🌱 Upgrade to go 1.18 (#2143)

* 🌱 Upgrade to go 1.18

- Upgrade to go 1.18
- Updated the deps to avoid critical CVE's

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated dockerfile.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the linter issues.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed the CVE dependencies

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Rmoved the cache which is changing between 1.17 and 1.18

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Updated ko to latest

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

* Fixed linter issue.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

.github/workflows/goreleaser.yaml

@@ -42,7 +42,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v2.2.0
         with:
-          go-version: 1.17
+          go-version: 1.18
           check-latest: true
       - name: Configure ldflags
         id: ldflags

.github/workflows/integration.yml

@@ -50,27 +50,9 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a # v2.2.0
         with:
-          go-version: '1.17'
+          go-version: '1.18'
           check-latest: true
 
-      - name: Cache builds
-        # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-        uses: actions/cache@a7c34adf76222e77931dedbf4a45b2e4648ced19 #v2.1.7
-        with:
-          # In order:
-          # * Module download cache
-          # * Build cache (Linux)
-          # * Build cache (Mac)
-          # * Build cache (Windows)
-         path: |
-           ~/go/pkg/mod
-           ~/.cache/go-build
-           ~/Library/Caches/go-build
-           %LocalAppData%\go-build
-         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-         restore-keys: |
-           ${{ runner.os }}-go-
-
       - name: Prepare test env
         run: |
             go mod download

.github/workflows/main.yml

@@ -20,14 +20,14 @@ permissions:
 on:
   push:
     branches:
-    - main
+      - main
   pull_request:
     branches:
-    - main
+      - main
 
 env:
   PROTOC_VERSION: 3.17.3
-  GO_VERSION: 1.17
+  GO_VERSION: 1.18
 
 jobs:
   unit-test:
@@ -176,18 +176,6 @@ jobs:
        uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
        with:
         version: ${{ env.PROTOC_VERSION }}
-     - name: Cache builds
-       # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@a7c34adf76222e77931dedbf4a45b2e4648ced19 # v2.1.7
-       with:
-         path: |
-           ~/go/pkg/mod
-           ~/.cache/go-build
-           ~/Library/Caches/go-build
-           %LocalAppData%\go-build
-         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-         restore-keys: |
-           ${{ runner.os }}-go-
      - name: Clone the code
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4
        with:
@@ -727,18 +715,6 @@ jobs:
        uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
        with:
         version: ${{ env.PROTOC_VERSION }}
-     - name: Cache builds
-       # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@a7c34adf76222e77931dedbf4a45b2e4648ced19 # v2.1.7
-       with:
-         path: |
-           ~/go/pkg/mod
-           ~/.cache/go-build
-           ~/Library/Caches/go-build
-           %LocalAppData%\go-build
-         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-         restore-keys: |
-           ${{ runner.os }}-go-
      - name: Clone the code
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4
        with:
@@ -853,18 +829,6 @@ jobs:
        uses: arduino/setup-protoc@64c0c85d18e984422218383b81c52f8b077404d3 # v1.1.2
        with:
         version: ${{ env.PROTOC_VERSION }}
-     - name: Cache builds
-       # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
-       uses: actions/cache@a7c34adf76222e77931dedbf4a45b2e4648ced19 # v2.1.7
-       with:
-         path: |
-           ~/go/pkg/mod
-           ~/.cache/go-build
-           ~/Library/Caches/go-build
-           %LocalAppData%\go-build
-         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-         restore-keys: |
-           ${{ runner.os }}-go-
      - name: Clone the code
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4
        with:

.github/workflows/slsa-goreleaser.yml

@@ -31,5 +31,5 @@ jobs:
     needs: args
     uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@bdd89e60dc5387d8f819bebc702987956bcd4913 # v1.2.0
     with:
-      go-version: 1.17
+      go-version: 1.18
       evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"

.golangci.yml

@@ -3,12 +3,6 @@ run:
   concurrency: 6
   deadline: 5m
 issues:
-  include:
-    # revive `package-comments` and `exported` rules.
-    - EXC0012
-    - EXC0013
-    - EXC0014
-    - EXC0015
   # Maximum issues count per one linter.
   # Set to 0 to disable.
   # Default: 50
@@ -18,8 +12,6 @@ issues:
   # Default: 3
   max-same-issues: 0
   new-from-rev: ""
-  # Fix found issues (if it's supported by the linter).
-  fix: true
 skip-files:
   - cron/data/request.pb.go # autogenerated
 linters:
@@ -62,11 +54,7 @@ linters:
     - nolintlint
     - paralleltest
     - predeclared
-    - revive
-    - rowserrcheck
-    - sqlclosecheck
     - staticcheck
-    - structcheck
     - stylecheck
     - thelper
     - tparallel
@@ -101,35 +89,27 @@ linters-settings:
     enabled-checks:
       # Diagnostic
       - appendAssign
-      - argOrder
       - badCond
       - caseOrder
       - codegenComment
       - commentedOutCode
       - deprecatedComment
-      - dupArg
       - dupBranchBody
       - dupCase
       - dupSubExpr
       - exitAfterDefer
-      - flagDeref
       - flagName
       - nilValReturn
-      - offBy1
-      - sloppyReassign
       - weakCond
       - octalLiteral
 
       # Performance
       - appendCombine
-      - equalFold
       - hugeParam
-      - indexAlloc
       - rangeExprCopy
       - rangeValCopy
 
       # Style
-      - assignOp
       - boolExprSimplify
       - captLocal
       - commentFormatting
@@ -138,24 +118,15 @@ linters-settings:
       - docStub
       - elseif
       - emptyFallthrough
-      - emptyStringTest
       - hexLiteral
       - ifElseChain
       - methodExprCall
-      - regexpMust
       - singleCaseSwitch
-      - sloppyLen
-      - stringXbytes
-      - switchTrue
       - typeAssertChain
       - typeSwitchVar
       - underef
       - unlabelStmt
       - unlambda
-      - unslice
-      - valSwap
-      - wrapperFunc
-      - yodaStyleExpr
 
       # Opinionated
       - builtinShadow

Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

checker/check_result.go

@@ -64,7 +64,7 @@ const (
 )
 
 // CheckResult captures result from a check run.
-// nolint:govet
+//nolint:govet
 type CheckResult struct {
 	Name    string
 	Version int
@@ -94,7 +94,7 @@ type CheckDetail struct {
 
 // LogMessage is a structure that encapsulates detail's information.
 // This allows updating the definition easily.
-// nolint:govet
+//nolint:govet
 type LogMessage struct {
 	Text        string       // A short string explaining why the detail was recorded/logged.
 	Path        string       // Fullpath to the file.

checker/raw_result.go

@@ -22,7 +22,7 @@ import (
 
 // RawResults contains results before a policy
 // is applied.
-// nolint
+//nolint
 type RawResults struct {
 	PackagingResults            PackagingData
 	CIIBestPracticesResults     CIIBestPracticesData
@@ -56,7 +56,7 @@ type PackagingData struct {
 }
 
