by: Laurent Savaëte Signed-off-by: Avishay * :seedling: Bump github.com/docker/distribution in /tools (#2993) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * 🌱 Gitlab: e2e test fixes in main (#2992) * test secret chagnes Signed-off-by: Raghav Kaul * update score Signed-off-by: Raghav Kaul * address cr comments Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Unit tests log/log.go (#2980) - Add unit tests for the log package - Add Apache License to log_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/cloudflare/circl in /tools (#2995) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.2.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.2.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :sparkles: Add releasing workflow for semantic-release (#2989) Signed-off-by: Matt Travi Signed-off-by: Avishay * :seedling: Bump slsa-framework/slsa-verifier from 2.2.0 to 2.3.0 Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/slsa-framework/slsa-verifier/releases) - [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md) - [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-verifier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#2994) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.1.0 to 1.3.3. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.1.0...v1.3.3) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934) * :seedling: Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: E2E for clients/githubrepo/contributors.go (#2939) * :seedling: E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :book: Clarify that AI/ML doesn't count as human code review (#2953) * Clarify that AI/ML doesn't count as human code review Add this clarification per the Scorecards Zoom call meeting today (2023-05-04). Signed-off-by: David A. Wheeler * Tweaked per review Signed-off-by: David A. Wheeler --------- Signed-off-by: David A. Wheeler Signed-off-by: Avishay * :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/cii Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/controller Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/worker Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang from `31a8f92` to `685a22e` Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang from `31a8f92` to `685a22e` in /cron/internal/bq Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/webhook Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * Clarify AI/ML not human code review - in .yml file (#3012) This clarifies that AI/ML doesn't count as human code review. This was earlier done in #2953 but that didn't modify the relevant .yml file - this does. Signed-off-by: David A. Wheeler Signed-off-by: Avishay * :seedling: Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#3005) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Unit tests for checks/raw/maintained.go (#2996) - Add tests and checks for the `Maintained` function - Add checks for `IsArchived`, `ListCommits`, `ListIssues`, and `GetCreatedAt` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump actions/setup-go from 4.0.0 to 4.0.1 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4d34df0c2316fe8122ab82dc22947d607c0c91f9...fac708d6674e30b6ba41289acaab6d4b75aa0753) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump codecov/codecov-action from 3.1.3 to 3.1.4 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/894ff025c7b54547a9a2a1e9f228beae737ad3c2...eaaf4bedf32dbdc6b720b63067d99c4d77d6047d) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Unit tests for Policy.go (#3003) - Included tests for policy.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.4 to 2.9.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.4...v2.9.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump sigstore/cosign-installer from 3.0.3 to 3.0.4 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/204a51a57a74d190b284a0ce69b44bc37201f343...03d0fecf172873164a163bbc64bed0f3bf114ed7) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/google/go-containerregistry (#3025) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.15.1 to 0.15.2. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/compare/v0.15.1...v0.15.2) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Included e2e tests for push to main (#2951) - Update trigger for integration tests to enable running on `push` and `pull_request` on the `main` branch Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Included directories that don't require coverage (#3002) - Included directories that don't require coverage. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Unit tests for checks/raw/contributors.go (#2998) - Add tests and fix casing for Contributors function in checks/raw/contributors_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * ✨ GitLab: Code Review check (#2764) * Add GitLab support for Code-Review check Signed-off-by: Raghav Kaul * Remove spurious printf Signed-off-by: Raghav Kaul * Working commit Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * e2e test Signed-off-by: Raghav Kaul * update: test coverage Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Avishay * gitlab: license check (#2834) Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#3031) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/google/osv-scanner Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3-0.20230509011216-baae1796eeea to 1.3.3. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.3) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#3029) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.4 to 3.0.5. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/03d0fecf172873164a163bbc64bed0f3bf114ed7...dd6b2e2b610a11fd73dd187a43d57cc1394e35f9) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump arduino/setup-protoc from 1.1.2 to 1.2.0 Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.1.2 to 1.2.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](https://github.com/arduino/setup-protoc/compare/64c0c85d18e984422218383b81c52f8b077404d3...4b3578161eece2eb20a9dfd84bb8ed105e684dba) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :sparkles: Add support for github GHES (#2999) * :sparkles: adding support for github GHES Signed-off-by: Niket Patel * fix: lint and cleanup Signed-off-by: Niket Patel * fix: flaky test Signed-off-by: Niket Patel * fix: address missing host Signed-off-by: Niket Patel * fix: lint error Signed-off-by: Niket Patel * :seedling: Additional e2e clients/githubrepo/checkruns.go (#2934) * :seedling: Additional e2e clients/githubrepo/checkruns.go - Add `net/http` and `github.com/google/go-github/v38/github` imports - Add a test for `listCheckRunsForRef` with valid ref - Add a test for `listCheckRunsForRef` with invalid ref Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Based on code review comments Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Some tweaks Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel * :seedling: E2E for clients/githubrepo/contributors.go (#2939) * :seedling: E2E for clients/githubrepo/contributors.go - Add an end-to-end test for `contributorsHandler` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed based on code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed codereview comment. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel * chore: add GHES instructions Signed-off-by: Niket Patel * refact: use test setenv Signed-off-by: Niket Patel * fix: corp unit test Signed-off-by: Niket Patel --------- Signed-off-by: Niket Patel Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Niket Patel Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay * Change Facilitators to Maintainers (#3039) Not sure what the old facilitators table was for. Current list of Maintainers is always in CODEOWNERS. Meaning of "Maintainers" still is not defined, and should be a part of an upcoming contributor ladder. Signed-off-by: Jeff Mendoza Signed-off-by: Avishay * :bug: Gitlab: Commit/Commitor Exceptions (#3026) * feat: Added paging for contributor/users against gitlab projects Signed-off-by: Robison, Jim B * refactor: Updated the bot flag for unmatched users Signed-off-by: Robison, Jim B * fix: Not all commit users are in the git registry instance Signed-off-by: Robison, Jim B * fix: Skipping check if the email is empty, as well as if the "email" doesn't contain a "." char. Signed-off-by: Robison, Jim B * fix: Updated to allow for commits with PRs to be accounted/added to the client.commits Signed-off-by: Robison, Jim B * refactor: Updated to prevent linting issue regarding nested if's Signed-off-by: Robison, Jim B * test: Adding coverage for commits and contributors for gitlab Signed-off-by: Robison, Jim B * refactor: Moved queries from the client to their own functions Signed-off-by: Robison, Jim B * bug: Need to pass the ProjectID value to the contributor query Signed-off-by: Robison, Jim B * bug: Updating project title versus projectID values for api querying Signed-off-by: Robison, Jim B * test: Updated tests to match expected property set for projectID Signed-off-by: Robison, Jim B * revert: Reverted based on feedback during review Signed-off-by: Robison, Jim B --------- Signed-off-by: Robison, Jim B Signed-off-by: Avishay * :seedling: Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#3040) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.6 to 1.27.7. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.6...v1.27.7) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :book: Make all StepSecurity app endpoint references consistent (#3042) Signed-off-by: Ashish Kurmi Signed-off-by: Avishay * 📖 Update checks.md to show the benefit of >=2 reviewers (#3013) * Update checks.yaml instead of cehcks.md Signed-off-by: Joyce * feat: generate checks.md Signed-off-by: Joyce Brum --------- Signed-off-by: Joyce Signed-off-by: Joyce Brum Signed-off-by: Avishay * :seedling: Improve workflow pinning remediation tests (#3021) - Add 3 tests for workflow pinning remediation [remediation/remediations_test.go] - Add 3 tests for workflow pinning remediation Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go (#3000) * :seedling: E2E tests for clients/githubrepo/languages_e2e_test.go - Included e2e tests for clients/githubrepo/languages_e2e_test.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the token type check. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Unit tests for pkg/json_raw_results (#3044) * :seedling: Unit tests for pkg/json_raw_results.go - Unit tests for pkg/json_raw_results.go Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Additional tests Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * ✨ [experimental] Add probe code and support for Tool-Update-Dependency (#2944) * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon Signed-off-by: Avishay * add zoom link and agenda link (#3050) Signed-off-by: Amanda L Martin Signed-off-by: Avishay * :seedling: Run E2E PAT test for push to main (#3046) - Add E2E PAT tests for push to main. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * Update main.yml (#3054) -Fixed the YAML indenting issue. Signed-off-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * only run e2e pat on push (#3056) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#3057) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.6.1 to 5.7.0. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :book: :ghost: fix anchor link to the code review section (#3058) * fix anchor link to code-review in checks.yaml Signed-off-by: dasfreak Signed-off-by: Marc Ohm * generate checks.md Signed-off-by: Marc Ohm --------- Signed-off-by: dasfreak Signed-off-by: Marc Ohm Signed-off-by: Avishay * 🐛 Gitlab: Tests (#3027) * fix tests Signed-off-by: Raghav Kaul * use projectID instead of project where applicable Signed-off-by: Raghav Kaul * pass ref as listcommitoption Signed-off-by: Raghav Kaul * update tests * CI-Tests: check if score > 0. pull request client is limited and can't go back to arbitrary pull requests. CI-Tests don't run on forks, so this can't be pinned either. But, for active repositories, we typically expect *some* tests to be run Signed-off-by: Raghav Kaul * fix commitshandler commitSHA tests Signed-off-by: Raghav Kaul * update tests Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/goreleaser/nfpm/v2 in /tools (#3060) Bumps [github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from 2.28.0 to 2.29.0. - [Release notes](https://github.com/goreleaser/nfpm/releases) - [Changelog](https://github.com/goreleaser/nfpm/blob/main/.goreleaser.yml) - [Commits](https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/nfpm/v2 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * ✨ Gitlab: Add projects to cron (#2936) * cron: add gitlab projects * support gitlab client * simplify gitlab detection Signed-off-by: Raghav Kaul * fix MakeGitlabRepo * shortcut when repo url is github.com * fixes add-projects, validate-projects Signed-off-by: Raghav Kaul * Move gitlab repos to release controller Signed-off-by: Raghav Kaul * Add csv headers Signed-off-by: Raghav Kaul * Use gitlab.WithBaseURL Signed-off-by: Raghav Kaul * formatting & logging Signed-off-by: Raghav Kaul * remove spurious test Signed-off-by: Raghav Kaul * consolidate logic Signed-off-by: Raghav Kaul * Turn on experimental flag Signed-off-by: Raghav Kaul * Add projects Signed-off-by: Raghav Kaul * Update client Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Simplify caching in docker workflow (#3061) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.3.3 to 2.3.4 (#3064) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...f0e3dfb30302f8a0881bb509b044e0de4f6ef589) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump cloud.google.com/go/pubsub from 1.30.1 to 1.31.0 (#3065) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.1 to 1.31.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.1...pubsub/v1.31.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * 🐛 gitlab: cron (#3070) Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.3.4 to 2.3.5 (#3072) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f0e3dfb30302f8a0881bb509b044e0de4f6ef589...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 35.9.2 to 36.0.3 (#3071) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.9.2 to 36.0.3. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/b2d17f51244a144849c6b37a3a6791b98a51d86f...25eaddf37ae893cec889065e9a60439c8af6f089) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * 🐛 Gitlab status updates (#3052) * doc: Updating gitlab support validation status Signed-off-by: Robison, Jim B * bug: Updated logic for gitlab to prevent exceptions based on releases Signed-off-by: Robison, Jim B * test: Added initial tests for gitlab branches Signed-off-by: Robison, Jim B * doc: Updated general README Signed-off-by: Robison, Jim B * refactor: Cleaned up the query for pipelines to be focused on the commitID Signed-off-by: Robison, Jim B * feat: Allowed for a non-graphql method of retrieving MRs associated to a commit Signed-off-by: Robison, Jim B * doc: Updated status for the CI-Tests Signed-off-by: Robison, Jim B * bug: Updated the host url for graphql querying. This enabled the removal of the code added for handling empty returns when executing against a non-gitlab.com repository. Signed-off-by: Robison, Jim B --------- Signed-off-by: Robison, Jim B Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/sigstore/rekor from 1.1.1 to 1.2.0 in /tools (#3079) Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.1.1 to 1.2.0. - [Release notes](https://github.com/sigstore/rekor/releases) - [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/rekor/compare/v1.1.1...v1.2.0) --- updated-dependencies: - dependency-name: github.com/sigstore/rekor dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * get nuget latest version from registration URL Signed-off-by: Avishay * better coverage Signed-off-by: Avishay * sign Signed-off-by: Avishay * fix tests Signed-off-by: Avishay * more tests Signed-off-by: Avishay * client tests Signed-off-by: Avishay * lint Signed-off-by: Avishay * Apply suggestions from code review Co-authored-by: Joel Verhagen Signed-off-by: Avishay Balter Signed-off-by: Avishay * :seedling: Bump golang from `685a22e` to `690e413` (#3080) Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/cii Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/controller Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/worker Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /clients/githubrepo/roundtripper/tokens/server Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang in /cron/internal/webhook Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump golang from `685a22e` to `690e413` in /cron/internal/bq Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump arduino/setup-protoc from 1.2.0 to 1.3.0 (#3089) Bumps [arduino/setup-protoc](https://github.com/arduino/setup-protoc) from 1.2.0 to 1.3.0. - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](https://github.com/arduino/setup-protoc/compare/4b3578161eece2eb20a9dfd84bb8ed105e684dba...149f6c87b92550901b26acd1632e11c3662e381f) --- updated-dependencies: - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 36.0.3 to 36.0.9 (#3088) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.3 to 36.0.9. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/25eaddf37ae893cec889065e9a60439c8af6f089...cf4fe8759a45edd76ed6215da3529d2dbd2a3c68) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * pr iteration 2 Signed-off-by: Avishay * pr iteration 3 Signed-off-by: Avishay * switch security policy e2e test to ossf-tests repo. (#3090) tensorflow/tensorflow is huge and was slowing down tests. Also removed the rust e2e tests because they're already present as unit tests. Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 in /tools (#3094) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#3093) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.5 to 2.9.7. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.5...v2.9.7) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#3104) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.4 to 3.0.6. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e...1360a344ccb0ab6e9475edef90ad2f46bf8003b1) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 36.0.9 to 36.0.12 (#3108) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.9 to 36.0.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/cf4fe8759a45edd76ed6215da3529d2dbd2a3c68...5978e5a2df95ef20cde627d4acb5edd1f87ba46a) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/xanzy/go-gitlab from 0.83.0 to 0.84.0 (#3106) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.83.0 to 0.84.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.83.0...v0.84.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump golang.org/x/tools from 0.9.1 to 0.9.2 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.1 to 0.9.2. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.1...v0.9.2) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * ✨ GitLab: enable more checks in cron (#3097) * Enable checks * Binary-Artifacts * Code-Review * License * Vulnerabilities Signed-off-by: Raghav Kaul * Enable more checks * CII Best Practices * Fuzzing * Maintained * Packaging * Pinned-Dependencies * Signed-Releases Signed-off-by: Raghav Kaul * update repo name Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul Signed-off-by: Avishay * :book: agenda link change (#3111) Signed-off-by: Amanda L Martin Signed-off-by: Avishay * :seedling: Bump github/codeql-action from 2.3.5 to 2.3.6 (#3112) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/0225834cc549ee0ca93cb085b92954821a145866...83f0fe6c4988d98a455712a27f0255212bba9bd4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 36.0.12 to 36.0.15 (#3116) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.12 to 36.0.15. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/5978e5a2df95ef20cde627d4acb5edd1f87ba46a...5d2fcdb4cbef720a52f49fd05d8c7edd18a64758) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump golang.org/x/tools from 0.9.2 to 0.9.3 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.2 to 0.9.3. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.2...v0.9.3) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Unit tests for option (#3109) - Add flags for repo, local, commit, log level, NPM, PyPI, RubyGems, metadata, show details, checks to run, policy file, and format - Add tests for checks to run and format flags Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * 🌱 GitLab: add gitlab auth token to cron worker env (#3117) Signed-off-by: Raghav Kaul Signed-off-by: Avishay * Don't run pat e2e on dependabot merges (#3119) Signed-off-by: Raghav Kaul Signed-off-by: Avishay * ✨ Detect fast-check PBT library for fuzz section (#3073) * ✨ Detect fast-check PBT library for fuzz section As suggested at https://github.com/ossf/scorecard/issues/2792#issuecomment-1562007596, we add support for the detection of fast-check as a possible fuzzing solution. I also adapted the documentation related to fuzzing accordingly. Signed-off-by: Nicolas DUBIEN * Typo Signed-off-by: Nicolas DUBIEN * Update missing md files Signed-off-by: Nicolas DUBIEN --------- Signed-off-by: Nicolas DUBIEN Signed-off-by: Avishay * :seedling: temporarily disable failing e2e tests so we don't block all PRs. (#3130) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * pr comments Signed-off-by: Avishay * :seedling: Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#3121) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.2 to 1.9.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.2...v1.9.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * i:seedling: Ignore all pb files for test (#3127) - Update .codecov.yml to ignore additional files Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Deprecate dependencydiff package and add access token requirement (#3125) - Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function - Add a line to the `.codecov.yml` to ignore the `dependencydiff` package Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * ✨ [experimental] Support for new `--format probe` (#3048) * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon --------- Signed-off-by: laurentsimon Signed-off-by: Avishay * :seedling: Bump distroless/base (#3122) Bumps distroless/base from `10985f0` to `c623859`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Ignore deprecation warning for dependencydiff tests. (#3136) Signed-off-by: Spencer Schrock Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 36.0.15 to 36.0.18 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.15 to 36.0.18. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/5d2fcdb4cbef720a52f49fd05d8c7edd18a64758...07e0177b72d3640efced741cae32f9861eee1367) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 in /tools (#3135) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.3 to 1.3.4. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.3...v1.3.4) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.7 to 2.10.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.7...v2.10.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.27.7 to 1.27.8. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.27.7...v1.27.8) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: Avishay * :seedling: Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#3139) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Increase test coverage for finding outcomes (#3142) * Increase test coverage for finding outcomes - Add tests for Outcome UnmarshalYAML function in `finding/finding_test.go` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updates based on Codereview - Update `Outcome` variable in `finding/finding_test.go` - Add `t.Parallel()` for test parallelization - Add comparison using `cmp.Diff` to test for mismatches - Update test cases for various outcomes Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Bump tj-actions/changed-files from 36.0.18 to 36.1.0 (#3143) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.0.18 to 36.1.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/07e0177b72d3640efced741cae32f9861eee1367...fb20f4d24890fadc539505b1746d260504b213d0) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay * :seedling: Re-enable skipped e2e tests. Switch to smaller code review repo. (#3144) * re-enable skipped ci test Signed-off-by: Spencer Schrock * re-enable skipped attestor test. switch to ossf-tests repo Signed-off-by: Spencer Schrock * remove extra policies from tests that only look at code review. Signed-off-by: Spencer Schrock * remove unneeded policies from binary artifact tests. Signed-off-by: Spencer Schrock --------- Signed-off-by: Spencer Schrock Signed-off-by: Avishay * add license header Signed-off-by: Avishay * pr comments Signed-off-by: Avishay * making the packages internal Signed-off-by: Avishay * generate mocks Signed-off-by: Avishay --------- Signed-off-by: Avishay Signed-off-by: Avishay Balter --- Makefile | 10 +- README.md | 2 +- cmd/internal/nuget/client.go | 275 ++++++++ cmd/internal/nuget/client_test.go | 623 ++++++++++++++++++ cmd/internal/nuget/nuget_mockclient.go | 64 ++ cmd/internal/nuget/testdata/index.json | 15 + .../testdata/index_bad_package_base.json | 15 + .../testdata/index_bad_registration_base.json | 15 + ...age_registration_index_all_not_listed.json | 33 + ...egistration_index_default_listed_true.json | 32 + ...registration_index_four_digit_version.json | 33 + ...kage_registration_index_marshal_error.json | 33 + ...e_registration_index_metadata_version.json | 33 + .../package_registration_index_multiple.json | 60 ++ ...kage_registration_index_multiple_last.json | 60 ++ ...ge_registration_index_multiple_remote.json | 16 + ...ndex_pre_release_and_metadata_version.json | 33 + ...egistration_index_pre_release_version.json | 33 + .../package_registration_index_single.json | 33 + ...ge_registration_index_with_not_listed.json | 33 + .../package_registration_page_one.json | 27 + .../package_registration_page_two.json | 27 + ...kage_registration_page_two_not_listed.json | 27 + cmd/internal/nuget/testdata/package_spec.xml | 9 + .../nuget/testdata/package_spec_error.xml | 7 + .../package_spec_four_digit_version.xml | 9 + .../testdata/package_spec_git_ending.xml | 9 + .../testdata/package_spec_project_url.xml | 8 + .../package_spec_project_url_git_ending.xml | 8 + .../package_spec_project_url_gitlab.xml | 8 + ...package_spec_project_url_not_supported.xml | 8 + .../testdata/package_spec_trailing_slash.xml | 9 + .../packagemanager/client.go} | 23 +- cmd/internal/packagemanager/client_test.go | 131 ++++ .../packagemanager_mockclient.go | 80 +++ cmd/package_managers.go | 30 +- cmd/package_managers_test.go | 71 +- cmd/packagemanager_mockclient.go | 65 -- cmd/root.go | 7 +- options/flags.go | 10 + options/options.go | 6 +- options/options_test.go | 4 +- 42 files changed, 1946 insertions(+), 88 deletions(-) create mode 100644 cmd/internal/nuget/client.go create mode 100644 cmd/internal/nuget/client_test.go create mode 100644 cmd/internal/nuget/nuget_mockclient.go create mode 100644 cmd/internal/nuget/testdata/index.json create mode 100644 cmd/internal/nuget/testdata/index_bad_package_base.json create mode 100644 cmd/internal/nuget/testdata/index_bad_registration_base.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_marshal_error.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_metadata_version.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_multiple.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_multiple_last.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_single.json create mode 100644 cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json create mode 100644 cmd/internal/nuget/testdata/package_registration_page_one.json create mode 100644 cmd/internal/nuget/testdata/package_registration_page_two.json create mode 100644 cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json create mode 100644 cmd/internal/nuget/testdata/package_spec.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_error.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_four_digit_version.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_git_ending.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_project_url.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml create mode 100644 cmd/internal/nuget/testdata/package_spec_trailing_slash.xml rename cmd/{packagemanager_client.go => internal/packagemanager/client.go} (58%) create mode 100644 cmd/internal/packagemanager/client_test.go create mode 100644 cmd/internal/packagemanager/packagemanager_mockclient.go delete mode 100644 cmd/packagemanager_mockclient.go diff --git a/Makefile b/Makefile index 1e4880f0abc..fb27d9d387c 100644 --- a/Makefile +++ b/Makefile @@ -139,7 +139,8 @@ generate-mocks: clients/mockclients/repo_client.go \ clients/mockclients/repo.go \ clients/mockclients/cii_client.go \ checks/mockclients/vulnerabilities.go \ - cmd/packagemanager_mockclient.go + cmd/internal/packagemanager/packagemanager_mockclient.go \ + cmd/internal/nuget/nuget_mockclient.go clients/mockclients/repo_client.go: clients/repo_client.go | $(MOCKGEN) # Generating MockRepoClient $(MOCKGEN) -source=clients/repo_client.go -destination=clients/mockclients/repo_client.go -package=mockrepo -copyright_file=clients/mockclients/license.txt @@ -152,9 +153,12 @@ clients/mockclients/cii_client.go: clients/cii_client.go | $(MOCKGEN) checks/mockclients/vulnerabilities.go: clients/vulnerabilities.go | $(MOCKGEN) # Generating MockCIIClient $(MOCKGEN) -source=clients/vulnerabilities.go -destination=clients/mockclients/vulnerabilities.go -package=mockrepo -copyright_file=clients/mockclients/license.txt -cmd/packagemanager_mockclient.go: cmd/packagemanager_client.go | $(MOCKGEN) +cmd/internal/packagemanager/packagemanager_mockclient.go: cmd/internal/packagemanager/client.go | $(MOCKGEN) # Generating MockPackageManagerClient - $(MOCKGEN) -source=cmd/packagemanager_client.go -destination=cmd/packagemanager_mockclient.go -package=cmd -copyright_file=clients/mockclients/license.txt + $(MOCKGEN) -source=cmd/internal/packagemanager/client.go -destination=cmd/internal/packagemanager/packagemanager_mockclient.go -package=packagemanager -copyright_file=clients/mockclients/license.txt +cmd/internal/nuget/nuget_mockclient.go: cmd/internal/nuget/client.go | $(MOCKGEN) + # Generating MockNugetClient + $(MOCKGEN) -source=cmd/internal/nuget/client.go -destination=cmd/internal/nuget/nuget_mockclient.go -package=nuget -copyright_file=clients/mockclients/license.txt generate-docs: ## Generates docs generate-docs: validate-docs docs/checks.md diff --git a/README.md b/README.md index 2055a4751f7..0201b8fbc00 100644 --- a/README.md +++ b/README.md @@ -420,7 +420,7 @@ scorecard --repo=org/repo ##### Using a Package manager -For projects in the `--npm`, `--pypi`, or `--rubygems` ecosystems, you have the +For projects in the `--npm`, `--pypi`, `--rubygems`, or `--nuget` ecosystems, you have the option to run Scorecard using a package manager. Provide the package name to run the checks on the corresponding GitHub source code. diff --git a/cmd/internal/nuget/client.go b/cmd/internal/nuget/client.go new file mode 100644 index 00000000000..deb3d863e40 --- /dev/null +++ b/cmd/internal/nuget/client.go @@ -0,0 +1,275 @@ +// Copyright 2020 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package nuget implements Nuget API client. +package nuget + +import ( + "encoding/json" + "encoding/xml" + "fmt" + "io" + "net/http" + "regexp" + "strings" + + "golang.org/x/exp/slices" + + pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager" + sce "github.com/ossf/scorecard/v4/errors" +) + +type indexResults struct { + Resources []indexResult `json:"resources"` +} + +func (n indexResults) findResourceByType(resultType string) (string, error) { + resourceIndex := slices.IndexFunc(n.Resources, + func(n indexResult) bool { return n.Type == resultType }) + if resourceIndex == -1 { + return "", sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("failed to find %v URI at nuget index json", resultType)) + } + + return n.Resources[resourceIndex].ID, nil +} + +type indexResult struct { + ID string `json:"@id"` + Type string `json:"@type"` +} + +type packageRegistrationCatalogRoot struct { + Pages []packageRegistrationCatalogPage `json:"items"` +} + +func (n packageRegistrationCatalogRoot) latestVersion(manager pmc.Client) (string, error) { + for pageIndex := len(n.Pages) - 1; pageIndex >= 0; pageIndex-- { + page := n.Pages[pageIndex] + if page.Packages == nil { + err := decodeResponseFromClient(func() (*http.Response, error) { + //nolint: wrapcheck + return manager.GetURI(page.ID) + }, + func(rc io.ReadCloser) error { + //nolint: wrapcheck + return json.NewDecoder(rc).Decode(&page) + }, "nuget package registration page") + if err != nil { + return "", err + } + } + for packageIndex := len(page.Packages) - 1; packageIndex >= 0; packageIndex-- { + base, preReleaseSuffix := parseNugetSemVer(page.Packages[packageIndex].Entry.Version) + // skipping non listed and pre-releases + if page.Packages[packageIndex].Entry.Listed && len(strings.TrimSpace(preReleaseSuffix)) == 0 { + return base, nil + } + } + } + return "", sce.WithMessage(sce.ErrScorecardInternal, "failed to get a listed version for package") +} + +type packageRegistrationCatalogPage struct { + ID string `json:"@id"` + Packages []packageRegistrationCatalogItem `json:"items"` +} + +type packageRegistrationCatalogItem struct { + Entry packageRegistrationCatalogEntry `json:"catalogEntry"` +} + +type packageRegistrationCatalogEntry struct { + Version string `json:"version"` + Listed bool `json:"listed"` +} + +func (e *packageRegistrationCatalogEntry) UnmarshalJSON(text []byte) error { + type Alias packageRegistrationCatalogEntry + aux := Alias{ + Listed: true, // set the default value before parsing JSON + } + if err := json.Unmarshal(text, &aux); err != nil { + return fmt.Errorf("failed to unmarshal json: %w", err) + } + *e = packageRegistrationCatalogEntry(aux) + return nil +} + +type packageNuspec struct { + XMLName xml.Name `xml:"package"` + Metadata nuspecMetadata `xml:"metadata"` +} + +func (p *packageNuspec) projectURL(packageName string) (string, error) { + for _, projectURL := range []string{p.Metadata.Repository.URL, p.Metadata.ProjectURL} { + projectURL = strings.TrimSpace(projectURL) + if projectURL != "" && isSupportedProjectURL(projectURL) { + projectURL = strings.TrimSuffix(projectURL, "/") + projectURL = strings.TrimSuffix(projectURL, ".git") + return projectURL, nil + } + } + return "", sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("source repo is not defined for nuget package %v", packageName)) +} + +type nuspecMetadata struct { + XMLName xml.Name `xml:"metadata"` + ProjectURL string `xml:"projectUrl"` + Repository nuspecRepository `xml:"repository"` +} + +type nuspecRepository struct { + XMLName xml.Name `xml:"repository"` + URL string `xml:"url,attr"` +} + +type Client interface { + GitRepositoryByPackageName(packageName string) (string, error) +} + +type NugetClient struct { + Manager pmc.Client +} + +func (c NugetClient) GitRepositoryByPackageName(packageName string) (string, error) { + packageBaseURL, registrationBaseURL, err := c.baseUrls() + if err != nil { + return "", err + } + + packageSpec, err := c.packageSpec(packageBaseURL, registrationBaseURL, packageName) + if err != nil { + return "", err + } + + packageURL, err := packageSpec.projectURL(packageName) + if err != nil { + return "", err + } + return packageURL, nil +} + +func (c *NugetClient) packageSpec(packageBaseURL, registrationBaseURL, packageName string) (packageNuspec, error) { + lowerCasePackageName := strings.ToLower(packageName) + lastPackageVersion, err := c.latestListedVersion(registrationBaseURL, + lowerCasePackageName) + if err != nil { + return packageNuspec{}, err + } + packageSpecResults := &packageNuspec{} + err = decodeResponseFromClient(func() (*http.Response, error) { + //nolint: wrapcheck + return c.Manager.Get( + packageBaseURL+"%[1]v/"+lastPackageVersion+"/%[1]v.nuspec", lowerCasePackageName) + }, + func(rc io.ReadCloser) error { + //nolint: wrapcheck + return xml.NewDecoder(rc).Decode(packageSpecResults) + }, "nuget package spec") + + if err != nil { + return packageNuspec{}, err + } + if packageSpecResults.Metadata == (nuspecMetadata{}) { + return packageNuspec{}, sce.WithMessage(sce.ErrScorecardInternal, + "Nuget nuspec xml Metadata is empty") + } + return *packageSpecResults, nil +} + +func (c *NugetClient) baseUrls() (string, string, error) { + indexURL := "https://api.nuget.org/v3/index.json" + indexResults := &indexResults{} + err := decodeResponseFromClient(func() (*http.Response, error) { + //nolint: wrapcheck + return c.Manager.GetURI(indexURL) + }, + func(rc io.ReadCloser) error { + //nolint: wrapcheck + return json.NewDecoder(rc).Decode(indexResults) + }, "nuget index json") + if err != nil { + return "", "", err + } + packageBaseURL, err := indexResults.findResourceByType("PackageBaseAddress/3.0.0") + if err != nil { + return "", "", err + } + registrationBaseURL, err := indexResults.findResourceByType("RegistrationsBaseUrl/3.6.0") + if err != nil { + return "", "", err + } + return packageBaseURL, registrationBaseURL, nil +} + +// Gets the latest listed nuget version of a package, based on the protocol defined at +// https://learn.microsoft.com/en-us/nuget/api/package-base-address-resource#enumerate-package-versions +func (c *NugetClient) latestListedVersion(baseURL, packageName string) (string, error) { + packageRegistrationCatalogRoot := &packageRegistrationCatalogRoot{} + err := decodeResponseFromClient(func() (*http.Response, error) { + //nolint: wrapcheck + return c.Manager.Get(baseURL+"%s/index.json", packageName) + }, + func(rc io.ReadCloser) error { + //nolint: wrapcheck + return json.NewDecoder(rc).Decode(packageRegistrationCatalogRoot) + }, "nuget package registration index json") + if err != nil { + return "", err + } + return packageRegistrationCatalogRoot.latestVersion(c.Manager) +} + +func isSupportedProjectURL(projectURL string) bool { + pattern := `^(?:https?://)?(?:www\.)?(?:github|gitlab)\.com/([A-Za-z0-9_\.-]+)/([A-Za-z0-9_\./-]+)$` + regex := regexp.MustCompile(pattern) + return regex.MatchString(projectURL) +} + +// Nuget semver diverges from Semantic Versioning. +// This method returns the Nuget represntation of version and pre release strings. +// nolint: lll // long URL +// more info: https://learn.microsoft.com/en-us/nuget/concepts/package-versioning#where-nugetversion-diverges-from-semantic-versioning +func parseNugetSemVer(versionString string) (base, preReleaseSuffix string) { + metadataAndVersion := strings.Split(versionString, "+") + prereleaseAndVersions := strings.Split(metadataAndVersion[0], "-") + if len(prereleaseAndVersions) == 1 { + return prereleaseAndVersions[0], "" + } + return prereleaseAndVersions[0], prereleaseAndVersions[1] +} + +func decodeResponseFromClient(getFunc func() (*http.Response, error), + decodeFunc func(io.ReadCloser) error, name string, +) error { + response, err := getFunc() + if err != nil { + return sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("failed to get %s: %v", name, err)) + } + if response.StatusCode != http.StatusOK { + return sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("failed to get %s with status: %v", name, response.Status)) + } + defer response.Body.Close() + + err = decodeFunc(response.Body) + if err != nil { + return sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("failed to parse %s: %v", name, err)) + } + return nil +} diff --git a/cmd/internal/nuget/client_test.go b/cmd/internal/nuget/client_test.go new file mode 100644 index 00000000000..bb5f8c2cfec --- /dev/null +++ b/cmd/internal/nuget/client_test.go @@ -0,0 +1,623 @@ +// Copyright 2020 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package nuget implements Nuget API client. +package nuget + +import ( + "bytes" + "errors" + "fmt" + "io" + "net/http" + "os" + "strings" + "testing" + + "github.com/golang/mock/gomock" + "golang.org/x/exp/slices" + + pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager" +) + +type resultPackagePage struct { + url string + response string +} +type nugetTestArgs struct { + inputPackageName string + expectedPackageName string + resultIndex string + resultPackageRegistrationIndex string + resultPackageSpec string + version string + resultPackageRegistrationPages []resultPackagePage +} +type nugetTest struct { + name string + want string + args nugetTestArgs + wantErr bool +} + +func Test_fetchGitRepositoryFromNuget(t *testing.T) { + t.Parallel() + + tests := []nugetTest{ + { + name: "find latest version in single page", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find by lowercase package name", + + args: nugetTestArgs{ + inputPackageName: "Nuget-Package", + expectedPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find and remove trailing slash", + + args: nugetTestArgs{ + inputPackageName: "Nuget-Package", + expectedPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_trailing_slash.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find and remove git ending", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_git_ending.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find and handle four digit version", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_four_digit_version.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_four_digit_version.xml", + version: "1.60.0.2981", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "skip semver metadata", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_metadata_version.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "skip pre release", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_pre_release_version.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "skip pre release and metadata", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_pre_release_and_metadata_version.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find in project url if repository missing", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_project_url.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "get github project url without git ending", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_project_url_git_ending.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "get gitlab project url if repository url missing", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_project_url_gitlab.xml", + version: "4.0.1", + }, + want: "https://gitlab.com/foo/foo.net", + wantErr: false, + }, + { + name: "error if project url is not gitlab or github", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_project_url_not_supported.xml", + version: "4.0.1", + }, + want: "internal error: source repo is not defined for nuget package nuget-package", + wantErr: true, + }, + { + name: "find latest version in first of multiple pages", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find latest version in first of multiple remote pages", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json", + resultPackageRegistrationPages: []resultPackagePage{ + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json", + response: "package_registration_page_one.json", + }, + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json", + response: "package_registration_page_two.json", + }, + }, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find latest version in last of multiple pages", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_last.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find latest version in last of remote multiple pages", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json", + resultPackageRegistrationPages: []resultPackagePage{ + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json", + response: "package_registration_page_one.json", + }, + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json", + response: "package_registration_page_two_not_listed.json", + }, + }, + resultPackageSpec: "package_spec.xml", + version: "3.5.2", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "find latest version with default listed value true", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_default_listed_true.