From 28e0451c18bde3a0b73af5e09a067a0e1b0dcb8a Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sun, 3 Mar 2024 10:01:21 +0100 Subject: [PATCH 01/58] feat: apply OSSF suggestions --- .github/workflows/codeql-analysis.yml | 13 +- .github/workflows/lint.yml | 7 +- .github/workflows/regression.yml | 7 +- .github/workflows/release.yml | 20 ++- Dockerfile | 2 +- LICENSE | 201 ++++++++++++++++++++++++++ 6 files changed, 234 insertions(+), 16 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ae59099..7fffcde 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -11,6 +11,9 @@ # name: "CodeQL" +# default token permissions: none +permissions: {} + on: push: branches: [ main ] @@ -32,21 +35,21 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 138dd02..8946107 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,5 +1,8 @@ name: Lint (pre-commit) +# default token permissions: none +permissions: {} + on: pull_request: push: @@ -7,9 +10,9 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: v1.22.x cache: true diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 19cebb1..3a1b73b 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -1,5 +1,8 @@ name: Regression Tests +# default token permissions: none +permissions: {} + on: push: branches: @@ -24,9 +27,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ${{ matrix.go-version }} cache: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5861f6c..afba3d1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,8 @@ name: goreleaser +# default token permissions: none +permissions: {} + on: push: tags: @@ -8,34 +11,39 @@ on: jobs: goreleaser: runs-on: ubuntu-latest + permissions: + # publish archives for releases + contents: write + # publish packages (container images) + packages: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: ^1.22 cache: true - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 if: startsWith(github.ref, 'refs/tags/') with: version: latest diff --git a/Dockerfile b/Dockerfile index c86d5eb..6e330ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3 +FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b RUN apk add --no-cache ca-certificates diff --git a/LICENSE b/LICENSE index e69de29..261eeb9 100644 --- a/LICENSE +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From 65b9b023001cdf9ce2c822a931d011bb83f3587e Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sun, 3 Mar 2024 10:05:47 +0100 Subject: [PATCH 02/58] docs: add badges to readme --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dd01a4c..9bd0741 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ # crs-toolchain -The CRS developer's utility belt. The documentation lives at [coreruleset.org](https://coreruleset.org/docs/development/crs_toolchain/). +[![Regression Tests](https://github.com/coreruleset/crs-toolchain/actions/workflows/regression.yml/badge.svg)](https://github.com/coreruleset/crs-toolchain/actions/workflows/regression.yml) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/coreruleset/crs-toolchain/badge)](https://securityscorecards.dev/viewer/?uri=github.com/coreruleset/crs-toolchain) + +The CRS developer's utility belt. The documentation lives at [coreruleset.org](https://coreruleset.org/docs/development/crs_toolchain/). \ No newline at end of file From d8fdca9f437c1545e9465e91759311dbd4623db5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 11:45:24 +0000 Subject: [PATCH 03/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7fffcde..5dfbcf7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,12 +44,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index afba3d1..0100884 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 From 4cb6209e981116c804b3f7becc24f1c2f781008f Mon Sep 17 00:00:00 2001 From: Max Leske Date: Mon, 4 Mar 2024 13:20:37 +0100 Subject: [PATCH 04/58] fix: codeqal permissions --- .github/workflows/codeql-analysis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7fffcde..4ab4ca2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -27,6 +27,9 @@ jobs: analyze: name: Analyze runs-on: ubuntu-latest + permissions: + # required for all workflows + security-events: write strategy: fail-fast: false From 435c9eaf8d92db67d5d2836bfe666c9cdaa7f657 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Wed, 6 Mar 2024 08:44:51 -0300 Subject: [PATCH 05/58] fix: go-2024-2611 Signed-off-by: Felipe Zipitria --- go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++++---------------- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 15817c4..7cfa32e 100644 --- a/go.mod +++ b/go.mod @@ -21,24 +21,24 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-github/v30 v30.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.4 // indirect + github.com/hashicorp/go-retryablehttp v0.7.5 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/kr/pretty v0.2.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ulikunitz/xz v0.5.11 // indirect - github.com/xanzy/go-gitlab v0.95.2 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/oauth2 v0.15.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/time v0.3.0 // indirect + github.com/xanzy/go-gitlab v0.99.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect ) diff --git a/go.sum b/go.sum index 199dd2f..7730ab0 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= @@ -36,8 +36,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= -github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= +github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -54,8 +54,9 @@ github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXq github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -74,15 +75,16 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xanzy/go-gitlab v0.95.2 h1:4p0IirHqEp5f0baK/aQqr4TR57IsD+8e4fuyAA1yi88= -github.com/xanzy/go-gitlab v0.95.2/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.99.0 h1:0W5dmFQejPlqnScZoGRXNPmx+evOxBMk50P40cxlnWU= +github.com/xanzy/go-gitlab v0.99.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -93,8 +95,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= -golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -109,14 +111,16 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -124,8 +128,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -137,8 +141,8 @@ google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAs google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 6b64dabf94cb34e88b0c0485c295c5e07797b9de Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Wed, 6 Mar 2024 09:09:10 -0300 Subject: [PATCH 06/58] docs: add SECURITY.md Signed-off-by: Felipe Zipitria --- SECURITY.