 // Package represents a package.
-// nolint
+//nolint
 type Package struct {
 	// TODO: not supported yet. This needs to be unique across
 	// ecosystems: purl, OSV, CPE, etc.

checks/evaluation/code_review_test.go

@@ -26,7 +26,7 @@ import (
 func TestCodeReview(t *testing.T) {
 	t.Parallel()
 
-	// nolint:govet // ignore since this is a test.
+	//nolint:govet // ignore since this is a test.
 	tests := []struct {
 		name     string
 		expected scut.TestReturn

checks/evaluation/signed_releases.go

@@ -30,8 +30,8 @@ var (
 
 const releaseLookBack = 5
 
-// nolint
-// SignedReleases applies the score policy for the Signed-Releases check.
+//SignedReleases applies the score policy for the Signed-Releases check.
+//nolint
 func SignedReleases(name string, dl checker.DetailLogger, r *checker.SignedReleasesData) checker.CheckResult {
 	if r == nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")

checks/fileparser/listing_test.go

@@ -535,7 +535,7 @@ func TestOnMatchingFileContent(t *testing.T) {
 }
 
 // TestOnAllFilesDo tests the OnAllFilesDo function.
-// nolint:gocognit
+//nolint:gocognit
 func TestOnAllFilesDo(t *testing.T) {
 	t.Parallel()
 
@@ -576,7 +576,7 @@ func TestOnAllFilesDo(t *testing.T) {
 	alwaysFail := func(path string, args ...interface{}) (bool, error) {
 		return false, errTest
 	}
-	// nolint
+	//nolint
 	tests := []struct {
 		name         string
 		onFile       DoWhileTrueOnFilename

checks/maintained_test.go

@@ -29,7 +29,7 @@ import (
 
 // ignoring the linter for cyclomatic complexity because it is a test func
 // TestMaintained tests the maintained check.
-// nolint
+//nolint
 func Test_Maintained(t *testing.T) {
 	t.Parallel()
 	threeHundredDaysAgo := time.Now().AddDate(0, 0, -300)

checks/permissions_test.go

@@ -28,7 +28,7 @@ import (
 	scut "github.com/ossf/scorecard/v4/utests"
 )
 
-// nolint
+//nolint
 func TestGithubTokenPermissions(t *testing.T) {
 	t.Parallel()
 

checks/raw/branch_protection_test.go

@@ -33,7 +33,7 @@ var (
 	mainBranchName    = "main"
 )
 
-// nolint: govet
+//nolint: govet
 type branchArg struct {
 	err           error
 	name          string
@@ -63,7 +63,7 @@ func (ba branchesArg) getBranch(b string) (*clients.BranchRef, error) {
 
 func TestBranchProtection(t *testing.T) {
 	t.Parallel()
-	// nolint: govet
+	//nolint: govet
 	tests := []struct {
 		name        string
 		branches    branchesArg

checks/raw/pinned_dependencies.go

@@ -463,7 +463,7 @@ var validateGitHubActionWorkflow fileparser.DoWhileTrueOnFileContent = func(
 				continue
 			}
 
-			// nolint:lll
+			//nolint:lll
 			// Check whether this is an action defined in the same repo,
 			// https://docs.github.com/en/actions/learn-github-actions/finding-and-customizing-actions#referencing-an-action-in-the-same-repository-where-a-workflow-file-uses-the-action.
 			if strings.HasPrefix(execAction.Uses.Value, "./") {

checks/sast.go

@@ -123,7 +123,7 @@ func SAST(c *checker.CheckRequest) checker.CheckResult {
 	return checker.CreateRuntimeErrorResult(CheckSAST, sce.WithMessage(sce.ErrScorecardInternal, "contact team"))
 }
 
-// nolint
+//nolint
 func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) {
 	commits, err := c.RepoClient.ListCommits()
 	if err != nil {
@@ -187,7 +187,7 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) {
 	return checker.CreateProportionalScore(totalTested, totalMerged), nil
 }
 
-// nolint
+//nolint
 func codeQLInCheckDefinitions(c *checker.CheckRequest) (int, error) {
 	searchRequest := clients.SearchRequest{
 		Query: "github/codeql-action/analyze",
@@ -228,7 +228,7 @@ type sonarConfig struct {
 	file checker.File
 }
 
-// nolint
+//nolint
 func sonarEnabled(c *checker.CheckRequest) (int, error) {
 	var config []sonarConfig
 	err := fileparser.OnMatchingFileContentDo(c.RepoClient, fileparser.PathMatcher{

checks/sast_test.go

@@ -33,7 +33,7 @@ import (
 func Test_SAST(t *testing.T) {
 	t.Parallel()
 
-	// nolint: govet, goerr113
+	//nolint: govet, goerr113
 	tests := []struct {
 		name          string
 		commits       []clients.Commit
@@ -266,7 +266,7 @@ func Test_SAST(t *testing.T) {
 func Test_validateSonarConfig(t *testing.T) {
 	t.Parallel()
 
-	// nolint: govet
+	//nolint: govet
 	tests := []struct {
 		name      string
 		path      string

clients/cii_http_client.go

@@ -38,7 +38,7 @@ func (transport *expBackoffTransport) RoundTrip(req *http.Request) (*http.Respon
 	for i := 0; i < int(transport.numRetries); i++ {
 		resp, err := http.DefaultClient.Do(req)
 		if err != nil || resp.StatusCode != http.StatusTooManyRequests {
-			// nolint: wrapcheck
+			//nolint: wrapcheck
 			return resp, err
 		}
 		time.Sleep(time.Duration(math.Pow(2, float64(i))) * time.Second)

clients/githubrepo/client.go

@@ -175,7 +175,7 @@ func (client *Client) GetBranch(branch string) (*clients.BranchRef, error) {
 	return client.branches.getBranch(branch)
 }
 
-// GetCreatedAt is a getter for repo.CreatedAt
+// GetCreatedAt is a getter for repo.CreatedAt.
 func (client *Client) GetCreatedAt() (time.Time, error) {
 	return client.repo.CreatedAt.Time, nil
 }

clients/githubrepo/graphql.go

@@ -36,7 +36,7 @@ const (
 	commitsToAnalyze       = 30
 )
 
-// nolint: govet
+//nolint: govet
 type graphqlData struct {
 	Repository struct {
 		IsArchived githubv4.Boolean
@@ -97,7 +97,7 @@ type graphqlData struct {
 		} `graphql:"object(expression: $commitExpression)"`
 		Issues struct {
 			Nodes []struct {
-				// nolint: revive,stylecheck // naming according to githubv4 convention.
+				//nolint: revive,stylecheck // naming according to githubv4 convention.
 				Url               *string
 				AuthorAssociation *string
 				Author            struct {

clients/githubrepo/roundtripper/roundtripper.go

@@ -41,7 +41,7 @@ const (
 func NewTransport(ctx context.Context, logger *log.Logger) http.RoundTripper {
 	transport := http.DefaultTransport
 