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "4.0.1", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "skip not listed versions", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_with_not_listed.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec.xml", + version: "3.5.8", + }, + want: "https://github.com/foo/foo.net", + wantErr: false, + }, + { + name: "error if no listed version", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_all_not_listed.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + version: "", + }, + want: "internal error: failed to get a listed version for package", + wantErr: true, + }, + { + name: "error no index", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "", + resultPackageRegistrationIndex: "", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + }, + want: "internal error: failed to get nuget index json: error", + wantErr: true, + }, + { + name: "error bad index", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "text", + resultPackageRegistrationIndex: "", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + }, + want: "internal error: failed to parse nuget index json: invalid character 'e' in literal true (expecting 'r')", + wantErr: true, + }, + { + name: "error package registration index", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + }, + want: "internal error: failed to get nuget package registration index json: error", + wantErr: true, + }, + { + name: "error bad package index", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "text", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + }, + //nolint + want: "internal error: failed to parse nuget package registration index json: invalid character 'e' in literal true (expecting 'r')", + wantErr: true, + }, + { + name: "error package registration page", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json", + resultPackageRegistrationPages: []resultPackagePage{ + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json", + response: "", + }, + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json", + response: "", + }, + }, + resultPackageSpec: "", + }, + want: "internal error: failed to get nuget package registration page: error", + wantErr: true, + }, + { + name: "error in package spec", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + version: "4.0.1", + }, + want: "internal error: failed to get nuget package spec: error", + wantErr: true, + }, + { + name: "error bad package spec", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json", + resultPackageRegistrationPages: []resultPackagePage{ + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json", + response: "text", + }, + }, + resultPackageSpec: "", + }, + //nolint + want: "internal error: failed to parse nuget package registration page: invalid character 'e' in literal true (expecting 'r')", + wantErr: true, + }, + { + name: "error package spec", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "text", + version: "4.0.1", + }, + want: "internal error: failed to parse nuget package spec: EOF", + wantErr: true, + }, + { + name: "bad remote package page", + + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_multiple_remote.json", + resultPackageRegistrationPages: []resultPackagePage{ + { + url: "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + response: "text", + }, + }, + resultPackageSpec: "", + }, + want: "internal error: failed to get nuget package registration page: error", + wantErr: true, + }, + { + name: "error no registration url", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index_bad_registration_base.json", + resultPackageRegistrationIndex: "", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + version: "4.0.1", + }, + want: "internal error: failed to find RegistrationsBaseUrl/3.6.0 URI at nuget index json", + wantErr: true, + }, + { + name: "error no package base url", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index_bad_package_base.json", + resultPackageRegistrationIndex: "", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + version: "4.0.1", + }, + want: "internal error: failed to find PackageBaseAddress/3.0.0 URI at nuget index json", + wantErr: true, + }, + { + name: "error marhsal entry", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_marshal_error.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "", + version: "", + }, + //nolint + want: "internal error: failed to parse nuget package registration index json: failed to unmarshal json: json: cannot unmarshal number into Go struct field Alias.listed of type bool", + wantErr: true, + }, + { + name: "empty package spec", + args: nugetTestArgs{ + inputPackageName: "nuget-package", + resultIndex: "index.json", + resultPackageRegistrationIndex: "package_registration_index_single.json", + resultPackageRegistrationPages: []resultPackagePage{}, + resultPackageSpec: "package_spec_error.xml", + version: "4.0.1", + }, + want: "internal error: source repo is not defined for nuget package nuget-package", + wantErr: true, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ctrl := gomock.NewController(t) + p := pmc.NewMockClient(ctrl) + p.EXPECT().GetURI(gomock.Any()). + DoAndReturn(func(url string) (*http.Response, error) { + return nugetIndexOrPageTestResults(url, &tt) + }).AnyTimes() + expectedPackageName := tt.args.expectedPackageName + if strings.TrimSpace(expectedPackageName) == "" { + expectedPackageName = tt.args.inputPackageName + } + + p.EXPECT().Get(gomock.Any(), expectedPackageName). + DoAndReturn(func(url, inputPackageName string) (*http.Response, error) { + return nugetPackageIndexAndSpecResponse(t, url, &tt) + }).AnyTimes() + client := NugetClient{Manager: p} + got, err := client.GitRepositoryByPackageName(tt.args.inputPackageName) + if err != nil { + if !tt.wantErr { + t.Errorf("fetchGitRepositoryFromNuget() error = %v, wantErr %v", err, tt.wantErr) + return + } + if err.Error() != tt.want { + t.Errorf("fetchGitRepositoryFromNuget() err.Error() = %v, wanted %v", err.Error(), tt.want) + return + } + return + } + + if got != tt.want { + t.Errorf("fetchGitRepositoryFromNuget() = %v, want %v", got, tt.want) + } + }) + } +} + +func nugetIndexOrPageTestResults(url string, test *nugetTest) (*http.Response, error) { + if url == "https://api.nuget.org/v3/index.json" { + return testResult(test.wantErr, test.args.resultIndex) + } + urlResponseIndex := slices.IndexFunc(test.args.resultPackageRegistrationPages, + func(page resultPackagePage) bool { return page.url == url }) + if urlResponseIndex == -1 { + //nolint + return nil, errors.New("error") + } + page := test.args.resultPackageRegistrationPages[urlResponseIndex] + return testResult(test.wantErr, page.response) +} + +func nugetPackageIndexAndSpecResponse(t *testing.T, url string, test *nugetTest) (*http.Response, error) { + t.Helper() + if strings.HasSuffix(url, "index.json") { + return testResult(test.wantErr, test.args.resultPackageRegistrationIndex) + } else if strings.HasSuffix(url, ".nuspec") { + if strings.Contains(url, fmt.Sprintf("/%v/", test.args.version)) { + return testResult(test.wantErr, test.args.resultPackageSpec) + } + t.Errorf("fetchGitRepositoryFromNuget() version = %v, expected version = %v", url, test.args.version) + } + //nolint + return nil, errors.New("error") +} + +func testResult(wantErr bool, responseFileName string) (*http.Response, error) { + if wantErr && responseFileName == "" { + //nolint + return nil, errors.New("error") + } + if wantErr && responseFileName == "text" { + return &http.Response{ + StatusCode: 200, + Body: io.NopCloser(bytes.NewBufferString("text")), + }, nil + } + content, err := os.ReadFile("./testdata/" + responseFileName) + if err != nil { + return nil, fmt.Errorf("%w", err) + } + return &http.Response{ + StatusCode: 200, + Body: io.NopCloser(bytes.NewBufferString(string(content))), + }, nil +} diff --git a/cmd/internal/nuget/nuget_mockclient.go b/cmd/internal/nuget/nuget_mockclient.go new file mode 100644 index 00000000000..b02a9968e99 --- /dev/null +++ b/cmd/internal/nuget/nuget_mockclient.go @@ -0,0 +1,64 @@ +// Copyright 2021 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Code generated by MockGen. DO NOT EDIT. +// Source: cmd/internal/nuget/client.go + +// Package nuget is a generated GoMock package. +package nuget + +import ( + reflect "reflect" + + gomock "github.com/golang/mock/gomock" +) + +// MockClient is a mock of Client interface. +type MockClient struct { + ctrl *gomock.Controller + recorder *MockClientMockRecorder +} + +// MockClientMockRecorder is the mock recorder for MockClient. +type MockClientMockRecorder struct { + mock *MockClient +} + +// NewMockClient creates a new mock instance. +func NewMockClient(ctrl *gomock.Controller) *MockClient { + mock := &MockClient{ctrl: ctrl} + mock.recorder = &MockClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockClient) EXPECT() *MockClientMockRecorder { + return m.recorder +} + +// GitRepositoryByPackageName mocks base method. +func (m *MockClient) GitRepositoryByPackageName(packageName string) (string, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GitRepositoryByPackageName", packageName) + ret0, _ := ret[0].(string) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GitRepositoryByPackageName indicates an expected call of GitRepositoryByPackageName. +func (mr *MockClientMockRecorder) GitRepositoryByPackageName(packageName interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GitRepositoryByPackageName", reflect.TypeOf((*MockClient)(nil).GitRepositoryByPackageName), packageName) +} diff --git a/cmd/internal/nuget/testdata/index.json b/cmd/internal/nuget/testdata/index.json new file mode 100644 index 00000000000..0229bf48aa2 --- /dev/null +++ b/cmd/internal/nuget/testdata/index.json @@ -0,0 +1,15 @@ +{ + "version": "3.0.0", + "resources": [ + { + "@id": "https://api.nuget.org/v3-flatcontainer/", + "@type": "PackageBaseAddress/3.0.0", + "comment": "Base URL of where NuGet packages are stored" + }, + { + "@id": "https://api.nuget.org/v3/registration5-gz-semver1/", + "@type": "RegistrationsBaseUrl/3.6.0", + "comment": "Base URL of Azure storage where NuGet package registration info." + } + ] +} diff --git a/cmd/internal/nuget/testdata/index_bad_package_base.json b/cmd/internal/nuget/testdata/index_bad_package_base.json new file mode 100644 index 00000000000..466aebc8845 --- /dev/null +++ b/cmd/internal/nuget/testdata/index_bad_package_base.json @@ -0,0 +1,15 @@ +{ + "version": "3.0.0", + "resources": [ + { + "@id": "https://api.nuget.org/v3-flatcontainer/", + "@type": "PackageBaseAddress/3.1.0", + "comment": "Base URL of where NuGet packages are stored, in the format ..." + }, + { + "@id": "https://api.nuget.org/v3/registration5-gz-semver1/", + "@type": "RegistrationsBaseUrl/3.6.0", + "comment": "Base URL of Azure storage where NuGet package registration info." + } + ] +} diff --git a/cmd/internal/nuget/testdata/index_bad_registration_base.json b/cmd/internal/nuget/testdata/index_bad_registration_base.json new file mode 100644 index 00000000000..3b0612a8dca --- /dev/null +++ b/cmd/internal/nuget/testdata/index_bad_registration_base.json @@ -0,0 +1,15 @@ +{ + "version": "3.0.0", + "resources": [ + { + "@id": "https://api.nuget.org/v3-flatcontainer/", + "@type": "PackageBaseAddress/3.0.0", + "comment": "Base URL of where NuGet packages are stored, in the format ..." + }, + { + "@id": "https://api.nuget.org/v3/registration5-gz-semver1/", + "@type": "RegistrationsBaseUrl/3.2.0", + "comment": "Base URL of Azure storage where NuGet package registration info." + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json b/cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json new file mode 100644 index 00000000000..dd6f0c529f7 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_all_not_listed.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": false, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json b/cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json new file mode 100644 index 00000000000..759aebd1e79 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_default_listed_true.json @@ -0,0 +1,32 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json b/cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json new file mode 100644 index 00000000000..5832accd249 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_four_digit_version.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/1.60.0.2981.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022/Foo.NET.1.60.0.2981.json", + "@type": "PackageDetails", + "listed": true, + "version": "1.60.0.2981+metadata" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_marshal_error.json b/cmd/internal/nuget/testdata/package_registration_index_marshal_error.json new file mode 100644 index 00000000000..41d34fcd5f3 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_marshal_error.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": 123, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_metadata_version.json b/cmd/internal/nuget/testdata/package_registration_index_metadata_version.json new file mode 100644 index 00000000000..3450f7e2dd7 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_metadata_version.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1+metadata" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_multiple.json b/cmd/internal/nuget/testdata/package_registration_index_multiple.json new file mode 100644 index 00000000000..4955d0c40d1 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_multiple.json @@ -0,0 +1,60 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.1" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.2.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.2.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.2" + } + } + ] + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_multiple_last.json b/cmd/internal/nuget/testdata/package_registration_index_multiple_last.json new file mode 100644 index 00000000000..5108054d428 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_multiple_last.json @@ -0,0 +1,60 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + } + ] + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.1.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.1" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.2.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.2.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.2" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json b/cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json new file mode 100644 index 00000000000..a9981079e1f --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_multiple_remote.json @@ -0,0 +1,16 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page1/index.json", + "@type": "catalog:CatalogPage", + "count": 2 + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/page2/index.json", + "@type": "catalog:CatalogPage", + "count": 2 + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json b/cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json new file mode 100644 index 00000000000..8568e13a109 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_pre_release_and_metadata_version.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1+metadata" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1-beta+meta" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json b/cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json new file mode 100644 index 00000000000..829faa8712a --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_pre_release_version.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1-beta" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_single.json b/cmd/internal/nuget/testdata/package_registration_index_single.json new file mode 100644 index 00000000000..4a45baaa483 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_single.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/c-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json b/cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json new file mode 100644 index 00000000000..4303fc2a1c8 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_index_with_not_listed.json @@ -0,0 +1,33 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json", + "count": 1, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.0.1" + } + } + ] + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_page_one.json b/cmd/internal/nuget/testdata/package_registration_page_one.json new file mode 100644 index 00000000000..2043abb9c80 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_page_one.json @@ -0,0 +1,27 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/1", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.1" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.2.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.2.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.2" + } + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_page_two.json b/cmd/internal/nuget/testdata/package_registration_page_two.json new file mode 100644 index 00000000000..0a7b7aca0e3 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_page_two.json @@ -0,0 +1,27 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/3.5.8.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.3.5.8.json", + "@type": "PackageDetails", + "listed": true, + "version": "3.5.8" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.0.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.0.1.json", + "@type": "PackageDetails", + "listed": true, + "version": "4.0.1" + } + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json b/cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json new file mode 100644 index 00000000000..9c9254668c5 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_registration_page_two_not_listed.json @@ -0,0 +1,27 @@ +{ + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/index.json#page/2", + "@type": "catalog:CatalogPage", + "count": 2, + "items": [ + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.1.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.1.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.1" + } + }, + { + "@id": "https://api.nuget.org/v3/registration5-semver1/Foo.NET/4.2.json", + "@type": "Package", + "catalogEntry": { + "@id": "https://api.nuget.org/v3/catalog0/data/2022.12.08.16.43.03/Foo.NET.4.2.json", + "@type": "PackageDetails", + "listed": false, + "version": "4.2" + } + } + ] +} diff --git a/cmd/internal/nuget/testdata/package_spec.xml b/cmd/internal/nuget/testdata/package_spec.xml new file mode 100644 index 00000000000..1ef5fa4c984 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec.xml @@ -0,0 +1,9 @@ + + + Foo + 4.0.1 + Foo.NET + + foo + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_error.xml b/cmd/internal/nuget/testdata/package_spec_error.xml new file mode 100644 index 00000000000..4de5c445d85 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_error.xml @@ -0,0 +1,7 @@ + + + Foo + 4.0.1 + Foo.NET + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_four_digit_version.xml b/cmd/internal/nuget/testdata/package_spec_four_digit_version.xml new file mode 100644 index 00000000000..d93c743d93c --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_four_digit_version.xml @@ -0,0 +1,9 @@ + + + Foo + 1.60.0.2981+metadat + Foo.NET + + foo + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_git_ending.xml b/cmd/internal/nuget/testdata/package_spec_git_ending.xml new file mode 100644 index 00000000000..006c4d7467a --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_git_ending.xml @@ -0,0 +1,9 @@ + + + Foo + 4.0.1 + Foo.NET + + foo + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_project_url.xml b/cmd/internal/nuget/testdata/package_spec_project_url.xml new file mode 100644 index 00000000000..9124d683818 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_project_url.xml @@ -0,0 +1,8 @@ + + + Foo + 4.0.1 + Foo.NET + https://github.com/foo/foo.net + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml b/cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml new file mode 100644 index 00000000000..ba4c5129615 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_project_url_git_ending.xml @@ -0,0 +1,8 @@ + + + Foo + 4.0.1 + Foo.NET + https://github.com/foo/foo.net.git + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml b/cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml new file mode 100644 index 00000000000..94643d502b2 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_project_url_gitlab.xml @@ -0,0 +1,8 @@ + + + Foo + 4.0.1 + Foo.NET + https://gitlab.com/foo/foo.net + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml b/cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml new file mode 100644 index 00000000000..ba94b9a86df --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_project_url_not_supported.xml @@ -0,0 +1,8 @@ + + + Foo + 4.0.1 + Foo.NET + https://myserver.com/foo/foo.net + + \ No newline at end of file diff --git a/cmd/internal/nuget/testdata/package_spec_trailing_slash.xml b/cmd/internal/nuget/testdata/package_spec_trailing_slash.xml new file mode 100644 index 00000000000..61b3f4cc781 --- /dev/null +++ b/cmd/internal/nuget/testdata/package_spec_trailing_slash.xml @@ -0,0 +1,9 @@ + + + Foo + 4.0.1 + Foo.NET + + foo + + \ No newline at end of file diff --git a/cmd/packagemanager_client.go b/cmd/internal/packagemanager/client.go similarity index 58% rename from cmd/packagemanager_client.go rename to cmd/internal/packagemanager/client.go index f453d22cfd0..5e3ee1f00df 100644 --- a/cmd/packagemanager_client.go +++ b/cmd/internal/packagemanager/client.go @@ -12,7 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -package cmd +// Package packagemanager implements a packagemanager client +package packagemanager import ( "fmt" @@ -20,18 +21,30 @@ import ( "time" ) -type packageManagerClient interface { +type Client interface { Get(URI string, packagename string) (*http.Response, error) + + GetURI(URI string) (*http.Response, error) } -type packageManager struct{} +type PackageManagerClient struct{} + +// nolint: noctx +func (c *PackageManagerClient) Get(url, packageName string) (*http.Response, error) { + return c.getRemoteURL(fmt.Sprintf(url, packageName)) +} + +// nolint: noctx +func (c *PackageManagerClient) GetURI(url string) (*http.Response, error) { + return c.getRemoteURL(url) +} // nolint: noctx -func (c *packageManager) Get(url, packageName string) (*http.Response, error) { +func (c *PackageManagerClient) getRemoteURL(url string) (*http.Response, error) { const timeout = 10 client := &http.Client{ Timeout: timeout * time.Second, } //nolint - return client.Get(fmt.Sprintf(url, packageName)) + return client.Get(url) } diff --git a/cmd/internal/packagemanager/client_test.go b/cmd/internal/packagemanager/client_test.go new file mode 100644 index 00000000000..97d9c915130 --- /dev/null +++ b/cmd/internal/packagemanager/client_test.go @@ -0,0 +1,131 @@ +// Copyright 2020 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package packagemanager implements a packagemanager client +package packagemanager + +import ( + "io" + "net/http" + "net/http/httptest" + "testing" +) + +func Test_GetURI_calls_client_get_with_input(t *testing.T) { + t.Parallel() + type args struct { + inputURL string + } + tests := []struct { + name string + args args + wantURL string + wantResponse string + }{ + { + name: "GetURI_input_is_the_same_as_get_uri", + + args: args{ + inputURL: "test", + }, + wantURL: "/test", + wantResponse: "test", + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != tt.wantURL { + t.Errorf("Expected to request '%s', got: %s", tt.wantURL, r.URL.Path) + } + // nolint + w.WriteHeader(http.StatusOK) + // nolint + w.Write([]byte(tt.wantResponse)) + })) + defer server.Close() + client := PackageManagerClient{} + got, err := client.GetURI(server.URL + "/" + tt.args.inputURL) + if err != nil { + t.Errorf("Test_GetURI_calls_client_get_with_input() error in Get= %v", err) + return + } + body, err := io.ReadAll(got.Body) + if err != nil { + t.Errorf("Test_GetURI_calls_client_get_with_input() error in ReadAll= %v", err) + return + } + if string(body) != tt.wantResponse { + t.Errorf("GetURI() = %v, want %v", got, tt.wantResponse) + } + }) + } +} + +func Test_Get_calls_client_get_with_input(t *testing.T) { + t.Parallel() + type args struct { + inputURL string + packageName string + } + tests := []struct { + name string + args args + wantURL string + wantResponse string + }{ + { + name: "Get_input_adds_package_name_for_get_uri", + + args: args{ + inputURL: "test-%s-test", + packageName: "test_package", + }, + wantURL: "/test-test_package-test", + wantResponse: "test", + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path != tt.wantURL { + t.Errorf("Expected to request '%s', got: %s", tt.wantURL, r.URL.Path) + } + // nolint + w.WriteHeader(http.StatusOK) + // nolint + w.Write([]byte(tt.wantResponse)) + })) + defer server.Close() + client := PackageManagerClient{} + got, err := client.Get(server.URL+"/"+tt.args.inputURL, tt.args.packageName) + if err != nil { + t.Errorf("Test_Get_calls_client_get_with_input() error in Get = %v", err) + return + } + body, err := io.ReadAll(got.Body) + if err != nil { + t.Errorf("Test_Get_calls_client_get_with_input() error in ReadAll = %v", err) + return + } + if string(body) != tt.wantResponse { + t.Errorf("GetURI() = %v, want %v", got, tt.wantResponse) + } + }) + } +} diff --git a/cmd/internal/packagemanager/packagemanager_mockclient.go b/cmd/internal/packagemanager/packagemanager_mockclient.go new file mode 100644 index 00000000000..9c7234661be --- /dev/null +++ b/cmd/internal/packagemanager/packagemanager_mockclient.go @@ -0,0 +1,80 @@ +// Copyright 2021 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// Code generated by MockGen. DO NOT EDIT. +// Source: cmd/internal/packagemanager/client.go + +// Package packagemanager is a generated GoMock package. +package packagemanager + +import ( + http "net/http" + reflect "reflect" + + gomock "github.com/golang/mock/gomock" +) + +// MockClient is a mock of Client interface. +type MockClient struct { + ctrl *gomock.Controller + recorder *MockClientMockRecorder +} + +// MockClientMockRecorder is the mock recorder for MockClient. +type MockClientMockRecorder struct { + mock *MockClient +} + +// NewMockClient creates a new mock instance. +func NewMockClient(ctrl *gomock.Controller) *MockClient { + mock := &MockClient{ctrl: ctrl} + mock.recorder = &MockClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use. +func (m *MockClient) EXPECT() *MockClientMockRecorder { + return m.recorder +} + +// Get mocks base method. +func (m *MockClient) Get(URI, packagename string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "Get", URI, packagename) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// Get indicates an expected call of Get. +func (mr *MockClientMockRecorder) Get(URI, packagename interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockClient)(nil).Get), URI, packagename) +} + +// GetURI mocks base method. +func (m *MockClient) GetURI(URI string) (*http.Response, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetURI", URI) + ret0, _ := ret[0].(*http.Response) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetURI indicates an expected call of GetURI. +func (mr *MockClientMockRecorder) GetURI(URI interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetURI", reflect.TypeOf((*MockClient)(nil).GetURI), URI) +} diff --git a/cmd/package_managers.go b/cmd/package_managers.go index a18ecbd25a8..67b4ab888bf 100644 --- a/cmd/package_managers.go +++ b/cmd/package_managers.go @@ -19,6 +19,8 @@ import ( "encoding/json" "fmt" + ngt "github.com/ossf/scorecard/v4/cmd/internal/nuget" + pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager" sce "github.com/ossf/scorecard/v4/errors" ) @@ -27,8 +29,8 @@ type packageMangerResponse struct { exists bool } -func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems string, - manager packageManagerClient, +func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems, nuget string, + manager pmc.Client, ) (packageMangerResponse, error) { if npm != "" { gitRepo, err := fetchGitRepositoryFromNPM(npm, manager) @@ -51,6 +53,14 @@ func fetchGitRepositoryFromPackageManagers(npm, pypi, rubygems string, associatedRepo: gitRepo, }, err } + if nuget != "" { + nugetClient := ngt.NugetClient{Manager: manager} + gitRepo, err := fetchGitRepositoryFromNuget(nuget, nugetClient) + return packageMangerResponse{ + exists: true, + associatedRepo: gitRepo, + }, err + } return packageMangerResponse{}, nil } @@ -78,7 +88,7 @@ type rubyGemsSearchResults struct { } // Gets the GitHub repository URL for the npm package. -func fetchGitRepositoryFromNPM(packageName string, packageManager packageManagerClient) (string, error) { +func fetchGitRepositoryFromNPM(packageName string, packageManager pmc.Client) (string, error) { npmSearchURL := "https://registry.npmjs.org/-/v1/search?text=%s&size=1" resp, err := packageManager.Get(npmSearchURL, packageName) if err != nil { @@ -99,7 +109,7 @@ func fetchGitRepositoryFromNPM(packageName string, packageManager packageManager } // Gets the GitHub repository URL for the pypi package. -func fetchGitRepositoryFromPYPI(packageName string, manager packageManagerClient) (string, error) { +func fetchGitRepositoryFromPYPI(packageName string, manager pmc.Client) (string, error) { pypiSearchURL := "https://pypi.org/pypi/%s/json" resp, err := manager.Get(pypiSearchURL, packageName) if err != nil { @@ -120,7 +130,7 @@ func fetchGitRepositoryFromPYPI(packageName string, manager packageManagerClient } // Gets the GitHub repository URL for the rubygems package. -func fetchGitRepositoryFromRubyGems(packageName string, manager packageManagerClient) (string, error) { +func fetchGitRepositoryFromRubyGems(packageName string, manager pmc.Client) (string, error) { rubyGemsSearchURL := "https://rubygems.org/api/v1/gems/%s.json" resp, err := manager.Get(rubyGemsSearchURL, packageName) if err != nil { @@ -138,3 +148,13 @@ func fetchGitRepositoryFromRubyGems(packageName string, manager packageManagerCl } return v.SourceCodeURI, nil } + +// Gets the GitHub repository URL for the nuget package. +func fetchGitRepositoryFromNuget(packageName string, nugetClient ngt.Client) (string, error) { + repositoryURI, err := nugetClient.GitRepositoryByPackageName(packageName) + if err != nil { + return "", sce.WithMessage(sce.ErrScorecardInternal, + fmt.Sprintf("could not find source repo for nuget package: %v", err)) + } + return repositoryURI, nil +} diff --git a/cmd/package_managers_test.go b/cmd/package_managers_test.go index b4e398109f4..fe5ff0bf493 100644 --- a/cmd/package_managers_test.go +++ b/cmd/package_managers_test.go @@ -23,6 +23,9 @@ import ( "testing" "github.com/golang/mock/gomock" + + ngt "github.com/ossf/scorecard/v4/cmd/internal/nuget" + pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager" ) func Test_fetchGitRepositoryFromNPM(t *testing.T) { @@ -133,7 +136,7 @@ func Test_fetchGitRepositoryFromNPM(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() ctrl := gomock.NewController(t) - p := NewMockpackageManagerClient(ctrl) + p := pmc.NewMockClient(ctrl) p.EXPECT().Get(gomock.Any(), tt.args.packageName). DoAndReturn(func(url, packageName string) (*http.Response, error) { if tt.wantErr && tt.args.result == "" { @@ -413,7 +416,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() ctrl := gomock.NewController(t) - p := NewMockpackageManagerClient(ctrl) + p := pmc.NewMockClient(ctrl) p.EXPECT().Get(gomock.Any(), tt.args.packageName). DoAndReturn(func(url, packageName string) (*http.Response, error) { if tt.wantErr && tt.args.result == "" { @@ -682,7 +685,7 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() ctrl := gomock.NewController(t) - p := NewMockpackageManagerClient(ctrl) + p := pmc.NewMockClient(ctrl) p.EXPECT().Get(gomock.Any(), tt.args.packageName). DoAndReturn(func(url, packageName string) (*http.Response, error) { if tt.wantErr && tt.args.result == "" { @@ -706,3 +709,65 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) { }) } } + +func Test_fetchGitRepositoryFromNuget(t *testing.T) { + t.Parallel() + type args struct { + packageName string + result string + } + tests := []struct { + name string + args args + want string + wantErr bool + }{ + { + name: "Return repository from nuget client", + //nolint + args: args{ + packageName: "nuget-package", + //nolint + result: "nuget", + }, + want: "nuget", + wantErr: false, + }, + { + name: "Error from nuget client", + //nolint + args: args{ + packageName: "nuget-package", + //nolint + result: "", + }, + want: "", + wantErr: true, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ctrl := gomock.NewController(t) + n := ngt.NewMockClient(ctrl) + n.EXPECT().GitRepositoryByPackageName(tt.args.packageName). + DoAndReturn(func(packageName string) (string, error) { + if tt.wantErr && tt.args.result == "" { + //nolint + return "", errors.New("error") + } + + return tt.args.result, nil + }).AnyTimes() + got, err := fetchGitRepositoryFromNuget(tt.args.packageName, n) + if (err != nil) != tt.wantErr { + t.Errorf("fetchGitRepositoryFromNuget() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("fetchGitRepositoryFromNuget() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/cmd/packagemanager_mockclient.go b/cmd/packagemanager_mockclient.go deleted file mode 100644 index 40cc49d369f..00000000000 --- a/cmd/packagemanager_mockclient.go +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2021 OpenSSF Scorecard Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -// Code generated by MockGen. DO NOT EDIT. -// Source: cmd/packagemanager_client.go - -// Package cmd is a generated GoMock package. -package cmd - -import ( - http "net/http" - reflect "reflect" - - gomock "github.com/golang/mock/gomock" -) - -// MockpackageManagerClient is a mock of packageManagerClient interface. -type MockpackageManagerClient struct { - ctrl *gomock.Controller - recorder *MockpackageManagerClientMockRecorder -} - -// MockpackageManagerClientMockRecorder is the mock recorder for MockpackageManagerClient. -type MockpackageManagerClientMockRecorder struct { - mock *MockpackageManagerClient -} - -// NewMockpackageManagerClient creates a new mock instance. -func NewMockpackageManagerClient(ctrl *gomock.Controller) *MockpackageManagerClient { - mock := &MockpackageManagerClient{ctrl: ctrl} - mock.recorder = &MockpackageManagerClientMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use. -func (m *MockpackageManagerClient) EXPECT() *MockpackageManagerClientMockRecorder { - return m.recorder -} - -// Get mocks base method. -func (m *MockpackageManagerClient) Get(URI, packagename string) (*http.Response, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "Get", URI, packagename) - ret0, _ := ret[0].(*http.Response) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// Get indicates an expected call of Get. -func (mr *MockpackageManagerClientMockRecorder) Get(URI, packagename interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockpackageManagerClient)(nil).Get), URI, packagename) -} diff --git a/cmd/root.go b/cmd/root.go index da4cd0610d0..4dccf166d64 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -27,6 +27,7 @@ import ( "github.com/ossf/scorecard/v4/checker" "github.com/ossf/scorecard/v4/clients" + pmc "github.com/ossf/scorecard/v4/cmd/internal/packagemanager" docs "github.com/ossf/scorecard/v4/docs/checks" sce "github.com/ossf/scorecard/v4/errors" sclog "github.com/ossf/scorecard/v4/log" @@ -37,7 +38,7 @@ import ( const ( scorecardLong = "A program that shows the OpenSSF scorecard for an open source software." - scorecardUse = `./scorecard (--repo= | --local= | --{npm,pypi,rubygems}=) + scorecardUse = `./scorecard (--repo= | --local= | --{npm,pypi,rubygems,nuget}=) [--checks=check1,...] [--show-details]` scorecardShort = "OpenSSF Scorecard" ) @@ -72,9 +73,9 @@ func New(o *options.Options) *cobra.Command { // rootCmd runs scorecard checks given a set of arguments. func rootCmd(o *options.Options) error { - p := &packageManager{} + p := &pmc.PackageManagerClient{} // Set `repo` from package managers. - pkgResp, err := fetchGitRepositoryFromPackageManagers(o.NPM, o.PyPI, o.RubyGems, p) + pkgResp, err := fetchGitRepositoryFromPackageManagers(o.NPM, o.PyPI, o.RubyGems, o.Nuget, p) if err != nil { return fmt.Errorf("fetchGitRepositoryFromPackageManagers: %w", err) } diff --git a/options/flags.go b/options/flags.go index 66a48c2b85a..1652c9fd18a 100644 --- a/options/flags.go +++ b/options/flags.go @@ -45,6 +45,9 @@ const ( // FlagRubyGems is the flag name for specifying a RubyGems repository. FlagRubyGems = "rubygems" + // FlagNuget is the flag name for specifying a Nuget repository. + FlagNuget = "nuget" + // FlagMetadata is the flag name for specifying metadata for the project. FlagMetadata = "metadata" @@ -120,6 +123,13 @@ func (o *Options) AddFlags(cmd *cobra.Command) { "rubygems package to check, given that the rubygems package has a GitHub repository", ) + cmd.Flags().StringVar( + &o.Nuget, + FlagNuget, + o.Nuget, + "nuget package to check, given that the nuget package has a GitHub repository", + ) + cmd.Flags().StringSliceVar( &o.Metadata, FlagMetadata, diff --git a/options/options.go b/options/options.go index 164c356b821..5be1fda1feb 100644 --- a/options/options.go +++ b/options/options.go @@ -37,6 +37,7 @@ type Options struct { NPM string PyPI string RubyGems string + Nuget string PolicyFile string // TODO(action): Add logic for writing results to file ResultsFile string @@ -113,7 +114,7 @@ var ( errPolicyFileNotSupported = errors.New("policy file is not supported yet") errRawOptionNotSupported = errors.New("raw option is not supported yet") errRepoOptionMustBeSet = errors.New( - "exactly one of `repo`, `npm`, `pypi`, `rubygems` or `local` must be set", + "exactly one of `repo`, `npm`, `pypi`, `rubygems`, `nuget` or `local` must be set", ) errSARIFNotSupported = errors.New("SARIF format is not supported yet") errValidate = errors.New("some options could not be validated") @@ -124,11 +125,12 @@ var ( func (o *Options) Validate() error { var errs []error - // Validate exactly one of `--repo`, `--npm`, `--pypi`, `--rubygems`, `--local` is enabled. + // Validate exactly one of `--repo`, `--npm`, `--pypi`, `--rubygems`, `--nuget`, `--local` is enabled. if boolSum(o.Repo != "", o.NPM != "", o.PyPI != "", o.RubyGems != "", + o.Nuget != "", o.Local != "") != 1 { errs = append( errs, diff --git a/options/options_test.go b/options/options_test.go index b69d5c35e07..8098e8ebc90 100644 --- a/options/options_test.go +++ b/options/options_test.go @@ -21,7 +21,7 @@ import ( ) // Cannot run parallel tests because of the ENV variables. -//nolint +// nolint func TestOptions_Validate(t *testing.T) { type fields struct { Repo string @@ -32,6 +32,7 @@ func TestOptions_Validate(t *testing.T) { NPM string PyPI string RubyGems string + Nuget string PolicyFile string ResultsFile string ChecksToRun []string @@ -99,6 +100,7 @@ func TestOptions_Validate(t *testing.T) { NPM: tt.fields.NPM, PyPI: tt.fields.PyPI, RubyGems: tt.fields.RubyGems, + Nuget: tt.fields.Nuget, PolicyFile: tt.fields.PolicyFile, ResultsFile: tt.fields.ResultsFile, ChecksToRun: tt.fields.ChecksToRun, From a3cf858213fb2787f1f017850916783dcfe1a8c5 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Sat, 17 Jun 2023 06:16:52 -0700 Subject: [PATCH 278/316] Switch webhook to unit test (#3174) Signed-off-by: Spencer Schrock --- .../githubrepo/testdata/valid-webhook.json | 27 ++++++ clients/githubrepo/webhook_e2e_test.go | 62 ------------ clients/githubrepo/webhook_test.go | 97 +++++++++++++++++++ 3 files changed, 124 insertions(+), 62 deletions(-) create mode 100644 clients/githubrepo/testdata/valid-webhook.json delete mode 100644 clients/githubrepo/webhook_e2e_test.go create mode 100644 clients/githubrepo/webhook_test.go diff --git a/clients/githubrepo/testdata/valid-webhook.json b/clients/githubrepo/testdata/valid-webhook.json new file mode 100644 index 00000000000..3a61189adaa --- /dev/null +++ b/clients/githubrepo/testdata/valid-webhook.json @@ -0,0 +1,27 @@ +[ + { + "type": "Repository", + "id": 12345678, + "name": "web", + "active": true, + "events": [ + "push" + ], + "config": { + "content_type": "form", + "insecure_ssl": "1", + "url": "https://test.com/test" + }, + "updated_at": "2023-06-14T12:52:12Z", + "created_at": "2023-06-12T13:46:50Z", + "url": "https://api.github.com/repos/ossf-tests/webhook-e2e/hooks/12345678", + "test_url": "https://api.github.com/repos/ossf-tests/webhook-e2e/hooks/12345678/test", + "ping_url": "https://api.github.com/repos/ossf-tests/webhook-e2e/hooks/12345678/pings", + "deliveries_url": "https://api.github.com/repos/ossf-tests/webhook-e2e/hooks/12345678/deliveries", + "last_response": { + "code": 502, + "status": "connection_error", + "message": "failed to connect to host" + } + } +] \ No newline at end of file diff --git a/clients/githubrepo/webhook_e2e_test.go b/clients/githubrepo/webhook_e2e_test.go deleted file mode 100644 index 22c2a1ad4a8..00000000000 --- a/clients/githubrepo/webhook_e2e_test.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2023 OpenSSF Scorecard Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package githubrepo - -import ( - "context" - "net/http" - - "github.com/google/go-github/v38/github" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - - "github.com/ossf/scorecard/v4/clients" - "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" - "github.com/ossf/scorecard/v4/log" -) - -var _ = Describe("E2E TEST: githubrepo.webhookHandler", func() { - var handler *webhookHandler - - BeforeEach(func() { - ctx := context.Background() - rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) - httpClient := &http.Client{ - Transport: rt, - } - client := github.NewClient(httpClient) - handler = &webhookHandler{ - ghClient: client, - ctx: ctx, - } - }) - Context("listWebhooks()", func() { - It("returns list of webhooks", func() { - skipIfTokenIsNot(patTokenType, "PAT only") - repoURL := repoURL{ - owner: "ossf-tests", - repo: "webhook-e2e", - commitSHA: clients.HeadSHA, - } - - handler.init(context.Background(), &repoURL) - resp, err := handler.listWebhooks() - Expect(err).NotTo(HaveOccurred()) - Expect(resp).NotTo(BeNil()) - Expect(len(resp)).To(Equal(1)) - Expect(handler.errSetup).Should(BeNil()) - }) - }) -}) diff --git a/clients/githubrepo/webhook_test.go b/clients/githubrepo/webhook_test.go new file mode 100644 index 00000000000..5e99af026dc --- /dev/null +++ b/clients/githubrepo/webhook_test.go @@ -0,0 +1,97 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-github/v38/github" + + "github.com/ossf/scorecard/v4/clients" +) + +type stubTripper struct { + responsePath string +} + +func (s stubTripper) RoundTrip(_ *http.Request) (*http.Response, error) { + f, err := os.Open(s.responsePath) + if err != nil { + //nolint:wrapcheck + return nil, err + } + return &http.Response{ + Status: "200 OK", + StatusCode: http.StatusOK, + Body: f, + }, nil +} + +func Test_listWebhooks(t *testing.T) { + t.Parallel() + tests := []struct { + name string + responsePath string + want []clients.Webhook + wantErr bool + }{ + { + name: "valid webhook", + responsePath: "./testdata/valid-webhook.json", + want: []clients.Webhook{ + { + ID: 12345678, + UsesAuthSecret: false, + }, + }, + wantErr: false, + }, + } + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + ctx := context.Background() + httpClient := &http.Client{ + Transport: stubTripper{ + responsePath: tt.responsePath, + }, + } + client := github.NewClient(httpClient) + handler := &webhookHandler{ + ghClient: client, + ctx: ctx, + } + + repoURL := repoURL{ + owner: "ossf-tests", + repo: "foo", + commitSHA: clients.HeadSHA, + } + handler.init(ctx, &repoURL) + got, err := handler.listWebhooks() + if (err != nil) != tt.wantErr { + t.Fatalf("listWebhooks error: %v, wantedErr: %t", err, tt.wantErr) + } + if !cmp.Equal(got, tt.want) { + t.Errorf("listWebhooks() = %v, want %v", got, cmp.Diff(got, tt.want)) + } + }) + } +} From 692f085f0d4e6068fae72d57dfbf5f7dd020d39f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 17 Jun 2023 14:16:25 +0000 Subject: [PATCH 279/316] :seedling: Bump golang.org/x/tools from 0.9.3 to 0.10.0 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.9.3 to 0.10.