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..817ff05 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security Policy + +This document includes information about the vulnerability reporting, patch, +release, and disclosure processes, as well as general security posture. + +# Reporting Security Issues + +Vulnerabilities are reported privately via GitHub's +[Security Advisories](https://docs.github.com/en/code-security/security-advisories) +feature. Please use the following link to submit your vulnerability: +[Report a vulnerability](https://github.com/coreruleset/crs-toolchain/security/advisories/new) + +Please see +[Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) +for more information on how to submit a vulnerability using GitHub's interface. + +Our vulnerability management team will respond within 3 working days of your +email. If the issue is confirmed as a vulnerability, we will open a +Security Advisory and acknowledge your contributions as part of it. This project +follows a 90 day disclosure timeline. + + +### When Should I Report a Vulnerability? + +- You think you discovered a potential security vulnerability in crs-toolchain +- You are unsure how a vulnerability affects crs-toolchain +- You think you discovered a vulnerability in another project that crs-toolchain depends on + - For projects with their own vulnerability reporting and disclosure process, please report it directly there + +### When Should I NOT Report a Vulnerability? + +- You need help applying security related updates +- Your issue is not security related From 33dc07626f27fe42be7a33d8fbfbe5c1fb39c82b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 14:46:41 +0000 Subject: [PATCH 07/58] fix(deps): update module github.com/itchyny/rassemble-go to v0.1.1 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 7cfa32e..0416a14 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/creativeprojects/go-selfupdate v1.1.3 github.com/google/uuid v1.6.0 - github.com/itchyny/rassemble-go v0.1.0 + github.com/itchyny/rassemble-go v0.1.1 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/go.sum b/go.sum index 7730ab0..717f856 100644 --- a/go.sum +++ b/go.sum @@ -44,6 +44,8 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/itchyny/rassemble-go v0.1.0 h1:PaH3f4XNlFx2SImEezdREmkW+/w2t3aLZS9xleHEPjY= github.com/itchyny/rassemble-go v0.1.0/go.mod h1:3P4ZuUAYUp+hBvdkVPrL/IhiR0U5CLeCLaqREgGJB7c= +github.com/itchyny/rassemble-go v0.1.1 h1:VLI16uQ2DsAss91EqwyLfna0abc92bz0e0Bhs3p2GiA= +github.com/itchyny/rassemble-go v0.1.1/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= From 46fd915bb6b35150a5b35c2a854034c833ca8d1e Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sat, 9 Mar 2024 08:18:02 +0100 Subject: [PATCH 08/58] chore: improve formatting in magefile for CI --- go.sum | 2 -- magefile.go | 20 ++++++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/go.sum b/go.sum index 717f856..cbb65b5 100644 --- a/go.sum +++ b/go.sum @@ -42,8 +42,6 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/itchyny/rassemble-go v0.1.0 h1:PaH3f4XNlFx2SImEezdREmkW+/w2t3aLZS9xleHEPjY= -github.com/itchyny/rassemble-go v0.1.0/go.mod h1:3P4ZuUAYUp+hBvdkVPrL/IhiR0U5CLeCLaqREgGJB7c= github.com/itchyny/rassemble-go v0.1.1 h1:VLI16uQ2DsAss91EqwyLfna0abc92bz0e0Bhs3p2GiA= github.com/itchyny/rassemble-go v0.1.1/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= diff --git a/magefile.go b/magefile.go index 3d36a1c..d4d0561 100644 --- a/magefile.go +++ b/magefile.go @@ -17,18 +17,26 @@ import ( "github.com/magefile/mage/sh" ) -var addLicenseVersion = "v1.1.1" // https://github.com/google/addlicense +var addLicenseVersion = "v1.1.1" // https://github.com/google/addlicense/releases var golangCILintVer = "v1.56.2" // https://github.com/golangci/golangci-lint/releases -var gosImportsVer = "v0.3.8" // https://github.com/rinchsan/gosimports/releases/tag/v0.1.5 -var goGciVer = "v0.10.1" // https://github.com/daixiang0/gci/releases/tag/v0.8.2 +var gosImportsVer = "v0.3.8" // https://github.com/rinchsan/gosimports/releases +var goGciVer = "v0.13.0" // https://github.com/daixiang0/gci/releases/tag var errCommitFormatting = errors.New("files not formatted, please commit formatting changes") var errNoGitDir = errors.New("no .git directory found") // Format formats code in this repository. func Format() error { - if err := sh.RunV("go", "mod", "tidy"); err != nil { - return err + return FormatAndTidy(true) +} + +// Format formats code in this repository. +// Run `go mod tidy` if `tidy` is true. +func FormatAndTidy(tidy bool) error { + if tidy { + if err := sh.RunV("go", "mod", "tidy"); err != nil { + return err + } } // addlicense strangely logs skipped files to stderr despite not being erroneous, so use the long sh.Exec form to // discard stderr too. @@ -72,7 +80,7 @@ func Lint() error { sh.Run("git", "stash", "-k", "-u") // stash unstagged changes so they don't interfere with git diff below defer sh.Run("git", "stash", "pop") - mg.SerialDeps(Format) + mg.SerialDeps(mg.F(FormatAndTidy, false)) if sh.Run("git", "diff", "--exit-code") != nil { return errCommitFormatting From fc72f5494746db884889c6df933c4a775c7b049a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 18:53:44 +0000 Subject: [PATCH 09/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f0a4b2b..cc19cc3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0100884..6e9f337 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,7 +36,7 @@ jobs: cache: true - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 72ad80a..d0f500e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: sarif_file: results.sarif From dfc70bc63e617f3b9492ede07b64ba83c1c3b5a8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:05:27 +0000 Subject: [PATCH 10/58] chore(deps): update docker/setup-buildx-action action to v3.2.0 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6e9f337..c112e99 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 From 022c8674864618618806115cfb0d7e677eac5973 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sun, 17 Mar 2024 21:08:24 +0100 Subject: [PATCH 11/58] fix: do not use `\v` in character classes `\v` expands to multiple code points and is, therefore, illegal in PCRE2 when it starts a range. In PCRE, the range token (`-`) following any such escape code would simply be treated as a literal (depending on compile time configuration). --- regex/operators/assembler.go | 24 +++++++++++++++--------- regex/operators/assembler_test.go | 4 ++-- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/regex/operators/assembler.go b/regex/operators/assembler.go index 0003e7d..96dfd5c 100644 --- a/regex/operators/assembler.go +++ b/regex/operators/assembler.go @@ -203,16 +203,23 @@ func (a *Operator) useHexBackslashes(input string) string { return strings.ReplaceAll(input, `\\`, `\x5c`) } -// In Perl, the vertical tab (`\v`, `\x0b`) is *not* part of `\s`, but it is -// in newer versions of PCRE (both 3 and 2). Go's `regexp/syntax` package +// In Perl, the vertical tab (`VT`, `\x0b`) is *not* part of `\s`, but it is +// in newer versions of PCRE (both 3 and 2) (`\v` in PCRE is actually +// a list of vertical characters, one of which is `VT`). +// Go's `regexp/syntax` package // uses Perl as the reference and, hence, generates `[\t-\n\f-\r ]` as the -// character class for `\s`, i.e., `\v` is missing. -// We simply replace the generated class with `[\s\v]` to fix this. -// Note that we could use `\s` for PCRE, but this will not work for re2 -// compatible engines. +// character class for `\s`, i.e., `VT` is missing. +// We simply replace the generated class with `[\s\0xb]` to fix this. +// Note that we could use simply use `\s` for PCRE, but this will not work +// for re2 compatible engines. +// Note also that we use the hex escape code for the vertical tab because in +// PCRE2 ranges in character classes are not allowed to start with escape codes +// that expand to multiple code points, which includes `\v`. In the original +// implementation of PCRE, `\v` was not illegal but led to the range token (`-`) +// to be interpreted as a literal. func (a *Operator) includeVerticalTabInSpaceClass(input string) string { - logger.Trace().Msg("Fixing up regex to include \\v in white space class matches") - return strings.ReplaceAll(input, `\t\n\f\r `, `\s\v`) + logger.Trace().Msg("Fixing up regex to include vertical tab (VT) in white space class matches") + return strings.ReplaceAll(input, `\t\n\f\r `, `\s\x0b`) } // rassemble-go doesn't provide an option to specify literals. @@ -235,7 +242,6 @@ func (a *Operator) includeVerticalTabInSpaceClass(input string) string { func (a *Operator) useHexEscapes(input string) string { var sb