-	// nolint
+	//nolint
 	if tokenAccessor := tokens.MakeTokenAccessor(); tokenAccessor != nil {
 		// Use GitHub PAT
 		transport = makeGitHubTransport(transport, tokenAccessor)

clients/githubrepo/roundtripper/tokens/server/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

clients/githubrepo/roundtripper/tokens/server/main.go

@@ -36,7 +36,7 @@ func main() {
 	}
 	rpc.HandleHTTP()
 
-	// nolint: gosec // using `localhost:8080` for gosec102 causes connection refused errors.
+	//nolint: gosec // using `localhost:8080` for gosec102 causes connection refused errors.
 	l, err := net.Listen("tcp", ":8080")
 	if err != nil {
 		panic(err)

clients/githubrepo/tarball.go

@@ -154,7 +154,7 @@ func (handler *tarballHandler) getTarball() error {
 	return nil
 }
 
-// nolint: gocognit
+//nolint: gocognit
 func (handler *tarballHandler) extractTarball() error {
 	in, err := os.OpenFile(handler.tempTarFile, os.O_RDONLY, 0o644)
 	if err != nil {
@@ -206,7 +206,7 @@ func (handler *tarballHandler) extractTarball() error {
 				return fmt.Errorf("os.Create: %w", err)
 			}
 
-			// nolint: gosec
+			//nolint: gosec
 			// Potential for DoS vulnerability via decompression bomb.
 			// Since such an attack will only impact a single shard, ignoring this for now.
 			if _, err := io.Copy(outFile, tr); err != nil {

clients/githubrepo/tarball_test.go

@@ -71,7 +71,7 @@ func setup(inputFile string) (tarballHandler, error) {
 	return tarballHandler, nil
 }
 
-// nolint: gocognit
+//nolint: gocognit
 func TestExtractTarball(t *testing.T) {
 	t.Parallel()
 	testcases := []struct {

clients/pull_request.go

@@ -19,7 +19,7 @@ import (
 )
 
 // PullRequest struct represents a PR as returned by RepoClient.
-// nolint: govet
+//nolint: govet
 type PullRequest struct {
 	Number   int
 	MergedAt time.Time

clients/search.go

@@ -34,7 +34,7 @@ type SearchResult struct {
 	Path string
 }
 
-// SearchCommitsOptions represents the parameters in the search commit query
+// SearchCommitsOptions represents the parameters in the search commit query.
 type SearchCommitsOptions struct {
 	Author string
 }

cmd/packagemanager_client.go

@@ -26,7 +26,7 @@ type packageManagerClient interface {
 
 type packageManager struct{}
 
-// nolint: noctx
+//nolint: noctx
 func (c *packageManager) Get(url, packageName string) (*http.Response, error) {
 	const timeout = 10
 	client := &http.Client{

cron/internal/bq/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f as base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/bq/main.go

@@ -82,7 +82,7 @@ func getBucketSummary(ctx context.Context, bucketURL string) (*bucketSummary, er
 			summary.getOrCreate(creationTime).shardsExpected = int(metadata.GetNumShard())
 			summary.getOrCreate(creationTime).shardMetadata = keyData
 		default:
-			// nolint: goerr113
+			//nolint: goerr113
 			return nil, fmt.Errorf("found unrecognized file: %s", key)
 		}
 	}
@@ -117,7 +117,7 @@ func transferDataToBq(ctx context.Context,
 		if webhookURL == "" {
 			continue
 		}
-		// nolint: noctx, gosec // variable URL is ok here.
+		//nolint: noctx, gosec // variable URL is ok here.
 		resp, err := http.Post(webhookURL, "application/json", bytes.NewBuffer(shards.shardMetadata))
 		if err != nil {
 			return fmt.Errorf("error during http.Post to %s: %w", webhookURL, err)

cron/internal/cii/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/config/config.go

@@ -62,7 +62,7 @@ var (
 	configYAML []byte
 )
 
-// nolint
+//nolint
 type config struct {
 	ProjectID              string  `yaml:"project-id"`
 	ResultDataBucketURL    string  `yaml:"result-data-bucket-url"`

cron/internal/controller/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/data/iterator_test.go

@@ -30,7 +30,7 @@ type outcome struct {
 	hasError    bool
 }
 
-// nolint: gocognit
+//nolint: gocognit
 func TestCsvIterator(t *testing.T) {
 	t.Parallel()
 

cron/internal/data/update/dependency.go

@@ -187,7 +187,7 @@ func getVanityRepoURL(u string) string {
 func parseGoModURL(dependency string, repoURLs []data.RepoFormat) []data.RepoFormat {
 	repoURL := data.RepoFormat{}
 	splitURL := strings.Split(dependency, "/")
-	// nolint:gomnd
+	//nolint:gomnd
 	if len(splitURL) < 3 {
 		return repoURLs
 	}

cron/internal/format/json.go

@@ -18,7 +18,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	_ "net/http/pprof" // nolint:gosec
+	_ "net/http/pprof" //nolint:gosec
 
 	docs "github.com/ossf/scorecard/v4/docs/checks"
 	sce "github.com/ossf/scorecard/v4/errors"

cron/internal/format/mock_doc.go

@@ -70,7 +70,7 @@ type mockDoc struct {
 }
 
 func (d *mockDoc) GetCheck(name string) (docs.CheckDoc, error) {
-	// nolint: gosimple
+	//nolint: gosimple
 	m, _ := d.checks[name]
 	return &m, nil
 }

cron/internal/pubsub/publisher_test.go

@@ -33,13 +33,13 @@ func (topic *mockSucceedTopic) Send(ctx context.Context, msg *pubsub.Message) er
 type mockFailTopic struct{}
 
 func (topic *mockFailTopic) Send(ctx context.Context, msg *pubsub.Message) error {
-	// nolint: goerr113
+	//nolint: goerr113
 	return fmt.Errorf("mockFailTopic failed to send")
 }
 
 func TestPublish(t *testing.T) {
 	t.Parallel()
-	// nolint: govet
+	//nolint: govet
 	testcases := []struct {
 		numErrors uint64
 		name      string

cron/internal/pubsub/subscriber_gcs.go

@@ -97,7 +97,7 @@ func (subscriber *gcsSubscriber) SynchronousPull() (*data.ScorecardBatchRequest,
 		if numReceivedMessages > 0 {
 			msgToProcess = result.GetReceivedMessages()[0]
 		} else {
-			// nolint:gomnd
+			//nolint:gomnd
 			time.Sleep(30 * time.Second)
 		}
 	}

cron/internal/pubsub/subscriber_gocloud.go

@@ -37,7 +37,7 @@ type gocloudSubscriber struct {
 	msg          *pubsub.Message
 }
 
