From 5f4fa01cfc6dc8a5be795a62ec02037c657b1ede Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 11:45:10 +0200 Subject: [PATCH 01/55] add `CODEOWNERS` file --- .github/workflows/CODEOWNERS | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/workflows/CODEOWNERS diff --git a/.github/workflows/CODEOWNERS b/.github/workflows/CODEOWNERS new file mode 100644 index 00000000..67fdb57a --- /dev/null +++ b/.github/workflows/CODEOWNERS @@ -0,0 +1,6 @@ +# default reviewers +* @greenbone/vulnerability-intelligence-maintainers + +# github actions & settings +/.github/ @greenbone/devops @greenbone/vulnerability-intelligence-maintainers + From 45ff0ac685a219f575679dec8be4b4b4e2d22027 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 11:46:31 +0200 Subject: [PATCH 02/55] add depandabot config --- .github/dependabot.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..442f93ad --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +version: 2 +updates: + - package-ecosystem: gomod + directory: "/" + schedule: + interval: weekly + time: "04:00" + groups: + go-modules: + patterns: + - "*" + allow: + - dependency-type: direct + - dependency-type: indirect + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*" From 806ccdb3fe56ac0789b7f13934ce920e62dcefa7 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 12:07:12 +0200 Subject: [PATCH 03/55] add greenbone github workflows --- .github/workflows/codeql.yml | 43 ++++++++++++++++++++ .github/workflows/conventional-commits.yml | 16 ++++++++ .github/workflows/dependency-review.yml | 12 ++++++ .github/workflows/go.yml | 7 ++-- .github/workflows/go_legacy.yml | 6 +-- .github/workflows/govulncheck.yml | 19 +++++++++ .github/workflows/linting.yml | 16 ++++++++ .github/workflows/release.yml | 47 +++++++++++----------- 8 files changed, 134 insertions(+), 32 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/conventional-commits.yml create mode 100644 .github/workflows/dependency-review.yml create mode 100644 .github/workflows/govulncheck.yml create mode 100644 .github/workflows/linting.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..ad03e41d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,43 @@ +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + schedule: + - cron: '30 5 * * 0' # 5:30h on Sundays + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: './go.mod' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: security-and-quality + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml new file mode 100644 index 00000000..85a2b32c --- /dev/null +++ b/.github/workflows/conventional-commits.yml @@ -0,0 +1,16 @@ +name: Conventional Commits + +on: + pull_request: + +permissions: + pull-requests: write + contents: read + +jobs: + conventional-commits: + name: Conventional Commits + runs-on: ubuntu-latest + steps: + - name: Report Conventional Commits + uses: greenbone/actions/conventional-commits@v3 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..36afcc32 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,12 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Dependency Review' + uses: greenbone/actions/dependency-review@v3 diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 95ee8c75..0451f18f 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -2,11 +2,10 @@ name: Go on: push: - paths: - - "**.go" + branches: + - main pull_request: - paths: - - "**.go" + workflow_dispatch: jobs: build: diff --git a/.github/workflows/go_legacy.yml b/.github/workflows/go_legacy.yml index a86368dc..cb97c37a 100644 --- a/.github/workflows/go_legacy.yml +++ b/.github/workflows/go_legacy.yml @@ -2,11 +2,9 @@ name: Go on: push: - paths: - - "**.go" + branches: + - main pull_request: - paths: - - "**.go" jobs: build: diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml new file mode 100644 index 00000000..a8f5eac7 --- /dev/null +++ b/.github/workflows/govulncheck.yml @@ -0,0 +1,19 @@ +name: govulncheck + +# check for vulnerabilities using `govulncheck`, compared to dependabot it only alerts if the affected code is actually called + +on: + pull_request: # make sure there is no vulnerability added with a new feature + schedule: # check if used code of existing dependencies is vulnerable + - cron: '37 4 * * *' # daily 4:37h + workflow_dispatch: # on demand + +jobs: + govulncheck: + runs-on: ubuntu-latest + name: Run govulncheck + steps: + - id: govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-file: ./go.mod \ No newline at end of file diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml new file mode 100644 index 00000000..a544b790 --- /dev/null +++ b/.github/workflows/linting.yml @@ -0,0 +1,16 @@ +name: Lint + +on: + push: + branches: + - main + pull_request: + +jobs: + lint: + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v4 + - uses: golangci/golangci-lint-action@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 739f45c1..2e4d2d33 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,28 +1,27 @@ -name: Publish Go binaries to github release +name: Release +# with pontos on: - release: - types: [created] + pull_request: + types: [closed] + workflow_dispatch: + inputs: + release-type: + type: choice + description: What kind of release do you want to do (pontos --release-type argument)? + options: + - patch + - minor + - major + release-version: + type: string + description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant. jobs: - releases-matrix: - name: Release Go binaries - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: '^1.21.0' - - - name: Build - run: make dist - - - name: Upload release assets - uses: softprops/action-gh-release@v1 - with: - files: | - dist/csaf_distribution-*.zip - dist/csaf_distribution-*.tar.gz + release: + name: csaf_distribution + uses: greenbone/workflows/.github/workflows/release-3rd-gen.yml@main + with: + release-type: ${{ inputs.release-type }} + release-version: ${{ inputs.release-version }} + secrets: inherit From d7c13e1d10d8978236b664200072f084862d1f61 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Wed, 3 Apr 2024 15:16:54 +0200 Subject: [PATCH 04/55] move csaf downloader to separate package this allows us to use the csaf downloader as library --- cmd/csaf_downloader/config.go | 42 +++++++++++++------------- cmd/csaf_downloader/downloader.go | 38 +++++++++++------------ cmd/csaf_downloader/forwarder.go | 40 ++++++++++++------------ cmd/csaf_downloader/forwarder_test.go | 38 +++++++++++------------ cmd/csaf_downloader/{ => main}/main.go | 23 +++++++------- cmd/csaf_downloader/stats.go | 2 +- cmd/csaf_downloader/stats_test.go | 2 +- 7 files changed, 93 insertions(+), 92 deletions(-) rename cmd/csaf_downloader/{ => main}/main.go (69%) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 367780f3..e48c591d 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2022 German Federal Office for Information Security (BSI) // Software-Engineering: 2022 Intevation GmbH -package main +package csaf_downloader import ( "crypto/tls" @@ -42,7 +42,7 @@ const ( validationUnsafe = validationMode("unsafe") ) -type config struct { +type Config struct { Directory string `short:"d" long:"directory" description:"DIRectory to store the downloaded files in" value-name:"DIR" toml:"directory"` Insecure bool `long:"insecure" description:"Do not check TLS certificates from provider" toml:"insecure"` IgnoreSignatureCheck bool `long:"ignore_sigcheck" description:"Ignore signature check results, just warn on mismatch" toml:"ignore_sigcheck"` @@ -87,18 +87,18 @@ var configPaths = []string{ "csaf_downloader.toml", } -// parseArgsConfig parses the command line and if need a config file. -func parseArgsConfig() ([]string, *config, error) { +// ParseArgsConfig parses the command line and if need a config file. +func ParseArgsConfig() ([]string, *Config, error) { var ( logFile = defaultLogFile logLevel = &options.LogLevel{Level: defaultLogLevel} ) - p := options.Parser[config]{ + p := options.Parser[Config]{ DefaultConfigLocations: configPaths, - ConfigLocation: func(cfg *config) string { return cfg.Config }, + ConfigLocation: func(cfg *Config) string { return cfg.Config }, Usage: "[OPTIONS] domain...", - HasVersion: func(cfg *config) bool { return cfg.Version }, - SetDefaults: func(cfg *config) { + HasVersion: func(cfg *Config) bool { return cfg.Version }, + SetDefaults: func(cfg *Config) { cfg.Worker = defaultWorker cfg.RemoteValidatorPresets = []string{defaultPreset} cfg.ValidationMode = defaultValidationMode @@ -107,7 +107,7 @@ func parseArgsConfig() ([]string, *config, error) { cfg.LogLevel = logLevel }, // Re-establish default values if not set. - EnsureDefaults: func(cfg *config) { + EnsureDefaults: func(cfg *Config) { if cfg.Worker == 0 { cfg.Worker = defaultWorker } @@ -152,18 +152,18 @@ func (vm *validationMode) UnmarshalFlag(value string) error { } // ignoreFile returns true if the given URL should not be downloaded. -func (cfg *config) ignoreURL(u string) bool { +func (cfg *Config) ignoreURL(u string) bool { return cfg.ignorePattern.Matches(u) } // verbose is considered a log level equal or less debug. -func (cfg *config) verbose() bool { +func (cfg *Config) verbose() bool { return cfg.LogLevel.Level <= slog.LevelDebug } // prepareDirectory ensures that the working directory // exists and is setup properly. -func (cfg *config) prepareDirectory() error { +func (cfg *Config) prepareDirectory() error { // If not given use current working directory. if cfg.Directory == "" { dir, err := os.Getwd() @@ -197,7 +197,7 @@ func dropSubSeconds(_ []string, a slog.Attr) slog.Attr { } // prepareLogging sets up the structured logging. -func (cfg *config) prepareLogging() error { +func (cfg *Config) prepareLogging() error { var w io.Writer if cfg.LogFile == nil || *cfg.LogFile == "" { log.Println("using STDERR for logging") @@ -230,7 +230,7 @@ func (cfg *config) prepareLogging() error { } // compileIgnorePatterns compiles the configure patterns to be ignored. -func (cfg *config) compileIgnorePatterns() error { +func (cfg *Config) compileIgnorePatterns() error { pm, err := filter.NewPatternMatcher(cfg.IgnorePattern) if err != nil { return err @@ -240,7 +240,7 @@ func (cfg *config) compileIgnorePatterns() error { } // prepareCertificates loads the client side certificates used by the HTTP client. -func (cfg *config) prepareCertificates() error { +func (cfg *Config) prepareCertificates() error { cert, err := certs.LoadCertificate( cfg.ClientCert, cfg.ClientKey, cfg.ClientPassphrase) if err != nil { @@ -251,12 +251,12 @@ func (cfg *config) prepareCertificates() error { } // prepare prepares internal state of a loaded configuration. -func (cfg *config) prepare() error { - for _, prepare := range []func(*config) error{ - (*config).prepareDirectory, - (*config).prepareLogging, - (*config).prepareCertificates, - (*config).compileIgnorePatterns, +func (cfg *Config) Prepare() error { + for _, prepare := range []func(*Config) error{ + (*Config).prepareDirectory, + (*Config).prepareLogging, + (*Config).prepareCertificates, + (*Config).compileIgnorePatterns, } { if err := prepare(cfg); err != nil { return err diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index 7fa0c7cf..5d4ba111 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2022, 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2022, 2023 Intevation GmbH -package main +package csaf_downloader import ( "bytes" @@ -38,12 +38,12 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/util" ) -type downloader struct { - cfg *config +type Downloader struct { + cfg *Config keys *crypto.KeyRing eval *util.PathEval validator csaf.RemoteValidator - forwarder *forwarder + Forwarder *Forwarder mkdirMu sync.Mutex statsMu sync.Mutex stats stats @@ -54,7 +54,7 @@ type downloader struct { // unsafe mode. const failedValidationDir = "failed_validation" -func newDownloader(cfg *config) (*downloader, error) { +func NewDownloader(cfg *Config) (*Downloader, error) { var validator csaf.RemoteValidator @@ -72,14 +72,14 @@ func newDownloader(cfg *config) (*downloader, error) { validator = csaf.SynchronizedRemoteValidator(validator) } - return &downloader{ + return &Downloader{ cfg: cfg, eval: util.NewPathEval(), validator: validator, }, nil } -func (d *downloader) close() { +func (d *Downloader) Close() { if d.validator != nil { d.validator.Close() d.validator = nil @@ -87,7 +87,7 @@ func (d *downloader) close() { } // addStats add stats to total stats -func (d *downloader) addStats(o *stats) { +func (d *Downloader) addStats(o *stats) { d.statsMu.Lock() defer d.statsMu.Unlock() d.stats.add(o) @@ -105,7 +105,7 @@ func logRedirect(req *http.Request, via []*http.Request) error { return nil } -func (d *downloader) httpClient() util.Client { +func (d *Downloader) httpClient() util.Client { hClient := http.Client{} @@ -165,7 +165,7 @@ func httpLog(who string) func(string, string) { } } -func (d *downloader) download(ctx context.Context, domain string) error { +func (d *Downloader) download(ctx context.Context, domain string) error { client := d.httpClient() loader := csaf.NewProviderMetadataLoader(client) @@ -215,7 +215,7 @@ func (d *downloader) download(ctx context.Context, domain string) error { }) } -func (d *downloader) downloadFiles( +func (d *Downloader) downloadFiles( ctx context.Context, label csaf.TLPLabel, files []csaf.AdvisoryFile, @@ -264,7 +264,7 @@ allFiles: return errors.Join(errs...) } -func (d *downloader) loadOpenPGPKeys( +func (d *Downloader) loadOpenPGPKeys( client util.Client, doc any, base *url.URL, @@ -355,7 +355,7 @@ func (d *downloader) loadOpenPGPKeys( } // logValidationIssues logs the issues reported by the advisory schema validation. -func (d *downloader) logValidationIssues(url string, errors []string, err error) { +func (d *Downloader) logValidationIssues(url string, errors []string, err error) { if err != nil { slog.Error("Failed to validate", "url", url, @@ -375,7 +375,7 @@ func (d *downloader) logValidationIssues(url string, errors []string, err error) } } -func (d *downloader) downloadWorker( +func (d *Downloader) downloadWorker( ctx context.Context, wg *sync.WaitGroup, label csaf.TLPLabel, @@ -606,8 +606,8 @@ nextAdvisory: valStatus.update(validValidationStatus) // Send to forwarder - if d.forwarder != nil { - d.forwarder.forward( + if d.Forwarder != nil { + d.Forwarder.forward( filename, data.String(), valStatus, string(s256Data), @@ -680,13 +680,13 @@ nextAdvisory: } } -func (d *downloader) mkdirAll(path string, perm os.FileMode) error { +func (d *Downloader) mkdirAll(path string, perm os.FileMode) error { d.mkdirMu.Lock() defer d.mkdirMu.Unlock() return os.MkdirAll(path, perm) } -func (d *downloader) checkSignature(data []byte, sign *crypto.PGPSignature) error { +func (d *Downloader) checkSignature(data []byte, sign *crypto.PGPSignature) error { pm := crypto.NewPlainMessage(data) t := crypto.GetUnixTime() return d.keys.VerifyDetached(pm, sign, t) @@ -733,7 +733,7 @@ func loadHash(client util.Client, p string) ([]byte, []byte, error) { } // run performs the downloads for all the given domains. -func (d *downloader) run(ctx context.Context, domains []string) error { +func (d *Downloader) Run(ctx context.Context, domains []string) error { defer d.stats.log() for _, domain := range domains { if err := d.download(ctx, domain); err != nil { diff --git a/cmd/csaf_downloader/forwarder.go b/cmd/csaf_downloader/forwarder.go index eda6595f..bfe21609 100644 --- a/cmd/csaf_downloader/forwarder.go +++ b/cmd/csaf_downloader/forwarder.