dependabot[bot]
e5b62b524e
🌱 Bump mvdan.cc/sh/v3 from 3.4.2 to 3.4.3 ( #1665 )
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.4.2...v3.4.3 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 04:24:58 -05:00
dependabot[bot]
e6f6c56d34
🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-16 08:36:38 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
dependabot[bot]
e3637c9e17
🌱 Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.27.0...spanner/v1.28.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-15 06:21:45 -06:00
dependabot[bot]
368c105abe
🌱 Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 ( #1616 )
2022-02-09 09:34:53 +00:00
dependabot[bot]
b4eec8ed94
🌱 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.18.0...v1.18.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 08:42:09 +00:00
dependabot[bot]
d2d9ff4b9d
🌱 Bump golang.org/x/tools from 0.1.8 to 0.1.9
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.8 to 0.1.9.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.8...v0.1.9 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 01:06:45 +00:00
Stephen Augustus (he/him)
41adfe7f34
⚠️ log: Initial logr
/logrusr
implementation ( #1516 )
...
* log: Initial logr/logrusr implementation
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* log: Update references to `log.Logger`
Signed-off-by: Stephen Augustus <foo@auggie.dev>
* go.mod: Minor reorganization of `replace`s
...to prevent automatic updates from getting added to the smaller
section.
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-01-25 11:17:46 -06:00
dependabot[bot]
da116d3b25
🌱 Bump cloud.google.com/go/bigquery from 1.26.0 to 1.27.0
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.26.0...spanner/v1.27.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-25 10:11:08 -06:00
dependabot[bot]
5b9857650f
🌱 Bump github.com/onsi/gomega from 1.17.0 to 1.18.0
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.17.0...v1.18.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-24 07:03:31 -06:00
Stephen Augustus (he/him)
0d76deace2
go.mod: Update github.com/google/go-containerregistry to v0.8.0 ( #1506 )
...
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2022-01-20 19:44:13 -08:00
dependabot[bot]
5777826e57
🌱 Bump github.com/google/go-cmp from 0.5.6 to 0.5.7
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.6 to 0.5.7.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.6...v0.5.7 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-20 11:18:48 -06:00
dependabot[bot]
b1fec4d1fd
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.3...v2.0.4 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-13 19:15:52 -06:00
dependabot[bot]
cf063194bc
🌱 Bump mvdan.cc/sh/v3 from 3.4.0 to 3.4.2
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.4.0 to 3.4.2.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/v3.4.2/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.4.0...v3.4.2 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 16:19:11 -06:00
dependabot[bot]
a72accca81
🌱 Bump github.com/h2non/filetype from 1.1.1 to 1.1.3
...
Bumps [github.com/h2non/filetype](https://github.com/h2non/filetype ) from 1.1.1 to 1.1.3.
- [Release notes](https://github.com/h2non/filetype/releases )
- [Changelog](https://github.com/h2non/filetype/blob/master/History.md )
- [Commits](https://github.com/h2non/filetype/compare/v1.1.1...v1.1.3 )
---
updated-dependencies:
- dependency-name: github.com/h2non/filetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 12:48:03 -06:00
dependabot[bot]
bdeb8e7b5f
🌱 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 12:21:09 -06:00
dependabot[bot]
17e1541e77
🌱 Bump go.uber.org/zap from 1.19.1 to 1.20.0 ( #1464 )
...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap ) from 1.19.1 to 1.20.0.
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.19.1...v1.20.0 )
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-01-11 17:55:48 +00:00
dependabot[bot]
98e5aad777
🌱 Bump cloud.google.com/go/bigquery from 1.24.0 to 1.26.0 ( #1459 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.24.0 to 1.26.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.24.0...spanner/v1.26.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-11 09:24:40 -08:00
dependabot[bot]
b3bca5ccb8
🌱 Bump golang.org/x/tools from 0.1.7 to 0.1.8
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.7 to 0.1.8.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.7...v0.1.8 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 10:30:09 -06:00
dependabot[bot]
167f2cfbcc
🌱 Bump github.com/jszwec/csvutil from 1.5.1 to 1.6.0
...
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil ) from 1.5.1 to 1.6.0.
- [Release notes](https://github.com/jszwec/csvutil/releases )
- [Commits](https://github.com/jszwec/csvutil/compare/v1.5.1...v1.6.0 )
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-11 09:35:56 -06:00
dependabot[bot]
f9daa4e3cc
🌱 Bump github.com/rhysd/actionlint from 1.6.7 to 1.6.8 ( #1267 )
...
Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint ) from 1.6.7 to 1.6.8.