-// nolint:unused,deadcode
+//nolint:unused,deadcode
 func createGocloudSubscriber(ctx context.Context, subscriptionURL string) (*gocloudSubscriber, error) {
 	subscription, err := pubsub.OpenSubscription(ctx, subscriptionURL)
 	if err != nil {

cron/internal/pubsub/subscriber_gocloud_test.go

@@ -65,7 +65,7 @@ func TestSubscriber(t *testing.T) {
 		{
 			name:            "ReceiveFails",
 			hasErrOnReceive: true,
-			// nolint: goerr113
+			//nolint: goerr113
 			errOnReceive: errors.New("mock Receive failure"),
 		},
 		{
@@ -78,7 +78,7 @@ func TestSubscriber(t *testing.T) {
 				},
 			},
 			hasErrOnShutdown: true,
-			// nolint: goerr113
+			//nolint: goerr113
 			errOnShutdown: errors.New("mock Shutdown close"),
 		},
 	}

cron/internal/webhook/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/worker/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang@sha256:3c4de86eec9cbc619cdd72424abd88326ffcf5d813a8338a7743c55e5898734f AS base
+FROM golang@sha256:ea3d912d500b1ae0a691b2e53eb8a6345b579d42d7e6a64acca83d274b949740 AS base
 WORKDIR /src
 ENV CGO_ENABLED=0
 COPY go.* ./

cron/internal/worker/main.go

@@ -22,7 +22,7 @@ import (
 	"flag"
 	"fmt"
 	"net/http"
-	_ "net/http/pprof" // nolint:gosec
+	_ "net/http/pprof" //nolint:gosec
 
 	"go.opencensus.io/stats/view"
 
@@ -50,7 +50,7 @@ const (
 
 var ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored")
 
-// nolint: gocognit
+//nolint: gocognit
 func processRequest(ctx context.Context,
 	batchRequest *data.ScorecardBatchRequest,
 	blacklistedChecks []string, bucketURL, rawBucketURL, apiBucketURL string,
@@ -123,7 +123,7 @@ func processRequest(ctx context.Context,
 			}
 			errorMsg := fmt.Sprintf("check %s has a runtime error: %v", check.Name, check.Error)
 			if !(*ignoreRuntimeErrors) {
-				// nolint: goerr113
+				//nolint: goerr113
 				return errors.New(errorMsg)
 			}
 			// TODO(log): Previously Warn. Consider logging an error here.

dependencydiff/dependencydiff.go

@@ -57,7 +57,6 @@ func GetDependencyDiffResults(
 	checksToRun []string, /* A list of enabled check names to run. */
 	changeTypes []string, /* A list of dependency change types for which we surface scorecard results. */
 ) ([]pkg.DependencyCheckResult, error) {
-
 	logger := sclog.NewLogger(sclog.DefaultLevel)
 	ownerAndRepo := strings.Split(repoURI, "/")
 	if len(ownerAndRepo) != 2 {

dependencydiff/dependencydiff_test.go

@@ -28,7 +28,7 @@ import (
 // Test_fetchRawDependencyDiffData is a test function for fetchRawDependencyDiffData.
 func Test_fetchRawDependencyDiffData(t *testing.T) {
 	t.Parallel()
-	//nolint
+
 	tests := []struct {
 		name      string
 		dCtx      dependencydiffContext
@@ -64,7 +64,6 @@ func Test_fetchRawDependencyDiffData(t *testing.T) {
 				t.Errorf("want empty results: %v, got len of results:%d", tt.wantEmpty, lenResults)
 				return
 			}
-
 		})
 	}
 }
@@ -131,7 +130,7 @@ func Test_initRepoAndClientByChecks(t *testing.T) {
 
 func Test_getScorecardCheckResults(t *testing.T) {
 	t.Parallel()
-	//nolint
+
 	tests := []struct {
 		name    string
 		dCtx    dependencydiffContext
@@ -230,7 +229,7 @@ func Test_mapDependencyEcosystemNaming(t *testing.T) {
 
 func Test_isSpecifiedByUser(t *testing.T) {
 	t.Parallel()
-	//nolint
+
 	tests := []struct {
 		name               string
 		ct                 pkg.ChangeType

dependencydiff/errors.go

@@ -16,7 +16,7 @@ package dependencydiff
 
 import "errors"
 
-// static Errors for mapping
+// static Errors for mapping.
 var (
 	errMappingNotFound = errors.New("ecosystem mapping not found")
 	errInvalid         = errors.New("invalid")

dependencydiff/mapping.go

@@ -22,7 +22,7 @@ import (
 type ecosystem string
 
 // OSV ecosystem naming data source: https://ossf.github.io/osv-schema/#affectedpackage-field
-// nolint
+//nolint
 const (
 	// The Go ecosystem.
 	ecosystemGo ecosystem = "Go"
@@ -31,13 +31,13 @@ const (
 	ecosystemNpm ecosystem = "npm"
 
 	// The Android ecosystem
-	ecosystemAndroid ecosystem = "Android" // nolint:unused
+	ecosystemAndroid ecosystem = "Android" //nolint:unused
 
 	// The crates.io ecosystem for RUST.
 	ecosystemCrates ecosystem = "crates.io"
 
 	// For reports from the OSS-Fuzz project that have no more appropriate ecosystem.
-	ecosystemOssFuzz ecosystem = "OSS-Fuzz" // nolint:unused
+	ecosystemOssFuzz ecosystem = "OSS-Fuzz" //nolint:unused
 
 	// The Python PyPI ecosystem. PyPI is the main package source of pip.
 	ecosystemPyPI ecosystem = "PyPI"
@@ -55,41 +55,39 @@ const (
 	ecosystemNuGet ecosystem = "NuGet"
 
 	// The Linux kernel.
-	ecosystemLinux ecosystem = "Linux" // nolint:unused
+	ecosystemLinux ecosystem = "Linux" //nolint:unused
 
 	// The Debian package ecosystem.
-	ecosystemDebian ecosystem = "Debian" // nolint:unused
+	ecosystemDebian ecosystem = "Debian" //nolint:unused
 
 	// Hex is the package manager of Erlang.
 	// TODO: GitHub doesn't support hex as the ecosystem for Erlang yet. Add this to the map in the future.
-	ecosystemHex ecosystem = "Hex" // nolint:unused
+	ecosystemHex ecosystem = "Hex" //nolint:unused
 
 	// GitHub Actions is an ecosystem for the GitHub Actions.
 	ecosystemActions ecosystem = "GitHub Actions"
 
 	// Pub is the official package repository for Dart and Flutter apps.
-	ecosystemPub ecosystem = "Pub" // nolint:unused
+	ecosystemPub ecosystem = "Pub" //nolint:unused
 