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2023 Intevation GmbH -package main +package csaf_downloader import ( "bytes" @@ -45,31 +45,31 @@ func (vs *validationStatus) update(status validationStatus) { } } -// forwarder forwards downloaded advisories to a given +// Forwarder forwards downloaded advisories to a given // HTTP endpoint. -type forwarder struct { - cfg *config - cmds chan func(*forwarder) +type Forwarder struct { + cfg *Config + cmds chan func(*Forwarder) client util.Client failed int succeeded int } -// newForwarder creates a new forwarder. -func newForwarder(cfg *config) *forwarder { +// NewForwarder creates a new forwarder. +func NewForwarder(cfg *Config) *Forwarder { queue := cfg.ForwardQueue if queue < 1 { queue = 1 } - return &forwarder{ + return &Forwarder{ cfg: cfg, - cmds: make(chan func(*forwarder), queue), + cmds: make(chan func(*Forwarder), queue), } } -// run runs the forwarder. Meant to be used in a Go routine. -func (f *forwarder) run() { +// Run runs the forwarder. Meant to be used in a Go routine. +func (f *Forwarder) Run() { defer slog.Debug("forwarder done") for cmd := range f.cmds { @@ -78,13 +78,13 @@ func (f *forwarder) run() { } // close terminates the forwarder. -func (f *forwarder) close() { +func (f *Forwarder) Close() { close(f.cmds) } // log logs the current statistics. -func (f *forwarder) log() { - f.cmds <- func(f *forwarder) { +func (f *Forwarder) Log() { + f.cmds <- func(f *Forwarder) { slog.Info("Forward statistics", "succeeded", f.succeeded, "failed", f.failed) @@ -93,7 +93,7 @@ func (f *forwarder) log() { // httpClient returns a cached HTTP client used for uploading // the advisories to the configured HTTP endpoint. -func (f *forwarder) httpClient() util.Client { +func (f *Forwarder) httpClient() util.Client { if f.client != nil { return f.client } @@ -138,7 +138,7 @@ func replaceExt(fname, nExt string) string { } // buildRequest creates an HTTP request suited to forward the given advisory. -func (f *forwarder) buildRequest( +func (f *Forwarder) buildRequest( filename, doc string, status validationStatus, sha256, sha512 string, @@ -190,7 +190,7 @@ func (f *forwarder) buildRequest( // storeFailedAdvisory stores an advisory in a special folder // in case the forwarding failed. -func (f *forwarder) storeFailedAdvisory(filename, doc, sha256, sha512 string) error { +func (f *Forwarder) storeFailedAdvisory(filename, doc, sha256, sha512 string) error { // Create special folder if it does not exist. dir := filepath.Join(f.cfg.Directory, failedForwardDir) if err := os.MkdirAll(dir, 0755); err != nil { @@ -216,7 +216,7 @@ func (f *forwarder) storeFailedAdvisory(filename, doc, sha256, sha512 string) er } // storeFailed is a logging wrapper around storeFailedAdvisory. -func (f *forwarder) storeFailed(filename, doc, sha256, sha512 string) { +func (f *Forwarder) storeFailed(filename, doc, sha256, sha512 string) { f.failed++ if err := f.storeFailedAdvisory(filename, doc, sha256, sha512); err != nil { slog.Error("Storing advisory failed forwarding failed", @@ -240,13 +240,13 @@ func limitedString(r io.Reader, max int) (string, error) { // forward sends a given document with filename, status and // checksums to the forwarder. This is async to the degree // till the configured queue size is filled. -func (f *forwarder) forward( +func (f *Forwarder) forward( filename, doc string, status validationStatus, sha256, sha512 string, ) { // Run this in the main loop of the forwarder. - f.cmds <- func(f *forwarder) { + f.cmds <- func(f *Forwarder) { req, err := f.buildRequest(filename, doc, status, sha256, sha512) if err != nil { slog.Error("building forward Request failed", diff --git a/cmd/csaf_downloader/forwarder_test.go b/cmd/csaf_downloader/forwarder_test.go index dc515ad0..624bd933 100644 --- a/cmd/csaf_downloader/forwarder_test.go +++ b/cmd/csaf_downloader/forwarder_test.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2023 Intevation GmbH -package main +package csaf_downloader import ( "bufio" @@ -54,18 +54,18 @@ func TestForwarderLogStats(t *testing.T) { lg := slog.New(h) slog.SetDefault(lg) - cfg := &config{} - fw := newForwarder(cfg) + cfg := &Config{} + fw := NewForwarder(cfg) fw.failed = 11 fw.succeeded = 13 done := make(chan struct{}) go func() { defer close(done) - fw.run() + fw.Run() }() - fw.log() - fw.close() + fw.Log() + fw.Close() <-done type fwStats struct { @@ -96,14 +96,14 @@ func TestForwarderLogStats(t *testing.T) { } func TestForwarderHTTPClient(t *testing.T) { - cfg := &config{ + cfg := &Config{ ForwardInsecure: true, ForwardHeader: http.Header{ "User-Agent": []string{"curl/7.55.1"}, }, LogLevel: &options.LogLevel{Level: slog.LevelDebug}, } - fw := newForwarder(cfg) + fw := NewForwarder(cfg) if c1, c2 := fw.httpClient(), fw.httpClient(); c1 != c2 { t.Fatal("expected to return same client twice") } @@ -125,10 +125,10 @@ func TestForwarderReplaceExtension(t *testing.T) { func TestForwarderBuildRequest(t *testing.T) { // Good case ... - cfg := &config{ + cfg := &Config{ ForwardURL: "https://example.com", } - fw := newForwarder(cfg) + fw := NewForwarder(cfg) req, err := fw.buildRequest( "test.json", "{}", @@ -249,8 +249,8 @@ func TestStoreFailedAdvisory(t *testing.T) { } defer os.RemoveAll(dir) - cfg := &config{Directory: dir} - fw := newForwarder(cfg) + cfg := &Config{Directory: dir} + fw := NewForwarder(cfg) badDir := filepath.Join(dir, failedForwardDir) if err := os.WriteFile(badDir, []byte("test"), 0664); err != nil { @@ -302,8 +302,8 @@ func TestStoredFailed(t *testing.T) { lg := slog.New(h) slog.SetDefault(lg) - cfg := &config{Directory: dir} - fw := newForwarder(cfg) + cfg := &Config{Directory: dir} + fw := NewForwarder(cfg) // An empty filename should lead to an error. fw.storeFailed("", "{}", "256", "512") @@ -386,11 +386,11 @@ func TestForwarderForward(t *testing.T) { lg := slog.New(h) slog.SetDefault(lg) - cfg := &config{ + cfg := &Config{ ForwardURL: "http://example.com", Directory: dir, } - fw := newForwarder(cfg) + fw := NewForwarder(cfg) // Use the fact that http client is cached. fw.client = &fakeClient{} @@ -399,7 +399,7 @@ func TestForwarderForward(t *testing.T) { go func() { defer close(done) - fw.run() + fw.Run() }() // Iterate through states of http client. @@ -413,7 +413,7 @@ func TestForwarderForward(t *testing.T) { // Make buildRequest fail. wait := make(chan struct{}) - fw.cmds <- func(f *forwarder) { + fw.cmds <- func(f *Forwarder) { f.cfg.ForwardURL = "%" close(wait) } @@ -424,7 +424,7 @@ func TestForwarderForward(t *testing.T) { "256", "512") - fw.close() + fw.Close() <-done } diff --git a/cmd/csaf_downloader/main.go b/cmd/csaf_downloader/main/main.go similarity index 69% rename from cmd/csaf_downloader/main.go rename to cmd/csaf_downloader/main/main.go index daff1633..659580ce 100644 --- a/cmd/csaf_downloader/main.go +++ b/cmd/csaf_downloader/main/main.go @@ -16,15 +16,16 @@ import ( "golang.org/x/exp/slog" + "github.com/csaf-poc/csaf_distribution/v3/cmd/csaf_downloader" "github.com/csaf-poc/csaf_distribution/v3/internal/options" ) -func run(cfg *config, domains []string) error { - d, err := newDownloader(cfg) +func run(cfg *csaf_downloader.Config, domains []string) error { + d, err := csaf_downloader.NewDownloader(cfg) if err != nil { return err } - defer d.close() + defer d.Close() ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -32,23 +33,23 @@ func run(cfg *config, domains []string) error { defer stop() if cfg.ForwardURL != "" { - f := newForwarder(cfg) - go f.run() + f := csaf_downloader.NewForwarder(cfg) + go f.Run() defer func() { - f.log() - f.close() + f.Log() + f.Close() }() - d.forwarder = f + d.Forwarder = f } - return d.run(ctx, domains) + return d.Run(ctx, domains) } func main() { - domains, cfg, err := parseArgsConfig() + domains, cfg, err := csaf_downloader.ParseArgsConfig() options.ErrorCheck(err) - options.ErrorCheck(cfg.prepare()) + options.ErrorCheck(cfg.Prepare()) if len(domains) == 0 { slog.Warn("No domains given.") diff --git a/cmd/csaf_downloader/stats.go b/cmd/csaf_downloader/stats.go index 237420aa..d8c9e154 100644 --- a/cmd/csaf_downloader/stats.go +++ b/cmd/csaf_downloader/stats.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2023 Intevation GmbH -package main +package csaf_downloader import "golang.org/x/exp/slog" diff --git a/cmd/csaf_downloader/stats_test.go b/cmd/csaf_downloader/stats_test.go index b3ab9142..822c7cb9 100644 --- a/cmd/csaf_downloader/stats_test.go +++ b/cmd/csaf_downloader/stats_test.go @@ -6,7 +6,7 @@ // SPDX-FileCopyrightText: 2023 German Federal Office for Information Security (BSI) // Software-Engineering: 2023 Intevation GmbH -package main +package csaf_downloader import ( "bytes" From fac687d724c201106a232559f0dd40ad843684b5 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Mon, 8 Apr 2024 13:13:47 +0200 Subject: [PATCH 05/55] forward csafs optionally via channel this allows us to use the downloaded csafs directly within go code --- cmd/csaf_downloader/config.go | 2 ++ cmd/csaf_downloader/downloader.go | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index e48c591d..7db4123d 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -78,6 +78,8 @@ type Config struct { clientCerts []tls.Certificate ignorePattern filter.PatternMatcher + + ForwardChannel bool // forward the csafs via a channel (is not meant to be set via command line) } // configPaths are the potential file locations of the config file. diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index 5d4ba111..b7beff56 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -47,6 +47,7 @@ type Downloader struct { mkdirMu sync.Mutex statsMu sync.Mutex stats stats + Csafs chan []byte } // failedValidationDir is the name of the sub folder @@ -76,6 +77,7 @@ func NewDownloader(cfg *Config) (*Downloader, error) { cfg: cfg, eval: util.NewPathEval(), validator: validator, + Csafs: make(chan []byte), }, nil } @@ -84,6 +86,7 @@ func (d *Downloader) Close() { d.validator.Close() d.validator = nil } + close(d.Csafs) } // addStats add stats to total stats @@ -614,6 +617,10 @@ nextAdvisory: string(s512Data)) } + if d.cfg.ForwardChannel { + d.Csafs <- data.Bytes() + } + if d.cfg.NoStore { // Do not write locally. if valStatus == validValidationStatus { From c15d067d2e6a9cc6d36df6500191ab88eb19cda1 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Wed, 3 Apr 2024 15:51:18 +0200 Subject: [PATCH 06/55] use specific error types in processing instead of just logging an error we return it as well via the error channel, so that all issues are contained in the error returned in the end --- cmd/csaf_downloader/downloader.go | 30 +++++++- csaf/advisories.go | 59 +++++++++++++--- go.mod | 4 ++ go.sum | 5 ++ pkg/errs/errors.go | 112 ++++++++++++++++++++++++++++++ pkg/errs/errors_test.go | 54 ++++++++++++++ 6 files changed, 251 insertions(+), 13 deletions(-) create mode 100644 pkg/errs/errors.go create mode 100644 pkg/errs/errors_test.go diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index b7beff56..e5591d9d 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -15,7 +15,6 @@ import ( "crypto/sha512" "crypto/tls" "encoding/json" - "errors" "fmt" "hash" "io" @@ -35,6 +34,7 @@ import ( "golang.org/x/time/rate" "github.com/csaf-poc/csaf_distribution/v3/csaf" + csafErrs "github.com/csaf-poc/csaf_distribution/v3/pkg/errs" "github.com/csaf-poc/csaf_distribution/v3/util" ) @@ -264,7 +264,10 @@ allFiles: close(errorCh) <-errDone - return errors.Join(errs...) + if len(errs) > 0 { + return &csafErrs.CompositeErrCsafDownload{Errs: errs} + } + return nil } func (d *Downloader) loadOpenPGPKeys( @@ -431,6 +434,7 @@ nextAdvisory: filename := filepath.Base(u.Path) if !util.ConformingFileName(filename) { stats.filenameFailed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF has non conforming filename ", filename)} slog.Warn("Ignoring none conforming filename", "filename", filename) continue @@ -439,6 +443,7 @@ nextAdvisory: resp, err := client.Get(file.URL()) if err != nil { stats.downloadFailed++ + errorCh <- csafErrs.ErrNetwork{Message: fmt.Sprint("can't retrieve CSAF document ", filename, " from URL", file.URL(), ":", err)} slog.Warn("Cannot GET", "url", file.URL(), "error", err) @@ -446,6 +451,16 @@ nextAdvisory: } if resp.StatusCode != http.StatusOK { + switch { + case resp.StatusCode == http.StatusUnauthorized: + errorCh <- csafErrs.ErrInvalidCredentials{Message: fmt.Sprint("invalid credentials to retrieve CSAF document ", filename, " at URL ", file.URL(), ": ", resp.Status)} + case resp.StatusCode == http.StatusNotFound: + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("could not find CSAF document '", filename, "' listed in table of content at URL ", file.URL(), ": ", resp.Status)} + case resp.StatusCode >= 500: + errorCh <- fmt.Errorf("could not retrieve CSAF document %s at URL %s: %s %w", filename, file.URL(), resp.Status, csafErrs.ErrRetryable) // mark as retryable error + default: + errorCh <- fmt.Errorf("could not retrieve CSAF document %s at URL %s: %s", filename, file.URL(), resp.Status) + } stats.downloadFailed++ slog.Warn("Cannot load", "url", file.URL(), @@ -503,6 +518,7 @@ nextAdvisory: return json.NewDecoder(tee).Decode(&doc) }(); err != nil { stats.downloadFailed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF document ", filename, " at URL ", file.URL(), " is not valid json:", err)} slog.Warn("Downloading failed", "url", file.URL(), "error", err) @@ -513,6 +529,7 @@ nextAdvisory: s256Check := func() error { if s256 != nil && !bytes.Equal(s256.Sum(nil), remoteSHA256) { stats.sha256Failed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("SHA256 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} return fmt.Errorf("SHA256 checksum of %s does not match", file.URL()) } return nil @@ -521,6 +538,7 @@ nextAdvisory: s512Check := func() error { if s512 != nil && !bytes.Equal(s512.Sum(nil), remoteSHA512) { stats.sha512Failed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("SHA512 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} return fmt.Errorf("SHA512 checksum of %s does not match", file.URL()) } return nil @@ -543,6 +561,7 @@ nextAdvisory: if err := d.checkSignature(data.Bytes(), sign); err != nil { if !d.cfg.IgnoreSignatureCheck { stats.signatureFailed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("cannot verify signature for CSAF document ", filename, " at URL ", file.URL(), ": ", err)} return fmt.Errorf("cannot verify signature for %s: %v", file.URL(), err) } } @@ -554,6 +573,11 @@ nextAdvisory: schemaCheck := func() error { if errors, err := csaf.ValidateCSAF(doc); err != nil || len(errors) > 0 { stats.schemaFailed++ + if err != nil { + errorCh <- fmt.Errorf("schema validation for CSAF document %s failed: %w", filename, err) + } else { + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF document ", filename, " at URL ", file.URL(), " does not conform to JSON schema:", errors)} + } d.logValidationIssues(file.URL(), errors, err) return fmt.Errorf("schema validation for %q failed", file.URL()) } @@ -564,6 +588,7 @@ nextAdvisory: filenameCheck := func() error { if err := util.IDMatchesFilename(d.eval, doc, filename); err != nil { stats.filenameFailed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("invalid CSAF document ", filename, " at URL ", file.URL(), ":", err)} return fmt.Errorf("filename not conforming %s: %s", file.URL(), err) } return nil @@ -583,6 +608,7 @@ nextAdvisory: } if !rvr.Valid { stats.remoteFailed++ + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("remote validation of CSAF document ", filename, " at URL ", file.URL(), " failed")} return fmt.Errorf("remote validation of %q failed", file.URL()) } return nil diff --git a/csaf/advisories.go b/csaf/advisories.go index 5b856909..173bf80f 100644 --- a/csaf/advisories.go +++ b/csaf/advisories.go @@ -18,6 +18,7 @@ import ( "strings" "time" + "github.com/csaf-poc/csaf_distribution/v3/pkg/errs" "github.com/csaf-poc/csaf_distribution/v3/util" ) @@ -255,6 +256,7 @@ func (afp *AdvisoryFileProcessor) processROLIE( labeledFeeds []Feed, fn func(TLPLabel, []AdvisoryFile) error, ) error { + var feedErrs []error for i := range labeledFeeds { feed := &labeledFeeds[i] if feed.URL == nil { @@ -263,6 +265,7 @@ func (afp *AdvisoryFileProcessor) processROLIE( up, err := url.Parse(string(*feed.URL)) if err != nil { log.Printf("Invalid URL %s in feed: %v.", *feed.URL, err) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid feed URL", *feed.URL, ":", err)}) continue } feedURL := afp.base.ResolveReference(up) @@ -271,22 +274,37 @@ func (afp *AdvisoryFileProcessor) processROLIE( fb, err := util.BaseURL(feedURL) if err != nil { log.Printf("error: Invalid feed base URL '%s': %v\n", fb, err) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid feed base URL ", fb, ":", err)}) continue } feedBaseURL, err := url.Parse(fb) if err != nil { log.Printf("error: Cannot parse feed base URL '%s': %v\n", fb, err) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("cannot parse feed base URL ", fb, ":", err)}) continue } res, err := afp.client.Get(feedURL.String()) if err != nil { log.Printf("error: Cannot get feed '%s'\n", err) + feedErrs = append(feedErrs, errs.ErrNetwork{Message: fmt.Sprint("cannot get feed ", feedURL.String(), ":", err)}) continue } if res.StatusCode != http.StatusOK { log.Printf("error: Fetching %s failed. Status code %d (%s)", feedURL, res.StatusCode, res.Status) + switch { + case res.StatusCode == http.StatusUnauthorized: + feedErrs = append(feedErrs, errs.ErrInvalidCredentials{Message: fmt.Sprint("invalid credentials to retrieve ROLIE feed ", feedURL.String(), ": ", res.Status)}) + case res.StatusCode == http.StatusNotFound: + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("could not find ROLIE feed ", feedURL.String(), ": ", res.Status)}) + case res.StatusCode == http.StatusForbidden: + // user has insufficient permissions to access feed, no error + case res.StatusCode > 500: + feedErrs = append(feedErrs, fmt.Errorf("could not retrieve ROLIE feed %s: %s %w", feedURL.String(), res.Status, errs.ErrRetryable)) // mark error as retryable + default: + feedErrs = append(feedErrs, fmt.Errorf("could not retrieve ROLIE feed %s: %s", feedURL.String(), res.Status)) + } continue } rfeed, err := func() (*ROLIEFeed, error) { @@ -295,21 +313,22 @@ func (afp *AdvisoryFileProcessor) processROLIE( }() if err != nil { log.Printf("Loading ROLIE feed failed: %v.", err) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("ROLIE feed ", feedURL.String(), " is not valid JSON:", err)}) continue } var files []AdvisoryFile - resolve := func(u string) string { + resolve := func(u string) (string, error) { if u == "" { - return "" + return "", errs.ErrCsafProviderIssue{Message: "empty url in ROLIE feed to file"} } p, err := url.Parse(u) if err != nil { log.Printf("error: Invalid URL '%s': %v", u, err) - return "" + return "", errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid url in ROLIE feed to file", u, ":", err)} } - return feedBaseURL.ResolveReference(p).String() + return feedBaseURL.ResolveReference(p).String(), nil } rfeed.Entries(func(entry *Entry) { @@ -323,26 +342,41 @@ func (afp *AdvisoryFileProcessor) processROLIE( var self, sha256, sha512, sign string + var csafLinkExists bool for i := range entry.Link { link := &entry.Link[i] lower := strings.ToLower(link.HRef) switch link.Rel { case "self": - self = resolve(link.HRef) + csafLinkExists = true + self, err = resolve(link.HRef) + if err != nil { + feedErrs = append(feedErrs, err) + return + } case "signature": - sign = resolve(link.HRef) + sign, err = resolve(link.HRef) + if err != nil { + feedErrs = append(feedErrs, err) + } case "hash": switch { case strings.HasSuffix(lower, ".sha256"): - sha256 = resolve(link.HRef) + sha256, err = resolve(link.HRef) + if err != nil { + feedErrs = append(feedErrs, err) + } case strings.HasSuffix(lower, ".sha512"): - sha512 = resolve(link.HRef) + sha512, err = resolve(link.HRef) + if err != nil { + feedErrs = append(feedErrs, err) + } } } } - if self == "" { - return + if !csafLinkExists { + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("ROLIE feed ", feedURL.String(), " contains entry (ID '", entry.ID, "') without link to csaf document")}) } var file AdvisoryFile @@ -364,8 +398,11 @@ func (afp *AdvisoryFileProcessor) processROLIE( } if err := fn(label, files); err != nil { - return err + feedErrs = append(feedErrs, err) } } + if len(feedErrs) > 0 { + return &errs.CompositeErrRolieFeed{Errs: feedErrs} + } return nil } diff --git a/go.mod b/go.mod index 469c8a3a..7c0cc2bb 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,7 @@ require ( github.com/jessevdk/go-flags v1.5.0 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 + github.com/stretchr/testify v1.8.1 go.etcd.io/bbolt v1.3.8 golang.org/x/crypto v0.14.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa @@ -24,9 +25,12 @@ require ( github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect github.com/cloudflare/circl v1.3.6 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.14.0 // indirect golang.org/x/text v0.13.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 3a101d4e..c03cbd24 100644 --- a/go.sum +++ b/go.sum @@ -40,8 +40,13 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPO github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= diff --git a/pkg/errs/errors.go b/pkg/errs/errors.go new file mode 100644 index 00000000..fa59c270 --- /dev/null +++ b/pkg/errs/errors.go @@ -0,0 +1,112 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT + +package errs + +import ( + "errors" + "strings" +) + +// ErrNetwork indicates a network level error +type ErrNetwork struct { + Message string +} + +func (e ErrNetwork) Error() string { + return e.Message +} + +// ErrInvalidCsaf notifies about an invalid csaf document (can only be fixed by the CSAF Source/Provider) +type ErrInvalidCsaf struct { + Message string +} + +func (e ErrInvalidCsaf) Error() string { + return e.Message +} + +// ErrCsafProviderIssue is an error which is not related directly the contents of a csaf document and can be only fixed by the CSAF Source/Provider +type ErrCsafProviderIssue struct { + Message string +} + +func (e ErrCsafProviderIssue) Error() string { + return e.Message +} + +type ErrInvalidCredentials struct { + Message string +} + +func (e ErrInvalidCredentials) Error() string { + return e.Message +} + +var ErrRetryable = errors.New("(retryable error)") + +// CompositeErrRolieFeed holds an array of errors which encountered during processing rolie feeds +type CompositeErrRolieFeed struct { + Errs []error +} + +func (e *CompositeErrRolieFeed) Error() string { + if len(e.Errs) == 0 { + return "empty CompositeErrRolieFeed" + } + + messages := make([]string, 0, len(e.Errs)) + for _, e := range e.Errs { + messages = append(messages, e.Error()) + } + return strings.Join(messages, "\n") +} + +func (e *CompositeErrRolieFeed) Unwrap() []error { + return e.Errs +} + +// CompositeErrCsafDownload holds an array of errors which encountered during the actual csaf download +type CompositeErrCsafDownload struct { + Errs []error +} + +func (e *CompositeErrCsafDownload) Error() string { + if len(e.Errs) == 0 { + return "empty CompositeErrCsafDownload" + } + + messages := make([]string, 0, len(e.Errs)) + for _, e := range e.Errs { + messages = append(messages, e.Error()) + } + return strings.Join(messages, "\n") +} + +func (e *CompositeErrCsafDownload) Unwrap() []error { + return e.Errs +} + +// FlattenError flattens out all composite errors (note: discards the errors wrapped around [CompositeErrRolieFeed] or [CompositeErrCsafDownload]) +// The assumed structure is CompositeErrRolieFeed{Errs: []error{...,CompositeErrCsafDownload,...,CompositeErrCsafDownload,...}}. +func FlattenError(err error) (flattenedErrors []error) { + var rolieErrs *CompositeErrRolieFeed + if errors.As(err, &rolieErrs) { + for _, rolieErr := range rolieErrs.Unwrap() { + var csafDlErrs *CompositeErrCsafDownload + if errors.As(rolieErr, &csafDlErrs) { + for _, csafDlErr := range csafDlErrs.Unwrap() { + flattenedErrors = append(flattenedErrors, csafDlErr) + } + } else { + flattenedErrors = append(flattenedErrors, rolieErr) + } + } + } else { + flattenedErrors = []error{err} + } + + return flattenedErrors +} diff --git a/pkg/errs/errors_test.go b/pkg/errs/errors_test.go new file mode 100644 index 00000000..1bb03b0b --- /dev/null +++ b/pkg/errs/errors_test.go @@ -0,0 +1,54 @@ +// This file is Free Software under the MIT License +// without warranty, see README.md and LICENSES/MIT.txt for details. +// +// SPDX-License-Identifier: MIT + +package errs + +import ( + "errors" + "fmt" + "slices" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestFlattenError(t *testing.T) { + + t.Run("flatten (only) composite errors defined in this package", func(t *testing.T) { + csafDownloadErrsFlat := []error{ + fmt.Errorf("error containing several errors 1: %w 2: %w", errors.New("nested err 1"), errors.New("nested err 2")), errors.New("nested err 2"), + errors.Join(errors.New("nested err in join 1"), errors.New("nested err in join 2")), + errors.New("single error 1"), + errors.New("single error 2"), + } + + compositeErrCsafDownload := &CompositeErrCsafDownload{Errs: csafDownloadErrsFlat} + + singleRolieFeedErrs := []error{ + errors.New("single error rolie feed 1"), + errors.New("single error rolie feed 2"), + } + + rolieFeedCompositeErr := CompositeErrRolieFeed{ + Errs: append( + singleRolieFeedErrs, + fmt.Errorf("issues during downloader of rolie: %w", compositeErrCsafDownload), + compositeErrCsafDownload, + ), + } + wantFlattenedErrors := slices.Concat(singleRolieFeedErrs, csafDownloadErrsFlat, csafDownloadErrsFlat) + + gotFlattenedErrors := FlattenError(fmt.Errorf("wrap rolie feed composite err: %w", &rolieFeedCompositeErr)) + + assert.ElementsMatch(t, wantFlattenedErrors, gotFlattenedErrors) + }) + + t.Run("single error is returned as is", func(t *testing.T) { + err := errors.Join(errors.New("nested err in join 1"), errors.New("nested err in join 2")) + wantFlattenedErrors := []error{err} + gotFlattenedErrors := FlattenError(err) + assert.ElementsMatch(t, wantFlattenedErrors, gotFlattenedErrors) + }) +} From cea568304bec5dd2cac042ab275fa9579a0089f3 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 12 Apr 2024 13:47:58 +0200 Subject: [PATCH 07/55] switch from invalid csaf to provider issue error on failed signature or hash check --- cmd/csaf_downloader/downloader.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index e5591d9d..e4df855d 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -529,7 +529,7 @@ nextAdvisory: s256Check := func() error { if s256 != nil && !bytes.Equal(s256.Sum(nil), remoteSHA256) { stats.sha256Failed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("SHA256 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("SHA256 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} return fmt.Errorf("SHA256 checksum of %s does not match", file.URL()) } return nil @@ -538,7 +538,7 @@ nextAdvisory: s512Check := func() error { if s512 != nil && !bytes.Equal(s512.Sum(nil), remoteSHA512) { stats.sha512Failed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("SHA512 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("SHA512 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} return fmt.Errorf("SHA512 checksum of %s does not match", file.URL()) } return nil @@ -561,7 +561,7 @@ nextAdvisory: if err := d.checkSignature(data.Bytes(), sign); err != nil { if !d.cfg.IgnoreSignatureCheck { stats.signatureFailed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("cannot verify signature for CSAF document ", filename, " at URL ", file.URL(), ": ", err)} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("cannot verify signature for CSAF document ", filename, " at URL ", file.URL(), ": ", err)} return fmt.Errorf("cannot verify signature for %s: %v", file.URL(), err) } } From 1d81a1ed142d31a858feb006b5b28458c2c85373 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 4 Apr 2024 18:37:30 +0200 Subject: [PATCH 08/55] export `ClientCerts` in config --- cmd/csaf_downloader/config.go | 4 ++-- cmd/csaf_downloader/downloader.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 7db4123d..fe41497f 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -76,7 +76,7 @@ type Config struct { Config string `short:"c" long:"config" description:"Path to config TOML file" value-name:"TOML-FILE" toml:"-"` - clientCerts []tls.Certificate + ClientCerts []tls.Certificate ignorePattern filter.PatternMatcher ForwardChannel bool // forward the csafs via a channel (is not meant to be set via command line) @@ -248,7 +248,7 @@ func (cfg *Config) prepareCertificates() error { if err != nil { return err } - cfg.clientCerts = cert + cfg.ClientCerts = cert return nil } diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index e4df855d..bf965a92 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -121,8 +121,8 @@ func (d *Downloader) httpClient() util.Client { tlsConfig.InsecureSkipVerify = true } - if len(d.cfg.clientCerts) != 0 { - tlsConfig.Certificates = d.cfg.clientCerts + if len(d.cfg.ClientCerts) != 0 { + tlsConfig.Certificates = d.cfg.ClientCerts } hClient.Transport = &http.Transport{ From 8fb9d1971a85a800c8010b79292fcb0aa212d339 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 4 Apr 2024 19:03:27 +0200 Subject: [PATCH 09/55] move `models` package from `internal` to `pkg` (make TimeRange accessible) --- cmd/csaf_aggregator/config.go | 2 +- cmd/csaf_checker/config.go | 2 +- cmd/csaf_checker/report.go | 2 +- cmd/csaf_downloader/config.go | 2 +- {internal => pkg}/models/models.go | 0 {internal => pkg}/models/models_test.go | 0 6 files changed, 4 insertions(+), 4 deletions(-) rename {internal => pkg}/models/models.go (100%) rename {internal => pkg}/models/models_test.go (100%) diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go index edb1fd95..b9a838d8 100644 --- a/cmd/csaf_aggregator/config.go +++ b/cmd/csaf_aggregator/config.go @@ -23,8 +23,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/csaf" "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/models" "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/models" "github.com/csaf-poc/csaf_distribution/v3/util" "golang.org/x/time/rate" ) diff --git a/cmd/csaf_checker/config.go b/cmd/csaf_checker/config.go index 35024431..588a72ca 100644 --- a/cmd/csaf_checker/config.go +++ b/cmd/csaf_checker/config.go @@ -15,8 +15,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/models" "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/models" ) type outputFormat string diff --git a/cmd/csaf_checker/report.go b/cmd/csaf_checker/report.go index 2b53bb27..8c652120 100644 --- a/cmd/csaf_checker/report.go +++ b/cmd/csaf_checker/report.go @@ -19,7 +19,7 @@ import ( "time" "github.com/csaf-poc/csaf_distribution/v3/csaf" - "github.com/csaf-poc/csaf_distribution/v3/internal/models" + "github.com/csaf-poc/csaf_distribution/v3/pkg/models" ) // MessageType is the kind of the message. diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index fe41497f..080897a1 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -22,8 +22,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/models" "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/models" ) const ( diff --git a/internal/models/models.go b/pkg/models/models.go similarity index 100% rename from internal/models/models.go rename to pkg/models/models.go diff --git a/internal/models/models_test.go b/pkg/models/models_test.go similarity index 100% rename from internal/models/models_test.go rename to pkg/models/models_test.go From 5934c78aaaa505d9538e00646a5a5129d241aa32 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 4 Apr 2024 19:14:57 +0200 Subject: [PATCH 10/55] export `ValidationMode` and its constants --- cmd/csaf_downloader/config.go | 24 ++++++++++++------------ cmd/csaf_downloader/downloader.go | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 080897a1..1f150855 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -30,16 +30,16 @@ const ( defaultWorker = 2 defaultPreset = "mandatory" defaultForwardQueue = 5 - defaultValidationMode = validationStrict + defaultValidationMode = ValidationStrict defaultLogFile = "downloader.log" defaultLogLevel = slog.LevelInfo ) -type validationMode string +type ValidationMode string const ( - validationStrict = validationMode("strict") - validationUnsafe = validationMode("unsafe") + ValidationStrict = ValidationMode("strict") + ValidationUnsafe = ValidationMode("unsafe") ) type Config struct { @@ -63,7 +63,7 @@ type Config struct { RemoteValidatorPresets []string `long:"validator_preset" description:"One or more PRESETS to validate remotely" value-name:"PRESETS" toml:"validator_preset"` //lint:ignore SA5008 We are using choice twice: strict, unsafe. - ValidationMode validationMode `long:"validation_mode" short:"m" choice:"strict" choice:"unsafe" value-name:"MODE" description:"MODE how strict the validation is" toml:"validation_mode"` + ValidationMode ValidationMode `long:"validation_mode" short:"m" choice:"strict" choice:"unsafe" value-name:"MODE" description:"MODE how strict the validation is" toml:"validation_mode"` ForwardURL string `long:"forward_url" description:"URL of HTTP endpoint to forward downloads to" value-name:"URL" toml:"forward_url"` ForwardHeader http.Header `long:"forward_header" description:"One or more extra HTTP header fields used by forwarding" toml:"forward_header"` @@ -117,9 +117,9 @@ func ParseArgsConfig() ([]string, *Config, error) { cfg.RemoteValidatorPresets = []string{defaultPreset} } switch cfg.ValidationMode { - case validationStrict, validationUnsafe: + case