- [Release notes](https://github.com/rhysd/actionlint/releases )
- [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/rhysd/actionlint/compare/v1.6.7...v1.6.8 )
---
updated-dependencies:
- dependency-name: github.com/rhysd/actionlint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-17 17:24:32 +00:00
dependabot[bot]
870a850cc3
🌱 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0 ( #1225 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.16.0...v1.17.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-12-12 15:25:44 +00:00
naveen
6e7e13ede4
🌱 Fix vulnerabilities in dependencies
2021-11-19 16:49:56 -06:00
Chris McGehee
3dc507b9e1
Using library to parse github workflows
2021-11-08 17:00:40 -06:00
dependabot[bot]
3233e4f5be
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
...
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.16.4 to 1.16.5.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.16.4...v1.16.5 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-10-12 07:56:57 -04:00
dependabot[bot]
97ae47564a
🌱 Bump mvdan.cc/sh/v3 from 3.3.1 to 3.4.0 ( #1098 )
...
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh ) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/mvdan/sh/releases )
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mvdan/sh/compare/v3.3.1...v3.4.0 )
---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-10-04 23:58:03 +00:00
naveen
6190be23d8
🌱 Upgrad xz library to FIX CVE-2021-29482
...
This fixes the https://github.com/advisories/GHSA-25xm-hr59-7c27
2021-10-04 14:38:38 -05:00
Naveen
589ceac382
🌱 Update the uuid library to avoid CVE ( #1102 )
...
Fixes OSV GO-2020-0018 https://github.com/satori/go.uuid/issues/73
2021-10-04 18:15:41 +00:00
naveen
f78bc44b94
🌱 Updates the DNS library for CVE
...
Updated the DNS library version to address the CVE
2021-10-04 12:41:15 -05:00
dependabot[bot]
16b0c1c62d
🌱 Bump cloud.google.com/go/bigquery from 1.22.0 to 1.24.0 ( #1087 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.22.0 to 1.24.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.22.0...spanner/v1.24.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-30 19:16:23 +00:00
dependabot[bot]
e8ec351cba
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 ( #1068 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.2...v2.0.3 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-30 18:07:28 +00:00
dependabot[bot]
dde2e935d2
🌱 Bump golang.org/x/tools from 0.1.6 to 0.1.7
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.6 to 0.1.7.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.6...v0.1.7 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-09-29 16:06:43 -05:00
Naveen
d4caef0f4b
🌱 Fix GO-2020-0020 ( #1047 )
...
Fixes the reference to version of library that has the fix for GO-2020-0020
https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2020-0020.yaml
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2021-09-22 02:01:01 +00:00
dependabot[bot]
5fb87cb0de
🌱 Bump golang.org/x/tools from 0.1.5 to 0.1.6 ( #1041 )
...
Bumps [golang.org/x/tools](https://github.com/golang/tools ) from 0.1.5 to 0.1.6.
- [Release notes](https://github.com/golang/tools/releases )
- [Commits](https://github.com/golang/tools/compare/v0.1.5...v0.1.6 )
---
updated-dependencies:
- dependency-name: golang.org/x/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-09-21 22:43:56 +00:00
Naveen
fd6e58d615
🌱 Fixes GO-2020-0017 OSV ( #1045 )
...
Fixes the issue
https://deps.dev/advisory/OSV/GO-2020-0017?from=%2Fgo%2Fk8s.io%252Fclient-go%2Fv0.0.0-20200207030105-473926661c44
2021-09-21 14:31:16 -07:00
naveen
51e11e6637
🌱 Fix GO-2021-0089 vulnerability
...
The github.com/buger/jsonparser has this vulnerability.