 	// Ecosystems with a "nolint" tag suggests GitHub hasn't gotten them supported yet.
 	// We need to add them to the below hashmap in a timely manner once GitHub adds supports.
 )
 
-var (
-	//gitHubToOSV defines the ecosystem naming mapping relationship between GitHub and others.
-	gitHubToOSV = map[string]ecosystem{
-		// GitHub ecosystem naming data source: https://docs.github.com/en/code-security/supply-chain-security/
-		// understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems
-		"gomod":    ecosystemGo, /* go.mod and go.sum */
-		"cargo":    ecosystemCrates,
-		"pip":      ecosystemPyPI, /* pip and poetry */
-		"npm":      ecosystemNpm,  /* npm and yarn */
-		"maven":    ecosystemMaven,
-		"composer": ecosystemPackagist,
-		"rubygems": ecosystemRubyGems,
-		"nuget":    ecosystemNuGet,
-		"actions":  ecosystemActions,
-	}
-)
+// gitHubToOSV defines the ecosystem naming mapping relationship between GitHub and others.
+var gitHubToOSV = map[string]ecosystem{
+	// GitHub ecosystem naming data source: https://docs.github.com/en/code-security/supply-chain-security/
+	// understanding-your-software-supply-chain/about-the-dependency-graph#supported-package-ecosystems
+	"gomod":    ecosystemGo, /* go.mod and go.sum */
+	"cargo":    ecosystemCrates,
+	"pip":      ecosystemPyPI, /* pip and poetry */
+	"npm":      ecosystemNpm,  /* npm and yarn */
+	"maven":    ecosystemMaven,
+	"composer": ecosystemPackagist,
+	"rubygems": ecosystemRubyGems,
+	"nuget":    ecosystemNuGet,
+	"actions":  ecosystemActions,
+}
 
 func mapDependencyEcosystemNaming(deps []dependency) error {
 	for i := range deps {
@@ -104,7 +102,6 @@ func mapDependencyEcosystemNaming(deps []dependency) error {
 			return fmt.Errorf("error mapping dependency ecosystem: %w", err)
 		}
 		deps[i].Ecosystem = asPointer(string(mappedEcosys))
-
 	}
 	return nil
 }

dependencydiff/raw_dependencies.go

@@ -66,7 +66,7 @@ func fetchRawDependencyDiffData(dCtx *dependencydiffContext) error {
 	}
 	_, err = ghClient.Do(dCtx.ctx, req, &dCtx.dependencydiffs)
 	if err != nil {
-		return fmt.Errorf("error parsing the dependency-diff reponse: %w", err)
+		return fmt.Errorf("error parsing the dependency-diff response: %w", err)
 	}
 	for _, d := range dCtx.dependencydiffs {
 		if !d.ChangeType.IsValid() {

docs/checks/internal/generate/main.go

@@ -23,7 +23,7 @@ import (
 
 func main() {
 	if len(os.Args) != 2 {
-		// nolint: goerr113
+		//nolint: goerr113
 		panic(fmt.Errorf("usage: %s filename", os.Args[0]))
 	}
 	yamlFile := os.Args[1]

docs/checks/internal/reader.go

@@ -27,7 +27,7 @@ import (
 var checksYAML []byte
 
 // Check stores a check's information.
-// nolint:govet
+//nolint:govet
 type Check struct {
 	Risk        string   `yaml:"risk"`
 	Short       string   `yaml:"short"`

go.mod

@@ -1,9 +1,7 @@
 module github.com/ossf/scorecard/v4
 
-go 1.17
+go 1.18
 
-// TODO(go.mod): Is there a reason these deps are kept separately from the
-//               other `require`s?
 require (
 	github.com/rhysd/actionlint v1.6.15
 	gotest.tools v2.2.0+incompatible

options/options_test.go

@@ -21,7 +21,7 @@ import (
 )
 
 // Cannot run parallel tests because of the ENV variables.
-// nolint
+//nolint
 func TestOptions_Validate(t *testing.T) {
 	type fields struct {
 		Repo              string

pkg/json_raw_results.go

@@ -166,7 +166,7 @@ type jsonOssfBestPractices struct {
 	Badge string `json:"badge"`
 }
 
-// nolint
+//nolint
 type jsonLicense struct {
 	File jsonFile `json:"file"`
 	// TODO: add fields, like type of license, etc.
@@ -184,7 +184,7 @@ type jsonWorkflowJob struct {
 	ID   *string `json:"id"`
 }
 
-// nolint
+//nolint
 type jsonPackage struct {
 	Name *string          `json:"name,omitempty"`
 	Job  *jsonWorkflowJob `json:"job,omitempty"`
@@ -223,7 +223,7 @@ type jsonTokenPermission struct {
 	Type         string           `json:"type"`
 }
 
-// nolint
+//nolint
 type jsonRawResults struct {
 	// Workflow results.
 	Workflows []jsonWorkflow `json:"workflows"`

pkg/mock_doc.go

@@ -70,7 +70,7 @@ type mockDoc struct {
 }
 
 func (d *mockDoc) GetCheck(name string) (docs.CheckDoc, error) {
-	// nolint: gosimple
+	//nolint: gosimple
 	m, _ := d.checks[name]
 	return &m, nil
 }

pkg/sarif.go

@@ -163,7 +163,7 @@ func maxOffset(x, y uint) uint {
 }
 
 func calculateSeverityLevel(risk string) string {
-	// nolint:lll
+	//nolint:lll
 	// https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object.
 	// "over 9.0 is critical, 7.0 to 8.9 is high, 4.0 to 6.9 is medium and 3.9 or less is low".
 	switch risk {
@@ -181,11 +181,11 @@ func calculateSeverityLevel(risk string) string {
 }
 
 func generateProblemSeverity(risk string) string {
-	// nolint:lll
+	//nolint:lll
 	// https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object.
 	switch risk {
 	case "Critical":
-		// nolint:goconst
+		//nolint:goconst
 		return "error"
 	case "High":
 		return "error"
@@ -553,7 +553,7 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel log.Level,
 	sarif := createSARIFHeader()
 	runs := make(map[string]*run)
 
-	// nolint
+	//nolint
 	for _, check := range r.Checks {
 		doc, err := checkDocs.GetCheck(check.Name)
 		if err != nil {

policy/policy_test.go

@@ -25,7 +25,7 @@ import (
 func TestPolicyRead(t *testing.T) {
 	t.Parallel()
 
