From 57e6b52c3b37e3becafed703f84c16d1edb5a66c Mon Sep 17 00:00:00 2001 From: "Huabing (Robin) Zhao" Date: Tue, 31 Dec 2024 14:41:36 +0800 Subject: [PATCH 1/2] chore: bump osv scanner to 1.9.2 (#4956) * docs: how to connect to an OIDC provider with a self-signed cert (#4889) update oidc docs Signed-off-by: Huabing Zhao * remove override Signed-off-by: Huabing Zhao * address comment Signed-off-by: Huabing Zhao * continue on errors Signed-off-by: Huabing Zhao * continue on errors Signed-off-by: Huabing Zhao * add space Signed-off-by: Huabing Zhao --------- Signed-off-by: Huabing Zhao --- .github/workflows/license-scan.yml | 3 ++- .github/workflows/osv-scanner.yml | 7 ++----- tools/osv-scanner/license-scan-config.toml | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index c6dea873862..f637db6dbe5 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -18,7 +18,8 @@ jobs: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run scanner - uses: google/osv-scanner-action/osv-scanner-action@19ec1116569a47416e11a45848722b1af31a857b # v1.9.0 + uses: google/osv-scanner-action/osv-scanner-action@f8115f2f28022984d4e8070d2f0f85abcf6f3458 # v1.9.2 + continue-on-error: true # remove this after https://github.com/google/deps.dev/issues/146 has been resolved with: scan-args: |- --skip-git diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index bea1c1a15fd..2269c05777c 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }} runs-on: ubuntu-latest steps: - - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458" # v1.9.2 with: scan-args: |- --skip-git @@ -37,10 +37,7 @@ jobs: if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: - - uses: actions/setup-go@v5 - with: - go-version: '1.23.4' - - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@19ec1116569a47416e11a45848722b1af31a857b" # v1.9.0 + - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@f8115f2f28022984d4e8070d2f0f85abcf6f3458" # v1.9.2 with: scan-args: |- --skip-git diff --git a/tools/osv-scanner/license-scan-config.toml b/tools/osv-scanner/license-scan-config.toml index 3b96c10fe7e..8d253111381 100644 --- a/tools/osv-scanner/license-scan-config.toml +++ b/tools/osv-scanner/license-scan-config.toml @@ -1,8 +1,8 @@ # Ignore vulnerabilities on license scan [[PackageOverrides]] ecosystem = "Go" -# TODO uncomment once osv-scanner-action is updated to v1.9.1 -# vulnerability.ignore = true + +vulnerability.ignore = true [[PackageOverrides]] name = "github.com/AdaLogics/go-fuzz-headers" From f71fa9997b0c8c1181b18eb163578db41ed1a318 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 17:11:05 +0800 Subject: [PATCH 2/2] build(deps): bump github.com/ohler55/ojg from 1.25.0 to 1.25.1 (#4980) Bumps [github.com/ohler55/ojg](https://github.com/ohler55/ojg) from 1.25.0 to 1.25.1. - [Release notes](https://github.com/ohler55/ojg/releases) - [Changelog](https://github.com/ohler55/ojg/blob/develop/CHANGELOG.md) - [Commits](https://github.com/ohler55/ojg/compare/v1.25.0...v1.25.1) --- updated-dependencies: - dependency-name: github.com/ohler55/ojg dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 65bc4067247..0f775165967 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/google/go-containerregistry v0.20.2 github.com/hashicorp/go-multierror v1.1.1 github.com/miekg/dns v1.1.62 - github.com/ohler55/ojg v1.25.0 + github.com/ohler55/ojg v1.25.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 diff --git a/go.sum b/go.sum index 058e8e6d983..bb7369dc42e 100644 --- a/go.sum +++ b/go.sum @@ -625,8 +625,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= -github.com/ohler55/ojg v1.25.0 h1:sDwc4u4zex65Uz5Nm7O1QwDKTT+YRcpeZQTy1pffRkw= -github.com/ohler55/ojg v1.25.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o= +github.com/ohler55/ojg v1.25.1 h1:PKZlzUtatXJKtLIehVejKJKgtr9NoOSkWm4SBr/Fgns= +github.com/ohler55/ojg v1.25.1/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=