ValidationStrict, ValidationUnsafe: default: - cfg.ValidationMode = validationStrict + cfg.ValidationMode = ValidationStrict } if cfg.LogFile == nil { cfg.LogFile = &logFile @@ -133,9 +133,9 @@ func ParseArgsConfig() ([]string, *Config, error) { } // UnmarshalText implements [encoding.TextUnmarshaler]. -func (vm *validationMode) UnmarshalText(text []byte) error { - switch m := validationMode(text); m { - case validationStrict, validationUnsafe: +func (vm *ValidationMode) UnmarshalText(text []byte) error { + switch m := ValidationMode(text); m { + case ValidationStrict, ValidationUnsafe: *vm = m default: return fmt.Errorf(`invalid value %q (expected "strict" or "unsafe)"`, m) @@ -144,8 +144,8 @@ func (vm *validationMode) UnmarshalText(text []byte) error { } // UnmarshalFlag implements [flags.UnmarshalFlag]. -func (vm *validationMode) UnmarshalFlag(value string) error { - var v validationMode +func (vm *ValidationMode) UnmarshalFlag(value string) error { + var v ValidationMode if err := v.UnmarshalText([]byte(value)); err != nil { return err } diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index bf965a92..be7ea42f 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -627,7 +627,7 @@ nextAdvisory: if err := check(); err != nil { slog.Error("Validation check failed", "error", err) valStatus.update(invalidValidationStatus) - if d.cfg.ValidationMode == validationStrict { + if d.cfg.ValidationMode == ValidationStrict { continue nextAdvisory } } From c5a81da2e6638902517bd98d72885fcc7fcef788 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 5 Apr 2024 15:14:15 +0200 Subject: [PATCH 11/55] move `options` package from folder `internal` to `pkg` (for log level) --- cmd/csaf_aggregator/config.go | 2 +- cmd/csaf_aggregator/main.go | 2 +- cmd/csaf_checker/config.go | 2 +- cmd/csaf_checker/main.go | 2 +- cmd/csaf_downloader/config.go | 2 +- cmd/csaf_downloader/forwarder_test.go | 2 +- cmd/csaf_downloader/main/main.go | 2 +- cmd/csaf_uploader/config.go | 2 +- cmd/csaf_uploader/main.go | 2 +- {internal => pkg}/options/data/config.toml | 0 {internal => pkg}/options/data/config_plus.toml | 0 {internal => pkg}/options/data/empty.toml | 0 {internal => pkg}/options/log.go | 0 {internal => pkg}/options/log_test.go | 0 {internal => pkg}/options/options.go | 0 {internal => pkg}/options/options_test.go | 0 16 files changed, 9 insertions(+), 9 deletions(-) rename {internal => pkg}/options/data/config.toml (100%) rename {internal => pkg}/options/data/config_plus.toml (100%) rename {internal => pkg}/options/data/empty.toml (100%) rename {internal => pkg}/options/log.go (100%) rename {internal => pkg}/options/log_test.go (100%) rename {internal => pkg}/options/options.go (100%) rename {internal => pkg}/options/options_test.go (100%) diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go index b9a838d8..57a619d7 100644 --- a/cmd/csaf_aggregator/config.go +++ b/cmd/csaf_aggregator/config.go @@ -23,8 +23,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/csaf" "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" "github.com/csaf-poc/csaf_distribution/v3/pkg/models" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" "github.com/csaf-poc/csaf_distribution/v3/util" "golang.org/x/time/rate" ) diff --git a/cmd/csaf_aggregator/main.go b/cmd/csaf_aggregator/main.go index 74a9670c..6a85fe2f 100644 --- a/cmd/csaf_aggregator/main.go +++ b/cmd/csaf_aggregator/main.go @@ -14,7 +14,7 @@ import ( "os" "path/filepath" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" "github.com/gofrs/flock" ) diff --git a/cmd/csaf_checker/config.go b/cmd/csaf_checker/config.go index 588a72ca..25d0ab4a 100644 --- a/cmd/csaf_checker/config.go +++ b/cmd/csaf_checker/config.go @@ -15,8 +15,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" "github.com/csaf-poc/csaf_distribution/v3/pkg/models" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" ) type outputFormat string diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go index 73a5cce9..e636ab93 100644 --- a/cmd/csaf_checker/main.go +++ b/cmd/csaf_checker/main.go @@ -12,7 +12,7 @@ package main import ( "log" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" ) // run uses a processor to check all the given domains or direct urls diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index 1f150855..ec1349fa 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -22,8 +22,8 @@ import ( "github.com/csaf-poc/csaf_distribution/v3/internal/certs" "github.com/csaf-poc/csaf_distribution/v3/internal/filter" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" "github.com/csaf-poc/csaf_distribution/v3/pkg/models" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" ) const ( diff --git a/cmd/csaf_downloader/forwarder_test.go b/cmd/csaf_downloader/forwarder_test.go index 624bd933..2cd0a430 100644 --- a/cmd/csaf_downloader/forwarder_test.go +++ b/cmd/csaf_downloader/forwarder_test.go @@ -24,7 +24,7 @@ import ( "golang.org/x/exp/slog" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" "github.com/csaf-poc/csaf_distribution/v3/util" ) diff --git a/cmd/csaf_downloader/main/main.go b/cmd/csaf_downloader/main/main.go index 659580ce..19f70e26 100644 --- a/cmd/csaf_downloader/main/main.go +++ b/cmd/csaf_downloader/main/main.go @@ -17,7 +17,7 @@ import ( "golang.org/x/exp/slog" "github.com/csaf-poc/csaf_distribution/v3/cmd/csaf_downloader" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" ) func run(cfg *csaf_downloader.Config, domains []string) error { diff --git a/cmd/csaf_uploader/config.go b/cmd/csaf_uploader/config.go index 55438136..279e4af1 100644 --- a/cmd/csaf_uploader/config.go +++ b/cmd/csaf_uploader/config.go @@ -19,7 +19,7 @@ import ( "golang.org/x/term" "github.com/csaf-poc/csaf_distribution/v3/internal/certs" - "github.com/csaf-poc/csaf_distribution/v3/internal/options" + "github.com/csaf-poc/csaf_distribution/v3/pkg/options" ) const ( diff --git a/cmd/csaf_uploader/main.go b/cmd/csaf_uploader/main.go index 1546099f..4100d681 100644 --- a/cmd/csaf_uploader/main.go +++ b/cmd/csaf_uploader/main.go @@ -9,7 +9,7 @@ // Implements a command line tool that uploads csaf documents to csaf_provider. package main -import "github.com/csaf-poc/csaf_distribution/v3/internal/options" +import "github.com/csaf-poc/csaf_distribution/v3/pkg/options" func main() { args, cfg, err := parseArgsConfig() diff --git a/internal/options/data/config.toml b/pkg/options/data/config.toml similarity index 100% rename from internal/options/data/config.toml rename to pkg/options/data/config.toml diff --git a/internal/options/data/config_plus.toml b/pkg/options/data/config_plus.toml similarity index 100% rename from internal/options/data/config_plus.toml rename to pkg/options/data/config_plus.toml diff --git a/internal/options/data/empty.toml b/pkg/options/data/empty.toml similarity index 100% rename from internal/options/data/empty.toml rename to pkg/options/data/empty.toml diff --git a/internal/options/log.go b/pkg/options/log.go similarity index 100% rename from internal/options/log.go rename to pkg/options/log.go diff --git a/internal/options/log_test.go b/pkg/options/log_test.go similarity index 100% rename from internal/options/log_test.go rename to pkg/options/log_test.go diff --git a/internal/options/options.go b/pkg/options/options.go similarity index 100% rename from internal/options/options.go rename to pkg/options/options.go diff --git a/internal/options/options_test.go b/pkg/options/options_test.go similarity index 100% rename from internal/options/options_test.go rename to pkg/options/options_test.go From 39d2765e71f4e4b448c15ae2473638b0f36a3596 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 5 Apr 2024 19:28:58 +0200 Subject: [PATCH 12/55] make `prepareLogging` public --- cmd/csaf_downloader/config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/csaf_downloader/config.go b/cmd/csaf_downloader/config.go index ec1349fa..3a25cbcd 100644 --- a/cmd/csaf_downloader/config.go +++ b/cmd/csaf_downloader/config.go @@ -198,8 +198,8 @@ func dropSubSeconds(_ []string, a slog.Attr) slog.Attr { return a } -// prepareLogging sets up the structured logging. -func (cfg *Config) prepareLogging() error { +// PrepareLogging sets up the structured logging. +func (cfg *Config) PrepareLogging() error { var w io.Writer if cfg.LogFile == nil || *cfg.LogFile == "" { log.Println("using STDERR for logging") @@ -256,7 +256,7 @@ func (cfg *Config) prepareCertificates() error { func (cfg *Config) Prepare() error { for _, prepare := range []func(*Config) error{ (*Config).prepareDirectory, - (*Config).prepareLogging, + (*Config).PrepareLogging, (*Config).prepareCertificates, (*Config).compileIgnorePatterns, } { From 237e91e99265083f86cc5d3adc5d5b330adfe8f5 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 15:20:27 +0200 Subject: [PATCH 13/55] remove golint workflow --- .github/workflows/go.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0451f18f..c2a0cb9c 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -29,9 +29,6 @@ jobs: with: gofmt-flags: "-l -d" - - name: golint - uses: Jerome1337/golint-action@v1.0.2 - - name: Revive Action uses: morphy2k/revive-action@v2.5.1 From b73ee77ccba2f2ec75a9f14ec2216a1c2dc3b06a Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 15:21:21 +0200 Subject: [PATCH 14/55] update to go `1.22.1` --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7c0cc2bb..dcea1daf 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/csaf-poc/csaf_distribution/v3 -go 1.20 +go 1.22.1 require ( github.com/BurntSushi/toml v1.3.2 From b9d2b782d9b3eeb95f9f59f15283b1e72ec9f96b Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 16 Apr 2024 15:22:40 +0200 Subject: [PATCH 15/55] remove go legacy workflow --- .github/workflows/go_legacy.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 .github/workflows/go_legacy.yml diff --git a/.github/workflows/go_legacy.yml b/.github/workflows/go_legacy.yml deleted file mode 100644 index cb97c37a..00000000 --- a/.github/workflows/go_legacy.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Go - -on: - push: - branches: - - main - pull_request: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: 'oldstable' - - - name: Build - run: go build -v ./cmd/... - - - name: Tests - run: go test -v ./... From 21b0eab65f385d80f40e973a754ae26bd178ff7b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Apr 2024 11:10:39 +0000 Subject: [PATCH 16/55] Bump the go-modules group with 13 updates Bumps the go-modules group with 13 updates: | Package | From | To | | --- | --- | --- | | [github.com/ProtonMail/gopenpgp/v2](https://github.com/ProtonMail/gopenpgp) | `2.7.4` | `2.7.5` | | [github.com/PuerkitoBio/goquery](https://github.com/PuerkitoBio/goquery) | `1.8.1` | `1.9.1` | | [github.com/stretchr/testify](https://github.com/stretchr/testify) | `1.8.1` | `1.9.0` | | [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) | `1.3.8` | `1.3.9` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.14.0` | `0.19.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.13.0` | `0.17.0` | | [golang.org/x/time](https://github.com/golang/time) | `0.3.0` | `0.5.0` | | [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto) | `0.0.0-20230923063757-afb1ddc0824c` | `1.1.0-alpha.2` | | [github.com/cloudflare/circl](https://github.com/cloudflare/circl) | `1.3.6` | `1.3.7` | | [github.com/shopspring/decimal](https://github.com/shopspring/decimal) | `1.3.1` | `1.4.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.17.0` | `0.21.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.14.0` | `0.17.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.13.0` | `0.14.0` | Updates `github.com/ProtonMail/gopenpgp/v2` from 2.7.4 to 2.7.5 - [Release notes](https://github.com/ProtonMail/gopenpgp/releases) - [Changelog](https://github.com/ProtonMail/gopenpgp/blob/main/CHANGELOG.md) - [Commits](https://github.com/ProtonMail/gopenpgp/compare/v2.7.4...v2.7.5) Updates `github.com/PuerkitoBio/goquery` from 1.8.1 to 1.9.1 - [Release notes](https://github.com/PuerkitoBio/goquery/releases) - [Commits](https://github.com/PuerkitoBio/goquery/compare/v1.8.1...v1.9.1) Updates `github.com/stretchr/testify` from 1.8.1 to 1.9.0 - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.9.0) Updates `go.etcd.io/bbolt` from 1.3.8 to 1.3.9 - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.8...v1.3.9) Updates `golang.org/x/crypto` from 0.14.0 to 0.19.0 - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.19.0) Updates `golang.org/x/term` from 0.13.0 to 0.17.0 - [Commits](https://github.com/golang/term/compare/v0.13.0...v0.17.0) Updates `golang.org/x/time` from 0.3.0 to 0.5.0 - [Commits](https://github.com/golang/time/compare/v0.3.0...v0.5.0) Updates `github.com/ProtonMail/go-crypto` from 0.0.0-20230923063757-afb1ddc0824c to 1.1.0-alpha.2 - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](https://github.com/ProtonMail/go-crypto/commits/v1.1.0-alpha.2) Updates `github.com/cloudflare/circl` from 1.3.6 to 1.3.7 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7) Updates `github.com/shopspring/decimal` from 1.3.1 to 1.4.0 - [Release notes](https://github.com/shopspring/decimal/releases) - [Changelog](https://github.com/shopspring/decimal/blob/master/CHANGELOG.md) - [Commits](https://github.com/shopspring/decimal/compare/v1.3.1...v1.4.0) Updates `golang.org/x/net` from 0.17.0 to 0.21.0 - [Commits](https://github.com/golang/net/compare/v0.17.0...v0.21.0) Updates `golang.org/x/sys` from 0.14.0 to 0.17.0 - [Commits](https://github.com/golang/sys/compare/v0.14.0...v0.17.0) Updates `golang.org/x/text` from 0.13.0 to 0.14.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/ProtonMail/gopenpgp/v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/PuerkitoBio/goquery dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/time dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/ProtonMail/go-crypto dependency-type: indirect update-type: version-update:semver-major dependency-group: go-modules - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/shopspring/decimal dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 26 ++++++++++++------------ go.sum | 62 ++++++++++++++++++++++++++-------------------------------- 2 files changed, 41 insertions(+), 47 deletions(-) diff --git a/go.mod b/go.mod index dcea1daf..829d90a6 100644 --- a/go.mod +++ b/go.mod @@ -6,31 +6,31 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/Intevation/gval v1.3.0 github.com/Intevation/jsonpath v0.2.1 - github.com/ProtonMail/gopenpgp/v2 v2.7.4 - github.com/PuerkitoBio/goquery v1.8.1 + github.com/ProtonMail/gopenpgp/v2 v2.7.5 + github.com/PuerkitoBio/goquery v1.9.1 github.com/gofrs/flock v0.8.1 github.com/jessevdk/go-flags v1.5.0 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 - github.com/stretchr/testify v1.8.1 - go.etcd.io/bbolt v1.3.8 - golang.org/x/crypto v0.14.0 + github.com/stretchr/testify v1.9.0 + go.etcd.io/bbolt v1.3.9 + golang.org/x/crypto v0.19.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - golang.org/x/term v0.13.0 - golang.org/x/time v0.3.0 + golang.org/x/term v0.17.0 + golang.org/x/time v0.5.0 ) require ( - github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect - github.com/cloudflare/circl v1.3.6 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/shopspring/decimal v1.3.1 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.14.0 // indirect - golang.org/x/text v0.13.0 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/text v0.14.