strings.Builder for _, char := range input { - // dec_value = ord(char) if char < 32 || char > 126 { sb.WriteString(`\x`) sb.WriteString(fmt.Sprintf("%x", char)) diff --git a/regex/operators/assembler_test.go b/regex/operators/assembler_test.go index aea66e4..b764b0b 100644 --- a/regex/operators/assembler_test.go +++ b/regex/operators/assembler_test.go @@ -361,7 +361,7 @@ func (s *specialCasesTestSuite) TestBackslashSReplacesPerlEquivalentCharacterCla assembler := NewAssembler(s.ctx) output, err := assembler.Run(contents) s.Require().NoError(err) - s.Equal(`[\s\v]`, output) + s.Equal(`[\s\x0b]`, output) } func (s *preprocessorsTestSuite) TestSequentialPreprocessors() { @@ -495,7 +495,7 @@ func (s *definitionsTestSuite) TestDefinition_RetainsEscapes() { output, err := assembler.Run(contents) s.Require().NoError(err) - s.Equal(`\n[\s\v]\b\v\t`, output) + s.Equal(`\n[\s\x0b]\b\v\t`, output) } From 6450e5c6934ee0621c3f9a996700a60586a1df01 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 19:08:58 +0000 Subject: [PATCH 12/58] chore(deps): update github/codeql-action action to v3.24.8 --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cc19cc3..e2b7052 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d0f500e..b9ee682 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif From 70144ea41a9ba8a20e8ea3e610dd58e7b79e4fd0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 20:25:56 +0000 Subject: [PATCH 13/58] fix(deps): update module github.com/creativeprojects/go-selfupdate to v1.1.4 --- go.mod | 4 ++-- go.sum | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 0416a14..6da0596 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( require ( github.com/Masterminds/semver/v3 v3.2.1 - github.com/creativeprojects/go-selfupdate v1.1.3 + github.com/creativeprojects/go-selfupdate v1.1.4 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.1 gopkg.in/yaml.v3 v3.0.1 @@ -32,7 +32,7 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ulikunitz/xz v0.5.11 // indirect - github.com/xanzy/go-gitlab v0.99.0 // indirect + github.com/xanzy/go-gitlab v0.100.0 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sys v0.18.0 // indirect diff --git a/go.sum b/go.sum index cbb65b5..1bb45f2 100644 --- a/go.sum +++ b/go.sum @@ -8,6 +8,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.1.3 h1:p+Mx6rCZGBMrYWa5XhHCHYsS+w9v21fSfItuEUlxIGo= github.com/creativeprojects/go-selfupdate v1.1.3/go.mod h1:sL4LPc1cei5kkQ8MG9EmhvUdLEcbfn7Z2nY+aYfAvrA= +github.com/creativeprojects/go-selfupdate v1.1.4 h1:6/+Wfg08lXAbmU/qEU0v9W4w5Wp6TWf9x2DAttZEwzg= +github.com/creativeprojects/go-selfupdate v1.1.4/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -77,6 +79,8 @@ github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xanzy/go-gitlab v0.99.0 h1:0W5dmFQejPlqnScZoGRXNPmx+evOxBMk50P40cxlnWU= github.com/xanzy/go-gitlab v0.99.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.100.0 h1:jaOtYj5nWI19+9oVVmgy233pax2oYqucwetogYU46ks= +github.com/xanzy/go-gitlab v0.100.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= From e958a9094e03ecd6f1e27e3bf031027551dcd9ea Mon Sep 17 00:00:00 2001 From: Felipe Zipitria Date: Thu, 21 Mar 2024 20:46:08 -0300 Subject: [PATCH 14/58] fix: properly replace version ending in "-dev" Signed-off-by: Felipe Zipitria --- cmd/chore_update_copyright_test.go | 21 ++++++++++++++++++++- regex/definitions.go | 4 ++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/cmd/chore_update_copyright_test.go b/cmd/chore_update_copyright_test.go index 5191abd..05c446e 100644 --- a/cmd/chore_update_copyright_test.go +++ b/cmd/chore_update_copyright_test.go @@ -50,7 +50,7 @@ func (s *choreUpdateCopyrightTestSuite) SetupTest() { s.FileExists(path.Join(s.rulesDir, "TEST-900.conf")) s.writeFile(path.Join(s.tempDir, "crs-setup.conf.example"), `# ------------------------------------------------------------------------ -# OWASP ModSecurity Core Rule Set ver.4.0.0-rc1 +# OWASP ModSecurity Core Rule Set ver.4.9.0-dev # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2022 Core Rule Set project. All rights reserved. # @@ -116,6 +116,25 @@ func (s *choreUpdateCopyrightTestSuite) TestUpdateCopyright_ErrIfNoVersion() { s.Error(err, ErrUpdateCopyrightWithoutVersion) } +func (s *choreUpdateCopyrightTestSuite) TestUpdateCopyright_DevRelease() { + rootCmd.SetArgs([]string{"-d", s.tempDir, "chore", "update-copyright", "-v", "5.4.3-dev"}) + cmd, _ := rootCmd.ExecuteC() + + s.Equal("update-copyright", cmd.Name()) + + // get year from file contents + contents, err := os.ReadFile(path.Join(s.rulesDir, "TEST-900.conf")) + s.Require().NoError(err) + s.Contains(string(contents), "OWASP ModSecurity Core Rule Set ver.5.4.3-dev") + s.NotContains(string(contents), "OWASP ModSecurity Core Rule Set ver.5.4.3-dev-dev") + + // check that crs-setup.conf.example was also modified + contents, err = os.ReadFile(path.Join(s.tempDir, "crs-setup.conf.example")) + s.Require().NoError(err) + s.Contains(string(contents), "OWASP ModSecurity Core Rule Set ver.5.4.3-dev") + s.NotContains(string(contents), "OWASP ModSecurity Core Rule Set ver.5.4.3-dev-dev") +} + func (s *choreUpdateCopyrightTestSuite) writeFile(filename string, contents string) { err := os.WriteFile(filename, []byte(contents), fs.ModePerm) s.Require().NoError(err) diff --git a/regex/definitions.go b/regex/definitions.go index 23e968f..9836c5c 100644 --- a/regex/definitions.go +++ b/regex/definitions.go @@ -94,9 +94,9 @@ var CRSCopyrightYearRegex = regexp.MustCompile(`^(# Copyright \(c\) 2021-)(\d{4} // CRSYearSecRuleVerRegex matches the version in the SecRule part of the text, (e.g. ver:'OWASP_CRS/4.0.0') // setup example, and rule files. // The matched year will be captured in group 2. -var CRSYearSecRuleVerRegex = regexp.MustCompile(`(ver:'OWASP_CRS/)(\d+\.\d+\.\d+(-rc\d+)?)`) +var CRSYearSecRuleVerRegex = regexp.MustCompile(`(ver:'OWASP_CRS/)(\d+\.\d+\.\d+(-[a-z0-9-]+)?)`) // CRSVersionComponentSignatureRegex matches the version in the SecComponentSignature part of the text, (e.g. OWASP_CRS/4.0.0-rc1) // setup example, and rule files. // The matched year will be captured in group 2. -var CRSVersionComponentSignatureRegex = regexp.MustCompile(`^(SecComponentSignature "OWASP_CRS/)(\d+\.\d+\.\d+(-rc\d+)?)`) +var CRSVersionComponentSignatureRegex = regexp.MustCompile(`^(SecComponentSignature "OWASP_CRS/)(\d+\.\d+\.\d+(-[a-z0-9-]+)?)`) From 425cb177c1009dc637bb8dbbbaff0e5ac2617cdd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 11:10:04 +0000 Subject: [PATCH 15/58] chore(deps): update github/codeql-action action to v3.24.9 --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e2b7052..0d7038a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 + uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 + uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 + uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b9ee682..95ac9ee 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 with: sarif_file: results.sarif From 359645f524f70a73142a20b9a29dbac2b1915d07 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sat, 23 Mar 2024 08:29:25 +0100 Subject: [PATCH 16/58] chore: run renovate once a week --- renovate.