From f7c4f8fad8bffdd3e33c0602cfc728f734adbc23 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 18:24:26 -0500 Subject: [PATCH 1/9] Bump golangci-lint to 1.53.3 --- .github/workflows/safer-golangci-lint.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/safer-golangci-lint.yml b/.github/workflows/safer-golangci-lint.yml index 6722fa80..5d858fb8 100644 --- a/.github/workflows/safer-golangci-lint.yml +++ b/.github/workflows/safer-golangci-lint.yml @@ -27,13 +27,11 @@ # 1. GOLINTERS_VERSION # 2. GOLINTERS_TGZ_DGST # -# Release v1.52.2 (May 14, 2023) -# - Bump Go to 1.20 -# - Bump actions/setup-go to v4 -# - Bump golangci-lint to 1.52.2 -# - Hash of golangci-lint-1.52.2-linux-amd64.tar.gz -# - SHA-256: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501 -# This SHA-256 digest matches golangci-lint-1.52.2-checksums.txt at +# Release v1.53.3 (June 25, 2023) +# - Bump golangci-lint to 1.53.3 +# - Hash of golangci-lint-1.53.3-linux-amd64.tar.gz +# - SHA-256: 4f62007ca96372ccba54760e2ed39c2446b40ec24d9a90c21aad9f2fdf6cf0da +# This SHA-256 digest matches golangci-lint-1.53.3-checksums.txt at # https://github.com/golangci/golangci-lint/releases # name: linters @@ -49,9 +47,9 @@ on: env: GO_VERSION: '1.20' - GOLINTERS_VERSION: 1.52.2 + GOLINTERS_VERSION: 1.53.3 GOLINTERS_ARCH: linux-amd64 - GOLINTERS_TGZ_DGST: c9cf72d12058a131746edd409ed94ccd578fbd178899d1ed41ceae3ce5f54501 + GOLINTERS_TGZ_DGST: 4f62007ca96372ccba54760e2ed39c2446b40ec24d9a90c21aad9f2fdf6cf0da GOLINTERS_TIMEOUT: 15m OPENSSL_DGST_CMD: openssl dgst -sha256 -r CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail From 1d9df2e2badad07f1e89691daeece9665fc6ec89 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:02:34 -0500 Subject: [PATCH 2/9] Update README.md Remove "Used by" count because GitHub repo setting was recently updated to display stats for current version (v2) instead of v1. --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 8d3ed524..90a2cdf3 100644 --- a/README.md +++ b/README.md @@ -523,10 +523,6 @@ geomean 2.782 `fxamacker/cbor` is used in projects by Arm Ltd., Berlin Institute of Health at Charité, Chainlink, Cisco, Confidential Computing Consortium, ConsenSys, Dapper Labs, EdgeX Foundry, F5, Fraunhofer‑AISEC, Linux Foundation, Microsoft, Mozilla, National Cybersecurity Agency of France (govt), Netherlands (govt), Oasis Protocol, Smallstep, Tailscale, Taurus SA, Teleport, TIBCO, and others. -GitHub reports `fxamacker/cbor` is "Used by": --    220+ [repositories that depend on v1.x](https://github.com/fxamacker/cbor/network/dependents) (old version). Shown by default. -- 2,450+ [repositories that depend on v2.x](https://github.com/fxamacker/cbor/network/dependents?package_id=UGFja2FnZS0yMjcwNDY1OTQ4) (current version). - `fxamacker/cbor` passed multiple confidential security assessments. A [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) (prepared by NCC Group for Microsoft Corporation) includes a subset of fxamacker/cbor v2.4.0 in its scope. ## Standards From 3a10b8e32f08c93a5206ecdf48fe16a4fc59d2b8 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:06:22 -0500 Subject: [PATCH 3/9] Update safer-golangci-lint.yml Bump actions/checkout from v3 to v4 . --- .github/workflows/safer-golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/safer-golangci-lint.yml b/.github/workflows/safer-golangci-lint.yml index 5d858fb8..7896ceb4 100644 --- a/.github/workflows/safer-golangci-lint.yml +++ b/.github/workflows/safer-golangci-lint.yml @@ -62,7 +62,7 @@ jobs: contents: read steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 1 From 