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index c03cbd24..1300f6f5 100644 --- a/go.sum +++ b/go.sum @@ -5,21 +5,20 @@ github.com/Intevation/gval v1.3.0/go.mod h1:xmGyGpP5be12EL0P12h+dqiYG8qn2j3PJxIg github.com/Intevation/jsonpath v0.2.1 h1:rINNQJ0Pts5XTFEG+zamtdL7l9uuE1z0FBA+r55Sw+A= github.com/Intevation/jsonpath v0.2.1/go.mod h1:WnZ8weMmwAx/fAO3SutjYFU+v7DFreNYnibV7CiaYIw= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= -github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/gopenpgp/v2 v2.7.4 h1:Vz/8+HViFFnf2A6XX8JOvZMrA6F5puwNvvF21O1mRlo= -github.com/ProtonMail/gopenpgp/v2 v2.7.4/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= -github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM= -github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ= -github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= +github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= +github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= +github.com/PuerkitoBio/goquery v1.9.1 h1:mTL6XjbJTZdpfL+Gwl5U2h1l9yEkJjhmlTeV9VPW7UI= +github.com/PuerkitoBio/goquery v1.9.1/go.mod h1:cW1n6TmIMDoORQU5IU/P1T3tGFunOeXEpGP2WHRwkbY= github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss= github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= -github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -37,47 +36,43 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= -go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= +go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= +golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -86,28 +81,27 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= From b4d1262bed287209871da9ad44203d58fe213391 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Wed, 17 Apr 2024 13:51:57 +0200 Subject: [PATCH 17/55] fix: update to go `1.22.2` due to vulnerabilities in go std library --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 829d90a6..f0d15141 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/csaf-poc/csaf_distribution/v3 -go 1.22.1 +go 1.22.2 require ( github.com/BurntSushi/toml v1.3.2 From f0dca14e6cd99d7c0c45f09e5172ae42309a8303 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Wed, 17 Apr 2024 14:23:27 +0200 Subject: [PATCH 18/55] use release generic workflow instead of 3rd gen release this is just a sub component, notification of all teams via mattermost is not desired here --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e4d2d33..9cd6df07 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ on: jobs: release: name: csaf_distribution - uses: greenbone/workflows/.github/workflows/release-3rd-gen.yml@main + uses: greenbone/workflows/.github/workflows/release-generic.yml@main with: release-type: ${{ inputs.release-type }} release-version: ${{ inputs.release-version }} From 75c383a334328a6c702b5801a788e0c69ca6620f Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Wed, 17 Apr 2024 12:48:19 +0000 Subject: [PATCH 19/55] Automatic release to 3.1.0 --- version.go | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 version.go diff --git a/version.go b/version.go new file mode 100644 index 00000000..15af45de --- /dev/null +++ b/version.go @@ -0,0 +1,6 @@ +package main + +// THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! + +var version = "3.1.0" + From 0c57cd04217c0fdce1f747d0479a67a5fecf6eab Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Wed, 17 Apr 2024 12:48:21 +0000 Subject: [PATCH 20/55] Automatic adjustments after release [skip ci] * Update to version 3.1.1-dev1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 15af45de..be190e0e 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.1.0" +var version = "3.1.1-dev1" From c6556b87002c9c18f333eb3afcbc74220e00b8b4 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 18 Apr 2024 16:08:06 +0200 Subject: [PATCH 21/55] remove gofmt and go vet steps from build and test workflow --- .github/workflows/go.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index c2a0cb9c..2c2890c4 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -21,16 +21,5 @@ jobs: - name: Build run: go build -v ./cmd/... - - name: vet - run: go vet ./... - - - name: gofmt - uses: Jerome1337/gofmt-action@v1.0.4 - with: - gofmt-flags: "-l -d" - - - name: Revive Action - uses: morphy2k/revive-action@v2.5.1 - - name: Tests run: go test -v ./... From fb55d0025a3445691c7ddec0ffb08d9933cbc18e Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 18 Apr 2024 14:48:56 +0200 Subject: [PATCH 22/55] add TLP level to rolie feed error messages --- csaf/advisories.go | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/csaf/advisories.go b/csaf/advisories.go index 173bf80f..30e723c6 100644 --- a/csaf/advisories.go +++ b/csaf/advisories.go @@ -262,10 +262,18 @@ func (afp *AdvisoryFileProcessor) processROLIE( if feed.URL == nil { continue } + + var label TLPLabel + if feed.TLPLabel != nil { + label = *feed.TLPLabel + } else { + label = "unknown" + } + up, err := url.Parse(string(*feed.URL)) if err != nil { log.Printf("Invalid URL %s in feed: %v.", *feed.URL, err) - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid feed URL", *feed.URL, ":", err)}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("invalid TLP:%s feed URL %s: %v", label, *feed.URL, err)}) continue } feedURL := afp.base.ResolveReference(up) @@ -274,20 +282,20 @@ func (afp *AdvisoryFileProcessor) processROLIE( fb, err := util.BaseURL(feedURL) if err != nil { log.Printf("error: Invalid feed base URL '%s': %v\n", fb, err) - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid feed base URL ", fb, ":", err)}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("invalid TLP:%s feed base URL %s: %v", label, fb, err)}) continue } feedBaseURL, err := url.Parse(fb) if err != nil { log.Printf("error: Cannot parse feed base URL '%s': %v\n", fb, err) - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("cannot parse feed base URL ", fb, ":", err)}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("cannot parse TLP:%s feed base URL %s: %v", label, fb, err)}) continue } res, err := afp.client.Get(feedURL.String()) if err != nil { log.Printf("error: Cannot get feed '%s'\n", err) - feedErrs = append(feedErrs, errs.ErrNetwork{Message: fmt.Sprint("cannot get feed ", feedURL.String(), ":", err)}) + feedErrs = append(feedErrs, errs.ErrNetwork{Message: fmt.Sprintf("failed get for TLP:%s feed url %s: %v", label, feedURL.String(), err)}) continue } if res.StatusCode != http.StatusOK { @@ -295,15 +303,15 @@ func (afp *AdvisoryFileProcessor) processROLIE( feedURL, res.StatusCode, res.Status) switch { case res.StatusCode == http.StatusUnauthorized: - feedErrs = append(feedErrs, errs.ErrInvalidCredentials{Message: fmt.Sprint("invalid credentials to retrieve ROLIE feed ", feedURL.String(), ": ", res.Status)}) + feedErrs = append(feedErrs, errs.ErrInvalidCredentials{Message: fmt.Sprintf("invalid credentials for TLP:%s ROLIE feed at %s: %s", label, feedURL.String(), res.Status)}) case res.StatusCode == http.StatusNotFound: - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("could not find ROLIE feed ", feedURL.String(), ": ", res.Status)}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("could not find TLP:%s ROLIE feed at %s: %s", label, feedURL.String(), res.Status)}) case res.StatusCode == http.StatusForbidden: // user has insufficient permissions to access feed, no error case res.StatusCode > 500: - feedErrs = append(feedErrs, fmt.Errorf("could not retrieve ROLIE feed %s: %s %w", feedURL.String(), res.Status, errs.ErrRetryable)) // mark error as retryable + feedErrs = append(feedErrs, fmt.Errorf("could not retrieve TLP:%s ROLIE feed at %s: %s %w", label, feedURL.String(), res.Status, errs.ErrRetryable)) // mark error as retryable default: - feedErrs = append(feedErrs, fmt.Errorf("could not retrieve ROLIE feed %s: %s", feedURL.String(), res.Status)) + feedErrs = append(feedErrs, fmt.Errorf("could not retrieve TLP:%s ROLIE feed at %s: %s", label, feedURL.String(), res.Status)) } continue } @@ -313,7 +321,7 @@ func (afp *AdvisoryFileProcessor) processROLIE( }() if err != nil { log.Printf("Loading ROLIE feed failed: %v.", err) - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("ROLIE feed ", feedURL.String(), " is not valid JSON:", err)}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("TLP:%s ROLIE feed at %s is not valid JSON: %v", label, feedURL.String(), err)}) continue } @@ -321,12 +329,12 @@ func (afp *AdvisoryFileProcessor) processROLIE( resolve := func(u string) (string, error) { if u == "" { - return "", errs.ErrCsafProviderIssue{Message: "empty url in ROLIE feed to file"} + return "", errs.ErrCsafProviderIssue{Message: fmt.Sprintf("empty url in TLP:%s ROLIE feed at %s to file", label, feedURL.String())} } p, err := url.Parse(u) if err != nil { log.Printf("error: Invalid URL '%s': %v", u, err) - return "", errs.ErrCsafProviderIssue{Message: fmt.Sprint("invalid url in ROLIE feed to file", u, ":", err)} + return "", errs.ErrCsafProviderIssue{Message: fmt.Sprintf("invalid url in TLP:%s ROLIE feed at %s to file %s: %v", label, feedURL.String(), u, err)} } return feedBaseURL.ResolveReference(p).String(), nil } @@ -376,7 +384,7 @@ func (afp *AdvisoryFileProcessor) processROLIE( } if !csafLinkExists { - feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprint("ROLIE feed ", feedURL.String(), " contains entry (ID '", entry.ID, "') without link to csaf document")}) + feedErrs = append(feedErrs, errs.ErrCsafProviderIssue{Message: fmt.Sprintf("TLP:%s ROLIE feed at %s contains entry (ID '%s') without link to csaf document", label, feedURL.String(), entry.ID)}) } var file AdvisoryFile @@ -390,13 +398,6 @@ func (afp *AdvisoryFileProcessor) processROLIE( files = append(files, file) }) - var label TLPLabel - if feed.TLPLabel != nil { - label = *feed.TLPLabel - } else { - label = "unknown" - } - if err := fn(label, files); err != nil { feedErrs = append(feedErrs, err) } From 4193c09df1f47e6e24c9f71d39c22ad1c3b0f9d0 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Thu, 18 Apr 2024 15:02:32 +0200 Subject: [PATCH 23/55] refactor: switch from `fmt.Sprint` to `fmt.Sprintf` in error messages this is more consistent with defining the error messages with `fmt.Errorf` in other places --- cmd/csaf_downloader/downloader.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index be7ea42f..fef90be6 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -434,7 +434,7 @@ nextAdvisory: filename := filepath.Base(u.Path) if !util.ConformingFileName(filename) { stats.filenameFailed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF has non conforming filename ", filename)} + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprintf("CSAF has non conforming filename %s", filename)} slog.Warn("Ignoring none conforming filename", "filename", filename) continue @@ -443,7 +443,7 @@ nextAdvisory: resp, err := client.Get(file.URL()) if err != nil { stats.downloadFailed++ - errorCh <- csafErrs.ErrNetwork{Message: fmt.Sprint("can't retrieve CSAF document ", filename, " from URL", file.URL(), ":", err)} + errorCh <- csafErrs.ErrNetwork{Message: fmt.Sprintf("can't retrieve CSAF document %s from URL %s: %v", filename, file.URL(), err)} slog.Warn("Cannot GET", "url", file.URL(), "error", err) @@ -453,9 +453,9 @@ nextAdvisory: if resp.StatusCode != http.StatusOK { switch { case resp.StatusCode == http.StatusUnauthorized: - errorCh <- csafErrs.ErrInvalidCredentials{Message: fmt.Sprint("invalid credentials to retrieve CSAF document ", filename, " at URL ", file.URL(), ": ", resp.Status)} + errorCh <- csafErrs.ErrInvalidCredentials{Message: fmt.Sprintf("invalid credentials to retrieve CSAF document %s at URL %s: %s", filename, file.URL(), resp.Status)} case resp.StatusCode == http.StatusNotFound: - errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("could not find CSAF document '", filename, "' listed in table of content at URL ", file.URL(), ": ", resp.Status)} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprintf("could not find CSAF document %s listed in table of content at URL %s: %s ", filename, file.URL(), resp.Status)} case resp.StatusCode >= 500: errorCh <- fmt.Errorf("could not retrieve CSAF document %s at URL %s: %s %w", filename, file.URL(), resp.Status, csafErrs.ErrRetryable) // mark as retryable error default: @@ -518,7 +518,7 @@ nextAdvisory: return json.NewDecoder(tee).Decode(&doc) }(); err != nil { stats.downloadFailed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF document ", filename, " at URL ", file.URL(), " is not valid json:", err)} + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprintf("CSAF document %s at URL %s is not valid json: %v", filename, file.URL(), err)} slog.Warn("Downloading failed", "url", file.URL(), "error", err) @@ -529,7 +529,7 @@ nextAdvisory: s256Check := func() error { if s256 != nil && !bytes.Equal(s256.Sum(nil), remoteSHA256) { stats.sha256Failed++ - errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("SHA256 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprintf("SHA256 checksum of CSAF document %s at URL %s does not match", filename, file.URL())} return fmt.Errorf("SHA256 checksum of %s does not match", file.URL()) } return nil @@ -538,7 +538,7 @@ nextAdvisory: s512Check := func() error { if s512 != nil && !bytes.Equal(s512.Sum(nil), remoteSHA512) { stats.sha512Failed++ - errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("SHA512 checksum of CSAF document ", filename, " at URL ", file.URL(), " does not match")} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprintf("SHA512 checksum of CSAF document %s at URL %s does not match", filename, file.URL())} return fmt.Errorf("SHA512 checksum of %s does not match", file.URL()) } return nil @@ -561,7 +561,7 @@ nextAdvisory: if err := d.checkSignature(data.Bytes(), sign); err != nil { if !d.cfg.IgnoreSignatureCheck { stats.signatureFailed++ - errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprint("cannot verify signature for CSAF document ", filename, " at URL ", file.URL(), ": ", err)} + errorCh <- csafErrs.ErrCsafProviderIssue{Message: fmt.Sprintf("cannot verify signature for CSAF document %s at URL %s: %v", filename, file.URL(), err)} return fmt.Errorf("cannot verify signature for %s: %v", file.URL(), err) } } @@ -576,7 +576,7 @@ nextAdvisory: if err != nil { errorCh <- fmt.Errorf("schema validation for CSAF document %s failed: %w", filename, err) } else { - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("CSAF document ", filename, " at URL ", file.URL(), " does not conform to JSON schema:", errors)} + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprintf("CSAF document %s at URL %s does not conform to JSON schema: %v", filename, file.URL(), errors)} } d.logValidationIssues(file.URL(), errors, err) return fmt.Errorf("schema validation for %q failed", file.URL()) @@ -588,7 +588,7 @@ nextAdvisory: filenameCheck := func() error { if err := util.IDMatchesFilename(d.eval, doc, filename); err != nil { stats.filenameFailed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("invalid CSAF document ", filename, " at URL ", file.URL(), ":", err)} + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprintf("invalid CSAF document %s at URL %s: %v", filename, file.URL(), err)} return fmt.Errorf("filename not conforming %s: %s", file.URL(), err) } return nil @@ -608,7 +608,7 @@ nextAdvisory: } if !rvr.Valid { stats.remoteFailed++ - errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprint("remote validation of CSAF document ", filename, " at URL ", file.URL(), " failed")} + errorCh <- csafErrs.ErrInvalidCsaf{Message: fmt.Sprintf("remote validation of CSAF document %s at URL %s failed", filename, file.URL())} return fmt.Errorf("remote validation of %q failed", file.URL()) } return nil From 0eb3131c92ddcd2a8ef50b1a1fe25003bd7f1451 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 19 Apr 2024 07:32:15 +0000 Subject: [PATCH 24/55] Automatic release to 3.2.0 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index be190e0e..4f965f69 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.1.1-dev1" +var version = "3.2.0" From 19d1b7971ab631b6cc91f88236a65ed39b252bd2 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 19 Apr 2024 07:32:16 +0000 Subject: [PATCH 25/55] Automatic adjustments after release [skip ci] * Update to version 3.2.1-dev1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 4f965f69..ccdfb6dc 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.0" +var version = "3.2.1-dev1" From e36f21ea2dbb03ac4c2674f0e2c6624fcfe041cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 10:53:39 +0100 Subject: [PATCH 26/55] Bump the github-actions group with 7 updates (#8) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `2` | `4` | | [actions/setup-go](https://github.com/actions/setup-go) | `3` | `5` | | [dineshsonachalam/markdown-autodocs](https://github.com/dineshsonachalam/markdown-autodocs) | `1.0.4` | `1.0.7` | | [Jerome1337/gofmt-action](https://github.com/jerome1337/gofmt-action) | `1.0.4` | `1.0.5` | | [morphy2k/revive-action](https://github.com/morphy2k/revive-action) | `2.5.1` | `2.5.7` | | [actions/setup-node](https://github.com/actions/setup-node) | `3` | `4` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3` | `4` | Updates `actions/checkout` from 2 to 4
Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