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.9.3...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 92ba0d03872..b83ca4df14f 100644 --- a/go.mod +++ b/go.mod @@ -35,7 +35,7 @@ require ( go.opencensus.io v0.24.0 gocloud.dev v0.29.0 golang.org/x/text v0.10.0 - golang.org/x/tools v0.9.3 + golang.org/x/tools v0.10.0 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 @@ -101,7 +101,7 @@ require ( github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.5.1 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect - golang.org/x/mod v0.10.0 // indirect + golang.org/x/mod v0.11.0 // indirect golang.org/x/term v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect @@ -173,7 +173,7 @@ require ( golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/net v0.11.0 // indirect golang.org/x/oauth2 v0.9.0 - golang.org/x/sync v0.2.0 // indirect + golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.9.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.124.0 // indirect diff --git a/go.sum b/go.sum index c09254002a0..615e0d42e6f 100644 --- a/go.sum +++ b/go.sum @@ -2211,8 +2211,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2356,8 +2356,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2654,8 +2654,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= +golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3/go.mod h1:LTLnfk/dpXDNKsX6aCg/cI4LyCVnTyrQhgV/yLJuly0= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 77919b0418915407b7056cee467cea05336c76b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 18 Jun 2023 14:50:58 +0000 Subject: [PATCH 280/316] :seedling: Bump tj-actions/changed-files from 36.2.1 to 36.4.0 (#3175) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.2.1 to 36.4.0. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/c9124514c375de5dbb9697afa6f2e36a236ee58c...e1754a427f478b8778d349341b8f1d80f1f47f44) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d8146d2027e..1d45009f79a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@c9124514c375de5dbb9697afa6f2e36a236ee58c #v36.2.1 + uses: tj-actions/changed-files@e1754a427f478b8778d349341b8f1d80f1f47f44 #v36.4.0 with: files_ignore: '**.md' - id: docs_only_check From 75efaa38fa4a83231c74eaa361b72f15a2394ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Backman?= <88145164+andrelmbackman@users.noreply.github.com> Date: Tue, 20 Jun 2023 17:54:56 +0300 Subject: [PATCH 281/316] add possible values of --verbosity flag in the usage message of scorecard CLI (#3190) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Backman --- options/flags.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/options/flags.go b/options/flags.go index 1652c9fd18a..7c974f02971 100644 --- a/options/flags.go +++ b/options/flags.go @@ -99,7 +99,7 @@ func (o *Options) AddFlags(cmd *cobra.Command) { &o.LogLevel, FlagLogLevel, o.LogLevel, - "set the log level", + "Set the log level. Possible values are: 'info', 'debug', 'warn'. Add --show-details to see the results.", ) cmd.Flags().StringVar( From a50bc07b4ff2fe8a645e0120585caab884eb0e02 Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Tue, 20 Jun 2023 12:41:51 -0700 Subject: [PATCH 282/316] :seedling: Bump docker images (#3196) Signed-off-by: Spencer Schrock --- Dockerfile | 3 +-- clients/githubrepo/roundtripper/tokens/server/Dockerfile | 2 +- cron/internal/bq/Dockerfile | 3 +-- cron/internal/cii/Dockerfile | 3 +-- cron/internal/controller/Dockerfile | 3 +-- cron/internal/webhook/Dockerfile | 3 +-- cron/internal/worker/Dockerfile | 3 +-- 7 files changed, 7 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index b022ac10441..dd777680a3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/clients/githubrepo/roundtripper/tokens/server/Dockerfile b/clients/githubrepo/roundtripper/tokens/server/Dockerfile index 24fa77641a8..287b8bacf62 100644 --- a/clients/githubrepo/roundtripper/tokens/server/Dockerfile +++ b/clients/githubrepo/roundtripper/tokens/server/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/cron/internal/bq/Dockerfile b/cron/internal/bq/Dockerfile index f9a28324527..272bf0e90f4 100644 --- a/cron/internal/bq/Dockerfile +++ b/cron/internal/bq/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/cron/internal/cii/Dockerfile b/cron/internal/cii/Dockerfile index 89702c88b17..b729c10718c 100644 --- a/cron/internal/cii/Dockerfile +++ b/cron/internal/cii/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 712cbad85fb..019729b815a 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/cron/internal/webhook/Dockerfile b/cron/internal/webhook/Dockerfile index 19365ee511a..30a811fea45 100644 --- a/cron/internal/webhook/Dockerfile +++ b/cron/internal/webhook/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ diff --git a/cron/internal/worker/Dockerfile b/cron/internal/worker/Dockerfile index f2c673b4b99..682b3066e64 100644 --- a/cron/internal/worker/Dockerfile +++ b/cron/internal/worker/Dockerfile @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# golang:1.19 -FROM golang@sha256:4b1fc02d16fca272e5e6e6adc98396219b43ef663a377eef4a97e881d364393f AS base +FROM golang:1.19@sha256:6b3fa4b908676231b50acbbc00e84d8cee9c6ce072b1175c0ff352c57d8a612f AS base WORKDIR /src ENV CGO_ENABLED=0 COPY go.* ./ From efcbc720c7d349f4f341f3ecb8cae64435fafc37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 19:43:25 +0000 Subject: [PATCH 283/316] :seedling: Bump github.com/onsi/ginkgo/v2 in /tools Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.10.0 to 2.11.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.10.0...v2.11.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tools/go.mod | 4 ++-- tools/go.sum | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 518a912f316..f892bda7141 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -9,7 +9,7 @@ require ( github.com/google/ko v0.13.0 github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 - github.com/onsi/ginkgo/v2 v2.10.0 + github.com/onsi/ginkgo/v2 v2.11.0 google.golang.org/protobuf v1.30.0 ) @@ -352,7 +352,7 @@ require ( golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/sync v0.2.0 // indirect - golang.org/x/sys v0.8.0 // indirect + golang.org/x/sys v0.9.0 // indirect golang.org/x/term v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect diff --git a/tools/go.sum b/tools/go.sum index 875fcb16d03..71659453f3a 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -1998,8 +1998,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs= -github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE= +github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -2018,7 +2018,7 @@ github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeR github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= -github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -2970,8 +2970,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= From a9765401d67146be75a1373221092c372739ecac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 19:56:30 +0000 Subject: [PATCH 284/316] :seedling: Bump mvdan.cc/sh/v3 from 3.6.0 to 3.7.0 Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.6.0...v3.7.0) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index b83ca4df14f..0d64ec03062 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - mvdan.cc/sh/v3 v3.6.0 + mvdan.cc/sh/v3 v3.7.0 ) require ( diff --git a/go.sum b/go.sum index 615e0d42e6f..814a2871377 100644 --- a/go.sum +++ b/go.sum @@ -943,7 +943,7 @@ github.com/franela/goblin v0.0.0-20210519012713-85d372ac71e2/go.mod h1:VzmDKDJVZ github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= -github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= +github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -1822,8 +1822,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.1-0.20230524175051-ec119421bb97 h1:3RPlVWzZ/PDqmVuf/FKHARG5EMid/tl7cv54Sw/QRVY= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -3100,8 +3100,8 @@ modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -mvdan.cc/sh/v3 v3.6.0 h1:gtva4EXJ0dFNvl5bHjcUEvws+KRcDslT8VKheTYkbGU= -mvdan.cc/sh/v3 v3.6.0/go.mod h1:U4mhtBLZ32iWhif5/lD+ygy1zrgaQhUu+XFy7C8+TTA= +mvdan.cc/sh/v3 v3.7.0 h1:lSTjdP/1xsddtaKfGg7Myu7DnlHItd3/M2tomOcNNBg= +mvdan.cc/sh/v3 v3.7.0/go.mod h1:K2gwkaesF/D7av7Kxl0HbF5kGOd2ArupNTX3X44+8l8= mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 h1:Jh3LAeMt1eGpxomyu3jVkmVZWW2MxZ1qIIV2TZ/nRio= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From 09505d8a613fd254673187751ad6aefdb7a8f51a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 20:09:39 +0000 Subject: [PATCH 285/316] :seedling: Bump github.com/onsi/ginkgo/v2 from 2.10.0 to 2.11.0 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.10.0 to 2.11.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.10.0...v2.11.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0d64ec03062..0f381a5864a 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/gobwas/glob v0.2.3 github.com/google/osv-scanner v1.3.4 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 - github.com/onsi/ginkgo/v2 v2.10.0 + github.com/onsi/ginkgo/v2 v2.11.0 github.com/otiai10/copy v1.11.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 814a2871377..64c8e10ed8c 100644 --- a/go.sum +++ b/go.sum @@ -1663,8 +1663,8 @@ github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47 github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7AG4VIk= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= -github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs= -github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE= +github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= +github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= From 18b70b294b6471508608053aac89258cb5db7b12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 20:20:40 +0000 Subject: [PATCH 286/316] :seedling: Bump github.com/otiai10/copy from 1.11.0 to 1.12.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0f381a5864a..b32bc373c5f 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( github.com/google/osv-scanner v1.3.4 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.11.0 - github.com/otiai10/copy v1.11.0 + github.com/otiai10/copy v1.12.0 sigs.k8s.io/release-utils v0.6.0 ) diff --git a/go.sum b/go.sum index 64c8e10ed8c..19f785082ab 100644 --- a/go.sum +++ b/go.sum @@ -1713,8 +1713,8 @@ github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuh github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa4YDFlwRYAMyE= -github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc= -github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= +github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= +github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= From 4c460282582b7f6c21bf7004649483a18d80bb7f Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Tue, 20 Jun 2023 16:08:39 -0500 Subject: [PATCH 287/316] :seedling: e2e for statuses (#3176) - e2e for statuses. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/statuses_e2e_test.go | 59 +++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 clients/githubrepo/statuses_e2e_test.go diff --git a/clients/githubrepo/statuses_e2e_test.go b/clients/githubrepo/statuses_e2e_test.go new file mode 100644 index 00000000000..e5200284cc1 --- /dev/null +++ b/clients/githubrepo/statuses_e2e_test.go @@ -0,0 +1,59 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.statusesHandler", func() { + var statusHandler *statusesHandler + + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + client := github.NewClient(httpClient) + statusHandler = &statusesHandler{ + client: client, + ctx: ctx, + } + }) + Context("listStatuses()", func() { + It("returns statuses", func() { + repoURL := repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + + statusHandler.init(context.Background(), &repoURL) + resp, err := statusHandler.listStatuses("8c9e552f68e5fd070692b8376ac51d2e8a7f0aaa") + Expect(err).NotTo(HaveOccurred()) + Expect(len(resp)).ShouldNot(Equal(0)) + }) + }) +}) From 119acffec7163d9c6fa8df1fc1f7a994cf7f2fba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 08:57:19 +0000 Subject: [PATCH 288/316] :seedling: Bump step-security/harden-runner from 2.4.0 to 2.4.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/128a63446a954579617e875aaab7d2978154e969...55d479fb1c5bcad5a4f9099a5d9f37c8857b2845) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 14 +++++----- .github/workflows/gitlab.yml | 2 +- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 4 +-- .github/workflows/main.yml | 40 +++++++++++++-------------- .github/workflows/publishimage.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 9 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c5f8407259e..c431cb5afea 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1d45009f79a..880cfd8114f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -60,7 +60,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -90,7 +90,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -120,7 +120,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -150,7 +150,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -180,7 +180,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -210,7 +210,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -240,7 +240,7 @@ jobs: if: (needs.docs_only_check.outputs.docs_only != 'true') steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index 890c12b28da..3ee314caacb 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -27,7 +27,7 @@ jobs: environment: gitlab steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index 373e7ec54c8..c3b29154f6e 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index a537fd65258..32bb9998ddf 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -41,7 +41,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 39ff059db22..cef4ac8c8f6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -93,7 +93,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -141,7 +141,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -188,7 +188,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -224,7 +224,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -272,7 +272,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -320,7 +320,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -368,7 +368,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -416,7 +416,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -464,7 +464,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -512,7 +512,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -560,7 +560,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -608,7 +608,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -656,7 +656,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -704,7 +704,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -751,7 +751,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -781,7 +781,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -824,7 +824,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Install Protoc @@ -870,7 +870,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -905,7 +905,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 8939f64cf09..ec6593aa8a7 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -32,7 +32,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f34032e239e..ba9642a6be7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 2e72e88200f..af59979b66d 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v1 + uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs From 8788f114a064802f3773ffc82be9e13debd4506a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 09:08:15 +0000 Subject: [PATCH 289/316] :seedling: Bump tj-actions/changed-files from 36.4.0 to 36.4.1 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.4.0 to 36.4.1. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/e1754a427f478b8778d349341b8f1d80f1f47f44...54479c37f5eb47a43e595c6b71e1df2c112ce7f1) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 880cfd8114f..bfe27a0e52e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@e1754a427f478b8778d349341b8f1d80f1f47f44 #v36.4.0 + uses: tj-actions/changed-files@54479c37f5eb47a43e595c6b71e1df2c112ce7f1 #v36.4.1 with: files_ignore: '**.md' - id: docs_only_check From 74fbee9fa6a7df4aaf51179b39a3281ae119b852 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 12:24:11 +0000 Subject: [PATCH 290/316] :seedling: Bump github.com/xanzy/go-gitlab from 0.85.0 to 0.86.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.85.0 to 0.86.0. - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.85.0...v0.86.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b32bc373c5f..68642ef64c5 100644 --- a/go.mod +++ b/go.mod @@ -165,7 +165,7 @@ require ( github.com/sergi/go-diff v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/vbatts/tar-split v0.11.3 // indirect - github.com/xanzy/go-gitlab v0.85.0 + github.com/xanzy/go-gitlab v0.86.0 github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 19f785082ab..0a160c3df8c 100644 --- a/go.sum +++ b/go.sum @@ -1970,8 +1970,8 @@ github.com/vmware/govmomi v0.20.3/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59b github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= -github.com/xanzy/go-gitlab v0.85.0 h1:E/wjnsd/mM5kV6O9y5+i6zxjx+wfAwa97sgcT1ETNwk= -github.com/xanzy/go-gitlab v0.85.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w= +github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= From 6a033c7101a08858a7d5fe197790dbad534c1a9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 12:36:27 +0000 Subject: [PATCH 291/316] :seedling: Bump gocloud.dev from 0.29.0 to 0.30.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.29.0 to 0.30.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](https://github.com/google/go-cloud/compare/v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 56 ++--- go.sum | 678 +++++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 566 insertions(+), 168 deletions(-) diff --git a/go.mod b/go.mod index 68642ef64c5..4078c80cf13 100644 --- a/go.mod +++ b/go.mod @@ -9,9 +9,9 @@ require ( require ( cloud.google.com/go/bigquery v1.51.2 - cloud.google.com/go/monitoring v1.13.0 // indirect + cloud.google.com/go/monitoring v1.15.0 // indirect cloud.google.com/go/pubsub v1.31.0 - cloud.google.com/go/trace v1.9.0 // indirect + cloud.google.com/go/trace v1.10.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 @@ -33,10 +33,10 @@ require ( github.com/spf13/cobra v1.7.0 github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 - gocloud.dev v0.29.0 + gocloud.dev v0.30.0 golang.org/x/text v0.10.0 golang.org/x/tools v0.10.0 - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect google.golang.org/protobuf v1.30.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 @@ -57,7 +57,7 @@ require ( require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/containeranalysis v0.9.0 // indirect - cloud.google.com/go/kms v1.10.2 // indirect + cloud.google.com/go/kms v1.12.0 // indirect github.com/BurntSushi/toml v1.3.0 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect @@ -66,19 +66,19 @@ require ( github.com/apache/thrift v0.16.0 // indirect github.com/cloudflare/circl v1.3.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/emicklei/go-restful/v3 v3.10.1 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/golang/glog v1.1.0 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/flatbuffers v2.0.8+incompatible // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect + github.com/google/gnostic v0.6.9 // indirect github.com/google/go-github/v53 v53.0.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect + github.com/google/pprof v0.0.0-20230406165453-00490a63f317 // indirect github.com/google/s2a-go v0.1.4 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-retryablehttp v0.7.2 // indirect @@ -96,7 +96,7 @@ require ( github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/prometheus/prometheus v0.42.0 // indirect + github.com/prometheus/prometheus v0.44.0 // indirect github.com/skeema/knownhosts v1.1.1 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect github.com/spdx/tools-golang v0.5.1 // indirect @@ -105,13 +105,15 @@ require ( golang.org/x/term v0.9.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/api v0.26.1 // indirect - k8s.io/apimachinery v0.26.1 // indirect - k8s.io/client-go v0.26.1 // indirect - k8s.io/klog/v2 v2.80.1 // indirect - k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 // indirect - k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect + k8s.io/api v0.26.2 // indirect + k8s.io/apimachinery v0.26.2 // indirect + k8s.io/client-go v0.26.2 // indirect + k8s.io/klog/v2 v2.90.1 // indirect + k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d // indirect + k8s.io/utils v0.0.0-20230308161112-d77c459e9343 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect @@ -119,13 +121,13 @@ require ( require ( cloud.google.com/go v0.110.2 // indirect - cloud.google.com/go/compute v1.19.1 // indirect - cloud.google.com/go/iam v1.0.1 // indirect - cloud.google.com/go/storage v1.29.0 // indirect + cloud.google.com/go/compute v1.20.0 // indirect + cloud.google.com/go/iam v1.1.0 // indirect + cloud.google.com/go/storage v1.30.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect - github.com/aws/aws-sdk-go v1.44.200 // indirect + github.com/aws/aws-sdk-go v1.44.284 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect @@ -135,7 +137,7 @@ require ( github.com/docker/docker v23.0.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/fatih/color v1.13.0 // indirect + github.com/fatih/color v1.14.1 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -145,15 +147,15 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.9.1 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/klauspost/compress v1.16.5 // indirect - github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -176,9 +178,9 @@ require ( golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.9.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.124.0 // indirect + google.golang.org/api v0.128.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/grpc v1.55.0 // indirect + google.golang.org/grpc v1.56.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) diff --git a/go.sum b/go.sum index 0a160c3df8c..e6bbb1c823d 100644 --- a/go.sum +++ b/go.sum @@ -38,50 +38,85 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= +cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA= cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= +cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= +cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= +cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= +cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= +cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= +cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= +cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= +cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= +cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= +cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= +cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= +cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= +cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= +cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= +cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= +cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= +cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= +cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= +cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= +cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= +cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI= +cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= +cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= +cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= +cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= +cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= +cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= +cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= +cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= +cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= +cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= +cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= +cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -91,28 +126,44 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E= +cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= +cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= +cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= cloud.google.com/go/bigquery v1.51.2 h1:p6SZQJBh64rNJB/9V5O0jvMBI8O/XV5rJKlhmmCU+2o= cloud.google.com/go/bigquery v1.51.2/go.mod h1:6YYSJ37dAY1HyMDq/+XByPmzsC52MgzNXhxjlTzIVCM= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= +cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= +cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= +cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= +cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= +cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= +cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= +cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= +cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= +cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= +cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= +cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= +cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= @@ -126,20 +177,27 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= +cloud.google.com/go/compute v1.20.0 h1:cUOcywWuowO9It2i1KX1lIb0HH7gLv6nENKuZGnlcSo= +cloud.google.com/go/compute v1.20.0/go.mod h1:kn5BhC++qUWR/AM3Dn21myV7QbgqejW04cAOrtppaQI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= -cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= +cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= +cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= +cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= +cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= cloud.google.com/go/containeranalysis v0.9.0 h1:EQ4FFxNaEAg8PqQCO7bVQfWz9NVwZCUKaM1b3ycfx3U= cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= @@ -147,158 +205,242 @@ cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= +cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= cloud.google.com/go/datacatalog v1.13.0 h1:4H5IJiyUE0X6ShQBqgFFZvGGcrwGVndTwUSLP4c52gw= +cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= +cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= +cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= +cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= +cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= +cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= +cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= +cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= +cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= +cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= +cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= +cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= +cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= +cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= +cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= +cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= +cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= +cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= +cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= +cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= +cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= +cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= +cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= +cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= +cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= +cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/firestore v1.10.0/go.mod h1:eAeoQCV8F35Mcy4k8ZrQbcSYZOayIwoiU7ZJ6xzH1+o= cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= +cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= +cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= +cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= +cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= +cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= +cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= +cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= +cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= -cloud.google.com/go/iam v1.0.1 h1:lyeCAU6jpnVNrE9zGQkTl3WgNgK/X+uWwaw0kynZJMU= +cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= +cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= +cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8= +cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94= +cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= +cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= +cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= +cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= +cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= +cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= +cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.10.2 h1:8UePKEypK3SQ6g+4mn/s/VgE5L7XOh+FwGGRUqvY3Hw= +cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= +cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= +cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= cloud.google.com/go/kms v1.10.2/go.mod h1:9mX3Q6pdroWzL20pbK6RaOdBbXBEhMNgK4Pfz2bweb4= +cloud.google.com/go/kms v1.12.0 h1:IEYV44WsGc6yVO1PlvnRlYzsHM2ImpB598Cglh/3uGw= +cloud.google.com/go/kms v1.12.0/go.mod h1:syfpIBSOqQ/ZqK48RLPkwUhFhvbsA1SyGAq/vPohd20= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= +cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= +cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.0/go.mod h1:eF3Qsw58iX/bkKtVjMTYpH0LRjQ2goDkjkNQTlzq/ZM= -cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= +cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= +cloud.google.com/go/longrunning v0.4.2/go.mod h1:OHrnaYyLUV6oqwh0xiS7e5sLQhP1m0QU9R+WhGDMgIQ= +cloud.google.com/go/longrunning v0.5.0 h1:DK8BH0+hS+DIvc9a2TPnteUievsTCH4ORMAASSb7JcQ= +cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= +cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= +cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= +cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= +cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= +cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= -cloud.google.com/go/monitoring v1.13.0 h1:2qsrgXGVoRXpP7otZ14eE1I568zAa92sJSDPyOJvwjM= cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= +cloud.google.com/go/monitoring v1.15.0 h1:b85k1A7eWZDkNtK08hDt45vNHJ2b0WpeNFAkUa86ons= +cloud.google.com/go/monitoring v1.15.0/go.mod h1:/LPLNIY93ZtCpPKuO38kEYh+WhhiqIt8HYch2srelRM= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= +cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= +cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= +cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= +cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= +cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= +cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= +cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= +cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= +cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= +cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= +cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= +cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= +cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= +cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= +cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -306,69 +448,105 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= +cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= cloud.google.com/go/pubsub v1.31.0 h1:aXdyyJz90kA+bor9+6+xHAciMD5mj8v15WqFZ5E0sek= cloud.google.com/go/pubsub v1.31.0/go.mod h1:dYmJ3K97NCQ/e4OwZ20rD4Ym3Bu8Gu9m/aJdWQjdcks= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= +cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= +cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= +cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= +cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= +cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= +cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= +cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= +cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= +cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= +cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= +cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= +cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= +cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= +cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= +cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= +cloud.google.com/go/secretmanager v1.11.0/go.mod h1:qeQq0/jyJqrGeULu0GkRsVSPKTvf98AEqJnuEIQiJwA= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= +cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= +cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= +cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= +cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= +cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= +cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc= +cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= +cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= +cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= +cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= +cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= +cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec= +cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= +cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= +cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= +cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= +cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= +cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -379,58 +557,85 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= -cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI= cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= +cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= +cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= +cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= +cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= +cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= -cloud.google.com/go/trace v1.9.0 h1:olxC0QHC59zgJVALtgqfD9tGk0lfeCP5/AGXL3Px/no= cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= +cloud.google.com/go/trace v1.10.0 h1:qHz42GfGe3OfNvKMUs5Z8lD+PuUr3uqUADVgKG+SCw4= +cloud.google.com/go/trace v1.10.0/go.mod h1:X3g0Th7+AIjj4rUVhv9JpMv7jpsRIJ9et+wYjCHYbQs= cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= +cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= +cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= +cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= +cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= +cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= +cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= +cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= +cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= +cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= +cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= +cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= +cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= +cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= +cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= +cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= +cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= +cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= +cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8= -contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= +contrib.go.opencensus.io/exporter/aws v0.0.0-20230502192102-15967c811cec/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/stackdriver v0.13.14 h1:zBakwHardp9Jcb8sQHcHpXy/0+JIb1M8KjigCJzx7+4= contrib.go.opencensus.io/exporter/stackdriver v0.13.14/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= +git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/Azure/azure-amqp-common-go/v3 v3.2.3/go.mod h1:7rPmbSfszeovxGfc5fSAXE4ehlXQZHpMja2OtxC2Tas= github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -440,23 +645,27 @@ github.com/Azure/azure-sdk-for-go v63.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v65.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.2/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.0/go.mod h1:tZoQYdDZNOiIjdSn0dVWVfl0NEPGOJqVLzSrcFk4Is0= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1/go.mod h1:DffdKW9RFqa5VgmsjUOsS7UE7eiA5iAvYUs63bhKQ0M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1/go.mod h1:gLa1CL2RNE4s7M3yopJ/p0iq5DdY6Yv5ZUt9MTRZOQM= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= -github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.2.0/go.mod h1:R6+0udeRV8iYSTVuT5RT7If4sc46K5Bz3ZKrmvZQF7U= +github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.4.0/go.mod h1:pXDkeh10bAqElvd+S5Ppncj+DCKvJGXNa8rRT2R7rIw= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag= github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= -github.com/Azure/go-amqp v0.18.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= +github.com/Azure/go-amqp v1.0.0/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= +github.com/Azure/go-amqp v1.0.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -475,7 +684,7 @@ github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQW github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= @@ -499,6 +708,7 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1/go.mod h1:4qFor3D/HDsvBME35Xy9rwW9DecL+M2sNw1ybjPtwA0= +github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.3.0 h1:Ws8e5YmnrGEHzZEzg0YvK/7COGYtTC5PbaH9oSSbgfA= @@ -507,11 +717,12 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE= github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.2/go.mod h1:uqoR4sJc63p7ugW8a/vsEspOsNuehbi7ptS2CHCyOnY= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.7/go.mod h1:JBp/RvKNOoIkR5BdMSXswBksHcPZ/41sbBV+GhSjgMY= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c h1:RGWPOewvKIROun94nF7v2cua9qP+thov/7M50KEoeSU= +github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= @@ -526,6 +737,7 @@ github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= @@ -557,7 +769,12 @@ github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/ github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= +github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= +github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= +github.com/alecthomas/kingpin/v2 v2.3.1/go.mod h1:oYL5vtsvEHZGHxU7DMp32Dvx+qL+ptGn6lWaot2vCNE= +github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -572,6 +789,8 @@ github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= +github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= github.com/apache/arrow/go/v12 v12.0.0 h1:xtZE63VWl7qLdB0JObIXvvhGjoVNrQ9ciIHG2OK5cmc= github.com/apache/arrow/go/v12 v12.0.0/go.mod h1:d+tV/eHZZ7Dz7RPrFKtPK02tpr+c9/PEd/zm8mDS9Vg= github.com/apache/thrift v0.16.0 h1:qEy6UW60iVOlUy+b9ZR0d5WzUWYGOo4HfopoyBaNmoY= @@ -582,6 +801,7 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV github.com/armon/go-metrics v0.3.3/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -589,6 +809,7 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.28.2/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= @@ -597,52 +818,52 @@ github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.200 h1:JcFf/BnOaMWe9ObjaklgbbF0bGXI4XbYJwYn2eFNVyQ= -github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.245/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.284 h1:Oc5Kubi43/VCkerlt3ZU3KpBju6BpNkoG3s7E8vj/O8= +github.com/aws/aws-sdk-go v1.44.284/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= -github.com/aws/aws-sdk-go-v2 v1.17.4 h1:wyC6p9Yfq6V2y98wfDsj6OnNQa4w2BLGCLIxzNhwOGY= -github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo= +github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= -github.com/aws/aws-sdk-go-v2/config v1.18.12 h1:fKs/I4wccmfrNRO9rdrbMO1NgLxct6H9rNMiPdBxHWw= -github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8= -github.com/aws/aws-sdk-go-v2/credentials v1.13.12 h1:Cb+HhuEnV19zHRaYYVglwvdHGMJWbdsyP4oHhw04xws= -github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22 h1:3aMfcTmoXtTZnaT86QlVaYh+BRMbvrrmZwIQ5jWqCZQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 h1:iTFYCAdKzSAjGnVIUe88Hxvix0uaBqr0Rv7qJEOX5hE= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51/go.mod h1:7Grl2gV+dx9SWrUIgwwlUvU40t7+lOSbx34XwfmsTkY= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28 h1:r+XwaCLpIvCKjBIYy/HVZujQS9tsz5ohHG3ZIe0wKoE= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22 h1:7AwGYXDdqRQYsluvKFmWoqpcOQJ4bH634SkYf3FNj/A= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29 h1:J4xhFd6zHhdF9jPP0FQJ6WknzBboGMBNjKOv4iTuw4A= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 h1:FGvpyTg2LKEmMrLlpjOgkoNp9XF5CGeyAyo33LdqZW8= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19/go.mod h1:8W88sW3PjamQpKFUQvHWWKay6ARsNvZnzU7+a4apubw= +github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA= +github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw= +github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk= +github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 h1:c5+bNdV8E4fIPteWx4HZSkqI07oY9exbfQ7JH7Yx4PI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23/go.mod h1:1jcUfF+FAOEwtIcNiHPaV4TSoZqkUIPzrohmD7fb95c= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22 h1:LjFQf8hFuMO22HkV5VWGLBvmCLBCLPivUAmpdpnp4Vs= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 h1:ISLJ2BKXe4zzyZ7mp5ewKECiw0U7KpLgS3S6OxY9Cm0= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22/go.mod h1:QFVbqK54XArazLvn2wvWMRBi/jGrWii46qbr5DyPGjc= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.2/go.mod h1:vdqtUOdVuf5ooy+hJ2GnzqNo94xiAA9s1xbZ1hQgRE0= -github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 h1:5EQWIFO+Hc8E2hFcXQJ1vm6ufl/PMt/6RVRDZRju2vM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2/go.mod h1:SXDHd6fI2RhqB7vmAzyYQCTQnpZrIprVJvYxpzW3JAM= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog= -github.com/aws/aws-sdk-go-v2/service/sns v1.20.2/go.mod h1:VN2n9SOMS1lNbh5YD7o+ho0/rgfifSrK//YYNiVVF5E= -github.com/aws/aws-sdk-go-v2/service/sqs v1.20.2/go.mod h1:1ttxGjUHZliCQMpPss1sU5+Ph/5NvdMFRzr96bv8gm0= -github.com/aws/aws-sdk-go-v2/service/ssm v1.35.2/go.mod h1:VLSz2SHUKYFSOlXB/GlXoLU6KPYQJAbw7I20TDJdyws= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.1 h1:lQKN/LNa3qqu2cDOQZybP7oL4nMGGiFqob0jZJaR8/4= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1 h1:0bLhH6DRAqox+g0LatcjGKjjhU6Eudyys6HB6DJVPj8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.3 h1:s49mSnsBZEXjfGBkRfmK+nPqzT7Lt3+t2SmAKNyHblw= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM= +github.com/aws/aws-sdk-go-v2/service/kms v1.22.2/go.mod h1:aNfh11Smy55o65PB3MyKbkM8BFyFUcZmj1k+4g8eNfg= +github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o= +github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw= +github.com/aws/aws-sdk-go-v2/service/sns v1.20.13/go.mod h1:rWrvp9i8y/lX94lS7Kn/0iu9RY6vXzeKRqS/knVX8/c= +github.com/aws/aws-sdk-go-v2/service/sqs v1.23.2/go.mod h1:TaV67b6JMD1988x/uMDop/JnMFK6v5d4Ru+sDmFg+ww= +github.com/aws/aws-sdk-go-v2/service/ssm v1.36.6/go.mod h1:NdyMyZH/FzmCaybTrVMBD0nTCGrs1G4cOPKHFywx9Ns= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= @@ -660,6 +881,8 @@ github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradleyfalzon/ghinstallation/v2 v2.5.0 h1:yaYcGQ7yEIGbsJfW/9z7v1sLiZg/5rSNNXwmMct5XaE= github.com/bradleyfalzon/ghinstallation/v2 v2.5.0/go.mod h1:amcvPQMrRkWNdueWOjPytGL25xQGzox7425qMgzo+Vo= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= @@ -686,11 +909,11 @@ github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOo github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY= +github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic= +github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= @@ -717,6 +940,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230112175826-46e39c7b9b43/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= @@ -866,7 +1092,7 @@ github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mz github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/go-sip13 v0.0.0-20200911182023-62edffca9245/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs= -github.com/digitalocean/godo v1.95.