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index 7025585..8dc99f4 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,9 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["config:base"], + "extends": [ + "config:base", + "schedule:weekly" + ], "packageRules": [ { "groupName": "all non-major dependencies", From f896581867d1c9f8a17bf074878e9466dd281e5d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 08:27:59 +0000 Subject: [PATCH 17/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- go.mod | 2 +- go.sum | 2 ++ 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0d7038a..f15d7d5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c112e99..bc72bfe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Set up Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 95ac9ee..df29921 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 6da0596..109cb71 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( require ( github.com/Masterminds/semver/v3 v3.2.1 - github.com/creativeprojects/go-selfupdate v1.1.4 + github.com/creativeprojects/go-selfupdate v1.2.0 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.1 gopkg.in/yaml.v3 v3.0.1 diff --git a/go.sum b/go.sum index 1bb45f2..5761392 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/creativeprojects/go-selfupdate v1.1.3 h1:p+Mx6rCZGBMrYWa5XhHCHYsS+w9v github.com/creativeprojects/go-selfupdate v1.1.3/go.mod h1:sL4LPc1cei5kkQ8MG9EmhvUdLEcbfn7Z2nY+aYfAvrA= github.com/creativeprojects/go-selfupdate v1.1.4 h1:6/+Wfg08lXAbmU/qEU0v9W4w5Wp6TWf9x2DAttZEwzg= github.com/creativeprojects/go-selfupdate v1.1.4/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= +github.com/creativeprojects/go-selfupdate v1.2.0 h1:sHpsnSJuSxQ6pua32c+86Izm+nG1jEKPo3UP/MAE6IM= +github.com/creativeprojects/go-selfupdate v1.2.0/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= From 5316273d469c59b866eb07e4d362bd5e0d468ce3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 19:39:06 +0000 Subject: [PATCH 18/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f15d7d5..f90dcd1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8946107..574d0d8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 3a1b73b..ea23393 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc72bfe..b67b00c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index df29921..8c1b303 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10 + uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: sarif_file: results.sarif From f517bef5f449cd9fcb3153bc28f2f17f05eec9aa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 00:39:21 +0000 Subject: [PATCH 19/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f90dcd1..b44864d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 574d0d8..5e9b4c9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index ea23393..21eef27 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b67b00c..a7d47f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8c1b303..0dc3007 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: sarif_file: results.sarif From 4926efda5af16967ed990d1e88548ddd2f93f4c4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 01:31:56 +0000 Subject: [PATCH 20/58] chore(deps): update actions/setup-go action to v5.0.1 --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b44864d..e138f81 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: go.mod diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5e9b4c9..73c5c36 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: v1.22.x cache: true diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 21eef27..4b9fffa 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -29,7 +29,7 @@ jobs: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ matrix.go-version }} cache: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a7d47f8..0806697 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ^1.22 cache: true From 68282594858afec797aa78465c49ebbfa8b722a5 Mon Sep 17 00:00:00 2001 From: Max Leske Date: Mon, 6 May 2024 07:10:05 +0200 Subject: [PATCH 21/58] feat: update renumber-test to new test schema --- cmd/util_renumber_tests_test.go | 12 +++++----- regex/definitions.go | 6 ++--- util/renumber_tests.go | 8 +++---- util/renumber_tests_test.go | 42 ++++++++++++++++----------------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/cmd/util_renumber_tests_test.go b/cmd/util_renumber_tests_test.go index 2e90f7a..f7f28df 100644 --- a/cmd/util_renumber_tests_test.go +++ b/cmd/util_renumber_tests_test.go @@ -77,23 +77,23 @@ func TestRunRenumberTestsTestSuite(t *testing.T) { } func (s *renumberTestsTestSuite) TestRenumberTests_WithYaml() { - s.writeTestFile("123456.yaml", "test_title: homer") + s.writeTestFile("123456.yaml", "test_id: homer") rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "123456"}) _, err := rootCmd.ExecuteC() s.Require().NoError(err) actual := s.readTestFile("123456.yaml") - s.Equal("test_title: 123456-1\n", actual) + s.Equal("test_id: 1\n", actual) } func (s *renumberTestsTestSuite) TestRenumberTests_WithYml() { - s.writeTestFile("123456.yml", "test_title: homer") + s.writeTestFile("123456.yml", "test_id: homer") rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "123456"}) _, err := rootCmd.ExecuteC() s.Require().NoError(err) actual := s.readTestFile("123456.yml") - s.Equal("test_title: 123456-1\n", actual) + s.Equal("test_id: 1\n", actual) } func (s *renumberTestsTestSuite) TestRenumberTests_NormalRuleIdWith() { @@ -130,7 +130,7 @@ func (s *renumberTestsTestSuite) TestRenumberTests_Dash() { } func (s *renumberTestsTestSuite) TestRenumberTests_CheckOnly() { - contents := "test_title: homer" + contents := "test_id: homer" s.writeTestFile("123456.yaml", contents) rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "-c", "123456"}) _, err := rootCmd.ExecuteC() @@ -144,7 +144,7 @@ func (s *renumberTestsTestSuite) TestRenumberTests_CheckOnly() { func (s *renumberTestsTestSuite) TestRenumberTests_GitHubOutput() { read := s.captureStdout() - contents := "test_title: homer" + contents := "test_id: homer" s.writeTestFile("123456.yaml", contents) rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "-cao", "github"}) _, err := rootCmd.ExecuteC() diff --git a/regex/definitions.go b/regex/definitions.go index 9836c5c..f82595b 100644 --- a/regex/definitions.go +++ b/regex/definitions.go @@ -70,9 +70,9 @@ var RuleIdFileNameRegex = regexp.MustCompile(`^(\d{6})(?:-chain(\d+))?(?:\.ra)?$ // The rule ID is captured in group 1, the optional extension in group 2. var RuleIdTestFileNameRegex = regexp.MustCompile(`^(\d{6})(?:\.ya?ml)?$`) -// TestTitleRegex matches any test_title line in test YAML files (test_title: ""). -// Everything up to the value of the test title is captured in group 1, test title in group 2. -var TestTitleRegex = regexp.MustCompile(`(.*test_title:)\s+(.*$)`) +// TestIdRegex matches any test_id line in test YAML files (test_id: <ID>). +// Everything up to the value of the test ID is captured in group 1, test ID in group 2. +var TestIdRegex = regexp.MustCompile(`(.*test_id:)\s+(.