"vulns": [
{
"id": "GO-2021-0089",
"package": {
"name": "github.com/buger/jsonparser",
"ecosystem": "Go"
},
"details": "Parsing malformed JSON which contain opening brackets, but not closing brackes,\nleads to an infinite loop. If operating on untrusted user input this can be\nused as a denial of service vector.\n",
"affects": {
"ranges": [
{
"type": "SEMVER",
"fixed": "0.0.0-20200321185410-91ac96899e49"
}
]
},
"aliases": [
"CVE-2020-10675"
],
"modified": "2021-04-14T12:00:00Z",
"published": "2021-04-14T12:00:00Z",
"ecosystem_specific": {
"symbols": [
"findKeyStart"
]
},
"database_specific": {
"source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json ",
"url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml "
},
"references": [
{
"type": "FIX",
"url": "https://github.com/buger/jsonparser/pull/192 "
},
{
"type": "FIX",
"url": "91ac96899e
"
},
{
"type": "WEB",
"url": "https://github.com/buger/jsonparser/issues/188 "
}
],
"affected": [
{
"package": {
"name": "github.com/buger/jsonparser",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20200321185410-91ac96899e49"
}
]
}
],
"ecosystem_specific": {
"symbols": [
"findKeyStart"
]
},
"database_specific": {
"source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json ",
"url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml "
}
}
]
},
{
"id": "GO-2021-0057",
"package": {
"name": "github.com/buger/jsonparser",
"ecosystem": "Go"
},
"details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n",
"affects": {
"ranges": [
{
"type": "SEMVER",
"fixed": "1.1.1"
}
]
},
"aliases": [
"CVE-2020-35381"
],
"modified": "2021-04-14T12:00:00Z",
"published": "2021-04-14T12:00:00Z",
"ecosystem_specific": {
"symbols": [
"searchKeys"
]
},
"database_specific": {
"source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json ",
"url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml "
},
"references": [
{
"type": "FIX",
"url": "https://github.com/buger/jsonparser/pull/221 "
},
{
"type": "FIX",
"url": "df3ea76ece
"
},
{
"type": "WEB",
"url": "https://github.com/buger/jsonparser/issues/219 "
}
],
"affected": [
{
"package": {
"name": "github.com/buger/jsonparser",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
]
}
],
"ecosystem_specific": {
"symbols": [
"searchKeys"
]
},
"database_specific": {
"url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml ",
"source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json "
}
}
]
}
]
}
2021-09-21 13:04:08 -05:00
dependabot[bot]
4c4fb61d51
🌱 Bump cloud.google.com/go/pubsub from 1.16.0 to 1.17.0 ( #992 )
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.16.0 to 1.17.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.16.0...pubsub/v1.17.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-13 14:57:32 +00:00
dependabot[bot]
cc044ca05f
🌱 Bump go.uber.org/zap from 1.19.0 to 1.19.1 ( #993 )
...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap ) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/uber-go/zap/releases )
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/uber-go/zap/compare/v1.19.0...v1.19.1 )
---
updated-dependencies:
- dependency-name: go.uber.org/zap
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-09-12 16:14:20 -04:00
naveen
576447a45b
🌱 Fix the jwt finding
...
* This fixes the JWT finding CVE-2020-26160
2021-09-08 11:17:40 -05:00
naveen
2b15b1353b
🌱 Moving tools dependencies to separate go.mod
...
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.
* This is also increases the security posture by having less dependencies
on the main go.mod
2021-09-07 18:23:41 -05:00
dependabot[bot]
0aa4305c61
🌱 Bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 ( #973 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.42.0 to 1.42.1.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.42.0...v1.42.1 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
2021-09-07 14:59:22 +00:00
dependabot[bot]
e30d9e5bbc
🌱 Bump gocloud.dev from 0.23.0 to 0.24.0 ( #956 )
...
Bumps [gocloud.dev](https://github.com/google/go-cloud ) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/google/go-cloud/releases )
- [Commits](https://github.com/google/go-cloud/compare/v0.23.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: gocloud.dev
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-09-03 15:46:28 +00:00
dependabot[bot]
dcbf7528a7
🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 ( #939 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-09-01 16:14:12 +00:00
dependabot[bot]
001ba670bb
🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1
...
Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil ) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/jszwec/csvutil/releases )
- [Commits](https://github.com/jszwec/csvutil/compare/v1.5.0...v1.5.1 )
---
updated-dependencies:
- dependency-name: github.com/jszwec/csvutil
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-08-31 08:06:06 -04:00
dependabot[bot]
51016ea8ae
🌱 Bump cloud.google.com/go/pubsub from 1.15.0 to 1.16.0 ( #904 )
...
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go ) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.15.0...pubsub/v1.16.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-08-30 02:00:18 +00:00
Azeem Shaikh
37696aceb3
Create and use MockRepoClient in unit tests ( #922 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-26 19:48:39 +00:00
laurentsimon
788fd33222
✨ Add JSON unit tests ( #915 )
...
* fix
* typo
* draft
* fixes
* typo
* add validator
* comments
* typo
2021-08-26 01:42:34 +00:00
Azeem Shaikh
d8e49e0dba
Remove unwanted dependencies ( #913 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-08-25 21:21:40 +00:00
dependabot[bot]
77a4160a87
🌱 Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 ( #879 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.15.0 to 1.16.0.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.15.0...v1.16.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-23 16:18:46 +00:00
dependabot[bot]
04e8bcf933
🌱 Bump cloud.google.com/go/bigquery from 1.20.1 to 1.21.0 ( #870 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.20.1...spanner/v1.21.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2021-08-18 18:48:16 +00:00