84675af243846a914de34338e1f8c2a45d221a1b Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:17:01 -0500 Subject: [PATCH 4/9] Update ci.yml Add go 1.21, remove go 1.18 (keep 1.17). Bump actions/checkout from v3 to v4. --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 56fe16bd..c708c642 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: strategy: matrix: os: [macos-latest, ubuntu-latest, windows-latest] - go-version: [1.17, 1.18, 1.19] + go-version: [1.17, 1.19, 1.20, 1.21] steps: - name: Install Go uses: actions/setup-go@v4 @@ -35,7 +35,7 @@ jobs: check-latest: true - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 1 From f5536c48f3bfe556be50f854944e7c54e091e717 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:18:35 -0500 Subject: [PATCH 5/9] Update ci-go-cover.yml Bump actions/checkout from v3 to v4. Bump go-version from 1.19 to 1.21. --- .github/workflows/ci-go-cover.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-go-cover.yml b/.github/workflows/ci-go-cover.yml index 4283875e..16b48632 100644 --- a/.github/workflows/ci-go-cover.yml +++ b/.github/workflows/ci-go-cover.yml @@ -36,11 +36,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Go uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: 1.21 check-latest: true - name: Install x448/float16 run: go get github.com/x448/float16@v0.8.4 From 30dd2787afde4f05bcedf327f794bb4df03787f8 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:19:56 -0500 Subject: [PATCH 6/9] Update codeql-analysis.yml Bump actions/checkout from v3 to v4. --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b577ad00..d07b6576 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL From 6e30978d46fd9d766810ccffcb1c85066f3340b4 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:23:14 -0500 Subject: [PATCH 7/9] Update govulncheck.yml Bump govulncheck from 1.0.0 to 1.0.1. Bump actions/checkout from v3 to v4. --- .github/workflows/govulncheck.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index ade2d1f4..2b2ae398 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -33,7 +33,7 @@ jobs: contents: read steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 1 - name: Set up Go @@ -42,6 +42,6 @@ jobs: go-version: 1.20.x check-latest: true - name: Install latest from golang.org - run: go install golang.org/x/vuln/cmd/govulncheck@f69de671333b611ab6b6f21f8ff0ab53f6d96c61 # v1.0.0 + run: go install golang.org/x/vuln/cmd/govulncheck@da4b74a5408a0116e9a2dde953659a7b0956dc56 # v1.0.1 - name: Run govulncheck run: govulncheck -show=traces ./... From 1563ca952d62c9ca3efcf35ad984b8ab2efd5d2a Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:29:18 -0500 Subject: [PATCH 8/9] Update ci.yml Use quotes around '1.20' to prevent it from being treated as 1.2. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c708c642..e20c44a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: strategy: matrix: os: [macos-latest, ubuntu-latest, windows-latest] - go-version: [1.17, 1.19, 1.20, 1.21] + go-version: [1.17, 1.19, '1.20', 1.21] steps: - name: Install Go uses: actions/setup-go@v4 From ec730926deb05b93b75a80f9a9f3b14be2b87c74 Mon Sep 17 00:00:00 2001 From: Faye Amacker <33205765+fxamacker@users.noreply.github.com> Date: Sun, 15 Oct 2023 19:47:09 -0500 Subject: [PATCH 9/9] Update govulncheck.yml Bump go-version to 1.21 --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 2b2ae398..cb47b188 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -39,7 +39,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x check-latest: true - name: Install latest from golang.org run: go install golang.org/x/vuln/cmd/govulncheck@da4b74a5408a0116e9a2dde953659a7b0956dc56 # v1.0.1