*$)`) // DefinitionReferenceRegex matches any reference to a definition. // The matched reference name will be captured in group 1. diff --git a/util/renumber_tests.go b/util/renumber_tests.go index 3f1db06..c7d96c3 100644 --- a/util/renumber_tests.go +++ b/util/renumber_tests.go @@ -85,7 +85,7 @@ func (t *TestRenumberer) processFile(filePath string, checkOnly bool, gitHubOutp return err } - output, err := t.processYaml(ruleId, contents) + output, err := t.processYaml(contents) if err != nil { return err } @@ -105,7 +105,7 @@ func (t *TestRenumberer) processFile(filePath string, checkOnly bool, gitHubOutp return os.WriteFile(filePath, output, fs.ModePerm) } -func (t *TestRenumberer) processYaml(ruleId string, contents []byte) ([]byte, error) { +func (t *TestRenumberer) processYaml(contents []byte) ([]byte, error) { scanner := bufio.NewScanner(bytes.NewReader(contents)) scanner.Split(bufio.ScanLines) output := new(bytes.Buffer) @@ -113,10 +113,10 @@ func (t *TestRenumberer) processYaml(ruleId string, contents []byte) ([]byte, er index := 0 for scanner.Scan() { line := scanner.Text() - matches := regex.TestTitleRegex.FindStringSubmatch(line) + matches := regex.TestIdRegex.FindStringSubmatch(line) if matches != nil { index++ - line = fmt.Sprint(matches[1], " ", ruleId, "-", index) + line = fmt.Sprint(matches[1], " ", index) } if _, err := writer.WriteString(line); err != nil { diff --git a/util/renumber_tests_test.go b/util/renumber_tests_test.go index 8a1bf74..f805ca7 100644 --- a/util/renumber_tests_test.go +++ b/util/renumber_tests_test.go @@ -20,15 +20,15 @@ func TestRunRenumberTestsTestSuite(t *testing.T) { suite.Run(t, new(renumberTestsTestSuite)) } -func (s *renumberTestsTestSuite) TestRenumberTests_SetTitle() { +func (s *renumberTestsTestSuite) TestRenumberTests_Setid() { contents := `--- meta: enabled: true name: 123456.yaml tests: - - test_title: bapedibupi + - test_id: bapedibupi desc: "test 1" - - test_title: "pine apple" + - test_id: "pine apple" desc: "test 2" ` expected := `--- @@ -36,12 +36,12 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: 123456-1 + - test_id: 1 desc: "test 1" - - test_title: 123456-2 + - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + out, err := NewTestRenumberer().processYaml([]byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -53,9 +53,9 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: bapedibupi + - test_id: bapedibupi desc: "test 1" - - test_title: "pine apple" + - test_id: "pine apple" desc: "test 2" @@ -65,12 +65,12 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: 123456-1 + - test_id: 1 desc: "test 1" - - test_title: 123456-2 + - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + out, err := NewTestRenumberer().processYaml([]byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -82,21 +82,21 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: bapedibupi + - test_id: bapedibupi desc: "test 1" - - test_title: "pine apple" + - test_id: "pine apple" desc: "test 2"` expected := `--- meta: enabled: true name: 123456.yaml tests: - - test_title: 123456-1 + - test_id: 1 desc: "test 1" - - test_title: 123456-2 + - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + out, err := NewTestRenumberer().processYaml([]byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -108,9 +108,9 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: bapedibupi + - test_id: bapedibupi desc: "test 1" - - test_title: "pine apple" + - test_id: "pine apple" desc: "test 2" @@ -120,12 +120,12 @@ meta: enabled: true name: 123456.yaml tests: - - test_title: 123456-1 + - test_id: 1 desc: "test 1" - - test_title: 123456-2 + - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + out, err := NewTestRenumberer().processYaml([]byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) From 125a12ad643b4e73571edc0955dfd576b82b91a6 Mon Sep 17 00:00:00 2001 From: Max Leske <maxleske@gmail.com> Date: Fri, 10 May 2024 09:47:38 +0200 Subject: [PATCH 22/58] feat: support renunmbering for both test_id and test_title --- cmd/util_renumber_tests_test.go | 54 +++++++++++- go.sum | 6 -- regex/definitions.go | 4 + util/renumber_tests.go | 20 ++++- util/renumber_tests_test.go | 150 +++++++++++++++++++++++++++++++- 5 files changed, 220 insertions(+), 14 deletions(-) diff --git a/cmd/util_renumber_tests_test.go b/cmd/util_renumber_tests_test.go index f7f28df..ee74628 100644 --- a/cmd/util_renumber_tests_test.go +++ b/cmd/util_renumber_tests_test.go @@ -96,7 +96,7 @@ func (s *renumberTestsTestSuite) TestRenumberTests_WithYml() { s.Equal("test_id: 1\n", actual) } -func (s *renumberTestsTestSuite) TestRenumberTests_NormalRuleIdWith() { +func (s *renumberTestsTestSuite) TestRenumberTests_NormalRuleId() { s.writeTestFile("123456.yaml", "") rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "123456"}) cmd, _ := rootCmd.ExecuteC() @@ -160,3 +160,55 @@ func (s *renumberTestsTestSuite) TestRenumberTests_GitHubOutput() { s.Contains(output, "::error::") s.Contains(output, "Please run `crs-toolchain util renumber-tests --all`") } + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_WithYaml() { + s.writeTestFile("123456.yaml", "test_title: homer") + rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "123456"}) + _, err := rootCmd.ExecuteC() + s.Require().NoError(err) + + actual := s.readTestFile("123456.yaml") + s.Equal("test_title: 123456-1\n", actual) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_WithYml() { + s.writeTestFile("123456.yml", "test_title: homer") + rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "123456"}) + _, err := rootCmd.ExecuteC() + s.Require().NoError(err) + + actual := s.readTestFile("123456.yml") + s.Equal("test_title: 123456-1\n", actual) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_CheckOnly() { + contents := "test_title: homer" + s.writeTestFile("123456.yaml", contents) + rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "-c", "123456"}) + _, err := rootCmd.ExecuteC() + + s.EqualError(err, "Tests are not properly numbered") + + actual := s.readTestFile("123456.yaml") + s.Equal(contents, actual) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_GitHubOutput() { + read := s.captureStdout() + + contents := "test_title: homer" + s.writeTestFile("123456.yaml", contents) + rootCmd.SetArgs([]string{"-d", s.tempDir, "util", "renumber-tests", "-cao", "github"}) + _, err := rootCmd.ExecuteC() + + s.ErrorIs(err, &util.TestNumberingError{}) + + buffer := make([]byte, 1024) + _, err = read.Read(buffer) + s.Require().NoError(err) + + output := string(buffer) + s.Contains(output, "::warning::Test file not properly numbered") + s.Contains(output, "::error::") + s.Contains(output, "Please run `crs-toolchain util renumber-tests --all`") +} diff --git a/go.sum b/go.sum index 5761392..8fcee22 100644 --- a/go.sum +++ b/go.sum @@ -6,10 +6,6 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creativeprojects/go-selfupdate v1.1.3 h1:p+Mx6rCZGBMrYWa5XhHCHYsS+w9v21fSfItuEUlxIGo= -github.com/creativeprojects/go-selfupdate v1.1.3/go.mod h1:sL4LPc1cei5kkQ8MG9EmhvUdLEcbfn7Z2nY+aYfAvrA= -github.com/creativeprojects/go-selfupdate v1.1.4 h1:6/+Wfg08lXAbmU/qEU0v9W4w5Wp6TWf9x2DAttZEwzg= -github.com/creativeprojects/go-selfupdate v1.1.4/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/creativeprojects/go-selfupdate v1.2.0 h1:sHpsnSJuSxQ6pua32c+86Izm+nG1jEKPo3UP/MAE6IM= github.com/creativeprojects/go-selfupdate v1.2.0/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -79,8 +75,6 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xanzy/go-gitlab v0.99.0 h1:0W5dmFQejPlqnScZoGRXNPmx+evOxBMk50P40cxlnWU= -github.com/xanzy/go-gitlab v0.99.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/go-gitlab v0.100.0 h1:jaOtYj5nWI19+9oVVmgy233pax2oYqucwetogYU46ks= github.com/xanzy/go-gitlab v0.100.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= diff --git a/regex/definitions.go b/regex/definitions.go index f82595b..b1609eb 100644 --- a/regex/definitions.go +++ b/regex/definitions.go @@ -74,6 +74,10 @@ var RuleIdTestFileNameRegex = regexp.MustCompile(`^(\d{6})(?:\.ya?ml)?$`) // Everything up to the value of the test ID is captured in group 1, test ID in group 2. var TestIdRegex = regexp.MustCompile(`(.*test_id:)\s+(.*$)`) +// TestTitleRegex matches any test_title line in test YAML files (test_title: "<title>"). +// Everything up to the value of the test title is captured in group 1, test title in group 2. +var TestTitleRegex = regexp.MustCompile(`(.*test_title:)\s+(.