... (truncated)

Commits

Updates `actions/setup-go` from 3 to 5
Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v5.0.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @​dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v4.1.0

v4.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v4.0.1

v4.0.0

In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying cache: false.

</tr></table>

... (truncated)

Commits
  • 0c52d54 Update dependencies for node20 (#445)
  • bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
  • 3d65fa5 feat: bump to use actions/checkout@v4
  • 8a505c9 feat: bump to use node20 runtime
  • 883490d Merge pull request #417 from artemgavrilov/main
  • d45ebba Rephrase sentence
  • 317c661 Replace wildcards term with globs.
  • f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
  • 8018234 Improve documentation regarding dependencies cachin
  • d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
  • Additional commits viewable in compare view

Updates `dineshsonachalam/markdown-autodocs` from 1.0.4 to 1.0.7
Release notes

Sourced from dineshsonachalam/markdown-autodocs's releases.

v1.0.7

  • Corrected the branch name parsing logic: #24

v1.0.6

  • Corrected the branch name parsing logic #22

v1.0.5

Added

  1. Improve UT coverage and did code optimization
Commits
  • 6596b4a Apply automatic changes
  • 78010fb Updated release version in YAML docs
  • 77e8d69 Merge pull request #24 from dineshsonachalam/branch_parsing_logic_updated
  • d08362e Apply automatic changes
  • 17215e5 Updated release version in YAML docs
  • ea0e1ec Updated branch parsing logic
  • eb3176a Apply automatic changes
  • 92c05e6 Updated release version in YAML docs
  • b5bae6a Merge pull request #23 from dineshsonachalam/branch_parsing_logic
  • 25c5b8d Updated release version in YAML docs
  • Additional commits viewable in compare view

Updates `Jerome1337/gofmt-action` from 1.0.4 to 1.0.5
Release notes

Sourced from Jerome1337/gofmt-action's releases.

v1.0.5

Fix set output deprecation

Commits
  • d5eabd1 update documentation
  • 517d7c1 Merge pull request #8 from Jerome1337/fix-ga-depreceation
  • d137c4f fix set output deprecation
  • 65b2573 Merge pull request #6 from cpu/patch-1
  • b7a46be docs: Update README for latest tagged release.
  • See full diff in compare view

Updates `morphy2k/revive-action` from 2.5.1 to 2.5.7
Release notes

Sourced from morphy2k/revive-action's releases.

v2.5.7

What's Changed

Full Changelog: https://github.com/morphy2k/revive-action/compare/v2.5.6...v2.5.7

v2.5.6

What's Changed

  • Bump Revive from 1.3.5 to 1.3.6 3419eb9

Full Changelog: https://github.com/morphy2k/revive-action/compare/v2.5.5...v2.5.6

v2.5.5

What's Changed

Full Changelog: https://github.com/morphy2k/revive-action/compare/v2.5.4...v2.5.5

v2.5.4

What's Changed

New Contributors

Full Changelog: https://github.com/morphy2k/revive-action/compare/v2.5.3...v2.5.4

v2.5.3

What's Changed

Full Changelog: https://github.com/morphy2k/revive-action/compare/v2.5.2...v2.5.3

v2.5.2

What's Changed

  • Bump Revive from 1.3.1 to 1.3.2 4f669c9

... (truncated)

Commits

Updates `actions/setup-node` from 3 to 4
Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-node/compare/v3...v4.0.0

v3.8.2

What's Changed

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: https://github.com/actions/setup-node/compare/v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

Feature implementations:

Documentation changes:

Update dependencies:

... (truncated)

Commits

Updates `actions/upload-artifact` from 3 to 4
Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

  1. The changelog post.
  2. The README.
  3. The migration documentation.
  4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v4.0.0

v3.1.3

What's Changed

Full Changelog: https://github.com/actions/upload-artifact/compare/v3...v3.1.3

v3.1.2

  • Update all @actions/* NPM packages to their latest versions- #374
  • Update all dev dependencies to their most recent versions - #375

v3.1.1

  • Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

Commits
  • 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
  • f1e993d update artifact license
  • 4881bfd updating dist:
  • a30777e @​eggyhead
  • 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
  • 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
  • dfa1ab2 fix typo with v3 artifact downloads in migration guide
  • d00351b Merge pull request #509 from markmssd/patch-1
  • 707f5a7 Update limitation of 10 artifacts upload to 500
  • 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mgoetzegb --- .github/workflows/generate-markdown.yml | 4 ++-- .github/workflows/go.yml | 2 +- .github/workflows/itest.yml | 8 ++++---- .github/workflows/linting.yml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/generate-markdown.yml b/.github/workflows/generate-markdown.yml index a59c9444..a8b2dcc9 100644 --- a/.github/workflows/generate-markdown.yml +++ b/.github/workflows/generate-markdown.yml @@ -13,8 +13,8 @@ jobs: auto-update-readme: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Markdown autodocs - uses: dineshsonachalam/markdown-autodocs@v1.0.4 + uses: dineshsonachalam/markdown-autodocs@v1.0.7 with: output_file_paths: '[./README.md, ./docs/*.md]' diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 2c2890c4..c7957cae 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v4 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: 'stable' diff --git a/.github/workflows/itest.yml b/.github/workflows/itest.yml index eff11c24..435f62fe 100644 --- a/.github/workflows/itest.yml +++ b/.github/workflows/itest.yml @@ -7,17 +7,17 @@ jobs: steps: - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: go-version: 1.21.0 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: 16 - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Execute the scripts run: | @@ -36,7 +36,7 @@ jobs: shell: bash - name: Upload test results - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: checker-results path: | diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index a544b790..ee2332fb 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -12,5 +12,5 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 - uses: golangci/golangci-lint-action@v4 From d93e619bd77ae71bc3a1544805948942f4778ebf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 09:56:02 +0000 Subject: [PATCH 27/55] Bump golang.org/x/net from 0.21.0 to 0.23.0 in the go_modules group Bumps the go_modules group with 1 update: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index f0d15141..83a904e7 100644 --- a/go.mod +++ b/go.mod @@ -14,9 +14,9 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.9 - golang.org/x/crypto v0.19.0 + golang.org/x/crypto v0.21.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - golang.org/x/term v0.17.0 + golang.org/x/term v0.18.0 golang.org/x/time v0.5.0 ) @@ -29,8 +29,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/sys v0.17.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/sys v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 1300f6f5..944de975 100644 --- a/go.sum +++ b/go.sum @@ -50,8 +50,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -63,8 +63,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -81,16 +81,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From e5ac1c4a7b3bf7da03a3e183f056adb1ad62851e Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 19 Apr 2024 14:04:12 +0200 Subject: [PATCH 28/55] fix: don't drop error messages from loading provider-metadata.json previously in case case of trying last resort dns, all other error messages were dropped --- csaf/providermetaloader.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/csaf/providermetaloader.go b/csaf/providermetaloader.go index 62e88766..75ac89e1 100644 --- a/csaf/providermetaloader.go +++ b/csaf/providermetaloader.go @@ -129,6 +129,8 @@ func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata // We have a candidate. if wellknownResult.Valid() { wellknownGood = wellknownResult + } else { + pmdl.messages.AppendUnique(wellknownResult.Messages) } // Next load the PMDs from security.txt @@ -176,25 +178,28 @@ func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata } } // Take the good well-known. - wellknownGood.Messages.AppendUnique(pmdl.messages) + wellknownGood.Messages = pmdl.messages return wellknownGood } // Don't have well-known. Take first good from security.txt. ignoreExtras() - secGoods[0].Messages.AppendUnique(pmdl.messages) + secGoods[0].Messages = pmdl.messages return secGoods[0] } // If we have a good well-known take it. if wellknownGood != nil { - wellknownGood.Messages.AppendUnique(pmdl.messages) + wellknownGood.Messages = pmdl.messages return wellknownGood } // Last resort: fall back to DNS. dnsURL := "https://csaf.data.security." + domain - return pmdl.loadFromURL(dnsURL) + dnsURLResult := pmdl.loadFromURL(dnsURL) + pmdl.messages.AppendUnique(dnsURLResult.Messages) // keep order of messages consistent (i.e. last occurred message is last element) + dnsURLResult.Messages = pmdl.messages + return dnsURLResult } // loadFromSecurity loads the PMDs mentioned in the security.txt. From 7d4ce5d7c78c75361b4b82a9f7d8d52e7fc904e7 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 19 Apr 2024 14:06:56 +0200 Subject: [PATCH 29/55] refactor: deduplicate filtering pmd results from security.txt already done in `loadFromSecurity` --- csaf/providermetaloader.go | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/csaf/providermetaloader.go b/csaf/providermetaloader.go index 75ac89e1..64998070 100644 --- a/csaf/providermetaloader.go +++ b/csaf/providermetaloader.go @@ -134,20 +134,7 @@ func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata } // Next load the PMDs from security.txt - secResults := pmdl.loadFromSecurity(domain) - - // Filter out the results which are valid. - var secGoods []*LoadedProviderMetadata - - for _, result := range secResults { - if len(result.Messages) > 0 { - // If there where validation issues append them - // to the overall report - pmdl.messages.AppendUnique(pmdl.messages) - } else { - secGoods = append(secGoods, result) - } - } + secGoods := pmdl.loadFromSecurity(domain) // Mention extra CSAF entries in security.txt. ignoreExtras := func() { @@ -202,7 +189,7 @@ func (pmdl *ProviderMetadataLoader) Load(domain string) *LoadedProviderMetadata return dnsURLResult } -// loadFromSecurity loads the PMDs mentioned in the security.txt. +// loadFromSecurity loads the PMDs mentioned in the security.txt. Only valid PMDs are returned. func (pmdl *ProviderMetadataLoader) loadFromSecurity(domain string) []*LoadedProviderMetadata { // If .well-known fails try legacy location. From 10789a98147d5660cf51ae4bfd73c3af05f8571b Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Fri, 19 Apr 2024 10:58:53 +0200 Subject: [PATCH 30/55] fix: use error type `ErrCsafProviderIssue` for failures on provider metadata json level --- cmd/csaf_downloader/downloader.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go index fef90be6..c197c847 100644 --- a/cmd/csaf_downloader/downloader.go +++ b/cmd/csaf_downloader/downloader.go @@ -34,6 +34,7 @@ import ( "golang.org/x/time/rate" "github.com/csaf-poc/csaf_distribution/v3/csaf" + "github.com/csaf-poc/csaf_distribution/v3/pkg/errs" csafErrs "github.com/csaf-poc/csaf_distribution/v3/pkg/errs" "github.com/csaf-poc/csaf_distribution/v3/util" ) @@ -184,12 +185,12 @@ func (d *Downloader) download(ctx context.Context, domain string) error { } if !lpmd.Valid() { - return fmt.Errorf("no valid provider-metadata.json found for '%s'", domain) + return errs.ErrCsafProviderIssue{Message: fmt.Sprintf("no valid provider-metadata.json found for '%s'", domain)} } base, err := url.Parse(lpmd.URL) if err != nil { - return fmt.Errorf("invalid URL '%s': %v", lpmd.URL, err) + return errs.ErrCsafProviderIssue{Message: fmt.Sprintf("invalid URL '%s': %v", lpmd.URL, err)} } if err := d.loadOpenPGPKeys( @@ -197,7 +198,7 @@ func (d *Downloader) download(ctx context.Context, domain string) error { lpmd.Document, base, ); err != nil { - return err + return errs.ErrCsafProviderIssue{Message: err.Error()} } afp := csaf.NewAdvisoryFileProcessor( From 17028a3e5c23413fa92eb71e6f99113261bbf9a4 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 19 Apr 2024 12:39:55 +0000 Subject: [PATCH 31/55] Automatic release to 3.2.1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index ccdfb6dc..e457bdc1 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.1-dev1" +var version = "3.2.1" From 594fb5c674ab357f7f2217aa3073c39f1b25cb0c Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Fri, 19 Apr 2024 12:39:57 +0000 Subject: [PATCH 32/55] Automatic adjustments after release [skip ci] * Update to version 3.2.2-dev1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index e457bdc1..a5f657cf 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.1" +var version = "3.2.2-dev1" From e930780fc8bbc570fb1b47b99a5de0d3031d6137 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 05:01:15 +0000 Subject: [PATCH 33/55] Bump the go-modules group with 4 updates Bumps the go-modules group with 4 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/term](https://github.com/golang/term), [golang.org/x/net](https://github.com/golang/net) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/crypto` from 0.21.0 to 0.22.0 - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0) Updates `golang.org/x/term` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/term/compare/v0.18.0...v0.19.0) Updates `golang.org/x/net` from 0.23.0 to 0.24.0 - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.24.0) Updates `golang.org/x/sys` from 0.18.0 to 0.19.0 - [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 83a904e7..645516c0 100644 --- a/go.mod +++ b/go.mod @@ -14,9 +14,9 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.9 - golang.org/x/crypto v0.21.0 + golang.org/x/crypto v0.22.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - golang.org/x/term v0.18.0 + golang.org/x/term v0.19.0 golang.org/x/time v0.5.0 ) @@ -29,8 +29,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 944de975..98db0f7c 100644 --- a/go.sum +++ b/go.sum @@ -50,8 +50,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -63,8 +63,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -81,16 +81,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From d241e30f21f32062173f09e2899e0181c63556ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 09:19:09 +0200 Subject: [PATCH 34/55] Bump github.com/cloudflare/circl from 1.3.7 to 1.3.8 in the go-modules group (#17) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the go-modules group with 1 update: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `github.com/cloudflare/circl` from 1.3.7 to 1.3.8
Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.8