-	// nolint
+	//nolint
 	tests := []struct {
 		err      error
 		name     string

tools/go.mod

@@ -1,13 +1,13 @@
 module github.com/ossf/scorecard/tools
 
-go 1.17
+go 1.18
 
 require (
 	github.com/golang/mock v1.6.0
-	github.com/golangci/golangci-lint v1.46.2
+	github.com/golangci/golangci-lint v1.48.0
 	github.com/google/addlicense v1.0.0
-	github.com/google/ko v0.10.1-0.20220221173235-a36ea50a9eca
-	github.com/goreleaser/goreleaser v1.6.3
+	github.com/google/ko v0.11.3-0.20220812194550-f9b4471f654a
+	github.com/goreleaser/goreleaser v1.10.3
 	github.com/naveensrinivasan/stunning-tribble v0.4.2
 	github.com/onsi/ginkgo/v2 v2.1.4
 	google.golang.org/protobuf v1.28.1
@@ -15,151 +15,151 @@ require (
 
 require (
 	4d63.com/gochecknoglobals v0.1.0 // indirect
-	cloud.google.com/go v0.100.2 // indirect
-	cloud.google.com/go/compute v1.5.0 // indirect
-	cloud.google.com/go/iam v0.2.0 // indirect
-	cloud.google.com/go/kms v1.1.0 // indirect
-	cloud.google.com/go/storage v1.21.0 // indirect
+	cloud.google.com/go v0.103.0 // indirect
+	cloud.google.com/go/compute v1.8.0 // indirect
+	cloud.google.com/go/iam v0.3.0 // indirect
+	cloud.google.com/go/kms v1.4.0 // indirect
+	cloud.google.com/go/storage v1.25.0 // indirect
 	code.gitea.io/sdk/gitea v0.15.1 // indirect
 	github.com/AlekSi/pointer v1.2.0 // indirect
-	github.com/Antonboom/errname v0.1.6 // indirect
+	github.com/Antonboom/errname v0.1.7 // indirect
 	github.com/Antonboom/nilnil v0.1.1 // indirect
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go v61.6.0+incompatible // indirect
-	github.com/Azure/azure-storage-blob-go v0.14.0 // indirect
+	github.com/Azure/azure-sdk-for-go v66.0.0+incompatible // indirect
+	github.com/Azure/azure-storage-blob-go v0.15.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.24 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/BurntSushi/toml v1.1.0 // indirect
+	github.com/BurntSushi/toml v1.2.0 // indirect
 	github.com/DisgoOrg/disgohook v1.4.4 // indirect
-	github.com/DisgoOrg/log v1.1.2 // indirect
+	github.com/DisgoOrg/log v1.1.3 // indirect
 	github.com/DisgoOrg/restclient v1.2.8 // indirect
 	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
-	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.1.0 // indirect
+	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig v2.22.0+incompatible // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/OpenPeeDeeP/depguard v1.1.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20211112122917-428f8eabeeb3 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20220812142511-0d231b687066 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
-	github.com/alecthomas/jsonschema v0.0.0-20211209230136-e2b41affa5c1 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/alexkohler/prealloc v1.0.0 // indirect
-	github.com/apex/log v1.9.0 // indirect
+	github.com/alingse/asasalint v0.0.11 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/ashanbrown/forbidigo v1.3.0 // indirect
 	github.com/ashanbrown/makezero v1.1.1 // indirect
 	github.com/atc0005/go-teams-notify/v2 v2.6.1 // indirect
-	github.com/aws/aws-sdk-go v1.42.43 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.13.0 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.0.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.13.1 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.10.0 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.7.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.2.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.14.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.11.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.5.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.7.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.9.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/kms v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.19.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.9.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.14.0 // indirect
-	github.com/aws/smithy-go v1.10.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220216180153-3d7835abdf40 // indirect
+	github.com/aws/aws-sdk-go v1.44.75 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.16.11 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.12.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/kms v1.18.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.27.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.11.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.16.13 // indirect
+	github.com/aws/smithy-go v1.12.1 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220802171026-617dc7abb2ea // indirect
+	github.com/aymanbagabas/go-osc52 v1.0.3 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bkielbasa/cyclop v1.2.0 // indirect
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
 	github.com/blizzy78/varnamelen v0.8.0 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.0.2 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.2.0 // indirect
 	github.com/bombsimon/wsl/v3 v3.3.0 // indirect
 	github.com/breml/bidichk v0.2.3 // indirect
 	github.com/breml/errchkjson v0.3.0 // indirect
 	github.com/butuzov/ireturn v0.1.1 // indirect
-	github.com/caarlos0/ctrlc v1.0.0 // indirect
-	github.com/caarlos0/env/v6 v6.9.1 // indirect
+	github.com/caarlos0/ctrlc v1.1.0 // indirect
+	github.com/caarlos0/env/v6 v6.9.3 // indirect
 	github.com/caarlos0/go-reddit/v3 v3.0.1 // indirect
 	github.com/caarlos0/go-shellwords v1.0.12 // indirect
+	github.com/caarlos0/log v0.1.2 // indirect
 	github.com/cavaliergopher/cpio v1.0.1 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.2 // indirect
+	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/charithe/durationcheck v0.0.9 // indirect
-	github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4 // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
-	github.com/containerd/containerd v1.6.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.11.1 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
-	github.com/daixiang0/gci v0.3.3 // indirect
+	github.com/charmbracelet/lipgloss v0.5.1-0.20220615005615-2e17a8a06096 // indirect
+	github.com/chavacava/garif v0.0.0-20220630083739-93517212f375 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220327082430-c57b701bfc08 // indirect
+	github.com/cloudflare/circl v1.2.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.12.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/daixiang0/gci v0.6.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/denis-tingaikin/go-header v0.4.3 // indirect
-	github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb // indirect
+	github.com/dghubble/go-twitter v0.0.0-20220716041154-837915ec2f79 // indirect
 	github.com/dghubble/oauth1 v0.7.1 // indirect
 	github.com/dghubble/sling v1.4.0 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/cli v20.10.12+incompatible // indirect
-	github.com/docker/distribution v2.8.0+incompatible // indirect
-	github.com/docker/docker v20.10.12+incompatible // indirect
+	github.com/docker/cli v20.10.17+incompatible // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/docker v20.10.17+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 // indirect
-	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/esimonov/ifshort v1.0.4 // indirect
 	github.com/ettle/strcase v0.1.1 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fatih/structtag v1.2.0 // indirect
-	github.com/firefart/nonamedreturns v1.0.1 // indirect
+	github.com/firefart/nonamedreturns v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