*$)`) + // DefinitionReferenceRegex matches any reference to a definition. // The matched reference name will be captured in group 1. var DefinitionReferenceRegex = regexp.MustCompile(`{{([a-zA-Z0-9-_]+)}}`) diff --git a/util/renumber_tests.go b/util/renumber_tests.go index c7d96c3..24288bb 100644 --- a/util/renumber_tests.go +++ b/util/renumber_tests.go @@ -85,7 +85,7 @@ func (t *TestRenumberer) processFile(filePath string, checkOnly bool, gitHubOutp return err } - output, err := t.processYaml(contents) + output, err := t.processYaml(ruleId, contents) if err != nil { return err } @@ -105,19 +105,33 @@ func (t *TestRenumberer) processFile(filePath string, checkOnly bool, gitHubOutp return os.WriteFile(filePath, output, fs.ModePerm) } -func (t *TestRenumberer) processYaml(contents []byte) ([]byte, error) { +func (t *TestRenumberer) processYaml(ruleId string, contents []byte) ([]byte, error) { scanner := bufio.NewScanner(bytes.NewReader(contents)) scanner.Split(bufio.ScanLines) output := new(bytes.Buffer) writer := bufio.NewWriter(output) index := 0 + idCount := 0 + titleCount := 0 for scanner.Scan() { line := scanner.Text() matches := regex.TestIdRegex.FindStringSubmatch(line) if matches != nil { - index++ + idCount++ + if idCount > index { + index++ + } line = fmt.Sprint(matches[1], " ", index) } + // legacy support + matches = regex.TestTitleRegex.FindStringSubmatch(line) + if matches != nil { + titleCount++ + if titleCount > index { + index++ + } + line = fmt.Sprint(matches[1], " ", ruleId, "-", index) + } if _, err := writer.WriteString(line); err != nil { return nil, err diff --git a/util/renumber_tests_test.go b/util/renumber_tests_test.go index f805ca7..750d7d2 100644 --- a/util/renumber_tests_test.go +++ b/util/renumber_tests_test.go @@ -41,7 +41,7 @@ tests: - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml([]byte(contents)) + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -70,7 +70,7 @@ tests: - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml([]byte(contents)) + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -96,7 +96,7 @@ tests: - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml([]byte(contents)) + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) @@ -125,7 +125,149 @@ tests: - test_id: 2 desc: "test 2" ` - out, err := NewTestRenumberer().processYaml([]byte(contents)) + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + s.Require().NoError(err) + + s.Equal(expected, string(out)) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_SetTitle() { + contents := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: bapedibupi + desc: "test 1" + - test_title: "pine apple" + desc: "test 2" +` + expected := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: 123456-1 + desc: "test 1" + - test_title: 123456-2 + desc: "test 2" +` + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + s.Require().NoError(err) + + s.Equal(expected, string(out)) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_RemoveSuperfluousNewLinesAtEof() { + contents := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: bapedibupi + desc: "test 1" + - test_title: "pine apple" + desc: "test 2" + + +` + expected := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: 123456-1 + desc: "test 1" + - test_title: 123456-2 + desc: "test 2" +` + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + s.Require().NoError(err) + + s.Equal(expected, string(out)) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_AddMissingNewLineAtEof() { + contents := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: bapedibupi + desc: "test 1" + - test_title: "pine apple" + desc: "test 2"` + expected := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: 123456-1 + desc: "test 1" + - test_title: 123456-2 + desc: "test 2" +` + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + s.Require().NoError(err) + + s.Equal(expected, string(out)) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_Legacy_TrimSpaceOnTrailingLines() { + contents := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: bapedibupi + desc: "test 1" + - test_title: "pine apple" + desc: "test 2" + + + ` + expected := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: 123456-1 + desc: "test 1" + - test_title: 123456-2 + desc: "test 2" +` + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) + s.Require().NoError(err) + + s.Equal(expected, string(out)) +} + +func (s *renumberTestsTestSuite) TestRenumberTests_SupportLegacyAndNewFieldAtTheSameTime() { + contents := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: bapedibupi + test_id: bapedibupi + desc: "test 1" + - test_id: "pine apple" + test_title: "pine apple" + desc: "test 2" + ` + expected := `--- +meta: + enabled: true + name: 123456.yaml +tests: + - test_title: 123456-1 + test_id: 1 + desc: "test 1" + - test_id: 2 + test_title: 123456-2 + desc: "test 2" +` + out, err := NewTestRenumberer().processYaml("123456", []byte(contents)) s.Require().NoError(err) s.Equal(expected, string(out)) From 3494dec795b6d01d0ff84aed8db33e01701ade65 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 01:54:31 +0000 Subject: [PATCH 23/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 6 +++--- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e138f81..ad629b9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 73c5c36..24d0ea7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 4b9fffa..659e37c 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0806697..b5e826a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 - @@ -43,7 +43,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 if: startsWith(github.ref, 'refs/tags/') with: version: latest diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0dc3007..f8c6ed4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: sarif_file: results.sarif From cf24cdeebf75445f9495fce4f466bde16c950226 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 03:33:52 +0000 Subject: [PATCH 24/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad629b9..35ebf73 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 24d0ea7..3aa045b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 659e37c..43088df 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b5e826a..c8eb99b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f8c6ed4..fb7cb28 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 5e9cd829f75bea45b45f921a1e76b1b122d42a28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 00:41:13 +0000 Subject: [PATCH 25/58] fix(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- go.mod | 2 +- go.sum | 2 ++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 35ebf73..f3b14f9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fb7cb28..41d19fb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 109cb71..7bcaa90 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/rs/zerolog v1.32.0 + github.com/rs/zerolog v1.33.0 github.com/spf13/pflag v1.0.5 // indirect github.com/stretchr/testify v1.9.0 ) diff --git a/go.sum b/go.sum index 8fcee22..6e97cfc 100644 --- a/go.sum +++ b/go.sum @@ -63,6 +63,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= +github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= +github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= From 564b709be2acd59416450cef4c8cea04a0e399fa Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 06:05:04 +0000 Subject: [PATCH 26/58] chore(deps): update alpine docker tag to v3.20.0 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 6e330ae..59d227b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b +FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd RUN apk add --no-cache ca-certificates From e44fc0af6f7f2a4bf0b32d280d0bd6a852b2c759 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 17:04:41 +0000 Subject: [PATCH 27/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f3b14f9..d38a346 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c8eb99b..3476a68 