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= +github.com/digitalocean/godo v1.98.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= @@ -878,7 +1104,7 @@ github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k= github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= @@ -903,8 +1129,9 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/emicklei/go-restful v2.16.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= +github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -918,9 +1145,13 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= +github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= +github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= +github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/evanphx/json-patch v0.0.0-20200808040245-162e5629780b/go.mod h1:NAJj0yf/KaRKURN6nyi7A9IZydMivZEm9oQLWNjfKDc= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -930,12 +1161,15 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= -github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= +github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= @@ -958,6 +1192,11 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= +github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= +github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= +github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= @@ -975,10 +1214,13 @@ github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEai github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= +github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= +github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= +github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -1000,15 +1242,18 @@ github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuA github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= github.com/go-openapi/runtime v0.23.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= @@ -1018,10 +1263,12 @@ github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.2/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= @@ -1032,14 +1279,18 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= +github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8= +github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -1160,8 +1411,9 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= +github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1186,13 +1438,14 @@ github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3 github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v53 v53.0.0 h1:T1RyHbSnpHYnoF0ZYKiIPSgPtuJ8G6vgc0MKodXsQDQ= github.com/google/go-github/v53 v53.0.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= -github.com/google/go-replayers/httpreplay v1.1.1 h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY= -github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2RiqK1NiwAmD0MrKeC9IIks= +github.com/google/go-replayers/httpreplay v1.2.0 h1:VM1wEyyjaoU53BwrOnaf9VhAyQQEEioJvFYxYcLRKzk= +github.com/google/go-replayers/httpreplay v1.2.0/go.mod h1:WahEFFZZ7a1P4VM1qEeHy+tME4bwyqPcwWbNlUI1Mcg= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -1226,9 +1479,11 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= -github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= -github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= +github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= @@ -1244,8 +1499,10 @@ github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= +github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -1256,8 +1513,12 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.9.1 h1:DpTpJqzZ3NvX9zqjhIuI1oVzYZMvboZe+3LoeEIJjHM= +github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gax-go/v2 v2.9.1/go.mod h1:4FG3gMrVZlyMp5itSYKMU9z/lBE7+SbnUOvzH2HqbEY= +github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= +github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.2/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -1268,7 +1529,7 @@ github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+ github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gophercloud/gophercloud v0.24.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= -github.com/gophercloud/gophercloud v1.1.1/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -1294,18 +1555,18 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.1/go.mod h1:G+WkljZi4mflcqVxYSgvt8MNctRQHjEH8ubKtt1Ka3w= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2/go.mod h1:7pdNwVWBBHGiCxa9lAszqCJMbfTISJ7oMftp8+UGV08= github.com/h2non/filetype v1.1.3 h1:FKkx9QbD7HR/zjK1Ia5XiBsq9zdLi5Kf3zGyFTAFkGg= github.com/h2non/filetype v1.1.3/go.mod h1:319b3zT68BvV+WRj7cwy856M2ehB3HqNOt6sy1HndBY= -github.com/hanwen/go-fuse/v2 v2.2.0/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc= +github.com/hanwen/go-fuse/v2 v2.3.0/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= -github.com/hashicorp/consul/api v1.18.0/go.mod h1:owRRGJ9M5xReDC5nfT8FTJrNAPbT4NM6p/k+d03q2v4= +github.com/hashicorp/consul/api v1.20.0/go.mod h1:nR64eD44KQ59Of/ECwt2vUmIK2DKsDzAwTmwmLl8Wpo= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= -github.com/hashicorp/consul/sdk v0.13.0/go.mod h1:0hs/l5fOVhJy/VdcoaNqUSi2AUs95eF5WKtv+EYIQqE= +github.com/hashicorp/consul/sdk v0.13.1/go.mod h1:SW/mM4LbKfqmMvcFu8v+eiQQ7oitXEFeiBe9StxERb0= github.com/hashicorp/cronexpr v1.1.1/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -1318,8 +1579,9 @@ github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.12.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I= +github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.2.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -1357,27 +1619,28 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= -github.com/hashicorp/nomad/api v0.0.0-20230124213148-69fd1a0e4bf7/go.mod h1:xYYd4dybIhRhhzDemKx7Ddt8CvCosgrEek8YM7/cF0A= +github.com/hashicorp/nomad/api v0.0.0-20230418003350-3067191c5197/go.mod h1:2TCrNvonL09r7EiQ6M2rNt+Cmjbn1QbzchFoTWJFpj4= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hetznercloud/hcloud-go v1.33.1/go.mod h1:XX/TQub3ge0yWR2yHWmnDVIrB+MQbda1pHxkUmDlUME= -github.com/hetznercloud/hcloud-go v1.39.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= +github.com/hetznercloud/hcloud-go v1.42.0/go.mod h1:YADL8AbmQYH0Eo+1lkuyoc8LutT0UeMvaKP47nNUb+Y= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= -github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= +github.com/ianlancetaylor/demangle v0.0.0-20220517205856-0058ec4f073c/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= @@ -1385,7 +1648,7 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= -github.com/ionos-cloud/sdk-go/v6 v6.1.3/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= +github.com/ionos-cloud/sdk-go/v6 v6.1.6/go.mod h1:EzEgRIDxBELvfoa/uBN0kOQaqovLjUWEB7iW4/Q+t4k= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= @@ -1397,7 +1660,7 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI= +github.com/jackc/pgconn v1.14.0/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= @@ -1410,22 +1673,24 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw= +github.com/jackc/pgx/v4 v4.18.1/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzkb+qQE= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= @@ -1468,9 +1733,11 @@ github.com/jszwec/csvutil v1.8.0/go.mod h1:/E4ONrmGkwmWsk9ae9jpXnv9QT8pLHEPcCirM github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -1484,7 +1751,7 @@ github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4= @@ -1515,12 +1782,13 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/linode/linodego v1.4.0/go.mod h1:PVsRxSlOiJyvG4/scTszpmZDTdgS+to3X6eS8pRrWI8= -github.com/linode/linodego v1.12.0/go.mod h1:NJlzvlNtdMRRkXb0oN6UWzUkj6t+IBsyveHgZ5Ppjyk= +github.com/linode/linodego v1.16.1/go.mod h1:aESRAbpLY9R6IA1WGAWHikRI9DU9Lhesapv1MhKmPHM= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -1541,8 +1809,9 @@ github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVc github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= @@ -1552,6 +1821,7 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1561,15 +1831,17 @@ github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= +github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 h1:mc6Th1b2xkPDUHTIUynE0LMJUgPEJdIDUjBLvj8yprs= github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303/go.mod h1:O6IeMrJ2EU+kDaxu7Dchbd0fbmrsTcjg8SGYFVJCr5A= github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U= -github.com/microsoft/go-mssqldb v0.18.0/go.mod h1:ukJCBnnzLzpVF0qYRT+eg1e+eSwjeQ7IvenUv8QPook= +github.com/microsoft/go-mssqldb v0.21.0/go.mod h1:+4wZTUnz/SV6nffv+RRRB/ss8jPng5Sho2SmM1l2ts4= github.com/miekg/dns v1.1.25-0.20191211073109-8ebf2e419df7/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 h1:AMFGa4R4MiIpspGNG7Z948v4n35fFGB3RR3G/ry4FWs= @@ -1603,6 +1875,7 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= @@ -1620,6 +1893,7 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= +github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= @@ -1716,7 +1990,7 @@ github.com/openzipkin/zipkin-go v0.2.5/go.mod h1:KpXfKdgRDnnhsxw4pNIH9Md5lyFqKUa github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= -github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= +github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -1729,6 +2003,9 @@ github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0= github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= @@ -1766,6 +2043,7 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -1784,12 +2062,14 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec= -github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= +github.com/prometheus/common v0.41.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/exporter-toolkit v0.8.2/go.mod h1:00shzmJL7KxcsabLWcONwpyNEuWhREOnFqZW7vadFS0= +github.com/prometheus/exporter-toolkit v0.9.1/go.mod h1:iFlTmFISCix0vyuyBmm0UqOUCTao9+RsAsKJP3YM9ec= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -1803,13 +2083,15 @@ github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4O github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= +github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY= -github.com/prometheus/prometheus v0.42.0 h1:G769v8covTkOiNckXFIwLx01XE04OE6Fr0JPA0oR2nI= -github.com/prometheus/prometheus v0.42.0/go.mod h1:Pfqb/MLnnR2KK+0vchiaH39jXxvLMBk+3lnIGP4N7Vk= +github.com/prometheus/prometheus v0.44.0 h1:sgn8Fdx+uE5tHQn0/622swlk2XnIj6udoZCnbVjHIgc= +github.com/prometheus/prometheus v0.44.0/go.mod h1:aPsmIK3py5XammeTguyqTmuqzX/jeCdyOWWobLHNKQg= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= +github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rhysd/actionlint v1.6.15 h1:IxQIp10aVce77jNnoHye7NFka8/7CRBSvKXoMRGryXM= github.com/rhysd/actionlint v1.6.15/go.mod h1:R4ZRjgsIrnsT1CPU/4MdiIBzfJgMKJFd4qqGUERI098= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= @@ -1823,6 +2105,7 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.10.1-0.20230524175051-ec119421bb97 h1:3RPlVWzZ/PDqmVuf/FKHARG5EMid/tl7cv54Sw/QRVY= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= @@ -1831,6 +2114,8 @@ github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThC github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= +github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= @@ -1838,7 +2123,7 @@ github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiB github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8= github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.12/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -1846,7 +2131,7 @@ github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvW github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/shoenig/test v0.6.0/go.mod h1:xYtyGBC5Q3kzCNyJg/SjgNpfAa2kvmgA0i5+lQso8x0= +github.com/shoenig/test v0.6.3/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa h1:jozR3igKlnYCj9IVHOVump59bp07oIRoLQ/CcjMYIUA= @@ -1928,10 +2213,12 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= @@ -1986,6 +2273,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= @@ -1998,6 +2287,7 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ= +github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= @@ -2023,6 +2313,7 @@ go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4x go.mongodb.org/mongo-driver v1.8.3/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -2039,35 +2330,35 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.31.0/go.mod h1:PFmBsWbldL1kiWZk9+0LBZz2brhByaGsvp6pRICMlPE= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0/go.mod h1:+ARmXlUlc51J7sZeCBkBJNdHGySrdOzgzxp6VWRWM1U= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0/go.mod h1:pcQ3MM3SWvrA71U4GDqv9UFDJ3HQsW7y5ZO3tDTlUdI= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= go.opentelemetry.io/otel v1.6.0/go.mod h1:bfJD2DZVw0LBxghOTlgnlI0CV3hLDu9XF/QKOUXMTQQ= go.opentelemetry.io/otel v1.6.1/go.mod h1:blzUabWHkX6LJewxvadmzafgh/wnvBSDBdOuwkAtrWQ= go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE= -go.opentelemetry.io/otel v1.11.2/go.mod h1:7p4EUV+AqgdlNV9gL97IgUZiVR3yrFXYo53f9BM3tRI= +go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.1/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2/go.mod h1:rqbht/LlhVBgn5+k3M5QK96K5Xb0DvXpMJ5SFQpY6uw= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0/go.mod h1:UFG7EBMRdXyFstOwH028U0sVf+AvukSGhF0g8+dmNG8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.1/go.mod h1:YJ/JbY5ag/tSQFXzH3mtDmHqzF3aFn3DI/aB1n7pt4w= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.2/go.mod h1:5Qn6qvgkMsLDX+sYK64rHb1FPhpn0UtxF+ouX1uhyJE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.6.1/go.mod h1:UJJXJj0rltNIemDMwkOJyggsvyMG9QHfJeFH0HS5JjM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.2/go.mod h1:jWZUM2MWhWCJ9J9xVbRx7tzK1mXKpAlze4CeulycwVY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.1/go.mod h1:DAKwdo06hFLc0U88O10x4xnb5sc7dDRDqRuiN+io8JE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.11.2/go.mod h1:GZWSQQky8AgdJj50r1KJm8oiQiIPaAX7uZCFQX9GzC8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.28.0/go.mod h1:TrzsfQAmQaB1PDcdhBauLMk7nyyg9hm+GoQq/ekE9Iw= -go.opentelemetry.io/otel/metric v0.34.0/go.mod h1:ZFuI4yQGNCupurTXCwkeD/zHBt+C2bR7bw5JqUm/AP8= +go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk v1.6.1/go.mod h1:IVYrddmFZ+eJqu2k38qD3WezFR2pymCzm8tdxyh3R4E= go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys= -go.opentelemetry.io/otel/sdk v1.11.2/go.mod h1:wZ1WxImwpq+lVRo4vsmSOxdd+xwoUJ6rqyLc3SyX9aU= +go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= @@ -2075,7 +2366,7 @@ go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKu go.opentelemetry.io/otel/trace v1.6.0/go.mod h1:qs7BrU5cZ8dXQHBGxHMOxwME/27YH2qEp4/+tZLLwJE= go.opentelemetry.io/otel/trace v1.6.1/go.mod h1:RkFRM1m0puWIq10oxImnGEduNBzxiN7TXluRBtE+5j0= go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= -go.opentelemetry.io/otel/trace v1.11.2/go.mod h1:4N+yC7QEz7TTsG9BSRLNAa63eg5E06ObSbKPmxQ/pKA= +go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.12.1/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -2088,18 +2379,20 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= +go.uber.org/automaxprocs v1.5.2/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -2107,8 +2400,8 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -gocloud.dev v0.29.0 h1:fBy0jwJSmxs0IjT0fE32MO+Mj+307VZQwyHaTyFZbC4= -gocloud.dev v0.29.0/go.mod h1:E3dAjji80g+lIkq4CQeF/BTWqv1CBeTftmOb+gpyapQ= +gocloud.dev v0.30.0 h1:PRgA+DXUz8/uuTJDA7wc8o2Hwj9yZ2qAsShZ60esbE8= +gocloud.dev v0.30.0/go.mod h1:w+GlGVg/Jy9JV0Xc9eSXzUZeVEmSWW49W0syFK1+T9U= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -2158,6 +2451,7 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2168,19 +2462,31 @@ golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2211,6 +2517,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2272,10 +2580,12 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2297,11 +2607,12 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= @@ -2333,9 +2644,10 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= @@ -2354,8 +2666,10 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2447,6 +2761,7 @@ golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2503,8 +2818,8 @@ golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2514,6 +2829,7 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2529,6 +2845,7 @@ golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= @@ -2597,6 +2914,7 @@ golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2634,6 +2952,7 @@ golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -2652,8 +2971,9 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= -golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/vuln v0.0.0-20230303230808-d3042fecc4e3 h1:9GJsAwSzB/ztwMwsEm3ihUgCXHCULbNsubxqIrdKa44= @@ -2672,10 +2992,14 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNq gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= gonum.org/v1/gonum v0.11.0 h1:f1IJhK4Km5tBJmaiJXtk/PkL4cdVX6J+tGiM187uT5E= +gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= +gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= +gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -2732,13 +3056,20 @@ google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91 google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= -google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqAED5U= google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.124.0 h1:dP6Ef1VgOGqQ8eiv4GiY8RhmeyqzovcXBYPDUYG8Syo= +google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= +google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= +google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= +google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= +google.golang.org/api v0.125.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2824,6 +3155,7 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= @@ -2848,7 +3180,6 @@ google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljW google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= -google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= @@ -2869,22 +3200,47 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= -google.golang.org/genproto v0.0.0-20221205194025-8222ab48f5fc/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= -google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA= +google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2926,10 +3282,13 @@ google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= +google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2946,6 +3305,7 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= @@ -2968,7 +3328,6 @@ gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:a gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= @@ -2997,6 +3356,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= @@ -3011,6 +3371,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk= k8s.io/api v0.18.8/go.mod h1:d/CXqwWv+Z2XEG1LgceeDmHQwpUJhROPx16SlxJgERY= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= @@ -3018,8 +3379,8 @@ k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= +k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= k8s.io/apimachinery v0.18.8/go.mod h1:6sQd+iHEqmOtALqOFjSWp2KZ9F0wlU/nWm0ZgsYWMig= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= @@ -3027,8 +3388,8 @@ k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MA k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apiserver v0.18.8/go.mod h1:12u5FuGql8Cc497ORNj79rhPdiXQC4bf53X/skR/1YM= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= @@ -3040,8 +3401,8 @@ k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/client-go v0.26.2 h1:s1WkVujHX3kTp4Zn4yGNFK+dlDXy1bAAkIl+cFAiuYI= +k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= k8s.io/cloud-provider v0.18.8/go.mod h1:cn9AlzMPVIXA4HHLVbgGUigaQlZyHSZ7WAwDEFNrQSs= k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0= @@ -3071,8 +3432,9 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= +k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200410163147-594e756bea31/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= @@ -3082,8 +3444,8 @@ k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2R k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715 h1:tBEbstoM+K0FiBV5KGAKQ0kuvf54v/hwpldiJt69w1s= -k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d h1:VcFq5n7wCJB2FQMCIHfC+f+jNcGgNMar1uKd6rVlifU= +k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/legacy-cloud-providers v0.18.8/go.mod h1:tgp4xYf6lvjrWnjQwTOPvWQE9IVqSBGPF4on0IyICQE= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= @@ -3093,17 +3455,51 @@ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y= -k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230308161112-d77c459e9343 h1:m7tbIjXGcGIAtpmQr7/NAi7RsWoW3E7Zcm4jI1HicTc= +k8s.io/utils v0.0.0-20230308161112-d77c459e9343/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= +lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= +modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= +modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= +modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= +modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= +modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= +modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= +modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A= +modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU= +modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= +modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= +modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= +modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= +modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= +modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= +modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= +modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= +modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= mvdan.cc/sh/v3 v3.7.0 h1:lSTjdP/1xsddtaKfGg7Myu7DnlHItd3/M2tomOcNNBg= mvdan.cc/sh/v3 v3.7.0/go.mod h1:K2gwkaesF/D7av7Kxl0HbF5kGOd2ArupNTX3X44+8l8= mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 h1:Jh3LAeMt1eGpxomyu3jVkmVZWW2MxZ1qIIV2TZ/nRio= -nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= +nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= From 87bacb995e818dc0209dec440da6b10351ef35ae Mon Sep 17 00:00:00 2001 From: Spencer Schrock Date: Wed, 21 Jun 2023 09:33:57 -0700 Subject: [PATCH 292/316] :seedling: Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#3197) Signed-off-by: Spencer Schrock --- go.mod | 6 +++--- go.sum | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 4078c80cf13..b5e11063fdd 100644 --- a/go.mod +++ b/go.mod @@ -133,7 +133,7 @@ require ( github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect github.com/containerd/typeurl v1.0.2 // indirect github.com/docker/cli v23.0.5+incompatible // indirect - github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/docker v23.0.5+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect @@ -190,8 +190,8 @@ replace ( // https://deps.dev/advisory/OSV/GO-2020-0017?from=%2Fgo%2Fk8s.io%252Fclient-go%2Fv0.0.0-20200207030105-473926661c44 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c => github.com/golang-jwt/jwt v3.2.1+incompatible github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/golang-jwt/jwt v3.2.1+incompatible - // This replace is for GHSA-qq97-vm5h-rrhg - github.com/docker/distribution => github.com/docker/distribution v2.8.0+incompatible + // This replace is for GHSA-qq97-vm5h-rrhg and GHSA-hqxw-f8mx-cpmw + github.com/docker/distribution => github.com/docker/distribution v2.8.2+incompatible // This replace is for https://osv.dev/vulnerability/GHSA-r48q-9g5r-8q2h github.com/emicklei/go-restful => github.com/emicklei/go-restful v2.16.0+incompatible // https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2020-0020.yaml diff --git a/go.sum b/go.sum index e6bbb1c823d..b1e0ea4bdd8 100644 --- a/go.sum +++ b/go.sum @@ -1099,8 +1099,8 @@ github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5O github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY= -github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= +github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= From 20b4aab033a660df11f7f79a5db3f8dd5274b907 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 16:35:48 +0000 Subject: [PATCH 293/316] :seedling: Bump github.com/google/ko from 0.13.0 to 0.14.1 in /tools Bumps [github.com/google/ko](https://github.com/google/ko) from 0.13.0 to 0.14.1. - [Release notes](https://github.com/google/ko/releases) - [Changelog](https://github.com/ko-build/ko/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/ko/compare/v0.13.0...v0.14.1) --- updated-dependencies: - dependency-name: github.com/google/ko dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tools/go.mod | 62 ++++++++++++------------ tools/go.sum | 131 ++++++++++++++++++++++++++------------------------- 2 files changed, 99 insertions(+), 94 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index f892bda7141..9aa56b6876b 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -6,7 +6,7 @@ require ( github.com/golang/mock v1.6.0 github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 - github.com/google/ko v0.13.0 + github.com/google/ko v0.14.1 github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.11.0 @@ -17,7 +17,7 @@ require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect cloud.google.com/go v0.110.0 // indirect - cloud.google.com/go/compute v1.19.0 // indirect + cloud.google.com/go/compute v1.19.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v0.13.0 // indirect cloud.google.com/go/kms v1.10.2 // indirect @@ -51,9 +51,9 @@ require ( github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig v2.22.0+incompatible // indirect - github.com/Microsoft/go-winio v0.6.0 // indirect + github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OpenPeeDeeP/depguard v1.1.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/acomagu/bufpipe v1.0.3 // indirect github.com/alessio/shellescape v1.4.1 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect @@ -62,7 +62,7 @@ require ( github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect - github.com/aws/aws-sdk-go v1.44.257 // indirect + github.com/aws/aws-sdk-go v1.44.259 // indirect github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect github.com/aws/aws-sdk-go-v2/config v1.18.23 // indirect @@ -124,9 +124,9 @@ require ( github.com/disgoorg/json v1.0.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect - github.com/docker/cli v23.0.1+incompatible // indirect + github.com/docker/cli v23.0.5+incompatible // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v23.0.3+incompatible // indirect + github.com/docker/docker v24.0.2+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-units v0.5.0 // indirect @@ -148,8 +148,8 @@ require ( github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect - github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.20.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.1 // indirect github.com/go-openapi/loads v0.21.2 // indirect github.com/go-openapi/runtime v0.26.0 // indirect github.com/go-openapi/spec v0.20.9 // indirect @@ -182,8 +182,8 @@ require ( github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/go-containerregistry v0.14.0 // indirect - github.com/google/go-github/v50 v50.1.0 // indirect + github.com/google/go-containerregistry v0.15.2 // indirect + github.com/google/go-github/v50 v50.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect github.com/google/s2a-go v0.1.3 // indirect @@ -268,9 +268,9 @@ require ( github.com/oklog/ulid v1.3.1 // indirect github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc2 // indirect + github.com/opencontainers/image-spec v1.1.0-rc3 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pelletier/go-toml/v2 v2.0.6 // indirect + github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -294,7 +294,7 @@ require ( github.com/securego/gosec/v2 v2.15.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect - github.com/sigstore/cosign/v2 v2.0.0 // indirect + github.com/sigstore/cosign/v2 v2.0.3-0.20230523133326-0544abd8fc8a // indirect github.com/sigstore/rekor v1.2.0 // indirect github.com/sigstore/sigstore v1.6.4 // indirect github.com/sirupsen/logrus v1.9.0 // indirect @@ -304,12 +304,12 @@ require ( github.com/slack-go/slack v0.12.2 // indirect github.com/sonatard/noctx v0.0.2 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect - github.com/spf13/afero v1.9.3 // indirect - github.com/spf13/cast v1.5.0 // indirect + github.com/spf13/afero v1.9.5 // indirect + github.com/spf13/cast v1.5.1 // indirect github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.15.0 // indirect + github.com/spf13/viper v1.16.0 // indirect github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect github.com/stretchr/objx v0.5.0 // indirect @@ -330,7 +330,7 @@ require ( github.com/ultraware/funlen v0.0.3 // indirect github.com/ultraware/whitespace v0.0.5 // indirect github.com/uudashr/gocognit v1.0.6 // indirect - github.com/vbatts/tar-split v0.11.2 // indirect + github.com/vbatts/tar-split v0.11.3 // indirect github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect github.com/xanzy/go-gitlab v0.83.0 // indirect github.com/xanzy/ssh-agent v0.3.1 // indirect @@ -342,23 +342,23 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/automaxprocs v1.5.2 // indirect - go.uber.org/multierr v1.9.0 // indirect + go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect gocloud.dev v0.29.0 // indirect - golang.org/x/crypto v0.9.0 // indirect + golang.org/x/crypto v0.10.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect - golang.org/x/mod v0.10.0 // indirect - golang.org/x/net v0.10.0 // indirect - golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sync v0.2.0 // indirect + golang.org/x/mod v0.11.0 // indirect + golang.org/x/net v0.11.0 // indirect + golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.9.0 // indirect - golang.org/x/term v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/term v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.9.3 // indirect + golang.org/x/tools v0.10.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.121.0 // indirect + google.golang.org/api v0.123.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect google.golang.org/grpc v1.55.0 // indirect @@ -371,14 +371,14 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/v3 v3.1.0 // indirect honnef.co/go/tools v0.4.3 // indirect - k8s.io/apimachinery v0.26.2 // indirect + k8s.io/apimachinery v0.27.3 // indirect k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect + k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect mvdan.cc/gofumpt v0.4.0 // indirect mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d // indirect - sigs.k8s.io/kind v0.17.0 // indirect + sigs.k8s.io/kind v0.20.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/tools/go.sum b/tools/go.sum index 71659453f3a..dbbaef05a55 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -128,8 +128,8 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.0 h1:+9zda3WGgW1ZSTlVppLCYFIr48Pa35q1uG2N1itbCEQ= -cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= +cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= @@ -468,8 +468,8 @@ github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fw github.com/Azure/go-amqp v0.18.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= @@ -543,8 +543,8 @@ github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JP github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= -github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= +github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= +github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -565,8 +565,8 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE github.com/OpenPeeDeeP/depguard v1.1.1 h1:TSUznLjvp/4IUP+OQ0t/4jF4QUyxIcVX8YnghZdunyA= github.com/OpenPeeDeeP/depguard v1.1.1/go.mod h1:JtAMzWkmFEzDPyAd+W0NHl1lvpQKTvT9jnRVsohBKpc= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066 h1:RhBLDn2Z5h+f6yo9DZD6bpFSVc7UsB8S/LqFYDhxm9I= -github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066/go.mod h1:UBYPn8k0D56RtnR8RFQMjmh4KrZzWJ5o7Z9SYjossQ8= +github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= +github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a h1:W6RrgN/sTxg1msqzFFb+G80MFmpjMw61IU+slm+wln4= github.com/ProtonMail/gopenpgp/v2 v2.2.2 h1:u2m7xt+CZWj88qK1UUNBoXeJCFJwJCZ/Ff4ymGoxEXs= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -628,8 +628,8 @@ github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4 github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.257 h1:HwelXYZZ8c34uFFhgVw3ybu2gB5fkk8KLj2idTvzZb8= -github.com/aws/aws-sdk-go v1.44.257/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.259 h1:7yDn1dcv4DZFMKpu+2exIH5O6ipNj9qXrKfdMUaIJwY= +github.com/aws/aws-sdk-go v1.44.259/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= @@ -1013,8 +1013,8 @@ github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/ github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM= -github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE= +github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -1024,8 +1024,8 @@ github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= -github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v24.0.2+incompatible h1:eATx+oLz9WdNVkQrr0qjQ8HvRJ4bOOxfzEo8R+dA3cg= +github.com/docker/docker v24.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= @@ -1111,8 +1111,8 @@ github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHqu github.com/franela/goblin v0.0.0-20210519012713-85d372ac71e2/go.mod h1:VzmDKDJVZI3aJmnRI9VjAn9nJ8qPPsN1fqzr9dqInIo= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= -github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= +github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= @@ -1179,15 +1179,17 @@ github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuA github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA= github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= +github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= @@ -1404,10 +1406,10 @@ github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= -github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw= -github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= -github.com/google/go-github/v50 v50.1.0 h1:hMUpkZjklC5GJ+c3GquSqOP/T4BNsB7XohaPhtMOzRk= -github.com/google/go-github/v50 v50.1.0/go.mod h1:Ev4Tre8QoKiolvbpOSG3FIi4Mlon3S2Nt9W5JYqKiwA= +github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= +github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= +github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk= +github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -1418,8 +1420,8 @@ github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/ko v0.13.0 h1:tWOBpAR2PO0nfGhRQjYI1YbnUnhz0RUvCXgiTjKTlGQ= -github.com/google/ko v0.13.0/go.mod h1:0jnH1ruPe43u04aaYxTis3ZFMMuxK4zIsO/jD7S+PAA= +github.com/google/ko v0.14.1 h1:CU+iuIYOOUoSLpBi/gYhnJerig/an/6/cUaEZIOWSGo= +github.com/google/ko v0.14.1/go.mod h1:OrNWWNU4PEdaOArS3M2trorYoIbUwaZYBUHPOw6CVL0= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible h1:xmapqc1AyLoB+ddYT6r04bD9lIjlOqGaREovi0SzFaE= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -1915,8 +1917,8 @@ github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGq github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= -github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 h1:dcztxKSvZ4Id8iPpHERQBbIJfabdt4wUm5qy3wOL2Zc= github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= +github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= @@ -2030,8 +2032,8 @@ github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= -github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= +github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -2072,8 +2074,8 @@ github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaFVNZzmWyNfXas= -github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU= -github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= +github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= +github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= @@ -2182,8 +2184,8 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -2232,8 +2234,8 @@ github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOms github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= -github.com/sigstore/cosign/v2 v2.0.0 h1:x+K6VQKtrBR9/MYOx6ebJB6/Aux56nmf2Zn3chZlP5w= -github.com/sigstore/cosign/v2 v2.0.0/go.mod h1:MeJyYfKll3AAsb+CdnhI3YkecDPX2erPvf1JaUaFCrM= +github.com/sigstore/cosign/v2 v2.0.3-0.20230523133326-0544abd8fc8a h1:4j4hrwYblDkNouA2fZ/hKvtJhV/N+jJGhLoRXUNLYmE= +github.com/sigstore/cosign/v2 v2.0.3-0.20230523133326-0544abd8fc8a/go.mod h1:em8IHAamkOMXzXHjHx5NdLO1d8erWDMlGRlx0XE5TtI= github.com/sigstore/rekor v1.2.0 h1:ahlnoEY3zo8Vc+eZLPobamw6YfBTAbI0lthzUQd6qe4= github.com/sigstore/rekor v1.2.0/go.mod h1:zcFO54qIg2G1/i0sE/nvmELUOng/n0MPjTszRYByVPo= github.com/sigstore/sigstore v1.6.4 h1:jH4AzR7qlEH/EWzm+opSpxCfuUcjHL+LJPuQE7h40WE= @@ -2276,12 +2278,13 @@ github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY52 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo= github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= -github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk= -github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= +github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= +github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= +github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA= +github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= @@ -2301,8 +2304,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= -github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= -github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= +github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc= +github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg= github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0= github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I= github.com/stbenjam/no-sprintf-host-port v0.1.1 h1:tYugd/yrm1O0dV+ThCbaKZh195Dfm07ysF0U6JQXczc= @@ -2391,11 +2394,11 @@ github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/uudashr/gocognit v1.0.6 h1:2Cgi6MweCsdB6kpcVQp7EW4U23iBFQWfTXiWlyp842Y= github.com/uudashr/gocognit v1.0.6/go.mod h1:nAIUuVBnYU7pcninia3BHOvQkpQCeO76Uscky5BOwcY= -github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= -github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= +github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck= +github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= @@ -2554,8 +2557,9 @@ go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+ go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= @@ -2611,8 +2615,8 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2667,8 +2671,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= +golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2760,8 +2764,8 @@ golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmL golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2793,8 +2797,8 @@ golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2812,8 +2816,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= -golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2963,6 +2967,7 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2982,8 +2987,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= +golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2998,8 +3003,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -3115,8 +3120,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= +golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -3193,8 +3198,8 @@ google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/ google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.121.0 h1:8Oopoo8Vavxx6gt+sgs8s8/X60WBAtKQq6JqnkF+xow= -google.golang.org/api v0.121.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= +google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20= +google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3490,8 +3495,8 @@ k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= +k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= +k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/apiserver v0.20.6/go.mod h1:QIJXNt6i6JB+0YQRNcS0hdRHJlMhflFmsBDeSgT1r8Q= @@ -3541,8 +3546,8 @@ k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20230115233650-391b47cb4029 h1:L8zDtT4jrxj+TaQYD0k8KNlr556WaVQylDXswKmX+dE= -k8s.io/utils v0.0.0-20230115233650-391b47cb4029/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= +k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= mvdan.cc/gofumpt v0.4.0 h1:JVf4NN1mIpHogBj7ABpgOyZc65/UUOkKQFkoURsz4MM= mvdan.cc/gofumpt v0.4.0/go.mod h1:PljLOHDeZqgS8opHRKLzp2It2VBuSdteAgqUfzMTxlQ= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= @@ -3562,8 +3567,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyz sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kind v0.17.0 h1:CScmGz/wX66puA06Gj8OZb76Wmk7JIjgWf5JDvY7msM= -sigs.k8s.io/kind v0.17.0/go.mod h1:Qqp8AiwOlMZmJWs37Hgs31xcbiYXjtXlRBSftcnZXQk= +sigs.k8s.io/kind v0.20.0 h1:f0sc3v9mQbGnjBUaqSFST1dwIuiikKVGgoTwpoP33a8= +sigs.k8s.io/kind v0.20.0/go.mod h1:aBlbxg08cauDgZ612shr017/rZwqd7AS563FvpWKPVs= sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= From b4c197ccede54ba9d1df833fa252f953dc52c375 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 21 Jun 2023 16:13:24 -0500 Subject: [PATCH 294/316] :seedling: e2e for licenses (#3177) * :seedling: e2e for licenses - e2e for licenses Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- clients/githubrepo/licenses_e2e_test.go | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 clients/githubrepo/licenses_e2e_test.go diff --git a/clients/githubrepo/licenses_e2e_test.go b/clients/githubrepo/licenses_e2e_test.go new file mode 100644 index 00000000000..7e7f151c3c3 --- /dev/null +++ b/clients/githubrepo/licenses_e2e_test.go @@ -0,0 +1,62 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package githubrepo + +import ( + "context" + "net/http" + + "github.com/google/go-github/v38/github" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/ossf/scorecard/v4/clients" + "github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper" + "github.com/ossf/scorecard/v4/log" +) + +var _ = Describe("E2E TEST: githubrepo.licensesHandler", func() { + var lh *licensesHandler + + BeforeEach(func() { + ctx := context.Background() + rt := roundtripper.NewTransport(context.Background(), &log.Logger{}) + httpClient := &http.Client{ + Transport: rt, + } + client := github.NewClient(httpClient) + lh = &licensesHandler{ + ghclient: client, + ctx: ctx, + } + }) + Context("listLicenses()", func() { + It("returns licenses", func() { + repoURL := repoURL{ + owner: "ossf", + repo: "scorecard", + commitSHA: clients.HeadSHA, + } + + lh.init(context.Background(), &repoURL) + licenses, err := lh.listLicenses() + Expect(err).NotTo(HaveOccurred()) + Expect(lh.errSetup).Should(BeNil()) + Expect(len(licenses)).Should(Equal(1)) + Expect(licenses[0].Name).Should(Equal("Apache License 2.0")) + Expect(licenses[0].Path).Should(Equal("LICENSE")) + }) + }) +}) From 4edb07802fdad892fa8d10f8fd47666b6ccc27c9 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 21 Jun 2023 16:57:50 -0500 Subject: [PATCH 295/316] :seedling: Included tests for accessor (#3178) * :seedling: Included tests for accessor - Add test file for Token Accessor Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Code review comments. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --------- Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .../roundtripper/tokens/accessor_test.go | 129 ++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 clients/githubrepo/roundtripper/tokens/accessor_test.go diff --git a/clients/githubrepo/roundtripper/tokens/accessor_test.go b/clients/githubrepo/roundtripper/tokens/accessor_test.go new file mode 100644 index 00000000000..9f2ed14511b --- /dev/null +++ b/clients/githubrepo/roundtripper/tokens/accessor_test.go @@ -0,0 +1,129 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package tokens + +import ( + "errors" + "fmt" + "log" + "net/http" + "net/rpc" + "testing" +) + +//nolint:paralleltest +func TestMakeTokenAccessor(t *testing.T) { + tests := []struct { + name string + useGitHubToken bool + useServer bool + }{ + { + name: "GitHub Token", + useGitHubToken: true, + }, + { + name: "No GitHub Token", + useGitHubToken: false, + }, + { + name: "Server", + useServer: true, + }, + } + t.Setenv("GITHUB_AUTH_TOKEN", "") + t.Setenv("GITHUB_TOKEN", "") + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + switch { + case tt.useGitHubToken: + t.Helper() + testToken(t) + case tt.useServer: + t.Helper() + testServer(t) + default: + got := MakeTokenAccessor() + if got != nil { + t.Errorf("MakeTokenAccessor() = %v, want nil", got) + } + } + }) + } +} + +func testToken(t *testing.T) { + t.Helper() + token := "test" + t.Setenv("GITHUB_AUTH_TOKEN", token) + got := MakeTokenAccessor() + if got == nil { + t.Errorf("MakeTokenAccessor() = nil, want not nil") + } + raccess, ok := got.(*roundRobinAccessor) + if !ok { + t.Errorf("MakeTokenAccessor() = %v, want *roundRobinAccessor", got) + } + if raccess.accessTokens[0] != token { + t.Errorf("accessTokens[0] = %v, want %v", raccess.accessTokens[0], token) + } +} + +func testServer(t *testing.T) { + t.Helper() + t.Setenv("GITHUB_AUTH_SERVER", "localhost:8080") + server := startTestServer() + t.Cleanup(func() { + serverShutdown(server) + }) + myRPCService := &MyRPCService{} + rpc.Register(myRPCService) //nolint:errcheck + server.Handler = nil + rpc.HandleHTTP() + got := MakeTokenAccessor() + if got == nil { + t.Errorf("MakeTokenAccessor() = nil, want not nil") + } +} + +type MyRPCService struct { + // Define your RPC service methods here +} + +func startTestServer() *http.Server { + // Create a new server + server := &http.Server{ //nolint:gosec + Addr: ":8080", + Handler: nil, // Use the default handler + } + + // Start the server in a separate goroutine + go func() { + fmt.Println("Starting server on http://localhost:8080") + if err := server.ListenAndServe(); err != nil && !errors.Is(http.ErrServerClosed, err) { + log.Fatal(err) + } + }() + + return server +} + +func serverShutdown(server *http.Server) { + err := server.Close() + if err != nil { + log.Fatalf("Error shutting down server: %s\n", err.Error()) + } + + fmt.Println("Server gracefully stopped") +} From 2aa9887f13c51eca450ab3b3c6526725759f03ba Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 23 Jun 2023 11:33:09 -0500 Subject: [PATCH 296/316] :seedling: Improve GitHub Access Token Tests (#3206) - Replace `startTestServer()` with `httptest.NewServer` Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .../roundtripper/tokens/accessor_test.go | 43 +++---------------- 1 file changed, 6 insertions(+), 37 deletions(-) diff --git a/clients/githubrepo/roundtripper/tokens/accessor_test.go b/clients/githubrepo/roundtripper/tokens/accessor_test.go index 9f2ed14511b..9904a39fa66 100644 --- a/clients/githubrepo/roundtripper/tokens/accessor_test.go +++ b/clients/githubrepo/roundtripper/tokens/accessor_test.go @@ -14,11 +14,9 @@ package tokens import ( - "errors" - "fmt" - "log" - "net/http" + "net/http/httptest" "net/rpc" + "strings" "testing" ) @@ -82,14 +80,12 @@ func testToken(t *testing.T) { func testServer(t *testing.T) { t.Helper() - t.Setenv("GITHUB_AUTH_SERVER", "localhost:8080") - server := startTestServer() - t.Cleanup(func() { - serverShutdown(server) - }) + server := httptest.NewServer(nil) + serverURL := strings.TrimPrefix(server.URL, "http://") + t.Setenv("GITHUB_AUTH_SERVER", serverURL) + t.Cleanup(server.Close) myRPCService := &MyRPCService{} rpc.Register(myRPCService) //nolint:errcheck - server.Handler = nil rpc.HandleHTTP() got := MakeTokenAccessor() if got == nil { @@ -100,30 +96,3 @@ func testServer(t *testing.T) { type MyRPCService struct { // Define your RPC service methods here } - -func startTestServer() *http.Server { - // Create a new server - server := &http.Server{ //nolint:gosec - Addr: ":8080", - Handler: nil, // Use the default handler - } - - // Start the server in a separate goroutine - go func() { - fmt.Println("Starting server on http://localhost:8080") - if err := server.ListenAndServe(); err != nil && !errors.Is(http.ErrServerClosed, err) { - log.Fatal(err) - } - }() - - return server -} - -func serverShutdown(server *http.Server) { - err := server.Close() - if err != nil { - log.Fatalf("Error shutting down server: %s\n", err.Error()) - } - - fmt.Println("Server gracefully stopped") -} From eb941e396499e64e7b83d30e54c0a462c93f61fb Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Fri, 23 Jun 2023 12:53:31 -0400 Subject: [PATCH 297/316] =?UTF-8?q?=F0=9F=8C=B1=20cron:=20structured=20log?= =?UTF-8?q?ging=20(#3167)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Structured logging for cron Signed-off-by: Raghav Kaul * also update scorecard worker logger Signed-off-by: Raghav Kaul * address pr comments * set json fields * docs link --------- Signed-off-by: Raghav Kaul --- cron/internal/worker/main.go | 2 +- cron/worker/worker.go | 2 +- log/log.go | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index 5eccc1a25a4..7d12631eb8c 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -118,7 +118,7 @@ func newScorecardWorker() (*ScorecardWorker, error) { } sw.ctx = context.Background() - sw.logger = log.NewLogger(log.InfoLevel) + sw.logger = log.NewCronLogger(log.InfoLevel) sw.githubClient = githubrepo.CreateGithubRepoClient(sw.ctx, sw.logger) // TODO(raghavkaul): Read GitLab auth token from environment if sw.gitlabClient, err = gitlabrepo.CreateGitlabClient(sw.ctx, "https://gitlab.com"); err != nil { diff --git a/cron/worker/worker.go b/cron/worker/worker.go index d91b6c38582..15ab545713e 100644 --- a/cron/worker/worker.go +++ b/cron/worker/worker.go @@ -74,7 +74,7 @@ func (wl *WorkLoop) Run() error { return fmt.Errorf("config.GetResultDataBucketURL: %w", err) } - logger := log.NewLogger(log.InfoLevel) + logger := log.NewCronLogger(log.InfoLevel) for { req, err := subscriber.SynchronousPull() diff --git a/log/log.go b/log/log.go index 368440c6ce5..b86d16d3f7c 100644 --- a/log/log.go +++ b/log/log.go @@ -41,6 +41,23 @@ func NewLogger(logLevel Level) *Logger { return NewLogrusLogger(logrusLog) } +// NewCronLogger creates an instance of *Logger. +func NewCronLogger(logLevel Level) *Logger { + logrusLog := logrus.New() + + // for stackdriver, see: https://cloud.google.com/logging/docs/structured-logging#special-payload-fields + logrusLog.SetFormatter(&logrus.JSONFormatter{FieldMap: logrus.FieldMap{ + logrus.FieldKeyLevel: "severity", + logrus.FieldKeyMsg: "message", + }}) + + // Set log level from logrus + logrusLevel := parseLogrusLevel(logLevel) + logrusLog.SetLevel(logrusLevel) + + return NewLogrusLogger(logrusLog) +} + // NewLogrusLogger creates an instance of *Logger backed by the supplied // logrusLog instance. func NewLogrusLogger(logrusLog *logrus.Logger) *Logger { From a912722ae9bc4cd2de8fa5d3bded43d3aafa8252 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 11:14:24 -0500 Subject: [PATCH 298/316] :seedling: Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#3212) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 92e0caad8d1..f1b3e1ea743 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: "Run analysis" - uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 + uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 with: results_file: results.sarif results_format: sarif From cf2e0667afcc70469fed1cb2daaec3974a9942cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 16:24:51 +0000 Subject: [PATCH 299/316] :seedling: Bump tj-actions/changed-files from 36.4.1 to 37.0.3 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 36.4.1 to 37.0.3. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/54479c37f5eb47a43e595c6b71e1df2c112ce7f1...ec1e14cf27f4585783f463070881b2c499349a8a) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bfe27a0e52e..b612cba9e5d 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@54479c37f5eb47a43e595c6b71e1df2c112ce7f1 #v36.4.1 + uses: tj-actions/changed-files@ec1e14cf27f4585783f463070881b2c499349a8a #v37.0.3 with: files_ignore: '**.md' - id: docs_only_check From a858c06b4b55b4def5b0a6d69c0287e09f82c8a6 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 26 Jun 2023 17:17:58 -0500 Subject: [PATCH 300/316] :seedling: Add unit tests for roundrobin (#3202) - Add tests for the round-robin token accessor Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .../roundtripper/tokens/round_robin_test.go | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 clients/githubrepo/roundtripper/tokens/round_robin_test.go diff --git a/clients/githubrepo/roundtripper/tokens/round_robin_test.go b/clients/githubrepo/roundtripper/tokens/round_robin_test.go new file mode 100644 index 00000000000..f6a4e20b18f --- /dev/null +++ b/clients/githubrepo/roundtripper/tokens/round_robin_test.go @@ -0,0 +1,48 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package tokens + +import ( + "testing" +) + +//golint:paralleltest +func TestNext(t *testing.T) { + tokens := []string{"token1", "token2", "token3", "token4", "token5"} + rr := makeRoundRobinAccessor(tokens) + + tests := []struct { + name string + releaseID *uint64 // nil if no token is released + want string + }{ + {"First call", nil, "token2"}, + {"Second call", nil, "token3"}, + {"Third call", nil, "token4"}, + {"Fourth call", nil, "token5"}, + {"After release", func() *uint64 { v := uint64(0); return &v }(), "token1"}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if tt.releaseID != nil { + rr.Release(*tt.releaseID) + } + _, got := rr.Next() + if got != tt.want { + t.Errorf("Next() = %s, want %s", got, tt.want) + } + }) + } +} From edacaa6ce45aefff2f456b8456391604515aba30 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Mon, 26 Jun 2023 17:28:07 -0500 Subject: [PATCH 301/316] :seedling: Added unit tests for rpc (#3203) - Add a mockTokenAccessor and TokenOverRPC wrapper for testing - Add tests for TokenOverRPC.Next and TokenOverRPC.Release [clients/githubrepo/roundtripper/tokens/rpc_test.go] - Add a mockTokenAccessor for testing - Add a TokenOverRPC wrapper - Add a Next method to TokenOverRPC - Add a Release method to TokenOverRPC - Add a test for TokenOverRPC.Next - Add a test for TokenOverRPC.Release Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- .../roundtripper/tokens/rpc_test.go | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 clients/githubrepo/roundtripper/tokens/rpc_test.go diff --git a/clients/githubrepo/roundtripper/tokens/rpc_test.go b/clients/githubrepo/roundtripper/tokens/rpc_test.go new file mode 100644 index 00000000000..2a0c74b51c4 --- /dev/null +++ b/clients/githubrepo/roundtripper/tokens/rpc_test.go @@ -0,0 +1,77 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package tokens + +import "testing" + +// mockTokenAccessor implements TokenAccessor for testing. +type mockTokenAccessor struct { + tokens []string + counter uint64 +} + +// Next implements TokenAccessor.Next. +func (m *mockTokenAccessor) Next() (uint64, string) { + if len(m.tokens) == 0 { + return 0, "" + } + token := m.tokens[0] + m.tokens = m.tokens[1:] + m.counter++ + return m.counter, token +} + +// Release implements TokenAccessor.Release. +func (m *mockTokenAccessor) Release(id uint64) { + // No-op for mock. +} + +// NewMockTokenAccessor creates a new mockTokenAccessor. +func newMockTokenAccessor(tokens []string) *mockTokenAccessor { + return &mockTokenAccessor{ + tokens: tokens, + } +} + +func TestTokenOverRPC_Next(t *testing.T) { + mockClient := newMockTokenAccessor([]string{"token1", "token2", "token3"}) + rpc := NewTokenOverRPC(mockClient) + token := &Token{} + x := struct{}{} + err := rpc.Next(x, token) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if token.Value != "token1" { + t.Fatalf("unexpected token: %s", token.Value) + } + err = rpc.Next(x, token) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if token.Value != "token2" { + t.Fatalf("unexpected token: %s", token.Value) + } +} + +func TestTokenOverRPC_Release(t *testing.T) { + mockClient := newMockTokenAccessor([]string{"token1", "token2", "token3"}) + rpc := NewTokenOverRPC(mockClient) + + var reply struct{} + err := rpc.Release(2, &reply) + if err != nil { + t.Errorf("Expected no error, got %v", err) + } +} From 54f7f1a42c1a30698b77fe4d86c6ca47b32fa8fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:22:21 -0500 Subject: [PATCH 302/316] :seedling: Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#3224) Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index b5e11063fdd..9cc5e262f75 100644 --- a/go.mod +++ b/go.mod @@ -37,7 +37,7 @@ require ( golang.org/x/text v0.10.0 golang.org/x/tools v0.10.0 google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 mvdan.cc/sh/v3 v3.7.0 diff --git a/go.sum b/go.sum index b1e0ea4bdd8..193fe1a541d 100644 --- a/go.sum +++ b/go.sum @@ -3306,8 +3306,9 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 09ee1ec4f43e549084026ecaec79bee995660b14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 13:24:06 +0000 Subject: [PATCH 303/316] :seedling: Bump google.golang.org/protobuf in /tools Bumps google.golang.org/protobuf from 1.30.0 to 1.31.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- tools/go.mod | 2 +- tools/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index 9aa56b6876b..fecbda84a3c 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -10,7 +10,7 @@ require ( github.com/goreleaser/goreleaser v1.18.2 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.11.0 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 ) require ( diff --git a/tools/go.sum b/tools/go.sum index dbbaef05a55..f1d1237f868 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -3408,8 +3408,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= From 40a1a889757b0776d64b48f11aedf4646e91f0ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 13:35:43 +0000 Subject: [PATCH 304/316] :seedling: Bump cloud.google.com/go/bigquery from 1.51.2 to 1.52.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.51.2 to 1.52.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.51.2...bigquery/v1.52.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 9cc5e262f75..a7b30b4ef51 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( ) require ( - cloud.google.com/go/bigquery v1.51.2 + cloud.google.com/go/bigquery v1.52.0 cloud.google.com/go/monitoring v1.15.0 // indirect cloud.google.com/go/pubsub v1.31.0 cloud.google.com/go/trace v1.10.0 // indirect diff --git a/go.sum b/go.sum index 193fe1a541d..56ec56fa46f 100644 --- a/go.sum +++ b/go.sum @@ -130,8 +130,8 @@ cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/Zur cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= -cloud.google.com/go/bigquery v1.51.2 h1:p6SZQJBh64rNJB/9V5O0jvMBI8O/XV5rJKlhmmCU+2o= -cloud.google.com/go/bigquery v1.51.2/go.mod h1:6YYSJ37dAY1HyMDq/+XByPmzsC52MgzNXhxjlTzIVCM= +cloud.google.com/go/bigquery v1.52.0 h1:JKLNdxI0N+TIUWD6t9KN646X27N5dQWq9dZbbTWZ8hc= +cloud.google.com/go/bigquery v1.52.0/go.mod h1:3b/iXjRQGU4nKa87cXeg6/gogLjO8C6PmuM8i5Bi/u4= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= @@ -207,8 +207,8 @@ cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= -cloud.google.com/go/datacatalog v1.13.0 h1:4H5IJiyUE0X6ShQBqgFFZvGGcrwGVndTwUSLP4c52gw= cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= +cloud.google.com/go/datacatalog v1.14.0 h1:ScW+U7bcoNYdS4xuVfnNdt2nR2j7esPyFJEZFW87ZzY= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= From 5e3f8aee7b135fbb57dc6968198ad7048a34813a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 13:47:32 +0000 Subject: [PATCH 305/316] :seedling: Bump github.com/google/osv-scanner from 1.3.4 to 1.3.5 Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.4 to 1.3.5. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.4...v1.3.5) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 10 ++++++---- go.sum | 23 ++++++++++++++--------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index a7b30b4ef51..a1e143f9a1c 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/caarlos0/env/v6 v6.10.0 github.com/gobwas/glob v0.2.3 - github.com/google/osv-scanner v1.3.4 + github.com/google/osv-scanner v1.3.5 github.com/mcuadros/go-jsonschema-generator v0.0.0-20200330054847-ba7a369d4303 github.com/onsi/ginkgo/v2 v2.11.0 github.com/otiai10/copy v1.12.0 @@ -58,7 +58,7 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/containeranalysis v0.9.0 // indirect cloud.google.com/go/kms v1.12.0 // indirect - github.com/BurntSushi/toml v1.3.0 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/CycloneDX/cyclonedx-go v0.7.1 // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect github.com/andybalholm/brotli v1.0.4 // indirect @@ -71,6 +71,8 @@ require ( github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/goark/errs v1.1.0 // indirect + github.com/goark/go-cvss v1.6.6 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/golang/glog v1.1.0 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -93,13 +95,13 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect + github.com/package-url/packageurl-go v0.1.1 // indirect github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/prometheus/prometheus v0.44.0 // indirect github.com/skeema/knownhosts v1.1.1 // indirect github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect - github.com/spdx/tools-golang v0.5.1 // indirect + github.com/spdx/tools-golang v0.5.2 // indirect github.com/zeebo/xxh3 v1.0.2 // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/term v0.9.0 // indirect diff --git a/go.sum b/go.sum index 56ec56fa46f..e060bf8603b 100644 --- a/go.sum +++ b/go.sum @@ -711,8 +711,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1/go.mod h1:4qFo github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= -github.com/BurntSushi/toml v1.3.0 h1:Ws8e5YmnrGEHzZEzg0YvK/7COGYtTC5PbaH9oSSbgfA= -github.com/BurntSushi/toml v1.3.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CycloneDX/cyclonedx-go v0.7.1 h1:5w1SxjGm9MTMNTuRbEPyw21ObdbaagTWF/KfF0qHTRE= github.com/CycloneDX/cyclonedx-go v0.7.1/go.mod h1:N/nrdWQI2SIjaACyyDs/u7+ddCkyl/zkNs8xFsHF2Ps= @@ -1298,6 +1298,10 @@ github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEe github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= github.com/go-zookeeper/zk v1.0.3/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw= +github.com/goark/errs v1.1.0 h1:FKnyw4LVyRADIjM8Nj0Up6r0/y5cfADvZAd1E+tthXE= +github.com/goark/errs v1.1.0/go.mod h1:TtaPEoadm2mzqzfXdkkfpN2xuniCFm2q4JH+c1qzaqw= +github.com/goark/go-cvss v1.6.6 h1:WJFuIWqmAw1Ilb9USv0vuX+nYzOWJp8lIujseJ/y3sU= +github.com/goark/go-cvss v1.6.6/go.mod h1:H3qbfUSUlV7XtA3EwWNunvXz6OySwWHOuO+R6ZPMQPI= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= @@ -1459,8 +1463,8 @@ github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= -github.com/google/osv-scanner v1.3.4 h1:OHy7cazw2IDgqijnhTZFBV0jH9Xe3f/GvnK/F4aZQ0Y= -github.com/google/osv-scanner v1.3.4/go.mod h1:lic9NGB9H6AF6XxDVGYg2guvjgfEbSXigOaSyrF93Vc= +github.com/google/osv-scanner v1.3.5 h1:c0Qysr565PEWouwm48QEY5GyS3tfgcT4aKqjOUTqGqU= +github.com/google/osv-scanner v1.3.5/go.mod h1:4SNp5Uz1X4tFjBecqtTV/3KcmCBRaQ3haUMAJuD1ij0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= @@ -1991,8 +1995,8 @@ github.com/otiai10/copy v1.12.0 h1:cLMgSQnXBs1eehF0Wy/FAGsgDTDmAqFR7rQylBb1nDY= github.com/otiai10/copy v1.12.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M= -github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 h1:DiLBVp4DAcZlBVBEtJpNWZpZVq0AEeCY7Hqk8URVs4o= -github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= +github.com/package-url/packageurl-go v0.1.1 h1:KTRE0bK3sKbFKAk3yy63DpeskU7Cvs/x/Da5l+RtzyU= +github.com/package-url/packageurl-go v0.1.1/go.mod h1:uQd4a7Rh3ZsVg5j0lNyAfyxIeGde9yrlhjF78GzeW0c= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -2164,8 +2168,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY= github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM= -github.com/spdx/tools-golang v0.5.1 h1:fJg3SVOGG+eIva9ZUBm/hvyA7PIPVFjRxUKe6fdAgwE= -github.com/spdx/tools-golang v0.5.1/go.mod h1:/DRDQuBfB37HctM29YtrX1v+bXiVmT2OpQDalRmX9aU= +github.com/spdx/tools-golang v0.5.2 h1:dtMNjJreWPe37584ajk7m/rQtfJaLpRMk7pUGgvekOg= +github.com/spdx/tools-golang v0.5.2/go.mod h1:/ETOahiAo96Ob0/RAIBmFZw6XN0yTnyr/uFZm2NTMhI= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= @@ -2219,8 +2223,9 @@ github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= From 748ee2028dffcb1ce275664db438b84901b27f4f Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Wed, 28 Jun 2023 12:25:34 -0400 Subject: [PATCH 306/316] Disable GitLab code review tests (#3222) Signed-off-by: Raghav Kaul --- e2e/code_review_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/e2e/code_review_test.go b/e2e/code_review_test.go index be208388db4..c4eb25f17cb 100644 --- a/e2e/code_review_test.go +++ b/e2e/code_review_test.go @@ -126,6 +126,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { // GitLab doesn't seem to preserve merge requests (pull requests in github) and some users had data lost in // the transfer from github so this returns a different value than the above GitHub test. It("Should return use of code reviews at commit - GitLab", func() { + Skip("https://github.com/ossf/scorecard/issues/3193") skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") dl := scut.TestDetailLogger{} @@ -154,6 +155,7 @@ var _ = Describe("E2E TEST:"+checks.CheckCodeReview, func() { // GitLab doesn't seem to preserve merge requests (pull requests in github) and some users had data lost in // the transfer from github so this returns a different value than the above GitHub test. It("Should return use of code reviews at HEAD - GitLab", func() { + Skip("https://github.com/ossf/scorecard/issues/3193") skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") dl := scut.TestDetailLogger{} From 0a39e0b352ebf7f8896a3136c7972520a13a1f66 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:53:59 -0500 Subject: [PATCH 307/316] :seedling: Bump tj-actions/changed-files from 37.0.3 to 37.0.4 (#3228) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.0.3 to 37.0.4. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/ec1e14cf27f4585783f463070881b2c499349a8a...bb3376162b179308a79fc4450262a15a8e1d6888) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index b612cba9e5d..4df89239d27 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@ec1e14cf27f4585783f463070881b2c499349a8a #v37.0.3 + uses: tj-actions/changed-files@bb3376162b179308a79fc4450262a15a8e1d6888 #v37.0.4 with: files_ignore: '**.md' - id: docs_only_check From b2bc681a002741c79ff31f258338aacda29ecda2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Jun 2023 16:54:40 +0000 Subject: [PATCH 308/316] :seedling: Bump sigstore/cosign-installer from 3.0.5 to 3.1.1 Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.5 to 3.1.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/dd6b2e2b610a11fd73dd187a43d57cc1394e35f9...6e04d228eb30da1757ee4e1dd75a0ec73a653e06) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/publishimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index ec6593aa8a7..4c3c2bcfdde 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -58,7 +58,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 - name: Sign image run: | cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} From c72cfd5d32f3764128245c71a88c683a7dd9d0d0 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Thu, 29 Jun 2023 15:11:05 -0400 Subject: [PATCH 309/316] =?UTF-8?q?=F0=9F=8C=B1=20Gitlab:=20Move=20tests?= =?UTF-8?q?=20that=20connect=20to=20gitlab.com=20out=20of=20unit-tests=20(?= =?UTF-8?q?#3221)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Move tests that connect to GitLab out of e2e Signed-off-by: Raghav Kaul * update Signed-off-by: Raghav Kaul * mark as pat test Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- Makefile | 2 +- clients/gitlabrepo/commits_e2e_test.go | 75 +++++++++++++++++++++++++ clients/gitlabrepo/commits_test.go | 45 --------------- clients/gitlabrepo/contributors_test.go | 53 ----------------- e2e/contributors_test.go | 26 +++++++++ 5 files changed, 102 insertions(+), 99 deletions(-) create mode 100644 clients/gitlabrepo/commits_e2e_test.go diff --git a/Makefile b/Makefile index fb27d9d387c..076cc69708a 100644 --- a/Makefile +++ b/Makefile @@ -341,7 +341,7 @@ e2e-pat: build-scorecard check-env | $(GINKGO) e2e-gh-token: ## Runs e2e tests. Requires GITHUB_AUTH_TOKEN env var to be set to default GITHUB_TOKEN e2e-gh-token: build-scorecard check-env | $(GINKGO) # Run e2e tests. GITHUB_AUTH_TOKEN set to secrets.GITHUB_TOKEN must be used to run this. - TOKEN_TYPE="GITHUB_TOKEN" $(GINKGO) --race -p -v -cover -coverprofile=e2e-coverage.out --keep-separate-coverprofiles ./... + GITLAB_AUTH_TOKEN="" TOKEN_TYPE="GITHUB_TOKEN" $(GINKGO) --race -p -v -cover -coverprofile=e2e-coverage.out --keep-separate-coverprofiles ./... e2e-gitlab-token: ## Runs e2e tests that require a GITLAB_TOKEN e2e-gitlab-token: build-scorecard check-env-gitlab | $(GINKGO) diff --git a/clients/gitlabrepo/commits_e2e_test.go b/clients/gitlabrepo/commits_e2e_test.go new file mode 100644 index 00000000000..cc187aa295c --- /dev/null +++ b/clients/gitlabrepo/commits_e2e_test.go @@ -0,0 +1,75 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "fmt" + "os" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +type tokenType int + +const ( + patTokenType tokenType = iota + githubWorkflowDefaultTokenType + gitlabPATTokenType +) + +var tokType tokenType + +func skipIfTokenIsNot(t tokenType, msg string) { + if tokType != t { + Skip(msg) + } +} + +var _ = BeforeSuite(func() { + tt := os.Getenv("TOKEN_TYPE") + switch tt { + case "PAT": + tokType = patTokenType + case "GITHUB_TOKEN": + tokType = githubWorkflowDefaultTokenType + case "GITLAB_PAT": + tokType = gitlabPATTokenType + default: + panic(fmt.Sprintf("invalid TOKEN_TYPE: %s", tt)) + } +}) + +var _ = Describe("E2E TEST: gitlabrepo.commitsHandler", func() { + Context("ListCommits", func() { + It("Checks whether commits are listed - GitLab", func() { + skipIfTokenIsNot(patTokenType, "PAT only") + repo, err := MakeGitlabRepo("https://gitlab.com/baserow/baserow") + Expect(err).Should(BeNil()) + + client, err := CreateGitlabClient(context.Background(), repo.Host()) + Expect(err).Should(BeNil()) + + err = client.InitRepo(repo, "8a38c9f724c19b5422e27864a108318d1f769b8a", 20) + Expect(err).Should(BeNil()) + + c, err := client.ListCommits() + Expect(err).Should(BeNil()) + + Expect(len(c)).Should(BeNumerically(">", 0)) + }) + }) +}) diff --git a/clients/gitlabrepo/commits_test.go b/clients/gitlabrepo/commits_test.go index 93c179faee2..d7bc6b96bd9 100644 --- a/clients/gitlabrepo/commits_test.go +++ b/clients/gitlabrepo/commits_test.go @@ -15,54 +15,9 @@ package gitlabrepo import ( - "context" "testing" ) -func Test_Setup(t *testing.T) { - t.Parallel() - tcs := []struct { - name string - repourl string - commit string - depth int - }{ - { - name: "check that listcommits works", - repourl: "https://gitlab.com/fdroid/fdroidclient", - commit: "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", - depth: 20, - }, - } - - for _, tt := range tcs { - t.Run(tt.name, func(t *testing.T) { - repo, err := MakeGitlabRepo(tt.repourl) - if err != nil { - t.Error("couldn't make gitlab repo", err) - } - - client, err := CreateGitlabClient(context.Background(), repo.Host()) - if err != nil { - t.Error("couldn't make gitlab client", err) - } - - err = client.InitRepo(repo, tt.commit, tt.depth) - if err != nil { - t.Error("couldn't init gitlab repo", err) - } - - c, err := client.ListCommits() - if err != nil { - t.Error("couldn't list gitlab repo commits", err) - } - if len(c) == 0 { - t.Error("couldn't get any commits from gitlab repo") - } - }) - } -} - func TestParsingEmail(t *testing.T) { t.Parallel() diff --git a/clients/gitlabrepo/contributors_test.go b/clients/gitlabrepo/contributors_test.go index 50eab3d79c0..4960a1899a8 100644 --- a/clients/gitlabrepo/contributors_test.go +++ b/clients/gitlabrepo/contributors_test.go @@ -15,66 +15,13 @@ package gitlabrepo import ( - "context" - "fmt" "strconv" - "strings" "sync" "testing" "github.com/xanzy/go-gitlab" ) -func Test_ContributorsSetup(t *testing.T) { - t.Parallel() - tcs := []struct { - name string - repourl string - commit string - depth int - }{ - { - name: "check that Contributor works", - repourl: "https://gitlab.com/fdroid/fdroidclient", - commit: "HEAD", - depth: 20, - }, - } - - for _, tt := range tcs { - t.Run(tt.name, func(t *testing.T) { - repo, err := MakeGitlabRepo(tt.repourl) - if err != nil { - t.Error("couldn't make gitlab repo", err) - } - - client, err := CreateGitlabClientWithToken(context.Background(), "", repo.Host()) - if err != nil { - t.Error("couldn't make gitlab client", err) - } - - err = client.InitRepo(repo, tt.commit, tt.depth) - if err != nil { - t.Error("couldn't init gitlab repo", - err) - } - - c, err := client.ListContributors() - // Authentication is failing when querying users, not sure yet how to get around that - if err != nil { - errMsg := fmt.Sprintf("%v", err) - - if !(strings.Contains(errMsg, "error during Users.Get") && strings.Contains(errMsg, "401")) { - t.Error("couldn't list gitlab repo contributors", err) - } - } - if len(c) != 0 { - t.Error("couldn't get any contributors from gitlab repo") - } - }) - } -} - func TestContributors(t *testing.T) { t.Parallel() diff --git a/e2e/contributors_test.go b/e2e/contributors_test.go index 92c6a789b65..e3cce8aab11 100644 --- a/e2e/contributors_test.go +++ b/e2e/contributors_test.go @@ -16,6 +16,8 @@ package e2e import ( "context" + "fmt" + "strings" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -24,6 +26,7 @@ import ( "github.com/ossf/scorecard/v4/checks" "github.com/ossf/scorecard/v4/clients" "github.com/ossf/scorecard/v4/clients/githubrepo" + "github.com/ossf/scorecard/v4/clients/gitlabrepo" scut "github.com/ossf/scorecard/v4/utests" ) @@ -54,5 +57,28 @@ var _ = Describe("E2E TEST:"+checks.CheckContributors, func() { Expect(scut.ValidateTestReturn(nil, "several contributors", &expected, &result, &dl)).Should(BeTrue()) Expect(repoClient.Close()).Should(BeNil()) }) + + It("Should return valid project contributors - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "PAT only") + repo, err := gitlabrepo.MakeGitlabRepo("https://gitlab.com/baserow/baserow") + Expect(err).Should(BeNil()) + + client, err := gitlabrepo.CreateGitlabClient(context.Background(), repo.Host()) + Expect(err).Should(BeNil()) + + err = client.InitRepo(repo, "HEAD", 20) + Expect(err).Should(BeNil()) + + c, err := client.ListContributors() + // Authentication is failing when querying users, not sure yet how to get around that + if err != nil { + errMsg := fmt.Sprintf("%v", err) + + if !(strings.Contains(errMsg, "error during Users.Get") && strings.Contains(errMsg, "401")) { + Fail(fmt.Sprintf("couldn't list gitlab repo contributors: %v", err)) + } + } + Expect(len(c)).Should(BeNumerically(">", 0)) + }) }) }) From c8a7324b3545a6acd9f8a6c96f888138be468361 Mon Sep 17 00:00:00 2001 From: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:25:34 -0400 Subject: [PATCH 310/316] =?UTF-8?q?=E2=9C=A8=20Gitlab:=20add=20cron=20repo?= =?UTF-8?q?s=20(#3208)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * remove experimental flag Signed-off-by: Raghav Kaul * add gitlab repos to weekly Signed-off-by: Raghav Kaul * rename selected -> releasetest Signed-off-by: Raghav Kaul * check repo access level for private repos Signed-off-by: Raghav Kaul * Move e2e test to unit tests Signed-off-by: Raghav Kaul * Require token for test Signed-off-by: Raghav Kaul --------- Signed-off-by: Raghav Kaul --- clients/gitlabrepo/client.go | 19 + clients/gitlabrepo/client_e2e_test.go | 82 ++ clients/gitlabrepo/client_test.go | 55 - cron/internal/controller/Dockerfile | 3 +- .../data/gitlab-projects-releasetest.csv | 1000 +++++++++++++++++ ...jects-selected.csv => gitlab-projects.csv} | 0 cron/k8s/controller.release.yaml | 2 +- cron/k8s/controller.yaml | 6 +- cron/k8s/worker.release.yaml | 2 - cron/k8s/worker.yaml | 5 + 10 files changed, 1114 insertions(+), 60 deletions(-) create mode 100644 clients/gitlabrepo/client_e2e_test.go delete mode 100644 clients/gitlabrepo/client_test.go create mode 100644 cron/internal/data/gitlab-projects-releasetest.csv rename cron/internal/data/{gitlab-projects-selected.csv => gitlab-projects.csv} (100%) diff --git a/clients/gitlabrepo/client.go b/clients/gitlabrepo/client.go index 1254118fffc..e0df99e5306 100644 --- a/clients/gitlabrepo/client.go +++ b/clients/gitlabrepo/client.go @@ -58,6 +58,20 @@ type Client struct { commitDepth int } +var errRepoAccess = errors.New("repo inaccessible") + +// Raise an error if repository access level is private or disabled. +func checkRepoInaccessible(repo *gitlab.Project) error { + if (repo.RepositoryAccessLevel == gitlab.PrivateAccessControl) || + (repo.RepositoryAccessLevel == gitlab.DisabledAccessControl) { + return fmt.Errorf("%w: %s access level %s", + errRepoAccess, repo.PathWithNamespace, string(repo.RepositoryAccessLevel), + ) + } + + return nil +} + // InitRepo sets up the GitLab project in local storage for improving performance and GitLab token usage efficiency. func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitDepth int) error { glRepo, ok := inputRepo.(*repoURL) @@ -71,6 +85,11 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string, commitD if err != nil { return sce.WithMessage(sce.ErrRepoUnreachable, proj+"\t"+err.Error()) } + + if err = checkRepoInaccessible(repo); err != nil { + return sce.WithMessage(sce.ErrRepoUnreachable, err.Error()) + } + if commitDepth <= 0 { client.commitDepth = 30 // default } else { diff --git a/clients/gitlabrepo/client_e2e_test.go b/clients/gitlabrepo/client_e2e_test.go new file mode 100644 index 00000000000..741effd5fae --- /dev/null +++ b/clients/gitlabrepo/client_e2e_test.go @@ -0,0 +1,82 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package gitlabrepo + +import ( + "context" + "fmt" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "github.com/xanzy/go-gitlab" +) + +var _ = Describe("E2E TEST: gitlabrepo.commitsHandler", func() { + Context("Test whether commits are listed - GitLab", func() { + It("returns that the repo is inaccessible", func() { + repo, err := MakeGitlabRepo("https://gitlab.com/fdroid/fdroidclient") + Expect(err).Should(BeNil()) + + client, err := CreateGitlabClient(context.Background(), repo.Host()) + Expect(err).Should(BeNil()) + + err = client.InitRepo(repo, "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", 20) + Expect(err).Should(BeNil()) + + c, err := client.ListCommits() + Expect(err).Should(BeNil()) + + Expect(len(c)).Should(BeNumerically(">", 0)) + }) + }) +}) + +var _ = Describe("E2E TEST: gitlabrepo.client", func() { + Context("checkRepoInaccessible", func() { + It("returns that the repo is inaccessible - GitLab", func() { + skipIfTokenIsNot(gitlabPATTokenType, "GitLab only") + repo, err := MakeGitlabRepo("https://gitlab.com/ossf-test/private-project") + Expect(err).Should(BeNil()) + + client, err := CreateGitlabClient(context.Background(), repo.Host()) + Expect(err).Should(BeNil()) + + glRepo, ok := repo.(*repoURL) + Expect(ok).Should(BeTrue()) + + // Sanity check. + glcl, ok := client.(*Client) + Expect(ok).Should(BeTrue()) + + path := fmt.Sprintf("%s/%s", glRepo.owner, glRepo.project) + proj, _, err := glcl.glClient.Projects.GetProject(path, &gitlab.GetProjectOptions{}) + Expect(err).Should(BeNil()) + + err = checkRepoInaccessible(proj) + Expect(err).ShouldNot(BeNil()) + }) + + It("should initialize repos without error - GitLab", func() { + repo, err := MakeGitlabRepo("https://gitlab.com/fdroid/fdroidclient") + Expect(err).Should(BeNil()) + + client, err := CreateGitlabClient(context.Background(), repo.Host()) + Expect(err).Should(BeNil()) + + err = client.InitRepo(repo, "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", 20) + Expect(err).Should(BeNil()) + }) + }) +}) diff --git a/clients/gitlabrepo/client_test.go b/clients/gitlabrepo/client_test.go deleted file mode 100644 index 8a92d634dbb..00000000000 --- a/clients/gitlabrepo/client_test.go +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2023 OpenSSF Scorecard Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package gitlabrepo - -import ( - "context" - "testing" -) - -func Test_InitRepo(t *testing.T) { - t.Parallel() - tcs := []struct { - name string - repourl string - commit string - depth int - }{ - { - repourl: "https://gitlab.com/fdroid/fdroidclient", - commit: "a4bbef5c70fd2ac7c15437a22ef0f9ef0b447d08", - depth: 20, - }, - } - - for _, tt := range tcs { - t.Run(tt.name, func(t *testing.T) { - repo, err := MakeGitlabRepo(tt.repourl) - if err != nil { - t.Error("couldn't make gitlab repo", err) - } - - client, err := CreateGitlabClient(context.Background(), repo.Host()) - if err != nil { - t.Error("couldn't make gitlab client", err) - } - - err = client.InitRepo(repo, tt.commit, tt.depth) - if err != nil { - t.Error("couldn't init gitlab repo", err) - } - }) - } -} diff --git a/cron/internal/controller/Dockerfile b/cron/internal/controller/Dockerfile index 019729b815a..84e1d10d674 100644 --- a/cron/internal/controller/Dockerfile +++ b/cron/internal/controller/Dockerfile @@ -32,7 +32,8 @@ RUN CGO_ENABLED=0 make build-controller FROM gcr.io/distroless/base:nonroot@sha256:99133cb0878bb1f84d1753957c6fd4b84f006f2798535de22ebf7ba170bbf434 COPY ./cron/internal/data/projects*csv cron/internal/data/ -COPY ./cron/internal/data/gitlab-projects-selected.csv cron/internal/data/ +COPY ./cron/internal/data/gitlab-projects-releasetest.csv cron/internal/data/ +COPY ./cron/internal/data/gitlab-projects.csv cron/internal/data/ COPY --from=shuffle /src/cron/internal/data/projects.release.csv cron/internal/data/projects.release.csv COPY --from=controller /src/cron/internal/controller/controller cron/internal/controller/controller ENTRYPOINT ["cron/internal/controller/controller"] diff --git a/cron/internal/data/gitlab-projects-releasetest.csv b/cron/internal/data/gitlab-projects-releasetest.csv new file mode 100644 index 00000000000..b8ce082827f --- /dev/null +++ b/cron/internal/data/gitlab-projects-releasetest.csv @@ -0,0 +1,1000 @@ +repo,metadata +https://gitlab.com/gitlab-org/gitlab-foss, +https://gitlab.com/gitlab-org/gitlab, +https://gitlab.com/CalcProgrammer1/OpenRGB, +https://gitlab.com/gitlab-org/gitlab-runner, +https://gitlab.com/fdroid/fdroidclient, +https://gitlab.com/baserow/baserow, +https://gitlab.com/AuroraOSS/AuroraStore, +https://gitlab.com/graphviz/graphviz, +https://gitlab.com/pgjones/quart, +https://gitlab.com/libeigen/eigen, +https://gitlab.com/gitlab-org/gitlab-development-kit, +https://gitlab.com/gitlab-org/omnibus-gitlab, +https://gitlab.com/tezos/tezos, +https://gitlab.com/mayan-edms/mayan-edms, +https://gitlab.com/meltano/meltano, +https://gitlab.com/gitlab-com/runbooks, +https://gitlab.com/antora/antora, +https://gitlab.com/pycqa/flake8, +https://gitlab.com/meno/dropzone, +https://gitlab.com/pages/hugo, +https://gitlab.com/sequoia-pgp/sequoia, +https://gitlab.com/gableroux/unity3d-gitlab-ci-example, +https://gitlab.com/gitlab-org/gitaly, +https://gitlab.com/gitlab-org/cli, +https://gitlab.com/postgres-ai/database-lab, +https://gitlab.com/timvisee/ffsend, +https://gitlab.com/leanlabsio/kanban, +https://gitlab.com/pgjones/hypercorn, +https://gitlab.com/Rich-Harris/buble, +https://gitlab.com/cznic/sqlite, +https://gitlab.com/postgres-ai/postgres-checkup, +https://gitlab.com/mojo42/Jirafeau, +https://gitlab.com/eidheim/Simple-Web-Server, +https://gitlab.com/NebulousLabs/Sia, +https://gitlab.com/akihe/radamsa, +https://gitlab.com/procps-ng/procps, +https://gitlab.com/jam-systems/jam, +https://gitlab.com/catamphetamine/libphonenumber-js, +https://gitlab.com/olaris/olaris-server, +https://gitlab.com/stavros/harbormaster, +https://gitlab.com/conradsnicta/armadillo-code, +https://gitlab.com/gitlab-org/gitlab-shell, +https://gitlab.com/dalibo/postgresql_anonymizer, +https://gitlab.com/fatihacet/gitlab-vscode-extension, +https://gitlab.com/brinkervii/grapejuice, +https://gitlab.com/gitlab-org/gitlab-runner-docker-cleanup, +https://gitlab.com/gitlab-org/gitlab-ui, +https://gitlab.com/ajak/tuir, +https://gitlab.com/kornelski/babel-preset-php, +https://gitlab.com/mailman/hyperkitty, +https://gitlab.com/wg1/jpeg-xl, +https://gitlab.com/nsnam/ns-3-dev, +https://gitlab.com/axet/android-book-reader, +https://gitlab.com/shodan-public/nrich, +https://gitlab.com/bloom42/bloom, +https://gitlab.com/lfortran/lfortran, +https://gitlab.com/gitlab-org/gitlab-triage, +https://gitlab.com/esr/reposurgeon, +https://gitlab.com/leinardi/gkraken, +https://gitlab.com/QEF/q-e, +https://gitlab.com/eidheim/Simple-WebSocket-Server, +https://gitlab.com/signald/signald, +https://gitlab.com/chaica/feed2toot, +https://gitlab.com/gitlab-org/gitlab-pages, +https://gitlab.com/pulsechaincom/go-pulse, +https://gitlab.com/GoogleDriveIndex/Google-Drive-Index, +https://gitlab.com/antonok/enum_dispatch, +https://gitlab.com/gitlab-org/gitlab-workhorse, +https://gitlab.com/petsc/petsc, +https://gitlab.com/eternal-twin/etwin, +https://gitlab.com/mattbas/python-lottie, +https://gitlab.com/gitlab-org/docker-distribution-pruner, +https://gitlab.com/rosie-pattern-language/rosie, +https://gitlab.com/BuildStream/buildstream, +https://gitlab.com/kicad/libraries/kicad-footprints, +https://gitlab.com/dmfay/massive-js, +https://gitlab.com/nanuchi/go-full-course-youtube, +https://gitlab.com/sublime-music/sublime-music, +https://gitlab.com/gitlab-org/opstrace/opstrace, +https://gitlab.com/gitlab-org/release-cli, +https://gitlab.com/gitlab-org/ci-cd/docker-machine, +https://gitlab.com/catamphetamine/react-phone-number-input, +https://gitlab.com/IvanSanchez/Leaflet.GridLayer.GoogleMutant, +https://gitlab.com/klamonte/jexer, +https://gitlab.com/woob/woob, +https://gitlab.com/crates.rs/crates.rs, +https://gitlab.com/stavros/python-yeelight, +https://gitlab.com/gitlab-org/cluster-integration/auto-deploy-image, +https://gitlab.com/dbsystel/gitlab-ci-python-library, +https://gitlab.com/DerManu/QCustomPlot, +https://gitlab.com/juhani/go-semrel-gitlab, +https://gitlab.com/postgres-ai/joe, +https://gitlab.com/altek/accountant, +https://gitlab.com/formschema/native, +https://gitlab.com/gardenappl/readability-cli, +https://gitlab.com/doctormo/python-crontab, +https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent, +https://gitlab.com/mattbas/glaxnimate, +https://gitlab.com/mailman/postorius, +https://gitlab.com/cznic/ql, +https://gitlab.com/gitlab-org/release-tools, +https://gitlab.com/gitlab-org/gitlab-svgs, +https://gitlab.com/bzip2/bzip2, +https://gitlab.com/Molcas/OpenMolcas, +https://gitlab.com/anarcat/wallabako, +https://gitlab.com/gpsd/gpsd, +https://gitlab.com/xiliumhq/chromiumembedded/cefglue, +https://gitlab.com/weitzman/drupal-test-traits, +https://gitlab.com/DavidGriffith/frotz, +https://gitlab.com/sane-project/backends, +https://gitlab.com/palisade/palisade-release, +https://gitlab.com/thorchain/thornode, +https://gitlab.com/susurrus/serialport-rs, +https://gitlab.com/purelb/purelb, +https://gitlab.com/libtiff/libtiff, +https://gitlab.com/gilrs-project/gilrs, +https://gitlab.com/altom/altunity/altunitytester, +https://gitlab.com/tglman/persy, +https://gitlab.com/esr/loccount, +https://gitlab.com/WhyNotHugo/darkman, +https://gitlab.com/remram44/taguette, +https://gitlab.com/goobook/goobook, +https://gitlab.com/edneville/please, +https://gitlab.com/gitlab-org/cloud-native/gitlab-operator, +https://gitlab.com/hyper-expanse/open-source/semantic-delivery-gitlab, +https://gitlab.com/bitcoin-cash-node/bitcoin-cash-node, +https://gitlab.com/tspiteri/rug, +https://gitlab.com/libxc/libxc, +https://gitlab.com/amatos/rest-countries, +https://gitlab.com/m2crypto/m2crypto, +https://gitlab.com/ttyperacer/terminal-typeracer, +https://gitlab.com/glatteis/earthwalker, +https://gitlab.com/mattia.basaglia/python-lottie, +https://gitlab.com/john.carroll.p/rschedule, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-rs, +https://gitlab.com/portmod/portmod, +https://gitlab.com/librespacefoundation/polaris/polaris, +https://gitlab.com/allianceauth/allianceauth, +https://gitlab.com/gitlab-org/incubation-engineering/ai-assist/dokter, +https://gitlab.com/joneshf/purty, +https://gitlab.com/cerfacs/batman, +https://gitlab.com/lightmeter/controlcenter, +https://gitlab.com/autokent/pdf-parse, +https://gitlab.com/inkscape/extensions, +https://gitlab.com/vstconsulting/polemarch, +https://gitlab.com/stuko/ovito, +https://gitlab.com/php-ai/php-ml, +https://gitlab.com/cmocka/cmocka, +https://gitlab.com/kashell/Kawa, +https://gitlab.com/francoisjacquet/rosariosis, +https://gitlab.com/catamphetamine/read-excel-file, +https://gitlab.com/oer/emacs-reveal, +https://gitlab.com/xiayesuifeng/v2rayxplus, +https://gitlab.com/gitmate/open-source/IGitt, +https://gitlab.com/subnetzero/iridium, +https://gitlab.com/yorickpeterse/oga, +https://gitlab.com/mbryant/functiontrace, +https://gitlab.com/pyspread/pyspread, +https://gitlab.com/pavel.krupala/pyqt-node-editor, +https://gitlab.com/dslackw/colored, +https://gitlab.com/mikler/glaber, +https://gitlab.com/drutopia/drutopia, +https://gitlab.com/cznic/ccgo, +https://gitlab.com/broj42/nuxt-cookie-control, +https://gitlab.com/orobardet/gitlab-ci-linter, +https://gitlab.com/AdrianDC/gitlabci-local, +https://gitlab.com/virtio-fs/virtiofsd, +https://gitlab.com/ternaris/rosbags, +https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/fargate, +https://gitlab.com/asuran-rs/asuran, +https://gitlab.com/librespacefoundation/satnogs/satnogs-network, +https://gitlab.com/maxlefou/hugo.386, +https://gitlab.com/mattia.basaglia/tgs, +https://gitlab.com/opennota/findimagedupes, +https://gitlab.com/html-validate/html-validate, +https://gitlab.com/oer/org-re-reveal, +https://gitlab.com/BrightOpen/Samotop, +https://gitlab.com/Friz64/erupt, +https://gitlab.com/nyx-space/nyx, +https://gitlab.com/msvechla/vaultbot, +https://gitlab.com/profclems/glab, +https://gitlab.com/pwoolcoc/soup, +https://gitlab.com/yawning/obfs4, +https://gitlab.com/gitlab-org/gitlab-exporter, +https://gitlab.com/gitlab-com/support/toolbox/fast-stats, +https://gitlab.com/lv2/lv2, +https://gitlab.com/remcohaszing/eslint-formatter-gitlab, +https://gitlab.com/eidheim/tiny-process-library, +https://gitlab.com/Linaro/tuxmake, +https://gitlab.com/sdurobotics/ur_rtde, +https://gitlab.com/pulsechaincom/pls-faucet, +https://gitlab.com/aa900031/nestjs-command, +https://gitlab.com/philbooth/bfj, +https://gitlab.com/stp-team/systemtestportal-webapp, +https://gitlab.com/cunity/gitlab-emulator, +https://gitlab.com/tractor-team/tractor, +https://gitlab.com/wrobell/remt, +https://gitlab.com/parrot_parrot/ms-teams-replace-background, +https://gitlab.com/p8n/panopticon, +https://gitlab.com/gitlab-org/terraform-provider-gitlab, +https://gitlab.com/dslackw/slpkg, +https://gitlab.com/gtk-kt/gtk-kt, +https://gitlab.com/ProjectWARP/warp-go, +https://gitlab.com/vmware/idem/idem, +https://gitlab.com/shackra/goimapnotify, +https://gitlab.com/Cwiiis/ferris, +https://gitlab.com/kicad/libraries/kicad-footprint-generator, +https://gitlab.com/broj42/nuxt-gmaps, +https://gitlab.com/lansharkconsulting/django/django-encrypted-model-fields, +https://gitlab.com/pycqa/flake8-docstrings, +https://gitlab.com/xmpp-rs/xmpp-rs, +https://gitlab.com/trantor/trantor, +https://gitlab.com/osnvr/os-nvr, +https://gitlab.com/etherlab.org/ethercat, +https://gitlab.com/inbitcoin/lighter, +https://gitlab.com/hoppr/hoppr, +https://gitlab.com/nomadic-labs/tezos, +https://gitlab.com/dee-see/graphql-path-enum, +https://gitlab.com/ilpianista/arch-audit, +https://gitlab.com/lely_industries/lely-core, +https://gitlab.com/okannen/static_init, +https://gitlab.com/TNThieding/exif, +https://gitlab.com/under-test/undertest, +https://gitlab.com/wholegrain/website-carbon-badges, +https://gitlab.com/broj42/nuxt-lazy-load, +https://gitlab.com/catamphetamine/country-flag-icons, +https://gitlab.com/golang-commonmark/markdown, +https://gitlab.com/williamyaoh/shrinkwraprs, +https://gitlab.com/torkleyy/err-derive, +https://gitlab.com/pavanello-research-group/dftpy, +https://gitlab.com/BVollmerhaus/blurwal, +https://gitlab.com/citrus-rs/citrus, +https://gitlab.com/gitlab-org/gl-openshift/gitlab-runner-operator, +https://gitlab.com/Oslandia/py3dtiles, +https://gitlab.com/Nulide/findmydeviceserver, +https://gitlab.com/clickable/clickable, +https://gitlab.com/microo8/plgo, +https://gitlab.com/cordite/cordite, +https://gitlab.com/shyft-os/shyft, +https://gitlab.com/antora/antora-lunr-extension, +https://gitlab.com/cerlane/SoftPosit, +https://gitlab.com/akita/mgpusim, +https://gitlab.com/lobaro/iot-dashboard, +https://gitlab.com/secml/secml, +https://gitlab.com/gitlab-org/container-registry, +https://gitlab.com/gitlab-org/labkit, +https://gitlab.com/isard/isardvdi, +https://gitlab.com/lmco/hoppr/hoppr, +https://gitlab.com/JacobLinCool/bahamut-automation, +https://gitlab.com/hoppr/hoppr-cop, +https://gitlab.com/hoppr/droppr, +https://gitlab.com/mindfulness-at-the-computer/mindfulness-at-the-computer, +https://gitlab.com/commonground/nlx/nlx, +https://gitlab.com/dalibo/dramatiq-pg, +https://gitlab.com/dodgyville/pygltflib, +https://gitlab.com/lramage/mkdocs-gitbook-theme, +https://gitlab.com/microo8/ratt, +https://gitlab.com/wholegrain/granola, +https://gitlab.com/termoshtt/accel, +https://gitlab.com/UnicodeLabs/OpenRPA, +https://gitlab.com/vuedoc/md, +https://gitlab.com/eyeo/adblockplus/abc/adblockpluscore, +https://gitlab.com/realismusmodding/fs19_rm_seasons, +https://gitlab.com/appsemble/appsemble, +https://gitlab.com/philbooth/check-types.js, +https://gitlab.com/Rich-Harris/rollup-plugin-buble, +https://gitlab.com/gitlab-org/ci-cd/custom-executor-drivers/autoscaler, +https://gitlab.com/icm-institute/aramislab/leaspy, +https://gitlab.com/mike01/pypacker, +https://gitlab.com/pragmaticreviews/golang-gin-poc, +https://gitlab.com/NonFactors/AspNetCore.Grid, +https://gitlab.com/trixnity/trixnity, +https://gitlab.com/taricorp/llvm-sys.rs, +https://gitlab.com/ternaris/marv-robotics, +https://gitlab.com/datadrivendiscovery/d3m, +https://gitlab.com/deadcanaries/kadence, +https://gitlab.com/causal/ananke, +https://gitlab.com/NickCao/RAIT, +https://gitlab.com/gomidi/midi, +https://gitlab.com/egh/ledger-autosync, +https://gitlab.com/brycedorn/gitlab-corners, +https://gitlab.com/rak-n-rok/krake, +https://gitlab.com/teskje/microfft-rs, +https://gitlab.com/tspiteri/fixed, +https://gitlab.com/cunity/gitlab-python-runner, +https://gitlab.com/jesselcorbett/diskord, +https://gitlab.com/burke-software/django-report-builder, +https://gitlab.com/karroffel/contracts, +https://gitlab.com/commonshost/server, +https://gitlab.com/saltstack/pop/tiamat, +https://gitlab.com/SUSE-UIUX/eos-icons, +https://gitlab.com/gitlab-org/gitlab_git, +https://gitlab.com/pgjones/quart-trio, +https://gitlab.com/alexgleason/wagtailfontawesome, +https://gitlab.com/adam.stanek/nanit, +https://gitlab.com/fitmulticell/fit, +https://gitlab.com/quantify-os/quantify-core, +https://gitlab.com/alelec/gitlab-release, +https://gitlab.com/pymarc/pymarc, +https://gitlab.com/guardianproject/NetCipher, +https://gitlab.com/sumner/sublime-music, +https://gitlab.com/Rich-Harris/phonograph, +https://gitlab.com/inorton/junit2html, +https://gitlab.com/robcresswell/vue-material-design-icons, +https://gitlab.com/flattrack/flattrack, +https://gitlab.com/gitbuilding/gitbuilding, +https://gitlab.com/4degrees/lucidity, +https://gitlab.com/anarcat/feed2exec, +https://gitlab.com/shellyBits/v-chacheli, +https://gitlab.com/picos-api/picos, +https://gitlab.com/etke.cc/postmoogle, +https://gitlab.com/danielquinn/majel, +https://gitlab.com/eyeo/adblockplus/adblockpluscore, +https://gitlab.com/neachdainn/nng-rs, +https://gitlab.com/DGothrek/ipyaggrid, +https://gitlab.com/Thann/pingg, +https://gitlab.com/unit410/tezos-hsm-signer, +https://gitlab.com/takluyver/jeepney, +https://gitlab.com/gitlab-org/project-templates/go-micro, +https://gitlab.com/ratio-case/python/raplan, +https://gitlab.com/coroner/cryptolyzer, +https://gitlab.com/gitlab-org/gitlab-elasticsearch-indexer, +https://gitlab.com/dslackw/sun, +https://gitlab.com/gitlab-org/security-products/analyzers/semgrep, +https://gitlab.com/andrewbanchich/forty-jekyll-theme, +https://gitlab.com/flarenetwork/flare, +https://gitlab.com/isbg/isbg, +https://gitlab.com/bluebank/braid, +https://gitlab.com/libvirt/libvirt-rust, +https://gitlab.com/NebulousLabs/siastream, +https://gitlab.com/crespum/polaris, +https://gitlab.com/codsen/codsen, +https://gitlab.com/gemseo/dev/gemseo, +https://gitlab.com/mvysny/konsume-xml, +https://gitlab.com/yaal/canaille, +https://gitlab.com/thiagocsf/nexus3-cli, +https://gitlab.com/tango-controls/pytango, +https://gitlab.com/timvisee/prs, +https://gitlab.com/wyrcan/wyrcan, +https://gitlab.com/ApexAI/ade-cli, +https://gitlab.com/gitlab-org/gl-openshift/gitlab-operator, +https://gitlab.com/mattbas/Qt-Color-Widgets, +https://gitlab.com/beenje/gidgetlab, +https://gitlab.com/sscherfke/typed-settings, +https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium, +https://gitlab.com/liquid-design/liquid-design-react, +https://gitlab.com/nitk-nest/nest, +https://gitlab.com/hpierce1102/ClassFinder, +https://gitlab.com/susurrus/gattii, +https://gitlab.com/agrumery/aGrUM, +https://gitlab.com/rmaguiar/hugo-theme-color-your-world, +https://gitlab.com/IvanSanchez/Leaflet.TileLayer.GL, +https://gitlab.com/demsking/image-downloader, +https://gitlab.com/sj1k/gorice, +https://gitlab.com/catamphetamine/write-excel-file, +https://gitlab.com/jtaimisto/bluewalker, +https://gitlab.com/coderscare/gridelements, +https://gitlab.com/AGausmann/rustberry, +https://gitlab.com/openpgp-ca/openpgp-ca, +https://gitlab.com/tangibleai/qary, +https://gitlab.com/TheYardVFX/mangrove, +https://gitlab.com/microo8/photon, +https://gitlab.com/slon/shad-go, +https://gitlab.com/computationalmaterials/clease, +https://gitlab.com/flippidippi/download-git-repo, +https://gitlab.com/selfagency/utfu, +https://gitlab.com/cloudb0x/trackarr, +https://gitlab.com/librespacefoundation/satnogs/satnogs-client, +https://gitlab.com/obnam/obnam, +https://gitlab.com/service-work/is-loading, +https://gitlab.com/gitlab-org/security-products/gemnasium-db, +https://gitlab.com/tenzing/shared-array, +https://gitlab.com/vuedoc/parser, +https://gitlab.com/ra_kete/microfft-rs, +https://gitlab.com/srrg-software/srrg_hbst, +https://gitlab.com/sequoia-pgp/sequoia-octopus-librnp, +https://gitlab.com/opennota/tl, +https://gitlab.com/dunloplab/delta, +https://gitlab.com/open-source-keir/financial-modelling/trading/barter-data-rs, +https://gitlab.com/nbdkit/nbdkit, +https://gitlab.com/bor-sh/git-gitlab, +https://gitlab.com/mikerockett/weasyprint, +https://gitlab.com/bichon-project/bichon, +https://gitlab.com/remote-apis-testing/remote-apis-testing, +https://gitlab.com/gitlab-org/security-products/analyzers/common, +https://gitlab.com/mutt_data/muttlib, +https://gitlab.com/deltares/imod/imod-python, +https://gitlab.com/az67128/svelte-atoms, +https://gitlab.com/jiaan/gitlab-pipeline-dashboard, +https://gitlab.com/PoroCYon/PokeApi.NET, +https://gitlab.com/gitlabracadabra/gitlabracadabra, +https://gitlab.com/hydroqc/hydroqc2mqtt, +https://gitlab.com/objrs/objrs, +https://gitlab.com/eyeo/adblockplus/abc/webext-sdk, +https://gitlab.com/tumult-labs/analytics, +https://gitlab.com/vicky5124/lavalink-rs, +https://gitlab.com/woolf/RTSPbrute, +https://gitlab.com/thelabnyc/django-logpipe, +https://gitlab.com/mb-saces/synatainer, +https://gitlab.com/dslackw/sbo-templates, +https://gitlab.com/cznic/cc, +https://gitlab.com/serebit/strife, +https://gitlab.com/polavieja_lab/idtrackerai, +https://gitlab.com/Go101/go101, +https://gitlab.com/smueller18/pylint-gitlab, +https://gitlab.com/alienscience/mailin, +https://gitlab.com/m03geek/fastify-oas, +https://gitlab.com/recommend.games/board-game-scraper, +https://gitlab.com/ornamentist/un-algebra, +https://gitlab.com/cest-group/boss, +https://gitlab.com/hindawi/xpub/xpub-review, +https://gitlab.com/commonground/don/developer.overheid.nl, +https://gitlab.com/iam-cms/kadi, +https://gitlab.com/passelecasque/varroa, +https://gitlab.com/PanierAvide/geovisio, +https://gitlab.com/gonoware/laravel-maps, +https://gitlab.com/obviate.io/pyleglight, +https://gitlab.com/xiayesuifeng/gopanel, +https://gitlab.com/tslocum/godoc-static, +https://gitlab.com/tglman/structsy, +https://gitlab.com/davidmreed/amaxa, +https://gitlab.com/mortengjerding/asr, +https://gitlab.com/mailman/django-mailman3, +https://gitlab.com/hydroqc/hydroqc, +https://gitlab.com/mhammons/slinc, +https://gitlab.com/asciidoc3/asciidoc3, +https://gitlab.com/mmalawski/openapi-validator, +https://gitlab.com/rjurga/ludget, +https://gitlab.com/kylehqcom/stencil, +https://gitlab.com/hieulw/cicflowmeter, +https://gitlab.com/meltano/sdk, +https://gitlab.com/localg-host/watchghost, +https://gitlab.com/bradwood/git-lab-rust, +https://gitlab.com/stevecu/xloil, +https://gitlab.com/chrisrabotin/nyx, +https://gitlab.com/df_storyteller/df-storyteller, +https://gitlab.com/celliern/scikit-fdiff, +https://gitlab.com/polychainlabs/tezos-network-monitor, +https://gitlab.com/gitlab-org/gitaly-proto, +https://gitlab.com/gitlab-org/security-products/analyzers/fuzzers/jsfuzz, +https://gitlab.com/axet/libtorrent, +https://gitlab.com/relief-melone/vue-mapbox-ts, +https://gitlab.com/slepc/slepc, +https://gitlab.com/betse/betse, +https://gitlab.com/librespacefoundation/satnogs/satnogs-decoders, +https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/gitrob, +https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/gitrob, +https://gitlab.com/mertbakir/resume-a4, +https://gitlab.com/gitlab-com/marketing/digital-experience/slippers-ui, +https://gitlab.com/gitlab-org/csslab, +https://gitlab.com/thelabnyc/wagtail_blog, +https://gitlab.com/zach-geek/vartiste, +https://gitlab.com/tdiekmann/safety-guard, +https://gitlab.com/toryanderson/hugo-icarus, +https://gitlab.com/volian/rust-apt, +https://gitlab.com/bzim/lockfree, +https://gitlab.com/nvidia/container-toolkit/container-toolkit, +https://gitlab.com/deadcanaries/orc, +https://gitlab.com/cpvpn/cpyvpn, +https://gitlab.com/JakobDev/minecraft-launcher-lib, +https://gitlab.com/ikus-soft/tkvue, +https://gitlab.com/ecp-ci/jacamar-ci, +https://gitlab.com/quantify-os/quantify-scheduler, +https://gitlab.com/qonfucius/aragog, +https://gitlab.com/felipe_public/badges-gitlab, +https://gitlab.com/Pythia8/releases, +https://gitlab.com/hashbangfr/coldcms, +https://gitlab.com/govbr-ds/dev/govbr-ds-dev-core, +https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter, +https://gitlab.com/ideasman42/blender-mathutils, +https://gitlab.com/blurt/blurt, +https://gitlab.com/ahogen/cppcheck-codequality, +https://gitlab.com/gitlab-org/opstrace/opstrace-ui, +https://gitlab.com/corthbandt/shinglify, +https://gitlab.com/librespacefoundation/satnogs/satnogs-db, +https://gitlab.com/rysiekpl/libresilient, +https://gitlab.com/baxe/rv, +https://gitlab.com/kornelski/cargo-xcode, +https://gitlab.com/cznic/tcl, +https://gitlab.com/freckles-io/freckles, +https://gitlab.com/hkex/resipy, +https://gitlab.com/vmware/idem/idem-aws, +https://gitlab.com/yhtang/graphdot, +https://gitlab.com/VSI-TUGraz/Dynasaur, +https://gitlab.com/ydkn/capistrano-rails-console, +https://gitlab.com/george/shoya-go, +https://gitlab.com/brianodonnell/pod_feeder_v2, +https://gitlab.com/greut/eclint, +https://gitlab.com/hadrien/aws_lambda_logging, +https://gitlab.com/sthesing/zettels, +https://gitlab.com/avron/gruvhugo, +https://gitlab.com/saltstack/pop/heist, +https://gitlab.com/deeploy-ml/deeploy-python-client, +https://gitlab.com/t0xic0der/obserware, +https://gitlab.com/bloom42/bitflow, +https://gitlab.com/pgjones/quart-schema, +https://gitlab.com/mironet/magnolia-helm, +https://gitlab.com/apgoucher/lifelib, +https://gitlab.com/rhab/PyOTRS, +https://gitlab.com/l_sim/bigdft-suite, +https://gitlab.com/dns2utf8/sudo.rs, +https://gitlab.com/gabmus/hugo-ficurinia, +https://gitlab.com/SkynetLabs/skyd, +https://gitlab.com/fommil/shapely, +https://gitlab.com/datadrivendiscovery/common-primitives, +https://gitlab.com/sri-at-gitlab/projects/remote-pipeline-test-framework/framework, +https://gitlab.com/dashwav/gila, +https://gitlab.com/vibes-developers/vibes, +https://gitlab.com/under-test/undertest.strategy.selenium, +https://gitlab.com/wordpress-premium/advanced-custom-fields-pro, +https://gitlab.com/thelabnyc/wagtail-spa-integration, +https://gitlab.com/unidata-community-group/unidata-platform-ui, +https://gitlab.com/tastapod/jgotesting, +https://gitlab.com/tschorr/pyruvate, +https://gitlab.com/mrossinek/cobib, +https://gitlab.com/boldhearts/ros2_v4l2_camera, +https://gitlab.com/paolobenve/myphotoshare, +https://gitlab.com/phlint/phlint, +https://gitlab.com/latex-rubber/rubber, +https://gitlab.com/beenje/jupyterlab-gitlab, +https://gitlab.com/franksh/amphetype, +https://gitlab.com/ra_kete/structview-rs, +https://gitlab.com/maicos-devel/maicos, +https://gitlab.com/risse/pino, +https://gitlab.com/jeffdn/rust-canteen, +https://gitlab.com/pidila/scampi, +https://gitlab.com/commonground/haven/haven, +https://gitlab.com/crossref/crossref_commons_py, +https://gitlab.com/NebulousLabs/go-upnp, +https://gitlab.com/pokstad1/goprogs, +https://gitlab.com/catamphetamine/virtual-scroller, +https://gitlab.com/coala/coala-utils, +https://gitlab.com/qosenergy/squalus, +https://gitlab.com/catamphetamine/react-time-ago, +https://gitlab.com/sgrignard/serpyco, +https://gitlab.com/eyeo/adblockplus/ABPKit, +https://gitlab.com/kornelski/dunce, +https://gitlab.com/pulsechaincom/compressed-allocations, +https://gitlab.com/equilibrator/equilibrator-api, +https://gitlab.com/StanfordLegion/legion, +https://gitlab.com/mbedsys/citbx4gitlab, +https://gitlab.com/balping/ticketit-app, +https://gitlab.com/sfsm/sfsm, +https://gitlab.com/4U6U57/wsl-open, +https://gitlab.com/PerplexedPeach/dynamic-avatar-drawer, +https://gitlab.com/gitlab-org/gitlabktl, +https://gitlab.com/DigonIO/scheduler, +https://gitlab.com/gitlab-org/security-products/analyzers/secrets, +https://gitlab.com/ska-telescope/external/rascil, +https://gitlab.com/ymd_h/cpprb, +https://gitlab.com/tripetto/builder, +https://gitlab.com/viper-staking/cardano-tools, +https://gitlab.com/thelabnyc/wagtail-nav-menus, +https://gitlab.com/under-test/undertest.nuke, +https://gitlab.com/godot-stuff/gs-project-manager, +https://gitlab.com/penolove15/witness, +https://gitlab.com/SNCF/wcs, +https://gitlab.com/opennota/screengen, +https://gitlab.com/mexus/futures-retry, +https://gitlab.com/opennota/fb2index, +https://gitlab.com/inivation/dv/dv-python, +https://gitlab.com/stavros/pysignald, +https://gitlab.com/aidaspace/aidapy, +https://gitlab.com/datadrivendiscovery/automl-rpc, +https://gitlab.com/0bs1d1an/sr2t, +https://gitlab.com/MeldCE/first-draft, +https://gitlab.com/categulario/tiempo-rs, +https://gitlab.com/mbarkhau/markdown-katex, +https://gitlab.com/libvirt/libvirt-go, +https://gitlab.com/shaoxc/qepy, +https://gitlab.com/sebdeckers/tls-keygen, +https://gitlab.com/galacteek/galacteek, +https://gitlab.com/d3tn/ud3tn, +https://gitlab.com/huia-lang/stack-vm, +https://gitlab.com/alelec/pip-system-certs, +https://gitlab.com/blue-dragon/laravel-routes, +https://gitlab.com/bztsrc/model3d, +https://gitlab.com/hacklunch/ntsclient, +https://gitlab.com/giro3d/giro3d, +https://gitlab.com/noppo/gevent-websocket, +https://gitlab.com/gitlab-org/vulnerability-research/foss/lingo, +https://gitlab.com/lightning-signer/validating-lightning-signer, +https://gitlab.com/semkodev/nelson.cli, +https://gitlab.com/mbarkhau/pycalver, +https://gitlab.com/larswirzenius/obnam, +https://gitlab.com/antonok/taro, +https://gitlab.com/camlcase-dev/kotlin-tezos, +https://gitlab.com/benkuly/trixnity, +https://gitlab.com/dovereem/xtcetools, +https://gitlab.com/jkuebart/Leaflet.VectorTileLayer, +https://gitlab.com/sio4/code/alloc-counter, +https://gitlab.com/preserves/preserves, +https://gitlab.com/initforthe/stimulus-reveal, +https://gitlab.com/commonground/nlx, +https://gitlab.com/cryzed/hydrus-api, +https://gitlab.com/mauricemolli/petitRADTRANS, +https://gitlab.com/etke.cc/honoroit, +https://gitlab.com/silwol/freenukum, +https://gitlab.com/under-test/undertest.featurelint, +https://gitlab.com/tumult-labs/core, +https://gitlab.com/william.belanger/primenote, +https://gitlab.com/tangram-vision-oss/realsense-rust, +https://gitlab.com/twittner/minicbor, +https://gitlab.com/Kanedias/html2md, +https://gitlab.com/dr.sybren/skyfill, +https://gitlab.com/nul.one/rundoc, +https://gitlab.com/olaris/olaris-rename, +https://gitlab.com/mitchhentges/pip-compile-cross-platform, +https://gitlab.com/junte/junte-ui, +https://gitlab.com/energyincities/besos, +https://gitlab.com/jason-rumengan/pyarma, +https://gitlab.com/alantrick/django-agenda, +https://gitlab.com/GitLabRGI/erdc/geopackage-python, +https://gitlab.com/ayanaware/bento, +https://gitlab.com/nightlycommit/twing, +https://gitlab.com/kskarthik/monopriv, +https://gitlab.com/nerdocs/gdaps, +https://gitlab.com/leo.cazenille/qdpy, +https://gitlab.com/samthursfield/calliope, +https://gitlab.com/hectorjsmith/csharp-excel-vba-sync, +https://gitlab.com/clb1/svelte-ethers-store, +https://gitlab.com/smc/mlmorph, +https://gitlab.com/kaushalmodi/hugo-theme-refined, +https://gitlab.com/shaktiproject/tools/aapg, +https://gitlab.com/kris.leech/ma, +https://gitlab.com/python-actorio/actorio, +https://gitlab.com/openbridge/openbridge-css, +https://gitlab.com/hyask/swaysome, +https://gitlab.com/sebdeckers/unbundle, +https://gitlab.com/burrbull/softposit-rs, +https://gitlab.com/muspectre/muspectre, +https://gitlab.com/potato-oss/google-cloud/gcloud-tasks-emulator, +https://gitlab.com/m03geek/fastify-metrics, +https://gitlab.com/hoyle.hoyle/pynvr, +https://gitlab.com/cznic/b, +https://gitlab.com/brickhill/open-source/node-hill, +https://gitlab.com/gitlab-org/ci-cd/runner-tools/tlsctl, +https://gitlab.com/jarvis-network/apps/exchange/mono-repo, +https://gitlab.com/eshard/scared, +https://gitlab.com/crates.rs/cargo_toml, +https://gitlab.com/elixxir/crypto, +https://gitlab.com/ramiel/caravaggio, +https://gitlab.com/SiLA2/sila_java, +https://gitlab.com/pgjones/quart-auth, +https://gitlab.com/cab404/wg-bond, +https://gitlab.com/AmosEgel/smuthi, +https://gitlab.com/robigalia/sel4-sys, +https://gitlab.com/changelogs/changelog-manager, +https://gitlab.com/Shinobi-Systems/Shinobi-Installer, +https://gitlab.com/ing_rpaa/probatus, +https://gitlab.com/zaquestion/lab, +https://gitlab.com/thiblahute/mesonpep517, +https://gitlab.com/WhyNotHugo/shotman, +https://gitlab.com/thelabnyc/django-shopify-sync, +https://gitlab.com/truestream/tsfpga, +https://gitlab.com/william.belanger/qoob, +https://gitlab.com/pika-lab/tuprolog/2p-in-kotlin, +https://gitlab.com/Mojeer/django_components, +https://gitlab.com/rarenet/dfak, +https://gitlab.com/kskarthik/resto-hugo, +https://gitlab.com/ppopescu/logmasker, +https://gitlab.com/jorgecarleitao/starlette-oauth2-api, +https://gitlab.com/redwarn/redwarn-web, +https://gitlab.com/guballa/SubstitutionBreaker, +https://gitlab.com/Polkabot/polkabot, +https://gitlab.com/montag/vue-cli-plugin-gitlab-pages, +https://gitlab.com/polymer-kb/firmware/polymer, +https://gitlab.com/rweda/makerchip-app, +https://gitlab.com/gitlab-org/prometheus-client-mmap, +https://gitlab.com/bloom42/phaser, +https://gitlab.com/jonatasgrosman/findpapers, +https://gitlab.com/SirEdvin/sanic-oauth, +https://gitlab.com/kris.leech/wisper_next, +https://gitlab.com/gitlab-org/charts/components/gitlab-operator, +https://gitlab.com/companionlabs-opensource/classy-fastapi, +https://gitlab.com/gitlab-com/marketing/inbound-marketing/slippers-ui, +https://gitlab.com/mailman/mailman-hyperkitty, +https://gitlab.com/stavros/itsalive, +https://gitlab.com/rosaenlg-projects/rosaenlg, +https://gitlab.com/Emilv2/huawei-solar, +https://gitlab.com/gitlab-org/security-products/analyzers/phpcs-security-audit, +https://gitlab.com/EuropeanSpaceAgency/PyHole, +https://gitlab.com/mcoffin/fanctl, +https://gitlab.com/c1560/cryptofiscafacile, +https://gitlab.com/rndusr/i3barfodder, +https://gitlab.com/fluidattacks/product, +https://gitlab.com/ayanaware/bentocord, +https://gitlab.com/mosajjal/dnsmonster, +https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan, +https://gitlab.com/datadrivendiscovery/ta3ta2-api, +https://gitlab.com/jeffrey-xiao/probabilistic-collections-rs, +https://gitlab.com/ahau/whakapapa-ora, +https://gitlab.com/jerometwell/pynonymizer, +https://gitlab.com/sbeniamine/gitlab2zenodo, +https://gitlab.com/iam-cms/kadi-apy, +https://gitlab.com/annie-elequin/rn-matrix, +https://gitlab.com/cznic/libc, +https://gitlab.com/costrouc/pysrim, +https://gitlab.com/mexus/sedregex, +https://gitlab.com/synsense/rockpool, +https://gitlab.com/4degrees/clique, +https://gitlab.com/hsleisink/banshee, +https://gitlab.com/kornelski/wild, +https://gitlab.com/eladmaz/SSL-API, +https://gitlab.com/annyong/yeoboseyo, +https://gitlab.com/leadiq-oss/reactivemongo-zio, +https://gitlab.com/harth/superouter, +https://gitlab.com/leonhard-llc/ops, +https://gitlab.com/DarrienG/term-fireworks, +https://gitlab.com/etke.cc/ansible, +https://gitlab.com/beeper/linkedin, +https://gitlab.com/scpcorp/ScPrime, +https://gitlab.com/efunb/read_input, +https://gitlab.com/fpdpy/fpd, +https://gitlab.com/jochen.keil/dtlapse, +https://gitlab.com/tackv/spintop-openhtf, +https://gitlab.com/thorchain/midgard, +https://gitlab.com/testapp-system/file_picker_cross, +https://gitlab.com/ViDA-NYU/auctus/auctus, +https://gitlab.com/toby3d/telegram, +https://gitlab.com/tprodanov/bam, +https://gitlab.com/toby3d/telegraph, +https://gitlab.com/unit410/key-encoder, +https://gitlab.com/thelabnyc/django-vault-helpers, +https://gitlab.com/trupill/kind-generics, +https://gitlab.com/gitlab-ci-utils/pa11y-ci-reporter-html, +https://gitlab.com/pgjones/quart-cors, +https://gitlab.com/gitlab-org/security-products/security-report-schemas, +https://gitlab.com/EAVISE/brambox, +https://gitlab.com/avatar-cli/avatar-cli, +https://gitlab.com/rmcgregor/aio-msgpack-rpc, +https://gitlab.com/catamphetamine/javascript-time-ago, +https://gitlab.com/frissdiegurke/vuex-aspect, +https://gitlab.com/cznic/goyacc, +https://gitlab.com/reefphp/reef, +https://gitlab.com/frozo/noak, +https://gitlab.com/msvechla/es-rollover-controller, +https://gitlab.com/altom/altwalker/altwalker, +https://gitlab.com/castlecraft/building-blocks, +https://gitlab.com/matthiaseiholzer/mathru, +https://gitlab.com/lebedev.games/botox-di, +https://gitlab.com/relmendorp/avlwrapper, +https://gitlab.com/LMSAL_HUB/aia_hub/aiapy, +https://gitlab.com/dennis-hamester/dacite, +https://gitlab.com/soong_etl/soong, +https://gitlab.com/jonas.jasas/httprelay, +https://gitlab.com/davidpett/ember-cli-gitlab-ci, +https://gitlab.com/pac85/GameKernel, +https://gitlab.com/elvet/elvet, +https://gitlab.com/mkdocs-i18n/mkdocs-i18n, +https://gitlab.com/scmodding/frameworks/scdatatools, +https://gitlab.com/alantrick/django-vox, +https://gitlab.com/e257/accounting/tackler, +https://gitlab.com/Linaro/tuxsuite, +https://gitlab.com/gitlab-org/gitter/env, +https://gitlab.com/Mando75/typeorm-graphql-loader, +https://gitlab.com/cznic/golex, +https://gitlab.com/gitlab-org/configure/examples/kubernetes-agent, +https://gitlab.com/limira-rs/simi-project, +https://gitlab.com/jgreeley-group/graph-theory-surfaces, +https://gitlab.com/rhythnic/vuelidate-messages, +https://gitlab.com/recommend.games/board-game-recommender, +https://gitlab.com/2WeltenChris/openapi-red, +https://gitlab.com/SiLA2/sila_base, +https://gitlab.com/gparent/f1-2020-telemetry, +https://gitlab.com/andrewfulrich/barleytea, +https://gitlab.com/Freso/spotify2musicbrainz, +https://gitlab.com/nicocool84/spectrum2_signald, +https://gitlab.com/metasyntactical/composer-plugin-license-check, +https://gitlab.com/retnikt/flake9, +https://gitlab.com/radiology/infrastructure/xnatpy, +https://gitlab.com/kgroat/cypress-iframe, +https://gitlab.com/masaeedu/docker-client, +https://gitlab.com/dvolgyes/zenodo_get, +https://gitlab.com/IvanSanchez/Leaflet.TileLayer.MBTiles, +https://gitlab.com/Jellby/Pegamoid, +https://gitlab.com/moodlenet/moodlenet, +https://gitlab.com/stephane.ludwig/zeebe_python_grpc, +https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib, +https://gitlab.com/limira-rs/simi, +https://gitlab.com/granitosaurus/scrapy-test, +https://gitlab.com/bit-refined/ranges, +https://gitlab.com/fkrull/ostree-rs, +https://gitlab.com/akita/akita, +https://gitlab.com/gitlab-com/gl-infra/woodhouse, +https://gitlab.com/Queuecumber/torchjpeg, +https://gitlab.com/subplot/subplot, +https://gitlab.com/keatontaylor/alexapy, +https://gitlab.com/itayronen/gulp-uglify-es, +https://gitlab.com/non.est.sacra/zoomba, +https://gitlab.com/utopia-project/utopya, +https://gitlab.com/velocidex/velociraptor, +https://gitlab.com/utopia-project/dantro, +https://gitlab.com/ultreiaio/jgit-flow, +https://gitlab.com/wirepair/browserker, +https://gitlab.com/valeth/javelin, +https://gitlab.com/torresoftware/ubl21dian, +https://gitlab.com/videlec/pplpy, +https://gitlab.com/Tomkoid/blokator, +https://gitlab.com/tgc-dk/pysword, +https://gitlab.com/uninen/push-to-repo, +https://gitlab.com/woshilapin/cargo-sonar, +https://gitlab.com/wizlighting/wiz-local-control, +https://gitlab.com/under-test/undertest.featuretransform, +https://gitlab.com/wernerhp/load-shedding, +https://gitlab.com/timrs2998/newsie, +https://gitlab.com/jk0ne/DTL, +https://gitlab.com/g-braeunlich/ipyopt, +https://gitlab.com/diw-evu/emobpy/emobpy, +https://gitlab.com/mbarkhau/lib3to6, +https://gitlab.com/alelec/python-certifi-win32, +https://gitlab.com/sctlib/matrix-room-element, +https://gitlab.com/lockhead/odd-folk, +https://gitlab.com/esr/shimmer, +https://gitlab.com/nitsuga5124/lavalink-rs, +https://gitlab.com/jensj/myqueue, +https://gitlab.com/markuspichler/swmm_api, +https://gitlab.com/incoresemi/riscof, +https://gitlab.com/anarcat/undertime, +https://gitlab.com/hindawi/phenom, +https://gitlab.com/stavros/caduceus, +https://gitlab.com/skyhuborg/tracker, +https://gitlab.com/jakelazaroff/narrows, +https://gitlab.com/gitlab-de/go-excusegen, +https://gitlab.com/CinCan/cincan-command, +https://gitlab.com/domaindrivenarchitecture/dda-python-terraform, +https://gitlab.com/mpapp-public/prosemirror-recreate-steps, +https://gitlab.com/ales.genova/pbcpy, +https://gitlab.com/alelec/mpy_cross, +https://gitlab.com/4geit/react-packages, +https://gitlab.com/degoos/WetSponge, +https://gitlab.com/guywillett/django-searchable-encrypted-fields, +https://gitlab.com/Oslandia/pyris, +https://gitlab.com/elixxir/primitives, +https://gitlab.com/haggl/dotmgr, +https://gitlab.com/opengeoweb/opengeoweb, +https://gitlab.com/IvanSanchez/Leaflet.GLMarkers, +https://gitlab.com/kornelski/cargo-upgrades, +https://gitlab.com/fekits/mc-ratio, +https://gitlab.com/drosseau/degob, +https://gitlab.com/midigator/python_opentracing_async_instrumentation, +https://gitlab.com/pennersr/shove, +https://gitlab.com/orcalabs/public/dockertest-rs, +https://gitlab.com/pinage404/git-gamble, +https://gitlab.com/biomedit/sett, +https://gitlab.com/gitlab-org/incubation-engineering/ai-assist/dockter, +https://gitlab.com/elixxir/client, +https://gitlab.com/accumulatenetwork/accumulate, +https://gitlab.com/aweframework/awe, +https://gitlab.com/golangdojo/youtube, +https://gitlab.com/ahau/ssb-crut, +https://gitlab.com/mkit/open-source/gatsby-theme-password-protect, +https://gitlab.com/efficientip/solidserverrest, +https://gitlab.com/oddnetworks/oddworks/core, +https://gitlab.com/kqhivemind/hivemind, +https://gitlab.com/altispeed/linux-delta, +https://gitlab.com/nomadic-labs/resto, +https://gitlab.com/scion-scxml/scion, +https://gitlab.com/RemixDev/deezer-js, +https://gitlab.com/ouestware/neo4j-elasticsearch, +https://gitlab.com/pdftools/python-ghostscript, +https://gitlab.com/Makman2/respice, +https://gitlab.com/datadrivendiscovery/metadata, +https://gitlab.com/aroffringa/aoflagger, +https://gitlab.com/asuran-rs/libasuran, +https://gitlab.com/q-dev/q-client, +https://gitlab.com/kornelski/http-serde, +https://gitlab.com/monogoto.io/node-red-contrib-flow-manager, +https://gitlab.com/ipyopt-devs/ipyopt, +https://gitlab.com/dlr-ve/vencopy, +https://gitlab.com/nekokatt/hikari, +https://gitlab.com/djencks/asciidoctor-mathjax.js, +https://gitlab.com/imp/chrono-humanize-rs, +https://gitlab.com/dicr/yii2-telegram, +https://gitlab.com/cgps/nf-batch-runner, +https://gitlab.com/pharmony/active_record_migration_ui, +https://gitlab.com/IvanSanchez/glii, +https://gitlab.com/hepcedar/lhapdf, +https://gitlab.com/dlalic/gitlab-clippy, +https://gitlab.com/radek-sprta/mariner, +https://gitlab.com/allianceauth/django-esi, +https://gitlab.com/moneropay/moneropay, +https://gitlab.com/gitlab-org/git, +https://gitlab.com/etke.cc/buscarron, +https://gitlab.com/uweschmitt/pytest-regtest, +https://gitlab.com/thorchain/tss/go-tss, +https://gitlab.com/universis/universis, +https://gitlab.com/ViDA-NYU/d3m/alphad3m, +https://gitlab.com/zach-geek/hyper-launch-menu, +https://gitlab.com/yaroslaff/hashget, +https://gitlab.com/vstconsulting/vstutils, +https://gitlab.com/tripetto/editor, +https://gitlab.com/zerobias/effector, +https://gitlab.com/xmpp-rs/tokio-xmpp, +https://gitlab.com/tmuguet/hugo-split-gallery, +https://gitlab.com/what-digital/django-privacy-mgmt, +https://gitlab.com/tom.davidson/lolaus, +https://gitlab.com/ydkn/capistrano-git-copy, +https://gitlab.com/tezos-domains/client, +https://gitlab.com/Tuuux/galaxie-curses, +https://gitlab.com/tobias47n9e/wikibase_rs, +https://gitlab.com/oliasoft-open-source/react-ui-library, +https://gitlab.com/midas-mosaik/midas, +https://gitlab.com/shinzao/laravel-activation, +https://gitlab.com/ecocommons-australia/lib/drf-keycloak-auth, +https://gitlab.com/hindawi/phenom-types, +https://gitlab.com/librecube/lib/python-linkpredict, +https://gitlab.com/regen-network/regen-ledger, +https://gitlab.com/barfuin/text-tree, +https://gitlab.com/b0/libqtolm, +https://gitlab.com/JOSM/gradle-josm-plugin, +https://gitlab.com/gitlab-org/security-products/ci-templates, +https://gitlab.com/protesilaos/tempus-themes-generator, +https://gitlab.com/SiLA2/sila_csharp, +https://gitlab.com/hipsquare/strapi-plugin-keycloak, +https://gitlab.com/pgjones/quart-rate-limiter, +https://gitlab.com/biomedit/gpg-lite, +https://gitlab.com/bor-sh-infrastructure/libsaas_gitlab, +https://gitlab.com/haynes/libsass-maven-plugin, +https://gitlab.com/jfolz/simplejpeg, +https://gitlab.com/macmv/sugarcane, +https://gitlab.com/imp/cargo-info, +https://gitlab.com/mcepl/json_diff, +https://gitlab.com/qblox/packages/software/qblox_instruments, +https://gitlab.com/esa/pyxel, +https://gitlab.com/stevebob/mos6502, +https://gitlab.com/SiLA2/vendors/sila_tecan, +https://gitlab.com/bern-rtos/bern-rtos, +https://gitlab.com/hindawi/xpub/xpub-screening, +https://gitlab.com/Hares-Lab/openapi-parser, +https://gitlab.com/oscar6echo/ipyauth, +https://gitlab.com/cogment/cogment, +https://gitlab.com/stone.code/scov, +https://gitlab.com/sctlib/libli, +https://gitlab.com/remal/gradle-plugins, +https://gitlab.com/imbev/pywebcanvas, +https://gitlab.com/gitlab-org/security-products/analyzers/mobsf, +https://gitlab.com/RKIBioinformaticsPipelines/ncov_minipipe, +https://gitlab.com/cardoe/enum-primitive-derive, +https://gitlab.com/aboutyou/cloud-core/backbone-ts, +https://gitlab.com/mech-lang/core, +https://gitlab.com/dalibo/pglift, +https://gitlab.com/SiLA2/sila_python, +https://gitlab.com/Patiga/twmap, +https://gitlab.com/librespacefoundation/python-satellitetle, +https://gitlab.com/amv213/jumbo, +https://gitlab.com/ing_rpaa/ing_theme_matplotlib, +https://gitlab.com/qvex/vex-rt, +https://gitlab.com/appian-oss/appian-locust, +https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs, +https://gitlab.com/gitlab-org/gitlab-eslint-config, +https://gitlab.com/2WeltenChris/pekfinger-red, +https://gitlab.com/antora/antora-assembler, +https://gitlab.com/guystreeter/python-hwloc, +https://gitlab.com/alantrick/august, +https://gitlab.com/naqll/dynamodb-table-explorer, +https://gitlab.com/polyapp-open-source/polyapp, +https://gitlab.com/guballa/tlsmate, +https://gitlab.com/sequoia-pgp/sequoia-chameleon-gnupg, +https://gitlab.com/jeyred/schedic, +https://gitlab.com/Mayan-EDMS-NG/mayan-edms-ng, +https://gitlab.com/energyincities/python-ehub, +https://gitlab.com/lavitto/typo3-form-to-database, +https://gitlab.com/anphi/homeassistant-mqtt-binding, +https://gitlab.com/hectorjsmith/grafana-matrix-forwarder, +https://gitlab.com/bent10/stacked-menu, +https://gitlab.com/GeneralProtocols/anyhedge/library, +https://gitlab.com/andrejr/csnake, +https://gitlab.com/fabernovel/heart, +https://gitlab.com/gitlab-org/rubocop-gitlab-security, +https://gitlab.com/df-modding-tools/df-raw-language-server, +https://gitlab.com/arcfire/rumba, +https://gitlab.com/krr/IDP-Z3, +https://gitlab.com/h3/django-emailhub, +https://gitlab.com/etke.cc/miounne, +https://gitlab.com/axet/android-pdfium, +https://gitlab.com/prettyetc/prettyetc, +https://gitlab.com/nvidia/container-toolkit/libnvidia-container, +https://gitlab.com/infra.run/public/b3scale, +https://gitlab.com/paessler-labs/prtg-pyprobe, +https://gitlab.com/clock-8001/clock-8001, +https://gitlab.com/chrisrabotin/hyperdual, +https://gitlab.com/simspace-oss/xio, +https://gitlab.com/golang-commonmark/mdtool, +https://gitlab.com/limira-rs/mika, +https://gitlab.com/daingun/automatica, +https://gitlab.com/sqwishy/impetuous, +https://gitlab.com/abrosimov.a.a/qlua, +https://gitlab.com/gitlab-org/configure/examples/gitops-project, +https://gitlab.com/openbridge/openbridge-web-components, +https://gitlab.com/nvidia/container-toolkit/nvidia-docker, +https://gitlab.com/katyukha/odoo-rpc-client, +https://gitlab.com/l0nax/changelog-go, +https://gitlab.com/gridbugs/mos6502, +https://gitlab.com/Appirio/sfdx-node, +https://gitlab.com/gitlab-com/gl-infra/oncall-robot-assistant, +https://gitlab.com/golangdojo/bootcamp, +https://gitlab.com/OctoNezd/loggui, +https://gitlab.com/mailman/mailman-web, diff --git a/cron/internal/data/gitlab-projects-selected.csv b/cron/internal/data/gitlab-projects.csv similarity index 100% rename from cron/internal/data/gitlab-projects-selected.csv rename to cron/internal/data/gitlab-projects.csv diff --git a/cron/k8s/controller.release.yaml b/cron/k8s/controller.release.yaml index c03984a22e9..647c2a70f5a 100644 --- a/cron/k8s/controller.release.yaml +++ b/cron/k8s/controller.release.yaml @@ -55,7 +55,7 @@ spec: args: [ "--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.release.csv", - "cron/internal/data/gitlab-projects-selected.csv" + "cron/internal/data/gitlab-projects-releasetest.csv" ] imagePullPolicy: Always env: diff --git a/cron/k8s/controller.yaml b/cron/k8s/controller.yaml index 1944643fd12..a726cc9e20a 100644 --- a/cron/k8s/controller.yaml +++ b/cron/k8s/controller.yaml @@ -52,7 +52,11 @@ spec: containers: - name: controller image: gcr.io/openssf/scorecard-batch-controller:stable - args: ["--config=/etc/scorecard/config.yaml", "cron/internal/data/projects.csv"] + args: [ + "--config=/etc/scorecard/config.yaml", + "cron/internal/data/projects.csv", + "cron/internal/data/gitlab-projects.csv", + ] imagePullPolicy: Always env: - name: GOMEMLIMIT diff --git a/cron/k8s/worker.release.yaml b/cron/k8s/worker.release.yaml index b7f5e4a3fda..a0083a6e7a8 100644 --- a/cron/k8s/worker.release.yaml +++ b/cron/k8s/worker.release.yaml @@ -59,8 +59,6 @@ spec: key: auth_token - name: "SCORECARD_API_RESULTS_BUCKET_URL" value: "gs://ossf-scorecard-cron-releasetest-results" - - name: "SCORECARD_EXPERIMENTAL" - value: "true" volumeMounts: - name: config-volume mountPath: /etc/scorecard diff --git a/cron/k8s/worker.yaml b/cron/k8s/worker.yaml index 222f5ce0b6e..2441c624f0e 100644 --- a/cron/k8s/worker.yaml +++ b/cron/k8s/worker.yaml @@ -44,6 +44,11 @@ spec: secretKeyRef: name: github key: installation_id + - name: GITLAB_AUTH_TOKEN + valueFrom: + secretKeyRef: + name: gitlab + key: auth_token volumeMounts: - name: config-volume mountPath: /etc/scorecard From b1b1c4fd07562ad8f49bd7927505d8192289e9bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jun 2023 00:24:56 +0000 Subject: [PATCH 311/316] :seedling: Bump cloud.google.com/go/pubsub from 1.31.0 to 1.32.0 (#3233) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.31.0 to 1.32.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.31.0...pubsub/v1.32.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index a1e143f9a1c..e6ae12206a0 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( require ( cloud.google.com/go/bigquery v1.52.0 cloud.google.com/go/monitoring v1.15.0 // indirect - cloud.google.com/go/pubsub v1.31.0 + cloud.google.com/go/pubsub v1.32.0 cloud.google.com/go/trace v1.10.0 // indirect contrib.go.opencensus.io/exporter/stackdriver v0.13.14 github.com/bombsimon/logrusr/v2 v2.0.1 diff --git a/go.sum b/go.sum index e060bf8603b..8ee6abc722e 100644 --- a/go.sum +++ b/go.sum @@ -449,8 +449,9 @@ cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcd cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= -cloud.google.com/go/pubsub v1.31.0 h1:aXdyyJz90kA+bor9+6+xHAciMD5mj8v15WqFZ5E0sek= cloud.google.com/go/pubsub v1.31.0/go.mod h1:dYmJ3K97NCQ/e4OwZ20rD4Ym3Bu8Gu9m/aJdWQjdcks= +cloud.google.com/go/pubsub v1.32.0 h1:JOEkgEYBuUTHSyHS4TcqOFuWr+vD6qO/imsFqShUCp4= +cloud.google.com/go/pubsub v1.32.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= From 15b9046188bdf1bbf4df3ae68b4beac7221959ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Jun 2023 08:10:26 -0500 Subject: [PATCH 312/316] :seedling: Bump tj-actions/changed-files from 37.0.4 to 37.0.5 (#3239) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 37.0.4 to 37.0.5. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/bb3376162b179308a79fc4450262a15a8e1d6888...54849deb963ca9f24185fb5de2965e002d066e6b) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4df89239d27..2744c4c3743 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: 2 # needed to diff changed files - id: files name: Get changed files - uses: tj-actions/changed-files@bb3376162b179308a79fc4450262a15a8e1d6888 #v37.0.4 + uses: tj-actions/changed-files@54849deb963ca9f24185fb5de2965e002d066e6b #v37.0.5 with: files_ignore: '**.md' - id: docs_only_check From 13a0e7f19806f7df2a81ac0ca09cbdf3b2aa7fa9 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Fri, 30 Jun 2023 12:44:19 -0500 Subject: [PATCH 313/316] :seedling: Add test for attestor CLI (#3232) - Add a test for the `addSignFlags` function Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- attestor/command/cli_test.go | 62 ++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 attestor/command/cli_test.go diff --git a/attestor/command/cli_test.go b/attestor/command/cli_test.go new file mode 100644 index 00000000000..ca0a7d499a1 --- /dev/null +++ b/attestor/command/cli_test.go @@ -0,0 +1,62 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package command + +import ( + "testing" + + "github.com/spf13/cobra" +) + +func Test_addSignFlags(t *testing.T) { + type args struct { + cmd *cobra.Command + } + testName := "Test addSignFlags" + testArgs := args{ + cmd: &cobra.Command{}, + } + + t.Run(testName, func(t *testing.T) { + addSignFlags(testArgs.cmd) + // persistent flags of Image being set has to be tested in the integration test + if testArgs.cmd.PersistentFlags().Lookup("image") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'image'") + } + if testArgs.cmd.PersistentFlags().Lookup("attestation-project") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'attestation-project'") + } + if testArgs.cmd.PersistentFlags().Lookup("overwrite") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'overwrite'") + } + if testArgs.cmd.PersistentFlags().Lookup("kms-key-name") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'kms-key-name'") + } + if testArgs.cmd.PersistentFlags().Lookup("kms-digest-alg") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'kms-digest-alg'") + } + if testArgs.cmd.PersistentFlags().Lookup("pgp-private-key") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'pgp-private-key'") + } + if testArgs.cmd.PersistentFlags().Lookup("pgp-passphrase") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'pgp-passphrase'") + } + if testArgs.cmd.PersistentFlags().Lookup("pkix-private-key") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'pkix-private-key'") + } + if testArgs.cmd.PersistentFlags().Lookup("pkix-alg") == nil { + t.Errorf("addSignFlags() did not add persistent flag 'pkix-alg'") + } + }) +} From 6d828b716b935d8637ec8d397128032a8a5556e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 Jul 2023 14:49:38 +0000 Subject: [PATCH 314/316] :seedling: Bump github.com/goreleaser/goreleaser in /tools (#3238) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.18.2 to 1.19.1. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](https://github.com/goreleaser/goreleaser/compare/v1.18.2...v1.19.1) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tools/go.mod | 131 ++++---- tools/go.sum | 834 +++++++++++++++++++++++++++++++++++++-------------- 2 files changed, 683 insertions(+), 282 deletions(-) diff --git a/tools/go.mod b/tools/go.mod index fecbda84a3c..00e19ef35c3 100644 --- a/tools/go.mod +++ b/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/golangci/golangci-lint v1.52.2 github.com/google/addlicense v1.1.1 github.com/google/ko v0.14.1 - github.com/goreleaser/goreleaser v1.18.2 + github.com/goreleaser/goreleaser v1.19.1 github.com/naveensrinivasan/stunning-tribble v0.4.2 github.com/onsi/ginkgo/v2 v2.11.0 google.golang.org/protobuf v1.31.0 @@ -16,74 +16,74 @@ require ( require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect - cloud.google.com/go v0.110.0 // indirect - cloud.google.com/go/compute v1.19.1 // indirect + cloud.google.com/go v0.110.2 // indirect + cloud.google.com/go/compute v1.20.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v0.13.0 // indirect - cloud.google.com/go/kms v1.10.2 // indirect - cloud.google.com/go/storage v1.29.0 // indirect + cloud.google.com/go/iam v1.1.0 // indirect + cloud.google.com/go/kms v1.12.0 // indirect + cloud.google.com/go/storage v1.30.1 // indirect code.gitea.io/sdk/gitea v0.15.1 // indirect github.com/Abirdcfly/dupword v0.0.11 // indirect github.com/AlekSi/pointer v1.2.0 // indirect github.com/Antonboom/errname v0.1.9 // indirect github.com/Antonboom/nilnil v0.1.3 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest v0.11.29 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig v2.22.0+incompatible // indirect + github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OpenPeeDeeP/depguard v1.1.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect - github.com/acomagu/bufpipe v1.0.3 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec // indirect + github.com/acomagu/bufpipe v1.0.4 // indirect github.com/alessio/shellescape v1.4.1 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/ashanbrown/forbidigo v1.5.1 // indirect github.com/ashanbrown/makezero v1.1.1 // indirect - github.com/atc0005/go-teams-notify/v2 v2.7.0 // indirect - github.com/aws/aws-sdk-go v1.44.259 // indirect - github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect + github.com/atc0005/go-teams-notify/v2 v2.7.1 // indirect + github.com/aws/aws-sdk-go v1.44.284 // indirect + github.com/aws/aws-sdk-go-v2 v1.18.1 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect - github.com/aws/aws-sdk-go-v2/config v1.18.23 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.13.22 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.27 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 // indirect github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 // indirect - github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.22.2 // indirect + github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect github.com/aws/smithy-go v1.13.5 // indirect github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect @@ -97,11 +97,11 @@ require ( github.com/breml/errchkjson v0.3.1 // indirect github.com/butuzov/ireturn v0.1.1 // indirect github.com/caarlos0/ctrlc v1.2.0 // indirect - github.com/caarlos0/env/v8 v8.0.0 // indirect + github.com/caarlos0/env/v9 v9.0.0 // indirect github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect github.com/caarlos0/go-shellwords v1.0.12 // indirect github.com/caarlos0/go-version v0.1.1 // indirect - github.com/caarlos0/log v0.4.1 // indirect + github.com/caarlos0/log v0.4.2 // indirect github.com/cavaliergopher/cpio v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -120,8 +120,8 @@ require ( github.com/dghubble/oauth1 v0.7.2 // indirect github.com/dghubble/sling v1.4.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/disgoorg/disgo v0.16.3 // indirect - github.com/disgoorg/json v1.0.0 // indirect + github.com/disgoorg/disgo v0.16.7 // indirect + github.com/disgoorg/json v1.1.0 // indirect github.com/disgoorg/log v1.2.0 // indirect github.com/disgoorg/snowflake/v2 v2.0.1 // indirect github.com/docker/cli v23.0.5+incompatible // indirect @@ -142,14 +142,14 @@ require ( github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect github.com/go-critic/go-critic v0.7.0 // indirect - github.com/go-git/gcfg v1.5.0 // indirect - github.com/go-git/go-billy/v5 v5.3.1 // indirect - github.com/go-git/go-git/v5 v5.4.2 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.4.1 // indirect + github.com/go-git/go-git/v5 v5.7.0 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/loads v0.21.2 // indirect github.com/go-openapi/runtime v0.26.0 // indirect github.com/go-openapi/spec v0.20.9 // indirect @@ -183,19 +183,19 @@ require ( github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/go-containerregistry v0.15.2 // indirect - github.com/google/go-github/v50 v50.2.0 // indirect + github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b // indirect - github.com/google/s2a-go v0.1.3 // indirect + github.com/google/pprof v0.0.0-20230406165453-00490a63f317 // indirect + github.com/google/s2a-go v0.1.4 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/uuid v1.3.0 // indirect github.com/google/wire v0.5.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.8.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 // indirect - github.com/goreleaser/chglog v0.4.2 // indirect + github.com/goreleaser/chglog v0.5.0 // indirect github.com/goreleaser/fileglob v1.3.0 // indirect - github.com/goreleaser/nfpm/v2 v2.29.0 // indirect + github.com/goreleaser/nfpm/v2 v2.31.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gostaticanalysis/analysisutil v0.7.1 // indirect github.com/gostaticanalysis/comment v1.4.2 // indirect @@ -208,9 +208,9 @@ require ( github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hexops/gotextdiff v1.0.3 // indirect - github.com/huandu/xstrings v1.3.2 // indirect + github.com/huandu/xstrings v1.3.3 // indirect github.com/iancoleman/orderedmap v0.2.0 // indirect - github.com/imdario/mergo v0.3.15 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/invopop/jsonschema v0.7.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect @@ -225,7 +225,7 @@ require ( github.com/kisielk/errcheck v1.6.3 // indirect github.com/kisielk/gotool v1.0.0 // indirect github.com/kkHAIKE/contextcheck v1.1.4 // indirect - github.com/klauspost/compress v1.16.5 // indirect + github.com/klauspost/compress v1.16.6 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/kulti/thelper v0.6.3 // indirect github.com/kunwardeep/paralleltest v1.0.6 // indirect @@ -243,7 +243,7 @@ require ( github.com/maratori/testpackage v1.1.1 // indirect github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.17 // indirect + github.com/mattn/go-isatty v0.0.18 // indirect github.com/mattn/go-mastodon v0.0.6 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect @@ -259,7 +259,7 @@ require ( github.com/muesli/mango-pflag v0.1.0 // indirect github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/roff v0.1.0 // indirect - github.com/muesli/termenv v0.15.1 // indirect + github.com/muesli/termenv v0.15.2 // indirect github.com/nakabonne/nestif v0.3.1 // indirect github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect github.com/nishanths/exhaustive v0.9.5 // indirect @@ -271,6 +271,7 @@ require ( github.com/opencontainers/image-spec v1.1.0-rc3 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -294,6 +295,7 @@ require ( github.com/securego/gosec/v2 v2.15.0 // indirect github.com/sergi/go-diff v1.2.0 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect + github.com/shopspring/decimal v1.2.0 // indirect github.com/sigstore/cosign/v2 v2.0.3-0.20230523133326-0544abd8fc8a // indirect github.com/sigstore/rekor v1.2.0 // indirect github.com/sigstore/sigstore v1.6.4 // indirect @@ -301,6 +303,7 @@ require ( github.com/sivchari/containedctx v1.0.2 // indirect github.com/sivchari/nosnakecase v1.7.0 // indirect github.com/sivchari/tenv v1.7.1 // indirect + github.com/skeema/knownhosts v1.1.1 // indirect github.com/slack-go/slack v0.12.2 // indirect github.com/sonatard/noctx v0.0.2 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect @@ -313,7 +316,7 @@ require ( github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect github.com/stretchr/objx v0.5.0 // indirect - github.com/stretchr/testify v1.8.3 // indirect + github.com/stretchr/testify v1.8.4 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect github.com/tdakkota/asciicheck v0.2.0 // indirect @@ -332,25 +335,25 @@ require ( github.com/uudashr/gocognit v1.0.6 // indirect github.com/vbatts/tar-split v0.11.3 // indirect github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 // indirect - github.com/xanzy/go-gitlab v0.83.0 // indirect - github.com/xanzy/ssh-agent v0.3.1 // indirect + github.com/xanzy/go-gitlab v0.86.0 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.2.0 // indirect gitlab.com/bosi/decorder v0.2.3 // indirect gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect go.mongodb.org/mongo-driver v1.11.3 // indirect go.opencensus.io v0.24.0 // indirect - go.uber.org/atomic v1.10.0 // indirect + go.uber.org/atomic v1.11.0 // indirect go.uber.org/automaxprocs v1.5.2 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect - gocloud.dev v0.29.0 // indirect + gocloud.dev v0.30.0 // indirect golang.org/x/crypto v0.10.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect golang.org/x/mod v0.11.0 // indirect golang.org/x/net v0.11.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/oauth2 v0.9.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.9.0 // indirect golang.org/x/term v0.9.0 // indirect @@ -358,10 +361,12 @@ require ( golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.10.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.123.0 // indirect + google.golang.org/api v0.128.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - google.golang.org/grpc v1.55.0 // indirect + google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/grpc v1.56.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/mail.v2 v2.3.1 // indirect diff --git a/tools/go.sum b/tools/go.sum index f1d1237f868..df5239266ec 100644 --- a/tools/go.sum +++ b/tools/go.sum @@ -42,50 +42,85 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= -cloud.google.com/go v0.109.0/go.mod h1:2sYycXt75t/CSB5R9M2wPU1tJmire7AQZTPtITcGBVE= -cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= +cloud.google.com/go v0.110.2 h1:sdFPBr6xG9/wkBbfhmUz/JmZC7X6LavQgcrVINrKiVA= +cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= +cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= +cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= +cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= +cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= +cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= +cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= +cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= +cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= +cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= +cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= +cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= +cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= +cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= +cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= +cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= +cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= +cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= +cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= +cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= +cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= +cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI= +cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= +cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= +cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= +cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= +cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= +cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= +cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= +cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= +cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= +cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= +cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= +cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -95,26 +130,42 @@ cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM7 cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E= +cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= +cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= +cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= +cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= +cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= +cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= +cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= +cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= +cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= +cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= +cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= +cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= +cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= +cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= +cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= @@ -128,174 +179,266 @@ cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARy cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= -cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= +cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= +cloud.google.com/go/compute v1.20.0 h1:cUOcywWuowO9It2i1KX1lIb0HH7gLv6nENKuZGnlcSo= +cloud.google.com/go/compute v1.20.0/go.mod h1:kn5BhC++qUWR/AM3Dn21myV7QbgqejW04cAOrtppaQI= cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= -cloud.google.com/go/compute/metadata v0.2.2/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= +cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= +cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= +cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= +cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= +cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= +cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= +cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= +cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= +cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= +cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= +cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= +cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= +cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= +cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= +cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= +cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= +cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= +cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= +cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= +cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= +cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= +cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= +cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= +cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= +cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= +cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= +cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= +cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= +cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= +cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= +cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= +cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/firestore v1.10.0/go.mod h1:eAeoQCV8F35Mcy4k8ZrQbcSYZOayIwoiU7ZJ6xzH1+o= cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= +cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= +cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= +cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= +cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= +cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= +cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= +cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= +cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= -cloud.google.com/go/iam v0.10.0/go.mod h1:nXAECrMt2qHpF6RZUZseteD6QyanL68reN4OXPw0UWM= -cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= +cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= +cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= +cloud.google.com/go/iam v1.0.1/go.mod h1:yR3tmSL8BcZB4bxByRv2jkSIahVmCtfKZwLYGBalRE8= +cloud.google.com/go/iam v1.1.0 h1:67gSqaPukx7O8WLLHMa0PNs3EBGd2eE4d+psbO/CO94= +cloud.google.com/go/iam v1.1.0/go.mod h1:nxdHjaKfCr7fNYx/HJMM8LgiMugmveWlkatear5gVyk= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= +cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= +cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= +cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= +cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= +cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= +cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= -cloud.google.com/go/kms v1.10.2 h1:8UePKEypK3SQ6g+4mn/s/VgE5L7XOh+FwGGRUqvY3Hw= +cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= +cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= +cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= cloud.google.com/go/kms v1.10.2/go.mod h1:9mX3Q6pdroWzL20pbK6RaOdBbXBEhMNgK4Pfz2bweb4= +cloud.google.com/go/kms v1.12.0 h1:IEYV44WsGc6yVO1PlvnRlYzsHM2ImpB598Cglh/3uGw= +cloud.google.com/go/kms v1.12.0/go.mod h1:syfpIBSOqQ/ZqK48RLPkwUhFhvbsA1SyGAq/vPohd20= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= +cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= +cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.4.0/go.mod h1:eF3Qsw58iX/bkKtVjMTYpH0LRjQ2goDkjkNQTlzq/ZM= -cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= +cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= +cloud.google.com/go/longrunning v0.4.2/go.mod h1:OHrnaYyLUV6oqwh0xiS7e5sLQhP1m0QU9R+WhGDMgIQ= +cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= +cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= +cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= +cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= +cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= +cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= cloud.google.com/go/monitoring v1.1.0/go.mod h1:L81pzz7HKn14QCMaCs6NTQkdBnE87TElyanS95vIcl4= cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= +cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= +cloud.google.com/go/monitoring v1.15.0/go.mod h1:/LPLNIY93ZtCpPKuO38kEYh+WhhiqIt8HYch2srelRM= cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= +cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= +cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= +cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= +cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= +cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= +cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= +cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= +cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= +cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= +cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= +cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= +cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= +cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= +cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= +cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -303,67 +446,104 @@ cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjp cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= +cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= +cloud.google.com/go/pubsub v1.31.0/go.mod h1:dYmJ3K97NCQ/e4OwZ20rD4Ym3Bu8Gu9m/aJdWQjdcks= cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= +cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= +cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= +cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= +cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= +cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= +cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= +cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= +cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= +cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= +cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= +cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= +cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= +cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= +cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= +cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= +cloud.google.com/go/secretmanager v1.11.0/go.mod h1:qeQq0/jyJqrGeULu0GkRsVSPKTvf98AEqJnuEIQiJwA= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= +cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= +cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= +cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= +cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= +cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= +cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc= +cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= +cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= +cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= +cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= +cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= +cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec= +cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= +cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= +cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= +cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= +cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= +cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -374,58 +554,86 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= -cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI= cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storage v1.30.1 h1:uOdMxAs8HExqBlnLtnQyP0YkvbiDpdGShGKtx6U/oNM= +cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= +cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= +cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= +cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= +cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= +cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= cloud.google.com/go/trace v1.0.0/go.mod h1:4iErSByzxkyHWzzlAj63/Gmjz0NH1ASqhJguHpGcr6A= cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= +cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= +cloud.google.com/go/trace v1.10.0/go.mod h1:X3g0Th7+AIjj4rUVhv9JpMv7jpsRIJ9et+wYjCHYbQs= cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= +cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= +cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= +cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= +cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= +cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= +cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= +cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= +cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= +cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= +cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= +cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= +cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= +cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= +cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= +cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= +cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= +cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= +cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c/go.mod h1:QD9Lzhd/ux6eNQVUDVRJX/RKTigpewimNYBi7ivZKY8= code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= -contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= +contrib.go.opencensus.io/exporter/aws v0.0.0-20230502192102-15967c811cec/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/stackdriver v0.13.14/go.mod h1:5pSSGY0Bhuk7waTHuDf4aQ8D2DrhgETRo9fy6k3Xlzc= contrib.go.opencensus.io/integrations/ocsql v0.1.7/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= +git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/Abirdcfly/dupword v0.0.11 h1:z6v8rMETchZXUIuHxYNmlUAuKuB21PeaSymTed16wgU= github.com/Abirdcfly/dupword v0.0.11/go.mod h1:wH8mVGuf3CP5fsBTkfWwwwKTjDnVVCxtU8d8rgeVYXA= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= @@ -443,29 +651,33 @@ github.com/Azure/azure-sdk-for-go v66.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.2/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.0/go.mod h1:tZoQYdDZNOiIjdSn0dVWVfl0NEPGOJqVLzSrcFk4Is0= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1 h1:gVXuXcWd1i4C2Ruxe321aU+IKGaStvGB/S90PUPB/W8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.3.1/go.mod h1:DffdKW9RFqa5VgmsjUOsS7UE7eiA5iAvYUs63bhKQ0M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1 h1:SEy2xmstIphdPwNBUi7uhvjyjhVKISfwjfOJmuy7kg4= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1 h1:T8quHYlUGyb/oqtSTwqlCr1ilJHrDv+ZtpSfo+hm1BU= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.1/go.mod h1:gLa1CL2RNE4s7M3yopJ/p0iq5DdY6Yv5ZUt9MTRZOQM= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 h1:vcYCAze6p19qBW7MhZybIsqD8sMV8js0NyQM8JDnVtg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U= github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.1/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2 h1:+5VZ72z0Qan5Bog5C+ZkgSqUbeVUd9wgtHOrIKuc5b8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0 h1:TOFrNxfjslms5nLLIMjW7N0+zSALX4KiGsptmpb16AA= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.9.0/go.mod h1:EAyXOW1F6BTJPiK2pDvmnvxOHPxoTYWoqBeIlql+QhI= -github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.0/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= +github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= -github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.2.0/go.mod h1:R6+0udeRV8iYSTVuT5RT7If4sc46K5Bz3ZKrmvZQF7U= +github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus v1.4.0/go.mod h1:pXDkeh10bAqElvd+S5Ppncj+DCKvJGXNa8rRT2R7rIw= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4Qufg58y+qElGOt5qv0z1mURkRY= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag= github.com/Azure/go-amqp v0.17.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= -github.com/Azure/go-amqp v0.18.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= +github.com/Azure/go-amqp v1.0.0/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= +github.com/Azure/go-amqp v1.0.1/go.mod h1:+bg0x3ce5+Q3ahCEXnCsGG3ETpDQe3MEVnOuT2ywPwc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= @@ -484,8 +696,9 @@ github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQW github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= -github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= +github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= +github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= @@ -507,8 +720,9 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= -github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1 h1:oPdPEZFSbl7oSPEAIPMPBMUmiL+mqgzBJwM/9qYcwNg= github.com/AzureAD/microsoft-authentication-library-for-go v0.8.1/go.mod h1:4qFor3D/HDsvBME35Xy9rwW9DecL+M2sNw1ybjPtwA0= +github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 h1:OBhqkivkhkMqLPymWEppkm7vgPQY2XsHoEkaMQ0AdZY= +github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= @@ -520,19 +734,21 @@ github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rW github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 h1:+r1rSv4gvYn0wmRjC8X7IAzX8QezqtFV9m0MUHFJgts= github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0/go.mod h1:b3g59n2Y+T5xmcxJL+UEG2f8cQploZm1mR/v6BW0mU0= -github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.2/go.mod h1:uqoR4sJc63p7ugW8a/vsEspOsNuehbi7ptS2CHCyOnY= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.33.7/go.mod h1:JBp/RvKNOoIkR5BdMSXswBksHcPZ/41sbBV+GhSjgMY= github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= +github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= -github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= @@ -541,8 +757,9 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= -github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= @@ -564,11 +781,10 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEV github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.1.1 h1:TSUznLjvp/4IUP+OQ0t/4jF4QUyxIcVX8YnghZdunyA= github.com/OpenPeeDeeP/depguard v1.1.1/go.mod h1:JtAMzWkmFEzDPyAd+W0NHl1lvpQKTvT9jnRVsohBKpc= -github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-mime v0.0.0-20190923161245-9b5a4261663a h1:W6RrgN/sTxg1msqzFFb+G80MFmpjMw61IU+slm+wln4= -github.com/ProtonMail/gopenpgp/v2 v2.2.2 h1:u2m7xt+CZWj88qK1UUNBoXeJCFJwJCZ/Ff4ymGoxEXs= +github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec h1:vV3RryLxt42+ZIVOFbYJCH1jsZNTNmj2NYru5zfx+4E= +github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= +github.com/ProtonMail/gopenpgp/v2 v2.7.1 h1:Awsg7MPc2gD3I7IFac2qE3Gdls0lZW8SzrFZ3k1oz0s= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= @@ -577,10 +793,15 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:H github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= -github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= -github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= +github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= +github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= +github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= +github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= +github.com/alecthomas/kingpin/v2 v2.3.1/go.mod h1:oYL5vtsvEHZGHxU7DMp32Dvx+qL+ptGn6lWaot2vCNE= +github.com/alecthomas/kingpin/v2 v2.3.2/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -595,15 +816,19 @@ github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pO github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE= github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw= github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= -github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= +github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.3/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.9/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= +github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+3JqfkOG4= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -617,8 +842,8 @@ github.com/ashanbrown/forbidigo v1.5.1 h1:WXhzLjOlnuDYPYQo/eFlcFMi8X/kLfvWLYu6CS github.com/ashanbrown/forbidigo v1.5.1/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU= github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= -github.com/atc0005/go-teams-notify/v2 v2.7.0 h1:yRKblRTM/v+FnbibPAQiBcgT+aUBn/8zj9E/UxBdIRg= -github.com/atc0005/go-teams-notify/v2 v2.7.0/go.mod h1:nJeYAr8U1KtT376MUHHiy47nqy/4Mn0UR8veVQxdMcM= +github.com/atc0005/go-teams-notify/v2 v2.7.1 h1:ksY4tG9KAIzx9BJrBYqq5CZaVMk+WrlgsxwrLV5wUVQ= +github.com/atc0005/go-teams-notify/v2 v2.7.1/go.mod h1:wm/+j2d5u6Rg0BeAwp1T5YXhEhf3uRMZAEwP6ZY6TRg= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= @@ -626,51 +851,43 @@ github.com/aws/aws-sdk-go v1.40.45/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm github.com/aws/aws-sdk-go v1.43.11/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.44.156/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.187/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.200/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/aws/aws-sdk-go v1.44.259 h1:7yDn1dcv4DZFMKpu+2exIH5O6ipNj9qXrKfdMUaIJwY= -github.com/aws/aws-sdk-go v1.44.259/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.245/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.284 h1:Oc5Kubi43/VCkerlt3ZU3KpBju6BpNkoG3s7E8vj/O8= +github.com/aws/aws-sdk-go v1.44.284/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go-v2 v1.9.1/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4= github.com/aws/aws-sdk-go-v2 v1.16.7/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.8/go.mod h1:6CpKuLXg2w7If3ABZCl/qZ6rEgwtjZTn4eAf4RcEyuw= github.com/aws/aws-sdk-go-v2 v1.16.11/go.mod h1:WTACcleLz6VZTp7fak4EO5b9Q4foxbn+8PIz3PmyKlo= -github.com/aws/aws-sdk-go-v2 v1.17.4/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= -github.com/aws/aws-sdk-go-v2 v1.18.0 h1:882kkTpSFhdgYRKVZ/VCgf7sd0ru57p2JCxz4/oN5RY= -github.com/aws/aws-sdk-go-v2 v1.18.0/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= +github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo= +github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno= github.com/aws/aws-sdk-go-v2/config v1.15.15/go.mod h1:A1Lzyy/o21I5/s2FbyX5AevQfSVXpvvIDCoVFD0BC4E= -github.com/aws/aws-sdk-go-v2/config v1.18.12/go.mod h1:J36fOhj1LQBr+O4hJCiT8FwVvieeoSGOtPuvhKlsNu8= -github.com/aws/aws-sdk-go-v2/config v1.18.23 h1:gc3lPsAnZpwfi2exupmgHfva0JiAY2BWDg5JWYlmA28= -github.com/aws/aws-sdk-go-v2/config v1.18.23/go.mod h1:rx0ruaQ+gk3OrLFHRRx56lA//XxP8K8uPzeNiKNuWVY= +github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA= +github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw= github.com/aws/aws-sdk-go-v2/credentials v1.12.10/go.mod h1:g5eIM5XRs/OzIIK81QMBl+dAuDyoLN0VYaLP+tBqEOk= -github.com/aws/aws-sdk-go-v2/credentials v1.13.12/go.mod h1:37HG2MBroXK3jXfxVGtbM2J48ra2+Ltu+tmwr/jO0KA= -github.com/aws/aws-sdk-go-v2/credentials v1.13.22 h1:Hp9rwJS4giQ48xqonRV/s7QcDf/wxF6UY7osRmBabvI= -github.com/aws/aws-sdk-go-v2/credentials v1.13.22/go.mod h1:BfNcm6A9nSd+bzejDcMJ5RE+k6WbkCwWkQil7q4heRk= +github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk= +github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9/go.mod h1:KDCCm4ONIdHtUloDcFvK2+vshZvx4Zmj7UMDfusuz5s= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.22/go.mod h1:YGSIJyQ6D6FjKMQh16hVFSIUD54L4F7zTGePqYMYYJU= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 h1:jJPgroehGvjrde3XufFIJUZVK5A2L9a3KwSFgKy9n8w= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3/go.mod h1:4Q0UFP0YJf0NrsEuEYHpM9fTSEVnD16Z3uyEF7J9JGM= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51 h1:iTFYCAdKzSAjGnVIUe88Hxvix0uaBqr0Rv7qJEOX5hE= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.51/go.mod h1:7Grl2gV+dx9SWrUIgwwlUvU40t7+lOSbx34XwfmsTkY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.14/go.mod h1:kdjrMwHwrC3+FsKhNcCMJ7tUVj/8uSD5CZXeQ4wV6fM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15/go.mod h1:pWrr2OoHlT7M/Pd2y4HV3gJyPb3qj5qMmnPkKSNPYK4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18/go.mod h1:348MLhzV1GSlZSMusdwQpXKbhD7X2gbI/TxwAPKkYZQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.28/go.mod h1:3lwChorpIM/BhImY/hy+Z6jekmN92cXGPI1QJasVPYY= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 h1:kG5eQilShqmJbv11XL1VpyDbaEJzWxd4zRiCG30GSn4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33/go.mod h1:7i0PF1ME/2eUPFcjkVIwq+DOygHEoK92t5cDqNgYbIw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.8/go.mod h1:ZIV8GYoC6WLBW5KGs+o4rsc65/ozd+eQ0L31XF5VDwk= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.9/go.mod h1:08tUpeSGN33QKSO7fwxXczNfiwCpbj+GxK6XKwqWVv0= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12/go.mod h1:ckaCVTEdGAxO6KwTGzgskxR1xM+iJW4lxMyDFVda2Fc= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.22/go.mod h1:EqK7gVrIGAHyZItrD1D8B0ilgwMD1GiWAmbU4u/JHNk= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 h1:vFQlirhuM8lLlpI7imKOMsjdQLuN9CPi+k44F/OFVsk= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27/go.mod h1:UrHnn3QV/d0pBZ6QBAEQcqFLf8FAzLmoUfPVIueOvoM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw= github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16/go.mod h1:CYmI+7x03jjJih8kBEEFKRQc40UjUokT0k7GbvrhhTc= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.29/go.mod h1:TwuqRBGzxjQJIwH16/fOZodwXt2Zxa9/cwJC5ke4j7s= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 h1:gGLG7yKaXG02/jBlg210R7VgQIotiQntNhsCFejawx8= -github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34/go.mod h1:Etz2dj6UHYuw+Xw830KfzCfWGMzqvUTCjUj5b76GVDc= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19 h1:FGvpyTg2LKEmMrLlpjOgkoNp9XF5CGeyAyo33LdqZW8= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.19/go.mod h1:8W88sW3PjamQpKFUQvHWWKay6ARsNvZnzU7+a4apubw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0= github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.8.1/go.mod h1:CM+19rL1+4dFWnOQKwDc7H1KwXTz+h61oUSHyhV0b3o= github.com/aws/aws-sdk-go-v2/service/ecr v1.17.9/go.mod h1:fkIc4qe3SfQhPt/HAmDG7DJMjMBHElHV44axRyUSojA= github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 h1:qBuF6exFzbKurzWqBR+7ptvnuKuWipm9LclsB7A/AUo= @@ -680,34 +897,29 @@ github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 h1:JfDKV54iJuX2YE1NzzHMQ github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12/go.mod h1:Hcfe3RBksYrl0fgSxZ4wvhSt6IiZBh+VlkaTKQLu9PE= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23 h1:c5+bNdV8E4fIPteWx4HZSkqI07oY9exbfQ7JH7Yx4PI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.23/go.mod h1:1jcUfF+FAOEwtIcNiHPaV4TSoZqkUIPzrohmD7fb95c= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9/go.mod h1:yQowTpvdZkFVuHrLBXmczat4W+WJKg/PafBZnGBLga0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.22/go.mod h1:xt0Au8yPIwYXf/GYPy/vl4K3CgwhfQMYbrH7DlUUIws= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 h1:0iKliEXAcCa2qVtRs7Ot5hItA2MsufrphbRFlz1Owxo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27/go.mod h1:EOwBD4J4S5qYszS5/3DpkejfuK+Z5/1uzICfPaZLtqw= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22 h1:ISLJ2BKXe4zzyZ7mp5ewKECiw0U7KpLgS3S6OxY9Cm0= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.22/go.mod h1:QFVbqK54XArazLvn2wvWMRBi/jGrWii46qbr5DyPGjc= -github.com/aws/aws-sdk-go-v2/service/kms v1.20.2/go.mod h1:vdqtUOdVuf5ooy+hJ2GnzqNo94xiAA9s1xbZ1hQgRE0= -github.com/aws/aws-sdk-go-v2/service/kms v1.21.1 h1:Q03Jqh1enA8keCiGZpLetpk58Ll9iGejE5bOErxyGAU= -github.com/aws/aws-sdk-go-v2/service/kms v1.21.1/go.mod h1:EEfb4gfSphdVpRo5sGf2W3KvJbelYUno5VaXR5MJ3z4= -github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2 h1:5EQWIFO+Hc8E2hFcXQJ1vm6ufl/PMt/6RVRDZRju2vM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.30.2/go.mod h1:SXDHd6fI2RhqB7vmAzyYQCTQnpZrIprVJvYxpzW3JAM= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.18.3/go.mod h1:hqPcyOuLU6yWIbLy3qMnQnmidgKuIEwqIlW6+chYnog= -github.com/aws/aws-sdk-go-v2/service/sns v1.20.2/go.mod h1:VN2n9SOMS1lNbh5YD7o+ho0/rgfifSrK//YYNiVVF5E= -github.com/aws/aws-sdk-go-v2/service/sqs v1.20.2/go.mod h1:1ttxGjUHZliCQMpPss1sU5+Ph/5NvdMFRzr96bv8gm0= -github.com/aws/aws-sdk-go-v2/service/ssm v1.35.2/go.mod h1:VLSz2SHUKYFSOlXB/GlXoLU6KPYQJAbw7I20TDJdyws= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM= +github.com/aws/aws-sdk-go-v2/service/kms v1.22.2 h1:jwmtdM1/l1DRNy5jQrrYpsQm8zwetkgeqhAqefDr1yI= +github.com/aws/aws-sdk-go-v2/service/kms v1.22.2/go.mod h1:aNfh11Smy55o65PB3MyKbkM8BFyFUcZmj1k+4g8eNfg= +github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o= +github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10/go.mod h1:ezn6mzIRqTPdAbDpm03dx4y9g6rvGRb2q33wS76dCxw= +github.com/aws/aws-sdk-go-v2/service/sns v1.20.13/go.mod h1:rWrvp9i8y/lX94lS7Kn/0iu9RY6vXzeKRqS/knVX8/c= +github.com/aws/aws-sdk-go-v2/service/sqs v1.23.2/go.mod h1:TaV67b6JMD1988x/uMDop/JnMFK6v5d4Ru+sDmFg+ww= +github.com/aws/aws-sdk-go-v2/service/ssm v1.36.6/go.mod h1:NdyMyZH/FzmCaybTrVMBD0nTCGrs1G4cOPKHFywx9Ns= github.com/aws/aws-sdk-go-v2/service/sso v1.11.13/go.mod h1:d7ptRksDDgvXaUvxyHZ9SYh+iMDymm94JbVcgvSYSzU= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.1/go.mod h1:IgV8l3sj22nQDd5qcAGY0WenwCzCphqdbFOpfktZPrI= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 h1:UBQjaMTCKwyUYwiVnUt6toEJwGXsLBI6al083tpjJzY= -github.com/aws/aws-sdk-go-v2/service/sso v1.12.10/go.mod h1:ouy2P4z6sJN70fR3ka3wD3Ro3KezSxU6eKGQI2+2fjI= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.1/go.mod h1:O1YSOg3aekZibh2SngvCRRG+cRHKKlYgxf/JBF/Kr/k= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 h1:PkHIIJs8qvq0e5QybnZoG1K/9QTrLr9OsqCIo59jOBA= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10/go.mod h1:AFvkxc8xfBe8XA+5St5XIHHrQQtkxqrRincx4hmMHOk= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY= +github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w= github.com/aws/aws-sdk-go-v2/service/sts v1.16.10/go.mod h1:cftkHYN6tCDNfkSasAmclSfl4l7cySoay8vz7p/ce0E= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.3/go.mod h1:b+psTJn33Q4qGoDaM7ZiOVVG8uVjGI6HaZ8WBHdgDgU= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.11 h1:uBE+Zj478pfxV98L6SEpvxYiADNjTlMNY714PJLE7uo= -github.com/aws/aws-sdk-go-v2/service/sts v1.18.11/go.mod h1:BgQOMsg8av8jset59jelyPW7NoZcZXLVpDsXunGDrk8= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE= +github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg= github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.12.