-	github.com/fzipp/gocyclo v0.5.1 // indirect
-	github.com/go-critic/go-critic v0.6.3 // indirect
+	github.com/fzipp/gocyclo v0.6.0 // indirect
+	github.com/go-critic/go-critic v0.6.4 // indirect
 	github.com/go-git/gcfg v1.5.0 // indirect
 	github.com/go-git/go-billy/v5 v5.3.1 // indirect
 	github.com/go-git/go-git/v5 v5.4.2 // indirect
-	github.com/go-logr/logr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.2 // indirect
-	github.com/go-openapi/errors v0.20.2 // indirect
+	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-openapi/analysis v0.21.4 // indirect
+	github.com/go-openapi/errors v0.20.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-openapi/loads v0.21.1 // indirect
-	github.com/go-openapi/runtime v0.23.1 // indirect
-	github.com/go-openapi/spec v0.20.4 // indirect
-	github.com/go-openapi/strfmt v0.21.2 // indirect
-	github.com/go-openapi/swag v0.21.1 // indirect
-	github.com/go-openapi/validate v0.21.0 // indirect
-	github.com/go-stack/stack v1.8.1 // indirect
+	github.com/go-openapi/runtime v0.24.1 // indirect
+	github.com/go-openapi/spec v0.20.6 // indirect
+	github.com/go-openapi/strfmt v0.21.3 // indirect
+	github.com/go-openapi/swag v0.22.0 // indirect
+	github.com/go-openapi/validate v0.22.0 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible // indirect
 	github.com/go-toolsmith/astcast v1.0.0 // indirect
-	github.com/go-toolsmith/astcopy v1.0.0 // indirect
-	github.com/go-toolsmith/astequal v1.0.1 // indirect
+	github.com/go-toolsmith/astcopy v1.0.1 // indirect
+	github.com/go-toolsmith/astequal v1.0.2 // indirect
 	github.com/go-toolsmith/astfmt v1.0.0 // indirect
 	github.com/go-toolsmith/astp v1.0.0 // indirect
 	github.com/go-toolsmith/strparse v1.0.0 // indirect
 	github.com/go-toolsmith/typep v1.0.2 // indirect
-	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
+	github.com/go-xmlfmt/xmlfmt v0.0.0-20220206211657-0a94163c4677 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.3.0 // indirect
+	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
 	github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
 	github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
@@ -167,22 +167,23 @@ require (
 	github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect
 	github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect
 	github.com/golangci/misspell v0.3.5 // indirect
-	github.com/golangci/revgrep v0.0.0-20210930125155-c22e5001d4f2 // indirect
+	github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect
 	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
-	github.com/google/go-cmp v0.5.7 // indirect
-	github.com/google/go-containerregistry v0.8.1-0.20220222150506-0527e427a86e // indirect
-	github.com/google/go-github/v43 v43.0.0 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/go-containerregistry v0.11.0 // indirect
+	github.com/google/go-github/v45 v45.2.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
-	github.com/google/rpmpack v0.0.0-20211125064518-d0ed9b1b61b9 // indirect
+	github.com/google/pprof v0.0.0-20220729232143-a41b82acbcb1 // indirect
+	github.com/google/rpmpack v0.0.0-20220411070212-51a1004ef6cb // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/google/wire v0.5.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.3.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.5.1 // indirect
 	github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect
-	github.com/goreleaser/chglog v0.1.2 // indirect
+	github.com/goreleaser/chglog v0.2.0 // indirect
 	github.com/goreleaser/fileglob v1.3.0 // indirect
-	github.com/goreleaser/nfpm/v2 v2.14.0 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/goreleaser/nfpm/v2 v2.17.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gostaticanalysis/analysisutil v0.7.1 // indirect
 	github.com/gostaticanalysis/comment v1.4.2 // indirect
 	github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect
@@ -190,14 +191,15 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
-	github.com/hashicorp/go-version v1.4.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/iancoleman/orderedmap v0.2.0 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/invopop/jsonschema v0.6.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jgautheron/goconst v1.5.1 // indirect
 	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
@@ -205,152 +207,157 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/julz/importas v0.1.0 // indirect
-	github.com/kevinburke/ssh_config v1.1.0 // indirect
-	github.com/kisielk/errcheck v1.6.0 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/kisielk/errcheck v1.6.2 // indirect
 	github.com/kisielk/gotool v1.0.0 // indirect
-	github.com/klauspost/compress v1.14.4 // indirect
+	github.com/klauspost/compress v1.15.9 // indirect
 	github.com/klauspost/pgzip v1.2.5 // indirect
-	github.com/kulti/thelper v0.6.2 // indirect
-	github.com/kunwardeep/paralleltest v1.0.3 // indirect
+	github.com/kulti/thelper v0.6.3 // indirect
+	github.com/kunwardeep/paralleltest v1.0.6 // indirect
 	github.com/kyoh86/exportloopref v0.1.8 // indirect
 	github.com/ldez/gomoddirectives v0.2.3 // indirect
 	github.com/ldez/tagliatelle v0.3.1 // indirect
 	github.com/leonklingele/grouper v1.1.0 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20220812202448-7cd35f43e9ae // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/lufeee/execinquery v1.2.1 // indirect
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/maratori/testpackage v1.0.1 // indirect
+	github.com/maratori/testpackage v1.1.0 // indirect
 	github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect
-	github.com/mattmoor/dep-notify v0.0.0-20190205035814-a45dec370a17 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-ieproxy v0.0.1 // indirect
+	github.com/mattn/go-ieproxy v0.0.7 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
-	github.com/mgechev/revive v1.2.1 // indirect
+	github.com/mgechev/revive v1.2.3 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moricho/tparallel v0.2.1 // indirect
-	github.com/muesli/coral v1.0.0 // indirect
 	github.com/muesli/mango v0.1.0 // indirect
-	github.com/muesli/mango-coral v1.0.1 // indirect
+	github.com/muesli/mango-cobra v1.2.0 // indirect
 	github.com/muesli/mango-pflag v0.1.0 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/roff v0.1.0 // indirect
+	github.com/muesli/termenv v0.12.1-0.20220615005108-4e9068de9898 // indirect
 	github.com/nakabonne/nestif v0.3.1 // indirect
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
-	github.com/nishanths/exhaustive v0.7.11 // indirect
+	github.com/nishanths/exhaustive v0.8.1 // indirect
 	github.com/nishanths/predeclared v0.2.2 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20220114050600-8b9d41f48198 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
 	github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/polyfloyd/go-errorlint v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/polyfloyd/go-errorlint v1.0.2 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a // indirect
-	github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5 // indirect
-	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
+	github.com/quasilyte/go-ruleguard v0.3.17 // indirect
+	github.com/quasilyte/gogrep v0.0.0-20220429205452-5e2753ee08f9 // indirect
+	github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect
 	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.3.4 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/ryancurrah/gomodguard v1.2.3 // indirect