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -36,7 +36,7 @@ jobs: cache: true - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 41d19fb..2b9b6aa 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 8fe1b58b3d83cb347d662e0e82a744c8b34f2829 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 00:45:55 +0000 Subject: [PATCH 28/58] chore(deps): update goreleaser/goreleaser-action action to v6 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3476a68..42417a8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,7 +43,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 + uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 if: startsWith(github.ref, 'refs/tags/') with: version: latest From 4b1ff82b6b3d753056357799dc483c3aee9edf3d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 00:33:57 +0000 Subject: [PATCH 29/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- go.mod | 4 ++-- go.sum | 5 +++++ 7 files changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d38a346..2d1e889 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3aa045b..2f40899 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 43088df..90bf801 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 42417a8..b13e858 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2b9b6aa..1e65613 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 7bcaa90..77b2c65 100644 --- a/go.mod +++ b/go.mod @@ -5,14 +5,14 @@ go 1.22 require ( dario.cat/mergo v1.0.0 github.com/magefile/mage v1.15.0 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 ) require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/creativeprojects/go-selfupdate v1.2.0 github.com/google/uuid v1.6.0 - github.com/itchyny/rassemble-go v0.1.1 + github.com/itchyny/rassemble-go v0.1.2 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/go.sum b/go.sum index 6e97cfc..f1ee976 100644 --- a/go.sum +++ b/go.sum @@ -6,6 +6,7 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.2.0 h1:sHpsnSJuSxQ6pua32c+86Izm+nG1jEKPo3UP/MAE6IM= github.com/creativeprojects/go-selfupdate v1.2.0/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -44,6 +45,8 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/itchyny/rassemble-go v0.1.1 h1:VLI16uQ2DsAss91EqwyLfna0abc92bz0e0Bhs3p2GiA= github.com/itchyny/rassemble-go v0.1.1/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= +github.com/itchyny/rassemble-go v0.1.2 h1:4Jtms+JnlXJPbBfeXzdgXf/TJnFWilFzA6bXn+ZF6yM= +github.com/itchyny/rassemble-go v0.1.2/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -68,6 +71,8 @@ github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWR github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= From b24eb1580628f1af6cdec4173d9c4283fb370368 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 00:07:22 +0000 Subject: [PATCH 30/58] chore(deps): update alpine docker tag to v3.20.1 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 59d227b..18a902f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd +FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 RUN apk add --no-cache ca-certificates From 722b937bf15daafcab140010baa5523d8d4011ff Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 01:33:42 +0000 Subject: [PATCH 31/58] fix(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- go.mod | 18 +++++++++--------- go.sum | 18 ++++++++++++++++++ 4 files changed, 31 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 2d1e889..a27387b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1e65613..124976d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 77b2c65..af9e764 100644 --- a/go.mod +++ b/go.mod @@ -10,14 +10,14 @@ require ( require ( github.com/Masterminds/semver/v3 v3.2.1 - github.com/creativeprojects/go-selfupdate v1.2.0 + github.com/creativeprojects/go-selfupdate v1.3.0 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.2 gopkg.in/yaml.v3 v3.0.1 ) require ( - code.gitea.io/sdk/gitea v0.17.1 // indirect + code.gitea.io/sdk/gitea v0.18.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/go-fed/httpsig v1.1.0 // indirect @@ -25,17 +25,17 @@ require ( github.com/google/go-github/v30 v30.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect + github.com/hashicorp/go-version v1.7.0 // indirect github.com/kr/pretty v0.2.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect - github.com/xanzy/go-gitlab v0.100.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sys v0.18.0 // indirect + github.com/ulikunitz/xz v0.5.12 // indirect + github.com/xanzy/go-gitlab v0.106.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sys v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect diff --git a/go.sum b/go.sum index f1ee976..57b15e6 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ code.gitea.io/sdk/gitea v0.17.1 h1:3jCPOG2ojbl8AcfaUCRYLT5MUcBMFwS0OSK2mA5Zok8= code.gitea.io/sdk/gitea v0.17.1/go.mod h1:aCnBqhHpoEWA180gMbaCtdX9Pl6BWBAuuP2miadoTNM= +code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= +code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= @@ -9,6 +11,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.2.0 h1:sHpsnSJuSxQ6pua32c+86Izm+nG1jEKPo3UP/MAE6IM= github.com/creativeprojects/go-selfupdate v1.2.0/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= +github.com/creativeprojects/go-selfupdate v1.3.0 h1:Hs+14cJ7Um7xbRpmkmrKEfkZGwec3vZLPWTVEFwYXBc= +github.com/creativeprojects/go-selfupdate v1.3.0/go.mod h1:uYJeumb6ECaI6bhc5dvH3Htjz1KoMArQjFt1P8m71Tc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -39,8 +43,12 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/itchyny/rassemble-go v0.1.1 h1:VLI16uQ2DsAss91EqwyLfna0abc92bz0e0Bhs3p2GiA= @@ -82,8 +90,12 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xanzy/go-gitlab v0.100.0 h1:jaOtYj5nWI19+9oVVmgy233pax2oYqucwetogYU46ks= github.com/xanzy/go-gitlab v0.100.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= +github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -92,6 +104,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -104,6 +118,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -121,6 +137,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= From d4b1ca23b4043f8a2a21539320abead5efef9656 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sat, 6 Jul 2024 12:58:50 +0200 Subject: [PATCH 32/58] fix: revert to rassemble-go v0.1.0 rassemble-go v0.1.1 introduced changes that break some regular expressions. --- go.mod | 5 +-- go.sum | 86 +++++---------------------------------------------- renovate.json | 1 + 3 files changed, 10 insertions(+), 82 deletions(-) diff --git a/go.mod b/go.mod index af9e764..8c042d8 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/creativeprojects/go-selfupdate v1.3.0 github.com/google/uuid v1.6.0 - github.com/itchyny/rassemble-go v0.1.2 + github.com/itchyny/rassemble-go v0.1.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -21,7 +21,6 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-github/v30 v30.