New

  • BLS Signatures on top of BLS12-381.
  • Adopt faster squaring in pairings.
  • BlindRSA compliant with RFC9474.
  • (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

What's Changed

New Contributors

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.7...v1.3.8

Commits
  • 4bb5601 Serializing ciphertext with 32-bit prefixes.
  • a4252c7 Test functions working with ciphertext.
  • 64431bb Testing long plaintext.
  • fe2b663 Using SHAKE128 as a fixed prgn for golden files.
  • 2c600ff Align to the purego build tag, removing noasm build tag
  • a4b7601 Ensure pairing functions don't overwrite the input.
  • b4f1578 Test that shows pairing functions overwrite its input.
  • bba8f1a Bumps golangci-lint action (#485)
  • dc430ec Explicitly installs Go with version before CodeQL analysis.
  • fd7a97f Rename test file extension.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cloudflare/circl&package-manager=go_modules&previous-version=1.3.7&new-version=1.3.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 645516c0..bd40f3c6 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect - github.com/cloudflare/circl v1.3.7 // indirect + github.com/cloudflare/circl v1.3.8 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect diff --git a/go.sum b/go.sum index 98db0f7c..7f8b7bfa 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsVi github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= +github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= From f387aacc562e0256a7130a07144ca109c4f9fc89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 09:20:31 +0200 Subject: [PATCH 35/55] Bump golangci/golangci-lint-action from 4 to 5 in the github-actions group (#18) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 4 to 5
Release notes

Sourced from golangci/golangci-lint-action's releases.

v5.0.0

What's Changed

Changes

New Contributors

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v4.0.1...v5.0.0

v4.0.1

What's Changed

Documentation

Dependencies

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/linting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index ee2332fb..8619c788 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,4 +13,4 @@ jobs: steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 - - uses: golangci/golangci-lint-action@v4 + - uses: golangci/golangci-lint-action@v5 From f7191a4e14352b4c96810e2544cd560b29e8b823 Mon Sep 17 00:00:00 2001 From: Marius Goetze Date: Tue, 30 Apr 2024 09:33:12 +0200 Subject: [PATCH 36/55] move `CODEOWNERS` file to correct location --- .github/{workflows => }/CODEOWNERS | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{workflows => }/CODEOWNERS (100%) diff --git a/.github/workflows/CODEOWNERS b/.github/CODEOWNERS similarity index 100% rename from .github/workflows/CODEOWNERS rename to .github/CODEOWNERS From 101aa8cf44ae2ddabe6e0ff60592797463fdcf91 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 10:11:05 +0200 Subject: [PATCH 37/55] Bump the go-modules group with 4 updates (#20) Bumps the go-modules group with 4 updates: [github.com/PuerkitoBio/goquery](https://github.com/PuerkitoBio/goquery), [golang.org/x/term](https://github.com/golang/term), [golang.org/x/sys](https://github.com/golang/sys) and [golang.org/x/text](https://github.com/golang/text). Updates `github.com/PuerkitoBio/goquery` from 1.9.1 to 1.9.2
Release notes

Sourced from github.com/PuerkitoBio/goquery's releases.

v1.9.2

Update go.mod dependencies.

Commits
  • b076e25 Prepare for release v1.9.2
  • 22d8cfd Merge pull request #470 from PuerkitoBio/dependabot/go_modules/golang.org/x/n...
  • 56c8ec7 Bump golang.org/x/net from 0.21.0 to 0.23.0
  • See full diff in compare view

Updates `golang.org/x/term` from 0.19.0 to 0.20.0
Commits

Updates `golang.org/x/sys` from 0.19.0 to 0.20.0
Commits
  • 7d69d98 unix: extend support for z/OS
  • 7758090 cpu: add support for sve2 detection
  • 9a28524 windows: drop go version tags for unsupported versions
  • 27dc90b unix: update to Linux kernel 6.4
  • See full diff in compare view