+	github.com/ryancurrah/gomodguard v1.2.4 // indirect
 	github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect
-	github.com/sanposhiho/wastedassign/v2 v2.0.6 // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.3.0 // indirect
-	github.com/securego/gosec/v2 v2.11.0 // indirect
+	github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect
+	github.com/sashamelentyev/usestdlibvars v1.10.0 // indirect
+	github.com/securego/gosec/v2 v2.12.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
-	github.com/sigstore/cosign v1.5.2 // indirect
-	github.com/sigstore/rekor v0.5.0 // indirect
-	github.com/sigstore/sigstore v1.1.1-0.20220130134424-bae9b66b8442 // indirect
-	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/sigstore/cosign v1.10.1 // indirect
+	github.com/sigstore/rekor v0.10.0 // indirect
+	github.com/sigstore/sigstore v1.3.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/sivchari/containedctx v1.0.2 // indirect
-	github.com/sivchari/tenv v1.5.0 // indirect
-	github.com/slack-go/slack v0.10.2 // indirect
+	github.com/sivchari/nosnakecase v1.7.0 // indirect
+	github.com/sivchari/tenv v1.7.0 // indirect
+	github.com/slack-go/slack v0.11.2 // indirect
 	github.com/sonatard/noctx v0.0.1 // indirect
 	github.com/sourcegraph/go-diff v0.6.1 // indirect
-	github.com/spf13/afero v1.8.2 // indirect
-	github.com/spf13/cast v1.4.1 // indirect
-	github.com/spf13/cobra v1.4.0 // indirect
+	github.com/spf13/afero v1.9.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cobra v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.11.0 // indirect
+	github.com/spf13/viper v1.12.0 // indirect
 	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
 	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
-	github.com/stretchr/objx v0.3.0 // indirect
-	github.com/stretchr/testify v1.7.1 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
-	github.com/sylvia7788/contextcheck v1.0.4 // indirect
-	github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 // indirect
+	github.com/stretchr/objx v0.4.0 // indirect
+	github.com/stretchr/testify v1.8.0 // indirect
+	github.com/subosito/gotenv v1.4.0 // indirect
+	github.com/sylvia7788/contextcheck v1.0.5 // indirect
 	github.com/tdakkota/asciicheck v0.1.1 // indirect
 	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
 	github.com/tetafro/godot v1.4.11 // indirect
-	github.com/theupdateframework/go-tuf v0.0.0-20220211205608-f0c3294f63b9 // indirect
+	github.com/theupdateframework/go-tuf v0.3.1 // indirect
 	github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 // indirect
-	github.com/tomarrell/wrapcheck/v2 v2.6.1 // indirect
+	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+	github.com/tomarrell/wrapcheck/v2 v2.6.2 // indirect
 	github.com/tommy-muehle/go-mnd/v2 v2.5.0 // indirect
 	github.com/ulikunitz/xz v0.5.10 // indirect
 	github.com/ultraware/funlen v0.0.3 // indirect
 	github.com/ultraware/whitespace v0.0.5 // indirect
-	github.com/uudashr/gocognit v1.0.5 // indirect
+	github.com/uudashr/gocognit v1.0.6 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
-	github.com/xanzy/go-gitlab v0.56.0 // indirect
+	github.com/xanzy/go-gitlab v0.72.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.1 // indirect
 	github.com/yagipy/maintidx v1.0.0 // indirect
 	github.com/yeya24/promlinter v0.2.0 // indirect
-	gitlab.com/bosi/decorder v0.2.1 // indirect
-	go.mongodb.org/mongo-driver v1.8.3 // indirect
+	gitlab.com/bosi/decorder v0.2.3 // indirect
+	gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect
+	go.mongodb.org/mongo-driver v1.10.1 // indirect
 	go.opencensus.io v0.23.0 // indirect
-	gocloud.dev v0.24.1-0.20211119014450-028788aaaa4c // indirect
-	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
-	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
-	golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
-	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/automaxprocs v1.5.1 // indirect
+	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/zap v1.22.0 // indirect
+	gocloud.dev v0.26.0 // indirect
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa // indirect
+	golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/net v0.0.0-20220812174116-3211cb980234 // indirect
+	golang.org/x/oauth2 v0.0.0-20220808172628-8227340efae7 // indirect
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
+	golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab // indirect
+	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
 	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
-	golang.org/x/tools v0.1.11-0.20220316014157-77aa08bb151a // indirect
-	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
-	google.golang.org/api v0.74.0 // indirect
+	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
+	golang.org/x/tools v0.1.12 // indirect
+	golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
+	google.golang.org/api v0.92.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac // indirect
-	google.golang.org/grpc v1.45.0 // indirect
+	google.golang.org/genproto v0.0.0-20220812140447-cec7f5303424 // indirect
+	google.golang.org/grpc v1.48.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/ini.v1 v1.66.4 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mail.v2 v2.3.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	honnef.co/go/tools v0.3.1 // indirect
-	k8s.io/apimachinery v0.23.4 // indirect
-	k8s.io/klog/v2 v2.40.1 // indirect
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	honnef.co/go/tools v0.3.3 // indirect
+	k8s.io/apimachinery v0.24.3 // indirect
+	k8s.io/klog/v2 v2.70.1 // indirect
+	k8s.io/utils v0.0.0-20220812165043-ad590609e2e5 // indirect
 	mvdan.cc/gofumpt v0.3.1 // indirect
 	mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect
 	mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect
-	mvdan.cc/unparam v0.0.0-20211214103731-d0ef000c54e5 // indirect
-	sigs.k8s.io/kind v0.11.1 // indirect
+	mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 // indirect
+	sigs.k8s.io/kind v0.14.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
-// https://github.com/advisories/GHSA-crp2-qrr5-8pq7
-replace github.com/containerd/containerd => github.com/containerd/containerd v1.5.10
-
-//https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
-replace github.com/opencontainers/image-spec v1.0.1 => github.com/opencontainers/image-spec v1.0.2
-
-// This replace is for GHSA-qq97-vm5h-rrhg
-replace github.com/docker/distribution => github.com/docker/distribution v2.8.0+incompatible
+replace (
+	github.com/sigstore/cosign => github.com/sigstore/cosign v1.10.1
+	github.com/theupdateframework/go-tuf => github.com/theupdateframework/go-tuf v0.3.0
+)

tools/tools.go

@@ -21,6 +21,7 @@ import (
 	_ "github.com/golang/mock/mockgen"
 	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
 	_ "github.com/google/addlicense"
+
 	_ "github.com/google/ko"
 	_ "github.com/goreleaser/goreleaser"
 	_ "github.com/naveensrinivasan/stunning-tribble"

utests/utlib.go

@@ -79,7 +79,7 @@ func getTestReturn(cr *checker.CheckResult, logger *TestDetailLogger) (*TestRetu
 	for _, v := range logger.messages {
 		switch v.Type {
 		default:
-			// nolint: goerr113
+			//nolint: goerr113
 			return nil, fmt.Errorf("invalid type %v", v.Type)
 		case checker.DetailInfo:
 			ret.NumberOfInfo++
@@ -99,7 +99,7 @@ func errCmp(e1, e2 error) bool {
 }
 
 // ValidateTestReturn validates expected TestReturn with actual checker.CheckResult values.
-// nolint: thelper
+//nolint: thelper
 func ValidateTestReturn(
 	t *testing.T,
 	name string,