scorecard/go.mod
dependabot[bot] e5b62b524e
🌱 Bump mvdan.cc/sh/v3 from 3.4.2 to 3.4.3 (#1665)
Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/mvdan/sh/releases)
- [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mvdan/sh/compare/v3.4.2...v3.4.3)

---
updated-dependencies:
- dependency-name: mvdan.cc/sh/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-02-21 04:24:58 -05:00

127 lines
5.9 KiB
Modula-2

module github.com/ossf/scorecard/v4
go 1.17
// TODO(go.mod): Is there a reason these deps are kept separately from the
// other `require`s?
require (
github.com/rhysd/actionlint v1.6.8
gotest.tools v2.2.0+incompatible
)
require (
cloud.google.com/go/bigquery v1.28.0
cloud.google.com/go/monitoring v0.1.0 // indirect
cloud.google.com/go/pubsub v1.18.0
cloud.google.com/go/trace v0.1.0 // indirect
contrib.go.opencensus.io/exporter/stackdriver v0.13.8
github.com/bombsimon/logrusr/v2 v2.0.1
github.com/bradleyfalzon/ghinstallation/v2 v2.0.4
github.com/go-git/go-git/v5 v5.4.2
github.com/go-logr/logr v1.2.2
github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.5.7
github.com/google/go-containerregistry v0.8.0
github.com/google/go-github/v38 v38.1.0
github.com/h2non/filetype v1.1.3
github.com/jszwec/csvutil v1.6.0
github.com/moby/buildkit v0.8.3
github.com/olekukonko/tablewriter v0.0.5
github.com/onsi/gomega v1.18.1
github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
github.com/sirupsen/logrus v1.8.1
github.com/spf13/cobra v1.3.0
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f
go.opencensus.io v0.23.0
gocloud.dev v0.24.0
golang.org/x/text v0.3.7
golang.org/x/tools v0.1.9
google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00
google.golang.org/protobuf v1.27.1
gopkg.in/yaml.v2 v2.4.0
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
mvdan.cc/sh/v3 v3.4.3
)
require github.com/onsi/ginkgo/v2 v2.1.3
require (
cloud.google.com/go v0.100.2 // indirect
cloud.google.com/go/compute v0.1.0 // indirect
cloud.google.com/go/iam v0.1.1 // indirect
cloud.google.com/go/storage v1.18.2 // indirect
github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
github.com/acomagu/bufpipe v1.0.3 // indirect
github.com/aws/aws-sdk-go v1.40.34 // indirect
github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.10.1 // indirect
github.com/containerd/typeurl v1.0.2 // indirect
github.com/docker/cli v20.10.12+incompatible // indirect
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/docker/docker v20.10.12+incompatible // indirect
github.com/docker/docker-credential-helpers v0.6.4 // indirect
github.com/emirpasic/gods v1.12.0 // indirect
github.com/fatih/color v1.13.0 // indirect
github.com/go-git/gcfg v1.5.0 // indirect
github.com/go-git/go-billy/v5 v5.3.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.0.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/google/go-github/v41 v41.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/wire v0.5.0 // indirect
github.com/googleapis/gax-go/v2 v2.1.1 // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/sergi/go-diff v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/xanzy/ssh-agent v0.3.0 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 // indirect
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/api v0.67.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/grpc v1.44.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
)
replace (
// https://deps.dev/advisory/OSV/GO-2021-0057?from=%2Fgo%2Fgithub.com%252Fbuger%252Fjsonparser%2Fv1.0.0
github.com/buger/jsonparser => github.com/buger/jsonparser v1.1.1
// https://deps.dev/advisory/OSV/GO-2020-0017?from=%2Fgo%2Fk8s.io%252Fclient-go%2Fv0.0.0-20200207030105-473926661c44
github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c => github.com/golang-jwt/jwt v3.2.1+incompatible
github.com/dgrijalva/jwt-go v3.2.0+incompatible => github.com/golang-jwt/jwt v3.2.1+incompatible
// https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2020-0020.yaml
github.com/gorilla/handlers => github.com/gorilla/handlers v1.3.0
// https://github.com/miekg/dns/issues/1037
github.com/miekg/dns => github.com/miekg/dns v1.1.25-0.20191211073109-8ebf2e419df7
//https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
github.com/opencontainers/image-spec => github.com/opencontainers/image-spec v1.0.2
// This replace is for https://nvd.nist.gov/vuln/detail/CVE-2021-3538
github.com/satori/go.uuid => github.com/satori/go.uuid v1.2.1-0.20181016170032-d91630c85102
// This replace is for https://github.com/advisories/GHSA-25xm-hr59-7c27
github.com/ulikunitz/xz => github.com/ulikunitz/xz v0.5.8
)