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/aws/smithy-go v1.12.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= @@ -744,6 +956,8 @@ github.com/bmatcuk/doublestar/v4 v4.2.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTS github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/bombsimon/wsl/v3 v3.4.0 h1:RkSxjT3tmlptwfgEgTgU+KYKLI35p/tviNXNXiL2aNU= github.com/bombsimon/wsl/v3 v3.4.0/go.mod h1:KkIB+TXkqy6MvK9BDZVbZxKNYsE1/oLRJbIFtf14qqo= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/breml/bidichk v0.2.4 h1:i3yedFWWQ7YzjdZJHnPo9d/xURinSq3OM+gyM43K4/8= github.com/breml/bidichk v0.2.4/go.mod h1:7Zk0kRFt1LIZxtQdl9W9JwGAcLTTkOs+tN7wuEYGJ3s= github.com/breml/errchkjson v0.3.1 h1:hlIeXuspTyt8Y/UmP5qy1JocGNR00KQHgfaNtRAjoxQ= @@ -756,11 +970,11 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/butuzov/ireturn v0.1.1 h1:QvrO2QF2+/Cx1WA/vETCIYBKtRjc30vesdoPUNo1EbY= github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= +github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/caarlos0/ctrlc v1.2.0 h1:AtbThhmbeYx1WW3WXdWrd94EHKi+0NPRGS4/4pzrjwk= github.com/caarlos0/ctrlc v1.2.0/go.mod h1:n3gDlSjsXZ7rbD9/RprIR040b7oaLfNStikPd4gFago= -github.com/caarlos0/env/v8 v8.0.0 h1:POhxHhSpuxrLMIdvTGARuZqR4Jjm8AYmoi/JKlcScs0= -github.com/caarlos0/env/v8 v8.0.0/go.mod h1:7K4wMY9bH0esiXSSHlfHLX5xKGQMnkH5Fk4TDSSSzfo= +github.com/caarlos0/env/v9 v9.0.0 h1:SI6JNsOA+y5gj9njpgybykATIylrRMklbs5ch6wO6pc= +github.com/caarlos0/env/v9 v9.0.0/go.mod h1:ye5mlCVMYh6tZ+vCgrs/B95sj88cg5Tlnc0XIzgZ020= github.com/caarlos0/go-reddit/v3 v3.0.1 h1:w8ugvsrHhaE/m4ez0BO/sTBOBWI9WZTjG7VTecHnql4= github.com/caarlos0/go-reddit/v3 v3.0.1/go.mod h1:QlwgmG5SAqxMeQvg/A2dD1x9cIZCO56BMnMdjXLoisI= github.com/caarlos0/go-rpmutils v0.2.1-0.20211112020245-2cd62ff89b11 h1:IRrDwVlWQr6kS1U8/EtyA1+EHcc4yl8pndcqXWrEamg= @@ -768,8 +982,8 @@ github.com/caarlos0/go-shellwords v1.0.12 h1:HWrUnu6lGbWfrDcFiHcZiwOLzHWjjrPVehU github.com/caarlos0/go-shellwords v1.0.12/go.mod h1:bYeeX1GrTLPl5cAMYEzdm272qdsQAZiaHgeF0KTk1Gw= github.com/caarlos0/go-version v0.1.1 h1:1bikKHkGGVIIxqCmufhSSs3hpBScgHGacrvsi8FuIfc= github.com/caarlos0/go-version v0.1.1/go.mod h1:Ze5Qx4TsBBi5FyrSKVg1Ibc44KGV/llAaKGp86oTwZ0= -github.com/caarlos0/log v0.4.1 h1:99+ocwxvbvQPK/effsNa4Di8MA0Xt7gBQK3vY20xG18= -github.com/caarlos0/log v0.4.1/go.mod h1:Uv+r6RfrgaRmW/xoarK1S9csv+BQgS7fZbcKYXn8ggo= +github.com/caarlos0/log v0.4.2 h1:Zi5DNvCJLU0zJAI7B3sYf2zRfHW3xS8ahKQg1eh5/LQ= +github.com/caarlos0/log v0.4.2/go.mod h1:xwKkgWnQMD39Cb/HgTWrhsG3l3MTTGwf2UZqbki2eqM= github.com/caarlos0/sshmarshal v0.1.0 h1:zTCZrDORFfWh526Tsb7vCm3+Yg/SfW/Ub8aQDeosk0I= github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= @@ -792,7 +1006,7 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4= github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ= -github.com/charmbracelet/keygen v0.4.2 h1:TNHua2MlXc6W1dQB2iW4msSZGKlb8RtxtmYDWUs4iRw= +github.com/charmbracelet/keygen v0.4.3 h1:ywOZRwkDlpmkawl0BgLTxaYWDSqp6Y4nfVVmgyyO1Mg= github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZpc5Kc1E= github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 h1:W9o46d2kbNL06lq7UNDPV0zYLzkrde/bjIqO02eoll0= @@ -803,11 +1017,11 @@ github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAc github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 h1:9Qh4lJ/KMr5iS1zfZ8I97+3MDpiKjl+0lZVUNBhdvRs= github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08/go.mod h1:MAuu1uDJNOS3T3ui0qmKdPUwm59+bO19BbTph2wZafE= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY= +github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic= +github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= @@ -818,7 +1032,6 @@ github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6D github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -833,6 +1046,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230112175826-46e39c7b9b43/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= @@ -996,13 +1212,13 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dgryski/go-sip13 v0.0.0-20200911182023-62edffca9245/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/digitalocean/godo v1.78.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs= -github.com/digitalocean/godo v1.95.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= +github.com/digitalocean/godo v1.98.0/go.mod h1:NRpFznZFvhHjBoqZAaOD3khVzsJ3EibzKqFL4R60dmA= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/disgoorg/disgo v0.16.3 h1:9wI7ZTL/RTJlaTCb2T0DviPvXgpDTNmBk4wGnxIo5Ko= -github.com/disgoorg/disgo v0.16.3/go.mod h1:hUkznOmm+f+owh/MuOBX0sDviQV5cL0FqcWbpIyV1Y0= -github.com/disgoorg/json v1.0.0 h1:kDhSM661fgIuNoZF3BO5/odaR5NSq80AWb937DH+Pdo= -github.com/disgoorg/json v1.0.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= +github.com/disgoorg/disgo v0.16.7 h1:Y4cI+DpLXCMbHJcjIFs5dspKfn4Ous4lN/et2vKgcb8= +github.com/disgoorg/disgo v0.16.7/go.mod h1:wo61ZLPn6bxHVdUODjyZ3fZTnCT7giD3uknsDUwMGn8= +github.com/disgoorg/json v1.1.0 h1:7xigHvomlVA9PQw9bMGO02PHGJJPqvX5AnwlYg/Tnys= +github.com/disgoorg/json v1.1.0/go.mod h1:BHDwdde0rpQFDVsRLKhma6Y7fTbQKub/zdGO5O9NqqA= github.com/disgoorg/log v1.2.0 h1:sqlXnu/ZKAlIlHV9IO+dbMto7/hCQ474vlIdMWk8QKo= github.com/disgoorg/log v1.2.0/go.mod h1:3x1KDG6DI1CE2pDwi3qlwT3wlXpeHW/5rVay+1qDqOo= github.com/disgoorg/snowflake/v2 v2.0.1 h1:CuUxGLwggUxEswZOmZ+mZ5i0xSumQdXW9tXW7uGqe+0= @@ -1023,7 +1239,7 @@ github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m3 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.23+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v24.0.2+incompatible h1:eATx+oLz9WdNVkQrr0qjQ8HvRJ4bOOxfzEo8R+dA3cg= github.com/docker/docker v24.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= @@ -1053,13 +1269,14 @@ github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFP github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/edsrzf/mmap-go v1.1.0/go.mod h1:19H/e8pUPLicwkyNgOykDXkJ9F0MHE+Z52B8EIth78Q= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20221015165544-a0805db90819 h1:RIB4cRk+lBqKK3Oy0r2gRX4ui7tuhiZq2SuTtTCi0/0= github.com/elliotchance/orderedmap/v2 v2.2.0 h1:7/2iwO98kYT4XkOjA9mBEIwvi4KpGB4cyHeOFOnj4Vk= github.com/elliotchance/orderedmap/v2 v2.2.0/go.mod h1:85lZyVbpGaGvHvnKa7Qhx7zncAdBIBq6u56Hb1PRU5Q= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= +github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -1073,9 +1290,13 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.1/go.mod h1:AY7fTTXNdv/aJ2O5jwpxAPOWUZ7hQAEvzN5Pf27BkQQ= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= +github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= +github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= +github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStBA= github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0= github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw= @@ -1093,6 +1314,7 @@ github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4= @@ -1102,9 +1324,10 @@ github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y= github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI= +github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= @@ -1130,19 +1353,21 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U= -github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= -github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= github.com/go-critic/go-critic v0.7.0 h1:tqbKzB8pqi0NsRZ+1pyU4aweAF7A7QN0Pi4Q02+rYnQ= github.com/go-critic/go-critic v0.7.0/go.mod h1:moYzd7GdVXE2C2hYTwd7h0CPcqlUeclsyBRwMa38v64= -github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= -github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= -github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= -github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= -github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= -github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= -github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= -github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= +github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= +github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= +github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4= +github.com/go-git/go-billy/v5 v5.4.1/go.mod h1:vjbugF6Fz7JIflbVpl1hJsGjSHNltrSw45YK/ukIvQg= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20230305113008-0c11038e723f h1:Pz0DHeFij3XFhoBRGUDPzSJ+w2UcK5/0JvF8DRI58r8= +github.com/go-git/go-git/v5 v5.7.0 h1:t9AudWVLmqzlo+4bqdf7GY+46SUuRsx59SboFxkq2aE= +github.com/go-git/go-git/v5 v5.7.0/go.mod h1:coJHKEOk5kUClpsNlXrUvPrDxY3w3gjHvhcZd8Fodw8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -1153,10 +1378,13 @@ github.com/go-kit/kit v0.12.0/go.mod h1:lHd+EkCZPIwYItmGDDRdhinkzX2A1sj+M9biaEai github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= +github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= +github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= +github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= @@ -1188,8 +1416,9 @@ github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL9 github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= @@ -1202,6 +1431,7 @@ github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/spec v0.20.7/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8= github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= @@ -1222,13 +1452,16 @@ github.com/go-openapi/validate v0.21.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUri github.com/go-openapi/validate v0.22.0/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= +github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= +github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr0i9PLlaaTD4H/hoZIDjQ+r6xq8mgbRzHZf7f2J8= -github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I= +github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-stack/stack v1.8.1/go.mod h1:dcoOX6HbPZSZptuspn9bctJ+N/CnF5gGygcUP3XYfe4= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= @@ -1288,6 +1521,7 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= +github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-yaml v1.9.5/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -1323,6 +1557,7 @@ github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EO github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -1388,7 +1623,9 @@ github.com/google/addlicense v1.1.1/go.mod h1:Sm/DHu7Jk+T5miFHHehdIjbi4M5+dJDRS3 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1408,15 +1645,16 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0= github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE= github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q= -github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk= -github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q= +github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= +github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= +github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= -github.com/google/go-replayers/httpreplay v1.1.1 h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY= -github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2RiqK1NiwAmD0MrKeC9IIks= +github.com/google/go-replayers/httpreplay v1.2.0 h1:VM1wEyyjaoU53BwrOnaf9VhAyQQEEioJvFYxYcLRKzk= +github.com/google/go-replayers/httpreplay v1.2.0/go.mod h1:WahEFFZZ7a1P4VM1qEeHy+tME4bwyqPcwWbNlUI1Mcg= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -1448,11 +1686,13 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20220318212150-b2ab0324ddda/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg= -github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b h1:8htHrh2bw9c7Idkb7YNac+ZpTqLMjRpI+FWu51ltaQc= -github.com/google/pprof v0.0.0-20230111200839-76d1ae5aea2b/go.mod h1:dDKJzRmX4S37WGHujM7tX//fmj1uioxKzKxz3lo4HJo= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317 h1:hFhpt7CTmR3DX+b4R19ydQFtofxT0Sv3QsKNMVQYTMQ= +github.com/google/pprof v0.0.0-20230406165453-00490a63f317/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.3 h1:FAgZmpLl/SXurPEZyCMPBIiiYeTbqfjlbdnCNTAkbGE= +github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 h1:SJ+NtwL6QaZ21U+IrK7d0gGgpjGGvd2kz+FzTHVzdqI= github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2/go.mod h1:Tv1PlzqC9t8wNnpPdctvtSUOPUUg4SHeE6vR1Ir2hmg= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -1469,8 +1709,10 @@ github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99 github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= +github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -1481,27 +1723,31 @@ github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= -github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc= +github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.9.1/go.mod h1:4FG3gMrVZlyMp5itSYKMU9z/lBE7+SbnUOvzH2HqbEY= +github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= +github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gophercloud/gophercloud v0.24.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c= -github.com/gophercloud/gophercloud v1.1.1/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= +github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28 h1:9alfqbrhuD+9fLZ4iaAVwhlp5PEhmnBt7yvK2Oy5C1U= github.com/gordonklaus/ineffassign v0.0.0-20230107090616-13ace0543b28/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0= -github.com/goreleaser/chglog v0.4.2 h1:afmbT1d7lX/q+GF8wv3a1Dofs2j/Y9YkiCpGemWR6mI= -github.com/goreleaser/chglog v0.4.2/go.mod h1:u/F03un4hMCQrp65qSWCkkC6T+G7YLKZ+AM2mITE47s= +github.com/goreleaser/chglog v0.5.0 h1:Sk6BMIpx8+vpAf8KyPit34OgWui8c7nKTMHhYx88jJ4= +github.com/goreleaser/chglog v0.5.0/go.mod h1:Ri46M3lrMuv76FHszs3vtABR8J8k1w9JHYAzxeeOl28= github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= -github.com/goreleaser/goreleaser v1.18.2 h1:qeNrKKVOHWEs1+/+a6jwASj7g9yg1R4vfLVlo0Beyro= -github.com/goreleaser/goreleaser v1.18.2/go.mod h1:CfWAXthyGOTzUgubl1FdAtkAgSW69XuRHF6KcA9IrLc= -github.com/goreleaser/nfpm/v2 v2.29.0 h1:QW7MD5Od8ePAWqvC+kGQiF8OH5JkSKV+HcblcT0NX6A= -github.com/goreleaser/nfpm/v2 v2.29.0/go.mod h1:+O8Rgz7geEXG1ym2Yl8CGPg5nP2LRuCgkBK6CQF+Q3c= +github.com/goreleaser/goreleaser v1.19.1 h1:MVAFo62jkj6/JflxruefIwfFTqNTeNtkT12Hab1o2Lk= +github.com/goreleaser/goreleaser v1.19.1/go.mod h1:94HBElBUlnXzMZi9Yae1ev8WGeeh21RrxNWYBJW+cxU= +github.com/goreleaser/nfpm/v2 v2.31.0 h1:cb8QSZ7tPnUlWPEdYcWwNWXiRvmVPznJ6LYiOIdOJ6Y= +github.com/goreleaser/nfpm/v2 v2.31.0/go.mod h1:qlMQCbOTapyqRss16vAPwK/WAjWKdt0gY3vh4wipm8I= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -1539,16 +1785,16 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.1/go.mod h1:G+WkljZi4mflcqVxYSgvt8MNctRQHjEH8ubKtt1Ka3w= github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= -github.com/hanwen/go-fuse/v2 v2.2.0/go.mod h1:B1nGE/6RBFyBRC1RRnf23UpwCdyJ31eukw34oAKukAc= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2/go.mod h1:7pdNwVWBBHGiCxa9lAszqCJMbfTISJ7oMftp8+UGV08= +github.com/hanwen/go-fuse/v2 v2.3.0/go.mod h1:xKwi1cF7nXAOBCXujD5ie0ZKsxc8GGSA1rlMJc+8IJs= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.10.1/go.mod h1:XjsvQN+RJGWI2TWy1/kqaE16HrR2J/FWgkYjdZQsX9M= github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= -github.com/hashicorp/consul/api v1.18.0/go.mod h1:owRRGJ9M5xReDC5nfT8FTJrNAPbT4NM6p/k+d03q2v4= +github.com/hashicorp/consul/api v1.20.0/go.mod h1:nR64eD44KQ59Of/ECwt2vUmIK2DKsDzAwTmwmLl8Wpo= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= -github.com/hashicorp/consul/sdk v0.13.0/go.mod h1:0hs/l5fOVhJy/VdcoaNqUSi2AUs95eF5WKtv+EYIQqE= +github.com/hashicorp/consul/sdk v0.13.1/go.mod h1:SW/mM4LbKfqmMvcFu8v+eiQQ7oitXEFeiBe9StxERb0= github.com/hashicorp/cronexpr v1.1.1/go.mod h1:P4wA0KBl9C5q2hABiMO7cp6jcIg96CDh1Efb3g1PWA4= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -1563,7 +1809,8 @@ github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39 github.com/hashicorp/go-hclog v0.12.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo= +github.com/hashicorp/go-hclog v1.4.0 h1:ctuWFGrhFha8BnnzxqeRGidlEcQkDyL5u8J8t5eA11I= +github.com/hashicorp/go-hclog v1.4.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.2.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= @@ -1604,21 +1851,21 @@ github.com/hashicorp/memberlist v0.2.2/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOn github.com/hashicorp/memberlist v0.3.0/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.3.1/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= -github.com/hashicorp/nomad/api v0.0.0-20230124213148-69fd1a0e4bf7/go.mod h1:xYYd4dybIhRhhzDemKx7Ddt8CvCosgrEek8YM7/cF0A= +github.com/hashicorp/nomad/api v0.0.0-20230418003350-3067191c5197/go.mod h1:2TCrNvonL09r7EiQ6M2rNt+Cmjbn1QbzchFoTWJFpj4= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.9.5/go.mod h1:UWDWwZeL5cuWDJdl0C6wrvrUwEqtQ4ZKBKKENpqIUyk= github.com/hashicorp/serf v0.9.6/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.9.7/go.mod h1:TXZNMjZQijwlDvp+r0b63xZ45H7JmCmgg4gpTwn9UV4= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= github.com/hetznercloud/hcloud-go v1.33.1/go.mod h1:XX/TQub3ge0yWR2yHWmnDVIrB+MQbda1pHxkUmDlUME= -github.com/hetznercloud/hcloud-go v1.39.0/go.mod h1:mepQwR6va27S3UQthaEPGS86jtzSY9xWL1e9dyxXpgA= +github.com/hetznercloud/hcloud-go v1.42.0/go.mod h1:YADL8AbmQYH0Eo+1lkuyoc8LutT0UeMvaKP47nNUb+Y= github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM= github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc= github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= -github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.4.0/go.mod h1:9Ai6uvFy5fQNq6VPKtg+Ceq1+eTY4nKUlR2JElEOcDo= github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/iancoleman/orderedmap v0.2.0 h1:sq1N/TFpYH++aViPcaKjys3bDClUEU7s5B+z6jq8pNA= @@ -1627,15 +1874,16 @@ github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= -github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= +github.com/ianlancetaylor/demangle v0.0.0-20220517205856-0058ec4f073c/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= -github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -1643,7 +1891,7 @@ github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab/go.mod github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/invopop/jsonschema v0.7.0 h1:2vgQcBz1n256N+FpX3Jq7Y17AjYt46Ig3zIWyy770So= github.com/invopop/jsonschema v0.7.0/go.mod h1:O9uiLokuu0+MGFlyiaqtWxwqJm41/+8Nj0lD7A36YH0= -github.com/ionos-cloud/sdk-go/v6 v6.1.3/go.mod h1:Ox3W0iiEz0GHnfY9e5LmAxwklsxguuNFEUSu0gVRTME= +github.com/ionos-cloud/sdk-go/v6 v6.1.6/go.mod h1:EzEgRIDxBELvfoa/uBN0kOQaqovLjUWEB7iW4/Q+t4k= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= @@ -1655,7 +1903,7 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= -github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI= +github.com/jackc/pgconn v1.14.0/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= @@ -1668,23 +1916,25 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= -github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw= +github.com/jackc/pgx/v4 v4.18.1/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzkb+qQE= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= +github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= @@ -1729,12 +1979,13 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= +github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/junk1tm/musttag v0.5.0 h1:bV1DTdi38Hi4pG4OVWa7Kap0hi0o7EczuK6wQt9zPOM= github.com/junk1tm/musttag v0.5.0/go.mod h1:PcR7BA+oREQYvHwgjIDmw3exJeds5JzRcvEJTfjrA0M= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= -github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -1746,14 +1997,16 @@ github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kkHAIKE/contextcheck v1.1.4 h1:B6zAaLhOEEcjvUgIYEqystmnFk1Oemn8bvJhbt0GMb8= github.com/kkHAIKE/contextcheck v1.1.4/go.mod h1:1+i/gWqokIa+dm31mqGLZhZJ7Uh44DJGZVmr6QRBNJg= +github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.13.4/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= -github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= +github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/kolo/xmlrpc v0.0.0-20201022064351-38db28db192b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM= @@ -1797,9 +2050,9 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/linode/linodego v1.4.0/go.mod h1:PVsRxSlOiJyvG4/scTszpmZDTdgS+to3X6eS8pRrWI8= -github.com/linode/linodego v1.12.0/go.mod h1:NJlzvlNtdMRRkXb0oN6UWzUkj6t+IBsyveHgZ5Ppjyk= +github.com/linode/linodego v1.16.1/go.mod h1:aESRAbpLY9R6IA1WGAWHikRI9DU9Lhesapv1MhKmPHM= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= @@ -1807,6 +2060,7 @@ github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCE github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= @@ -1850,8 +2104,9 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= +github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-mastodon v0.0.6 h1:lqU1sOeeIapaDsDUL6udDZIzMb2Wqapo347VZlaOzf0= github.com/mattn/go-mastodon v0.0.6/go.mod h1:cg7RFk2pcUfHZw/IvKe1FUzmlq5KnLFqs7eV2PHplV8= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= @@ -1862,30 +2117,35 @@ github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= +github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo= github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc= github.com/mgechev/revive v1.3.1 h1:OlQkcH40IB2cGuprTPcjB0iIUddgVZgGmDX3IAMR8D4= github.com/mgechev/revive v1.3.1/go.mod h1:YlD6TTWl2B8A103R9KWJSPVI9DrEf+oqr15q21Ld+5I= github.com/microsoft/ApplicationInsights-Go v0.4.4/go.mod h1:fKRUseBqkw6bDiXTs3ESTiU/4YTIHsQS4W3fP2ieF4U= -github.com/microsoft/go-mssqldb v0.18.0/go.mod h1:ukJCBnnzLzpVF0qYRT+eg1e+eSwjeQ7IvenUv8QPook= +github.com/microsoft/go-mssqldb v0.21.0/go.mod h1:+4wZTUnz/SV6nffv+RRRB/ss8jPng5Sho2SmM1l2ts4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.48/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= -github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= +github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= +github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -1905,6 +2165,7 @@ github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= @@ -1912,6 +2173,7 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= @@ -1927,6 +2189,7 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= +github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/moricho/tparallel v0.3.1 h1:fQKD4U1wRMAYNngDonW5XupoB/ZGJHdpzrWqgyg9krA= github.com/moricho/tparallel v0.3.1/go.mod h1:leENX2cUv7Sv2qDgdi0D0fCftN8fRC67Bcn8pqzeYNI= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= @@ -1942,8 +2205,8 @@ github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/roff v0.1.0 h1:YD0lalCotmYuF5HhZliKWlIx7IEhiXeSfq7hNjFqGF8= github.com/muesli/roff v0.1.0/go.mod h1:pjAHQM9hdUUwm/krAfrLGgJkXJ+YuhtsfZ42kieB2Ig= -github.com/muesli/termenv v0.15.1 h1:UzuTb/+hhlBugQz28rpzey4ZuKcZ03MeKsoG7IJZIxs= -github.com/muesli/termenv v0.15.1/go.mod h1:HeAQPTzpfs016yGtA4g00CsdYnVLJvxsS4ANqrZs2sQ= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -2063,7 +2326,7 @@ github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJ github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/ovh/go-ovh v1.3.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA= +github.com/ovh/go-ovh v1.4.1/go.mod h1:6bL6pPyUT7tBfI0pqOegJgRjgjuO+mOo+MyXd1EEC0M= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -2078,7 +2341,13 @@ github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZ github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/performancecopilot/speed/v4 v4.0.0/go.mod h1:qxrSyuDGrTOWfV+uKRFhfxw6h/4HXRGUiZiufxo49BM= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -2114,6 +2383,7 @@ github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= +github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -2138,7 +2408,7 @@ github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+ github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/common v0.38.0/go.mod h1:MBXfmBQZrK5XpbCkjofnXs96LD2QQ7fEq4C0xjC/yec= -github.com/prometheus/common v0.39.0/go.mod h1:6XBZ7lYdLCbkAVhwRsWTZn+IN5AB9F/NXd5w0BbEX0Y= +github.com/prometheus/common v0.41.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= @@ -2146,6 +2416,7 @@ github.com/prometheus/common/assets v0.2.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwB github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= github.com/prometheus/exporter-toolkit v0.8.2/go.mod h1:00shzmJL7KxcsabLWcONwpyNEuWhREOnFqZW7vadFS0= +github.com/prometheus/exporter-toolkit v0.9.1/go.mod h1:iFlTmFISCix0vyuyBmm0UqOUCTao9+RsAsKJP3YM9ec= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= @@ -2162,7 +2433,7 @@ github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0ua github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= github.com/prometheus/prometheus v0.35.0/go.mod h1:7HaLx5kEPKJ0GDgbODG0fZgXbQ8K/XjZNJXQmbmgQlY= -github.com/prometheus/prometheus v0.42.0/go.mod h1:Pfqb/MLnnR2KK+0vchiaH39jXxvLMBk+3lnIGP4N7Vk= +github.com/prometheus/prometheus v0.44.0/go.mod h1:aPsmIK3py5XammeTguyqTmuqzX/jeCdyOWWobLHNKQg= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-ruleguard v0.3.19 h1:tfMnabXle/HzOb5Xe9CUZYWXKfkS1KwRmZyPmD9nVcc= github.com/quasilyte/go-ruleguard v0.3.19/go.mod h1:lHSn69Scl48I7Gt9cX3VrbsZYvYiBYszZOZW4A+oTEw= @@ -2174,6 +2445,7 @@ github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4l github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.2 h1:YwD0ulJSJytLpiaWua0sBDusfsCZohxjxzVTYjwxfV8= @@ -2186,6 +2458,7 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rs/cors v1.8.2/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= @@ -2193,6 +2466,8 @@ github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThC github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= +github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/ryancurrah/gomodguard v1.3.0 h1:q15RT/pd6UggBXVBuLps8BXRvl5GPBcwVA7BJHMLuTw= github.com/ryancurrah/gomodguard v1.3.0/go.mod h1:ggBxb3luypPEzqVtq33ee7YSN35V28XeGnid8dnni50= github.com/ryanrolds/sqlclosecheck v0.4.0 h1:i8SX60Rppc1wRuyQjMciLqIzV3xnoHB7/tXbr6RGYNI= @@ -2212,7 +2487,7 @@ github.com/sashamelentyev/usestdlibvars v1.23.0 h1:01h+/2Kd+NblNItNeux0veSL5cBF1 github.com/sashamelentyev/usestdlibvars v1.23.0/go.mod h1:YPwr/Y1LATzHI93CqoPUN/2BzGQ/6N/cl/KwgR0B/aU= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.9/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.12/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= @@ -2221,13 +2496,13 @@ github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod github.com/secure-systems-lab/go-securesystemslib v0.3.1/go.mod h1:o8hhjkbNl2gOamKUA/eNW3xUrntHT9L4W89W1nfj43U= github.com/securego/gosec/v2 v2.15.0 h1:v4Ym7FF58/jlykYmmhZ7mTm7FQvN/setNm++0fgIAtw= github.com/securego/gosec/v2 v2.15.0/go.mod h1:VOjTrZOkUtSDt2QLSJmQBMWnvwiQPEjg0l+5juIqGk8= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs= -github.com/shoenig/test v0.6.0/go.mod h1:xYtyGBC5Q3kzCNyJg/SjgNpfAa2kvmgA0i5+lQso8x0= +github.com/shoenig/test v0.6.3/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= +github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= @@ -2257,13 +2532,15 @@ github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt github.com/sivchari/nosnakecase v1.7.0/go.mod h1:CwDzrzPea40/GB6uynrNLiorAlgFRvRbFSgJx2Gs+QY= github.com/sivchari/tenv v1.7.1 h1:PSpuD4bu6fSmtWMxSGWcvqUUgIn7k3yOJhOIzVWn8Ak= github.com/sivchari/tenv v1.7.1/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg= +github.com/skeema/knownhosts v1.1.1 h1:MTk78x9FPgDFVFkDLTrsnnfCJl7g1C/nnKvePgrIngE= +github.com/skeema/knownhosts v1.1.1/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/slack-go/slack v0.12.2 h1:x3OppyMyGIbbiyFhsBmpf9pwkUzMhthJMRNmNlA4LaQ= github.com/slack-go/slack v0.12.2/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs= +github.com/smartystreets/assertions v1.13.1 h1:Ef7KhSmjZcK6AVf9YbJdvPYG9avaF0ZxudX+ThRdWfU= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg= +github.com/smartystreets/goconvey v1.8.0 h1:Oi49ha/2MURE0WexF052Z0m+BNSGirfjg5RL+JXWq3w= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sonatard/noctx v0.0.2 h1:L7Dz4De2zDQhW8S0t+KUjY0MAQJd6SgVwhzNIc4ok00= @@ -2332,12 +2609,14 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/subosito/gotenv v1.4.1/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= @@ -2414,11 +2693,10 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1 h1:+dBg5k7nuTE38VVdoroRsT0Z88fmvdYrI2EjzJst35I= github.com/withfig/autocomplete-tools/integrations/cobra v1.2.1/go.mod h1:nmuySobZb4kFgFy6BptpXp/BBw+xFSyvVPP6auoJB4k= -github.com/xanzy/go-gitlab v0.83.0 h1:37p0MpTPNbsTMKX/JnmJtY8Ch1sFiJzVF342+RvZEGw= -github.com/xanzy/go-gitlab v0.83.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= -github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= -github.com/xanzy/ssh-agent v0.3.1 h1:AmzO1SSWxw73zxFZPRwaMN1MohDw8UyHnmuxyceTEGo= -github.com/xanzy/ssh-agent v0.3.1/go.mod h1:QIE4lCeL7nkC25x+yA3LBIYfwCc1TFziCtG7cBAac6w= +github.com/xanzy/go-gitlab v0.86.0 h1:jR8V9cK9jXRQDb46KOB20NCF3ksY09luaG0IfXE6p7w= +github.com/xanzy/go-gitlab v0.86.0/go.mod h1:5ryv+MnpZStBH8I/77HuQBsMbBGANtVpLWC15qOjWAw= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= @@ -2430,6 +2708,9 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= @@ -2449,6 +2730,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= +github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= gitlab.com/bosi/decorder v0.2.3 h1:gX4/RgK16ijY8V+BRQHAySfQAb354T7/xQpDB2n10P0= gitlab.com/bosi/decorder v0.2.3/go.mod h1:9K1RB5+VPNQYtXtTDAzd2OEftsZb1oV0IrJrzChSdGE= @@ -2493,35 +2776,35 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.2 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.31.0/go.mod h1:PFmBsWbldL1kiWZk9+0LBZz2brhByaGsvp6pRICMlPE= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.37.0/go.mod h1:+ARmXlUlc51J7sZeCBkBJNdHGySrdOzgzxp6VWRWM1U= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0/go.mod h1:pcQ3MM3SWvrA71U4GDqv9UFDJ3HQsW7y5ZO3tDTlUdI= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= go.opentelemetry.io/otel v1.6.0/go.mod h1:bfJD2DZVw0LBxghOTlgnlI0CV3hLDu9XF/QKOUXMTQQ= go.opentelemetry.io/otel v1.6.1/go.mod h1:blzUabWHkX6LJewxvadmzafgh/wnvBSDBdOuwkAtrWQ= go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZMSbUGE= -go.opentelemetry.io/otel v1.11.2/go.mod h1:7p4EUV+AqgdlNV9gL97IgUZiVR3yrFXYo53f9BM3tRI= +go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.6.1/go.mod h1:NEu79Xo32iVb+0gVNV8PMd7GoWqnyDXRlj04yFjqz40= -go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.11.2/go.mod h1:rqbht/LlhVBgn5+k3M5QK96K5Xb0DvXpMJ5SFQpY6uw= +go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0/go.mod h1:UFG7EBMRdXyFstOwH028U0sVf+AvukSGhF0g8+dmNG8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.6.1/go.mod h1:YJ/JbY5ag/tSQFXzH3mtDmHqzF3aFn3DI/aB1n7pt4w= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.11.2/go.mod h1:5Qn6qvgkMsLDX+sYK64rHb1FPhpn0UtxF+ouX1uhyJE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.14.0/go.mod h1:HrbCVv40OOLTABmOn1ZWty6CHXkU8DK/Urc43tHug70= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.6.1/go.mod h1:UJJXJj0rltNIemDMwkOJyggsvyMG9QHfJeFH0HS5JjM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.11.2/go.mod h1:jWZUM2MWhWCJ9J9xVbRx7tzK1mXKpAlze4CeulycwVY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.14.0/go.mod h1:5w41DY6S9gZrbjuq6Y+753e96WfPha5IcsOSZTtullM= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.6.1/go.mod h1:DAKwdo06hFLc0U88O10x4xnb5sc7dDRDqRuiN+io8JE= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.11.2/go.mod h1:GZWSQQky8AgdJj50r1KJm8oiQiIPaAX7uZCFQX9GzC8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v0.28.0/go.mod h1:TrzsfQAmQaB1PDcdhBauLMk7nyyg9hm+GoQq/ekE9Iw= -go.opentelemetry.io/otel/metric v0.34.0/go.mod h1:ZFuI4yQGNCupurTXCwkeD/zHBt+C2bR7bw5JqUm/AP8= +go.opentelemetry.io/otel/metric v0.37.0/go.mod h1:DmdaHfGt54iV6UKxsV9slj2bBRJcKC1B1uvDLIioc1s= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk v1.6.1/go.mod h1:IVYrddmFZ+eJqu2k38qD3WezFR2pymCzm8tdxyh3R4E= go.opentelemetry.io/otel/sdk v1.11.1/go.mod h1:/l3FE4SupHJ12TduVjUkZtlfFqDCQJlOlithYrdktys= -go.opentelemetry.io/otel/sdk v1.11.2/go.mod h1:wZ1WxImwpq+lVRo4vsmSOxdd+xwoUJ6rqyLc3SyX9aU= +go.opentelemetry.io/otel/sdk v1.14.0/go.mod h1:bwIC5TjrNG6QDCHNWvW4HLHtUQ4I+VQDsnjhvyZCALM= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= @@ -2529,7 +2812,7 @@ go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKu go.opentelemetry.io/otel/trace v1.6.0/go.mod h1:qs7BrU5cZ8dXQHBGxHMOxwME/27YH2qEp4/+tZLLwJE= go.opentelemetry.io/otel/trace v1.6.1/go.mod h1:RkFRM1m0puWIq10oxImnGEduNBzxiN7TXluRBtE+5j0= go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= -go.opentelemetry.io/otel/trace v1.11.2/go.mod h1:4N+yC7QEz7TTsG9BSRLNAa63eg5E06ObSbKPmxQ/pKA= +go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.12.1/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= @@ -2541,8 +2824,9 @@ go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= +go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= +go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= go.uber.org/automaxprocs v1.5.2 h1:2LxUOGiR3O6tw8ui5sZa2LAaHnsviZdVOUZw4fvbnME= go.uber.org/automaxprocs v1.5.2/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= @@ -2550,14 +2834,13 @@ go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= -go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= @@ -2568,13 +2851,12 @@ go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -gocloud.dev v0.29.0 h1:fBy0jwJSmxs0IjT0fE32MO+Mj+307VZQwyHaTyFZbC4= -gocloud.dev v0.29.0/go.mod h1:E3dAjji80g+lIkq4CQeF/BTWqv1CBeTftmOb+gpyapQ= +gocloud.dev v0.30.0 h1:PRgA+DXUz8/uuTJDA7wc8o2Hwj9yZ2qAsShZ60esbE8= +gocloud.dev v0.30.0/go.mod h1:w+GlGVg/Jy9JV0Xc9eSXzUZeVEmSWW49W0syFK1+T9U= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= @@ -2614,7 +2896,11 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2624,14 +2910,15 @@ golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp v0.0.0-20230108222341-4b8118a2686a/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug= golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= @@ -2641,6 +2928,16 @@ golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:AbB0pIl golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2671,6 +2968,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2725,7 +3024,6 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= @@ -2735,10 +3033,12 @@ golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210917221730-978cfadd31cf/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -2760,10 +3060,13 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.3.1-0.20221206200815-1e63c2f08a10/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2794,11 +3097,13 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= -golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2814,8 +3119,10 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2907,6 +3214,7 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2917,7 +3225,6 @@ golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2965,8 +3272,8 @@ golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220919091848-fb04ddd9f9c8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2975,6 +3282,9 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2987,6 +3297,9 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -3003,6 +3316,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -3052,6 +3367,7 @@ golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -3096,6 +3412,7 @@ golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4X golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -3120,6 +3437,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -3135,8 +3454,12 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3j golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= +gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= +gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= +gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -3193,13 +3516,20 @@ google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91 google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= -google.golang.org/api v0.104.0/go.mod h1:JCspTXJbBxa5ySXw4UgUqVer7DfVxbvc/CTUFqAED5U= google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.123.0 h1:yHVU//vA+qkOhm4reEC9LtzHVUCN/IqqNRl1iQ9xE20= +google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= +google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= +google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= google.golang.org/api v0.123.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= +google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= +google.golang.org/api v0.125.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -3285,6 +3615,7 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= @@ -3309,7 +3640,6 @@ google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljW google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= -google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= @@ -3330,22 +3660,47 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= -google.golang.org/genproto v0.0.0-20221205194025-8222ab48f5fc/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= -google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6/go.mod h1:1dOng4TWOomJrDGhpXjfCD35wQC6jnC7HpRmOFRqEV0= google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= -google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= +google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA= +google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -3388,10 +3743,13 @@ google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= -google.golang.org/grpc v1.52.1/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.52.3/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= -google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= +google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -3408,6 +3766,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= @@ -3431,7 +3791,6 @@ gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKW gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -3466,6 +3825,7 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= @@ -3480,6 +3840,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw= honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= @@ -3487,14 +3848,14 @@ k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/api v0.20.6/go.mod h1:X9e8Qag6JV/bL5G6bU8sdVRltWKmdHsFUGS3eVndqE8= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= +k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.6/go.mod h1:ejZXtW1Ra6V1O5H8xPBGz+T3+4gfkTCeExAHKU57MAc= k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= @@ -3506,7 +3867,7 @@ k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/client-go v0.20.6/go.mod h1:nNQMnOvEUEsOzRRFIIkdmYOjAZrC8bgq0ExboWSU1I0= k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= k8s.io/code-generator v0.19.7/go.mod h1:lwEq3YnLYb/7uVXLorOJfxg+cUu2oihFhHZ0n9NIla0= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= @@ -3529,6 +3890,7 @@ k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.40.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= @@ -3537,7 +3899,7 @@ k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2R k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= -k8s.io/kube-openapi v0.0.0-20221207184640-f3cff1453715/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20230303024457-afdc3dddf62d/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= @@ -3545,9 +3907,43 @@ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230308161112-d77c459e9343/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= +lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= +modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= +modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= +modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= +modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= +modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= +modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= +modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A= +modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU= +modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= +modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= +modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= +modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= +modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= +modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= +modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= +modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= +modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= mvdan.cc/gofumpt v0.4.0 h1:JVf4NN1mIpHogBj7ABpgOyZc65/UUOkKQFkoURsz4MM= mvdan.cc/gofumpt v0.4.0/go.mod h1:PljLOHDeZqgS8opHRKLzp2It2VBuSdteAgqUfzMTxlQ= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= @@ -3556,7 +3952,7 @@ mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphD mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d h1:3rvTIIM22r9pvXk+q3swxUQAQOxksVMGK7sml4nG57w= mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d/go.mod h1:IeHQjmn6TOD+e4Z3RFiZMMsLVL+A96Nvptar8Fj71is= -nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= +nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= From 977a9b9659b429f24597192933c1a4295204d0b3 Mon Sep 17 00:00:00 2001 From: Naveen <172697+naveensrinivasan@users.noreply.github.com> Date: Wed, 5 Jul 2023 17:16:48 -0500 Subject: [PATCH 315/316] :seedling: Included unit tests (#3242) - Included unit tests Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> --- checker/raw_result_test.go | 48 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 checker/raw_result_test.go diff --git a/checker/raw_result_test.go b/checker/raw_result_test.go new file mode 100644 index 00000000000..7c519e73cb7 --- /dev/null +++ b/checker/raw_result_test.go @@ -0,0 +1,48 @@ +// Copyright 2023 OpenSSF Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package checker + +import ( + "testing" + + "github.com/ossf/scorecard/v4/finding" +) + +func TestFile_Location(t *testing.T) { + file := File{ + Type: finding.FileTypeSource, + Path: "bar.go", + Offset: 10, + EndOffset: 20, + Snippet: "some code", + } + + loc := file.Location() + + if loc.Type != finding.FileTypeSource { + t.Errorf("Expected loc.Type to be 'foo', got %v", loc.Type) + } + if loc.Path != "bar.go" { + t.Errorf("Expected loc.Path to be 'bar.go', got %v", loc.Path) + } + if *loc.LineStart != 10 { + t.Errorf("Expected *loc.LineStart to be 10, got %v", *loc.LineStart) + } + if *loc.LineEnd != 20 { + t.Errorf("Expected *loc.LineEnd to be 20, got %v", *loc.LineEnd) + } + if *loc.Snippet != "some code" { + t.Errorf("Expected *loc.Snippet to be 'some code', got %v", *loc.Snippet) + } +} From 87b1c4cd6e3b1879403ee26dfbf1c8e7f3d25c02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jul 2023 00:17:37 +0000 Subject: [PATCH 316/316] :seedling: Bump golang.org/x/text from 0.10.0 to 0.11.0 (#3243) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.10.0 to 0.11.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index e6ae12206a0..0bbb29c8dd2 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 go.opencensus.io v0.24.0 gocloud.dev v0.30.0 - golang.org/x/text v0.10.0 + golang.org/x/text v0.11.0 golang.org/x/tools v0.10.0 google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect google.golang.org/protobuf v1.31.0 diff --git a/go.sum b/go.sum index 8ee6abc722e..de4ca8445fd 100644 --- a/go.sum +++ b/go.sum @@ -2872,8 +2872,9 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=