Updates `golang.org/x/text` from 0.14.0 to 0.15.0
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index bd40f3c6..30980bdf 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Intevation/gval v1.3.0 github.com/Intevation/jsonpath v0.2.1 github.com/ProtonMail/gopenpgp/v2 v2.7.5 - github.com/PuerkitoBio/goquery v1.9.1 + github.com/PuerkitoBio/goquery v1.9.2 github.com/gofrs/flock v0.8.1 github.com/jessevdk/go-flags v1.5.0 github.com/mitchellh/go-homedir v1.1.0 @@ -16,7 +16,7 @@ require ( go.etcd.io/bbolt v1.3.9 golang.org/x/crypto v0.22.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa - golang.org/x/term v0.19.0 + golang.org/x/term v0.20.0 golang.org/x/time v0.5.0 ) @@ -30,7 +30,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect golang.org/x/net v0.24.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 7f8b7bfa..0204edaa 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,8 @@ github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ek github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= -github.com/PuerkitoBio/goquery v1.9.1 h1:mTL6XjbJTZdpfL+Gwl5U2h1l9yEkJjhmlTeV9VPW7UI= -github.com/PuerkitoBio/goquery v1.9.1/go.mod h1:cW1n6TmIMDoORQU5IU/P1T3tGFunOeXEpGP2WHRwkbY= +github.com/PuerkitoBio/goquery v1.9.2 h1:4/wZksC3KgkQw7SQgkKotmKljk0M6V8TUvA8Wb4yPeE= +github.com/PuerkitoBio/goquery v1.9.2/go.mod h1:GHPCaP0ODyyxqcNoFGYlAprUFH81NuRPd0GX3Zu2Mvk= github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss= github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -81,16 +81,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -98,8 +98,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From c5a551e4fec93b12bb18820257937c6c54ae2010 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 04:20:39 +0000 Subject: [PATCH 38/55] Bump the go-modules group with 3 updates Bumps the go-modules group with 3 updates: [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt), [golang.org/x/crypto](https://github.com/golang/crypto) and [golang.org/x/net](https://github.com/golang/net). Updates `go.etcd.io/bbolt` from 1.3.9 to 1.3.10 - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.9...v1.3.10) Updates `golang.org/x/crypto` from 0.22.0 to 0.23.0 - [Commits](https://github.com/golang/crypto/compare/v0.22.0...v0.23.0) Updates `golang.org/x/net` from 0.24.0 to 0.25.0 - [Commits](https://github.com/golang/net/compare/v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 30980bdf..315d27f7 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,8 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 - go.etcd.io/bbolt v1.3.9 - golang.org/x/crypto v0.22.0 + go.etcd.io/bbolt v1.3.10 + golang.org/x/crypto v0.23.0 golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa golang.org/x/term v0.20.0 golang.org/x/time v0.5.0 @@ -29,7 +29,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/sys v0.20.0 // indirect golang.org/x/text v0.15.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 0204edaa..dd0a4216 100644 --- a/go.sum +++ b/go.sum @@ -44,14 +44,14 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI= -go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= +go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= +go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ= golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -63,8 +63,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 3b0aeccb8bc73540c7c3f4b15e8d0b2d18fd9f9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 14:11:24 +0000 Subject: [PATCH 39/55] Bump golangci/golangci-lint-action in the github-actions group Bumps the github-actions group with 1 update: [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `golangci/golangci-lint-action` from 5 to 6 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/linting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 8619c788..02152108 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,4 +13,4 @@ jobs: steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 - - uses: golangci/golangci-lint-action@v5 + - uses: golangci/golangci-lint-action@v6 From e114feccfd82d158dc0650c13116a8b409da9469 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 04:49:22 +0000 Subject: [PATCH 40/55] Bump github.com/BurntSushi/toml in the go-modules group Bumps the go-modules group with 1 update: [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml). Updates `github.com/BurntSushi/toml` from 1.3.2 to 1.4.0 - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v1.3.2...v1.4.0) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8fed8041..a7640412 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/csaf-poc/csaf_distribution/v3 go 1.22.2 require ( - github.com/BurntSushi/toml v1.3.2 + github.com/BurntSushi/toml v1.4.0 github.com/Intevation/gval v1.3.0 github.com/Intevation/jsonpath v0.2.1 github.com/ProtonMail/gopenpgp/v2 v2.7.5 diff --git a/go.sum b/go.sum index 38b5c888..dae548e0 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/Intevation/gval v1.3.0 h1:+Ze5sft5MmGbZrHj06NVUbcxCb67l9RaPTLMNr37mjw= github.com/Intevation/gval v1.3.0/go.mod h1:xmGyGpP5be12EL0P12h+dqiYG8qn2j3PJxIgkoOHO5o= github.com/Intevation/jsonpath v0.2.1 h1:rINNQJ0Pts5XTFEG+zamtdL7l9uuE1z0FBA+r55Sw+A= From c22ffca921e9840a085706a5997c0bfa5c1d75f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 04:15:57 +0000 Subject: [PATCH 41/55] Bump the go-modules group with 5 updates Bumps the go-modules group with 5 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.23.0` | `0.24.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.20.0` | `0.21.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.25.0` | `0.26.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.20.0` | `0.21.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.15.0` | `0.16.0` | Updates `golang.org/x/crypto` from 0.23.0 to 0.24.0 - [Commits](https://github.com/golang/crypto/compare/v0.23.0...v0.24.0) Updates `golang.org/x/term` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/term/compare/v0.20.0...v0.21.0) Updates `golang.org/x/net` from 0.25.0 to 0.26.0 - [Commits](https://github.com/golang/net/compare/v0.25.0...v0.26.0) Updates `golang.org/x/sys` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0) Updates `golang.org/x/text` from 0.15.0 to 0.16.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 24 ++++++++++++------------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index a7640412..dd7ed9b1 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - golang.org/x/crypto v0.23.0 - golang.org/x/term v0.20.0 + golang.org/x/crypto v0.24.0 + golang.org/x/term v0.21.0 golang.org/x/time v0.5.0 ) @@ -28,8 +28,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index dae548e0..53418d91 100644 --- a/go.sum +++ b/go.sum @@ -50,8 +50,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -61,13 +61,13 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -79,16 +79,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -96,8 +96,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From 18fa53f7abeda7046e3e4f23dd94cc0c3228b0cb Mon Sep 17 00:00:00 2001 From: mgoetzegb Date: Fri, 14 Jun 2024 19:06:17 +0200 Subject: [PATCH 42/55] update go version to `1.22.4` (#27) Fix Vulnerabilities on older version of go standard library. --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index dd7ed9b1..f992ad4b 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/csaf-poc/csaf_distribution/v3 -go 1.22.2 +go 1.22.4 require ( github.com/BurntSushi/toml v1.4.0 From f0dc2334b6865eaf9cb710ab7c55ed1a2e05ecdc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 04:21:25 +0000 Subject: [PATCH 43/55] Bump the go-modules group with 2 updates Bumps the go-modules group with 2 updates: [github.com/jessevdk/go-flags](https://github.com/jessevdk/go-flags) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `github.com/jessevdk/go-flags` from 1.5.0 to 1.6.1 - [Release notes](https://github.com/jessevdk/go-flags/releases) - [Commits](https://github.com/jessevdk/go-flags/compare/v1.5.0...v1.6.1) Updates `github.com/cloudflare/circl` from 1.3.8 to 1.3.9 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9) --- updated-dependencies: - dependency-name: github.com/jessevdk/go-flags dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index f992ad4b..983ff027 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/ProtonMail/gopenpgp/v2 v2.7.5 github.com/PuerkitoBio/goquery v1.9.2 github.com/gofrs/flock v0.8.1 - github.com/jessevdk/go-flags v1.5.0 + github.com/jessevdk/go-flags v1.6.1 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 @@ -23,7 +23,7 @@ require ( github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect - github.com/cloudflare/circl v1.3.8 // indirect + github.com/cloudflare/circl v1.3.9 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect diff --git a/go.sum b/go.sum index 53418d91..35a69a70 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsVi github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= -github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= +github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -26,8 +26,8 @@ github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc= -github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4= +github.com/jessevdk/go-flags v1.6.1/go.mod h1:Mk8T1hIAWpOiJiHa9rJASDK2UGWji0EuPGBnNLMooyc= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -70,7 +70,6 @@ golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From 7987967c4914b11a1505c7d927c4795c1e3cfec1 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 20 Jun 2024 14:34:23 +0000 Subject: [PATCH 44/55] Automatic release to 3.2.2 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index a5f657cf..0b1fd4a2 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.2-dev1" +var version = "3.2.2" From f5f87c94adb6d85f9d2cc562362e34742ac166e2 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 20 Jun 2024 14:34:25 +0000 Subject: [PATCH 45/55] Automatic adjustments after release [skip ci] * Update to version 3.2.3-dev1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 0b1fd4a2..4878f94e 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.2" +var version = "3.2.3-dev1" From c6128979426bb873f36c4d72283bae957a09da86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 04:20:34 +0000 Subject: [PATCH 46/55] Bump the go-modules group with 2 updates Bumps the go-modules group with 2 updates: [github.com/gofrs/flock](https://github.com/gofrs/flock) and [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto). Updates `github.com/gofrs/flock` from 0.8.1 to 0.11.0 - [Release notes](https://github.com/gofrs/flock/releases) - [Commits](https://github.com/gofrs/flock/compare/v0.8.1...v0.11.0) Updates `github.com/ProtonMail/go-crypto` from 1.1.0-alpha.2 to 1.1.0-alpha.3-proton - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](https://github.com/ProtonMail/go-crypto/compare/v1.1.0-alpha.2...v1.1.0-alpha.3-proton) --- updated-dependencies: - dependency-name: github.com/gofrs/flock dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: github.com/ProtonMail/go-crypto dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 6 ++++-- go.sum | 18 +++++++++++++----- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 983ff027..3e28f086 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Intevation/jsonpath v0.2.1 github.com/ProtonMail/gopenpgp/v2 v2.7.5 github.com/PuerkitoBio/goquery v1.9.2 - github.com/gofrs/flock v0.8.1 + github.com/gofrs/flock v0.11.0 github.com/jessevdk/go-flags v1.6.1 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 @@ -20,13 +20,15 @@ require ( ) require ( - github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect github.com/cloudflare/circl v1.3.9 // indirect github.com/davecgh/go-spew v1.1.1 // indirect + github.com/kr/text v0.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/sys v0.21.0 // indirect diff --git a/go.sum b/go.sum index 35a69a70..44579ac4 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ github.com/Intevation/gval v1.3.0/go.mod h1:xmGyGpP5be12EL0P12h+dqiYG8qn2j3PJxIg github.com/Intevation/jsonpath v0.2.1 h1:rINNQJ0Pts5XTFEG+zamtdL7l9uuE1z0FBA+r55Sw+A= github.com/Intevation/jsonpath v0.2.1/go.mod h1:WnZ8weMmwAx/fAO3SutjYFU+v7DFreNYnibV7CiaYIw= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton h1:0RXAi0EJFs81j+MMsqvHNuAUGWzeVfCO9LnHAfoQ8NA= +github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= @@ -19,21 +19,28 @@ github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= -github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= +github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4= github.com/jessevdk/go-flags v1.6.1/go.mod h1:Mk8T1hIAWpOiJiHa9rJASDK2UGWji0EuPGBnNLMooyc= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -104,8 +111,9 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From fc054ddf153b10b64c1180ce9cc080f5d55ada58 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 04:19:19 +0000 Subject: [PATCH 47/55] Bump the go-modules group with 5 updates Bumps the go-modules group with 5 updates: | Package | From | To | | --- | --- | --- | | [github.com/gofrs/flock](https://github.com/gofrs/flock) | `0.11.0` | `0.12.0` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.24.0` | `0.25.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.21.0` | `0.22.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.26.0` | `0.27.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.21.0` | `0.22.0` | Updates `github.com/gofrs/flock` from 0.11.0 to 0.12.0 - [Release notes](https://github.com/gofrs/flock/releases) - [Commits](https://github.com/gofrs/flock/compare/v0.11.0...v0.12.0) Updates `golang.org/x/crypto` from 0.24.0 to 0.25.0 - [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.25.0) Updates `golang.org/x/term` from 0.21.0 to 0.22.0 - [Commits](https://github.com/golang/term/compare/v0.21.0...v0.22.0) Updates `golang.org/x/net` from 0.26.0 to 0.27.0 - [Commits](https://github.com/golang/net/compare/v0.26.0...v0.27.0) Updates `golang.org/x/sys` from 0.21.0 to 0.22.0 - [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: github.com/gofrs/flock dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 3e28f086..be2fa6ea 100644 --- a/go.mod +++ b/go.mod @@ -8,14 +8,14 @@ require ( github.com/Intevation/jsonpath v0.2.1 github.com/ProtonMail/gopenpgp/v2 v2.7.5 github.com/PuerkitoBio/goquery v1.9.2 - github.com/gofrs/flock v0.11.0 + github.com/gofrs/flock v0.12.0 github.com/jessevdk/go-flags v1.6.1 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - golang.org/x/crypto v0.24.0 - golang.org/x/term v0.21.0 + golang.org/x/crypto v0.25.0 + golang.org/x/term v0.22.0 golang.org/x/time v0.5.0 ) @@ -30,8 +30,8 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 44579ac4..cf28ab6e 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= -github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= +github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4= @@ -57,8 +57,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -68,8 +68,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -85,16 +85,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= From 948b457aeb1c8b5a91df15e705c9357391a91724 Mon Sep 17 00:00:00 2001 From: mgoetzegb Date: Mon, 15 Jul 2024 15:49:00 +0200 Subject: [PATCH 48/55] fix: update go version to `1.22.5` (#32) Fix vulnerabilities in golang std library. --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index be2fa6ea..1ff361cb 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/csaf-poc/csaf_distribution/v3 -go 1.22.4 +go 1.22.5 require ( github.com/BurntSushi/toml v1.4.0 From 95abd968d71b86a59275bef10cf63c80aa53d048 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 05:06:32 +0000 Subject: [PATCH 49/55] Bump github.com/ProtonMail/go-crypto in the go-modules group Bumps the go-modules group with 1 update: [github.com/ProtonMail/go-crypto](https://github.com/ProtonMail/go-crypto). Updates `github.com/ProtonMail/go-crypto` from 1.1.0-alpha.3-proton to 1.1.0-alpha.5-proton - [Release notes](https://github.com/ProtonMail/go-crypto/releases) - [Commits](https://github.com/ProtonMail/go-crypto/compare/v1.1.0-alpha.3-proton...v1.1.0-alpha.5-proton) --- updated-dependencies: - dependency-name: github.com/ProtonMail/go-crypto dependency-type: indirect update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1ff361cb..5663aa17 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( ) require ( - github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect github.com/cloudflare/circl v1.3.9 // indirect diff --git a/go.sum b/go.sum index cf28ab6e..40feb411 100644 --- a/go.sum +++ b/go.sum @@ -5,8 +5,8 @@ github.com/Intevation/gval v1.3.0/go.mod h1:xmGyGpP5be12EL0P12h+dqiYG8qn2j3PJxIg github.com/Intevation/jsonpath v0.2.1 h1:rINNQJ0Pts5XTFEG+zamtdL7l9uuE1z0FBA+r55Sw+A= github.com/Intevation/jsonpath v0.2.1/go.mod h1:WnZ8weMmwAx/fAO3SutjYFU+v7DFreNYnibV7CiaYIw= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton h1:0RXAi0EJFs81j+MMsqvHNuAUGWzeVfCO9LnHAfoQ8NA= -github.com/ProtonMail/go-crypto v1.1.0-alpha.3-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton h1:KVBEgU3CJpmzLChnLiSuEyCuhGhcMt3eOST+7A+ckto= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= From 9463c5c0fcd7b576e0923ff97d5fc9c38b964068 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 25 Jul 2024 10:27:13 +0000 Subject: [PATCH 50/55] Automatic release to 3.2.3 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 4878f94e..50938425 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.3-dev1" +var version = "3.2.3" From 59975f99bf24c4a570275c4dcfbd4cdeb607c651 Mon Sep 17 00:00:00 2001 From: Greenbone Bot Date: Thu, 25 Jul 2024 10:27:15 +0000 Subject: [PATCH 51/55] Automatic adjustments after release [skip ci] * Update to version 3.2.4-dev1 --- version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.go b/version.go index 50938425..631b0272 100644 --- a/version.go +++ b/version.go @@ -2,5 +2,5 @@ package main // THIS IS AN AUTOGENERATED FILE. DO NOT TOUCH! -var version = "3.2.3" +var version = "3.2.4-dev1" From f8748e1e700a4cb606a39c8059d46296c642aa82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:05:47 +0000 Subject: [PATCH 52/55] Bump github.com/gofrs/flock in the go-modules group Bumps the go-modules group with 1 update: [github.com/gofrs/flock](https://github.com/gofrs/flock). Updates `github.com/gofrs/flock` from 0.12.0 to 0.12.1 - [Release notes](https://github.com/gofrs/flock/releases) - [Commits](https://github.com/gofrs/flock/compare/v0.12.0...v0.12.1) --- updated-dependencies: - dependency-name: github.com/gofrs/flock dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5663aa17..cb5fb491 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Intevation/jsonpath v0.2.1 github.com/ProtonMail/gopenpgp/v2 v2.7.5 github.com/PuerkitoBio/goquery v1.9.2 - github.com/gofrs/flock v0.12.0 + github.com/gofrs/flock v0.12.1 github.com/jessevdk/go-flags v1.6.1 github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 diff --git a/go.sum b/go.sum index 40feb411..2f4f0e2f 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= -github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4= From 055068041646aa4fa163cb80e7d807c5a8ab6898 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 14:39:52 +0100 Subject: [PATCH 53/55] Bump the go-modules group with 2 updates (#37) --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index cb5fb491..2ac9cb74 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( go.etcd.io/bbolt v1.3.10 golang.org/x/crypto v0.25.0 golang.org/x/term v0.22.0 - golang.org/x/time v0.5.0 + golang.org/x/time v0.6.0 ) require ( @@ -31,7 +31,7 @@ require ( github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect golang.org/x/net v0.27.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/sys v0.23.0 // indirect golang.org/x/text v0.16.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 2f4f0e2f..e40e350b 100644 --- a/go.sum +++ b/go.sum @@ -85,8 +85,8 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -104,8 +104,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= From 20f5e0202a6c0913decd5c1f3aef42a63c22070f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 04:31:21 +0000 Subject: [PATCH 54/55] Bump the go-modules group with 5 updates Bumps the go-modules group with 5 updates: | Package | From | To | | --- | --- | --- | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.25.0` | `0.26.0` | | [golang.org/x/term](https://github.com/golang/term) | `0.22.0` | `0.23.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.27.0` | `0.28.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.23.0` | `0.24.0` | | [golang.org/x/text](https://github.com/golang/text) | `0.16.0` | `0.17.0` | Updates `golang.org/x/crypto` from 0.25.0 to 0.26.0 - [Commits](https://github.com/golang/crypto/compare/v0.25.0...v0.26.0) Updates `golang.org/x/term` from 0.22.0 to 0.23.0 - [Commits](https://github.com/golang/term/compare/v0.22.0...v0.23.0) Updates `golang.org/x/net` from 0.27.0 to 0.28.0 - [Commits](https://github.com/golang/net/compare/v0.27.0...v0.28.0) Updates `golang.org/x/sys` from 0.23.0 to 0.24.0 - [Commits](https://github.com/golang/sys/compare/v0.23.0...v0.24.0) Updates `golang.org/x/text` from 0.16.0 to 0.17.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/term dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/net dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/sys dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules - dependency-name: golang.org/x/text dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 24 ++++++++++++------------ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index 2ac9cb74..20d0efaa 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - golang.org/x/crypto v0.25.0 - golang.org/x/term v0.22.0 + golang.org/x/crypto v0.26.0 + golang.org/x/term v0.23.0 golang.org/x/time v0.6.0 ) @@ -30,8 +30,8 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/text v0.17.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index e40e350b..714b5a61 100644 --- a/go.sum +++ b/go.sum @@ -57,8 +57,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -68,13 +68,13 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -85,16 +85,16 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -102,8 +102,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= From c7d7903acf483a447d8d8ca66f2c07d3dc31b285 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 04:19:11 +0000 Subject: [PATCH 55/55] Bump the go-modules group with 2 updates Bumps the go-modules group with 2 updates: [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) and [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `go.etcd.io/bbolt` from 1.3.10 to 1.3.11 - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.10...v1.3.11) Updates `github.com/cloudflare/circl` from 1.3.9 to 1.4.0 - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.3.9...v1.4.0) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-modules - dependency-name: github.com/cloudflare/circl dependency-type: indirect update-type: version-update:semver-minor dependency-group: go-modules ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 20d0efaa..bbf537e4 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 github.com/stretchr/testify v1.9.0 - go.etcd.io/bbolt v1.3.10 + go.etcd.io/bbolt v1.3.11 golang.org/x/crypto v0.26.0 golang.org/x/term v0.23.0 golang.org/x/time v0.6.0 @@ -23,7 +23,7 @@ require ( github.com/ProtonMail/go-crypto v1.1.0-alpha.5-proton // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/andybalholm/cascadia v1.3.2 // indirect - github.com/cloudflare/circl v1.3.9 // indirect + github.com/cloudflare/circl v1.4.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/text v0.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 714b5a61..c4879e0a 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsVi github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= -github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= +github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -51,8 +51,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.etcd.io/bbolt v1.3.10 h1:+BqfJTcCzTItrop8mq/lbzL8wSGtj94UO/3U31shqG0= -go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= +go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0= +go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=