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -37,8 +36,6 @@ require ( golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sys v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect ) diff --git a/go.sum b/go.sum index 57b15e6..da06323 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,3 @@ -code.gitea.io/sdk/gitea v0.17.1 h1:3jCPOG2ojbl8AcfaUCRYLT5MUcBMFwS0OSK2mA5Zok8= -code.gitea.io/sdk/gitea v0.17.1/go.mod h1:aCnBqhHpoEWA180gMbaCtdX9Pl6BWBAuuP2miadoTNM= code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= @@ -7,27 +5,20 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creativeprojects/go-selfupdate v1.2.0 h1:sHpsnSJuSxQ6pua32c+86Izm+nG1jEKPo3UP/MAE6IM= -github.com/creativeprojects/go-selfupdate v1.2.0/go.mod h1:zCTXcZolcs0Cw9WsfXZvlcX9AupkAlikQ14PQqIV2v0= github.com/creativeprojects/go-selfupdate v1.3.0 h1:Hs+14cJ7Um7xbRpmkmrKEfkZGwec3vZLPWTVEFwYXBc= github.com/creativeprojects/go-selfupdate v1.3.0/go.mod h1:uYJeumb6ECaI6bhc5dvH3Htjz1KoMArQjFt1P8m71Tc= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= +github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-github/v30 v30.1.0 h1:VLDx+UolQICEOKu2m4uAoMti1SxuEBAl7RSEG16L+Oo= @@ -39,22 +30,16 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/itchyny/rassemble-go v0.1.1 h1:VLI16uQ2DsAss91EqwyLfna0abc92bz0e0Bhs3p2GiA= -github.com/itchyny/rassemble-go v0.1.1/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= -github.com/itchyny/rassemble-go v0.1.2 h1:4Jtms+JnlXJPbBfeXzdgXf/TJnFWilFzA6bXn+ZF6yM= -github.com/itchyny/rassemble-go v0.1.2/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= +github.com/itchyny/rassemble-go v0.1.0 h1:PaH3f4XNlFx2SImEezdREmkW+/w2t3aLZS9xleHEPjY= +github.com/itchyny/rassemble-go v0.1.0/go.mod h1:3P4ZuUAYUp+hBvdkVPrL/IhiR0U5CLeCLaqREgGJB7c= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -72,105 +57,50 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= -github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/xanzy/go-gitlab v0.100.0 h1:jaOtYj5nWI19+9oVVmgy233pax2oYqucwetogYU46ks= -github.com/xanzy/go-gitlab v0.100.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= -golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/renovate.json b/renovate.json index 8dc99f4..455a5eb 100644 --- a/renovate.json +++ b/renovate.json @@ -4,6 +4,7 @@ "config:base", "schedule:weekly" ], + "ignoreDeps": ["github.com/itchyny/rassemble-go"], "packageRules": [ { "groupName": "all non-major dependencies", From 67b66fb8229752ff9edda67b7b9a0dc5721d332e Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sat, 6 Jul 2024 23:04:25 +0200 Subject: [PATCH 33/58] fix: improve group removal step - consider alternations when removing flag groups - handle top level group specially --- go.mod | 2 +- go.sum | 4 +- regex/operators/assembler.go | 74 ++++++++++++++++++++++++------- regex/operators/assembler_test.go | 45 +++++++++++++++++++ regex/operators/operators.go | 12 ++--- renovate.json | 1 - 6 files changed, 114 insertions(+), 24 deletions(-) diff --git a/go.mod b/go.mod index 8c042d8..3c23f65 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/creativeprojects/go-selfupdate v1.3.0 github.com/google/uuid v1.6.0 - github.com/itchyny/rassemble-go v0.1.0 + github.com/itchyny/rassemble-go v0.1.2 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/go.sum b/go.sum index da06323..dfceeba 100644 --- a/go.sum +++ b/go.sum @@ -38,8 +38,8 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/itchyny/rassemble-go v0.1.0 h1:PaH3f4XNlFx2SImEezdREmkW+/w2t3aLZS9xleHEPjY= -github.com/itchyny/rassemble-go v0.1.0/go.mod h1:3P4ZuUAYUp+hBvdkVPrL/IhiR0U5CLeCLaqREgGJB7c= +github.com/itchyny/rassemble-go v0.1.2 h1:4Jtms+JnlXJPbBfeXzdgXf/TJnFWilFzA6bXn+ZF6yM= +github.com/itchyny/rassemble-go v0.1.2/go.mod h1:VWc9FWUhn/1G2gGivJlq+K9toP2ylbKOwO46P/bPZFo= github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= diff --git a/regex/operators/assembler.go b/regex/operators/assembler.go index 96dfd5c..01dc3af 100644 --- a/regex/operators/assembler.go +++ b/regex/operators/assembler.go @@ -26,11 +26,12 @@ var processor processors.IProcessor // NewAssembler creates a new Operator based on context. func NewAssembler(ctx *processors.Context) *Operator { return &Operator{ - name: "assemble", - details: make(map[string]string), - lines: []string{}, - ctx: ctx, - stats: NewStats(), + name: "assemble", + details: make(map[string]string), + lines: []string{}, + ctx: ctx, + stats: NewStats(), + groupReplacementStringBuilder: &strings.Builder{}, } } @@ -135,11 +136,13 @@ func (a *Operator) complete(assembleParser *parser.Parser) string { result = a.escapeDoublequotes(result) logger.Trace().Msgf("After escaping double quotes: %s\n", result) result = a.useHexBackslashes(result) - logger.Trace().Msgf("After replacing plain backslashes with hex escapse: %s\n", result) + logger.Trace().Msgf("After replacing plain backslashes with hex escapes: %s\n", result) result = a.includeVerticalTabInSpaceClass(result) logger.Trace().Msgf("After including vertical tabs: %s\n", result) result = a.dontUseFlagsForMetaCharacters(result) logger.Trace().Msgf("After removing meta character flags: %s\n", result) + result = a.removeOutermostNonCapturingGroup(result) + logger.Trace().Msgf("After removing outermost non-capturing group: %s\n", result) } if len(flagsPrefix) > 0 && len(result) > 0 { @@ -256,16 +259,16 @@ func (a *Operator) useHexEscapes(input string) string { // meta characters that could be ambiguous, such as `^`, `$`, `.`. // Remove both flags for the current context, e.g., `...(?m)...`, and flag groups // applied to subexpressions, e.g., `...(?m:...)...` -func (a *Operator) dontUseFlagsForMetaCharacters(input string) string { +func (o *Operator) dontUseFlagsForMetaCharacters(input string) string { result := input flagsStartRegexp := regexp.MustCompile(`\(\?[-misU]+\)`) - result = flagsStartRegexp.ReplaceAllString(result, "") + result = flagsStartRegexp.ReplaceAllLiteralString(result, "") flagGroupStartRegexp := regexp.MustCompile(`\(\?[-misU]+:`) for { location := flagGroupStartRegexp.FindStringIndex(result) if len(location) > 0 { - result = replaceFlagGroup(result, location) + result = o.removeGroup(result, location[0], location[1], false) } else { break } @@ -273,12 +276,48 @@ func (a *Operator) dontUseFlagsForMetaCharacters(input string) string { return result } -// Remove flag groups like `...(?-s:...)...` -func replaceFlagGroup(input string, location []int) string { +// Remove groups like `...(?-s:...)...`. +// If a group has an alternation on the same level as the group that +// should be replaced, the group needs to be retained in order to +// retain semantics, but the flags should still be removed. +// Ignore alternations if `ignoreAlternations` is true. This can be used +// to remove a top level group, in which case alternations with and without +// the group would be equivalent. +func (o *Operator) removeGroup(input string, groupStart int, bodyStart int, ignoreAlternations bool) string { + bodyEnd, hasAlternation := o.findGroupEnd(input, bodyStart) + hasAlternation = hasAlternation && !ignoreAlternations + + o.groupReplacementStringBuilder.Reset() + o.groupReplacementStringBuilder.WriteString(input[:groupStart]) + if hasAlternation { + o.groupReplacementStringBuilder.WriteString("(?:") + } + o.groupReplacementStringBuilder.WriteString(input[bodyStart : bodyEnd+1]) + if hasAlternation { + o.groupReplacementStringBuilder.WriteString(")") + } + o.groupReplacementStringBuilder.WriteString(input[bodyEnd+2:]) + return o.groupReplacementStringBuilder.String() +} + +func (o *Operator) removeOutermostNonCapturingGroup(input string) string { + matcher := regexp.MustCompile(`^\(\?:.*\)$`) + if !matcher.MatchString(input) { + return input + } + + bodyEnd, _ := o.findGroupEnd(input, 3) + if bodyEnd+1 < len(input)-1 { + return input + } + + return o.removeGroup(input, 0, 3, true) +} + +func (o *Operator) findGroupEnd(input string, groupBodyStart int) (int, bool) { + hasAlternation := false parensCounter := 1 - groupStart := location[0] - bodyStart := location[1] - index := bodyStart + index := groupBodyStart for ; parensCounter > 0; index++ { char := input[index] switch char { @@ -290,9 +329,14 @@ func replaceFlagGroup(input string, location []int) string { if !isEscaped(input, index) { parensCounter-- } + case '|': + if parensCounter == 1 { + hasAlternation = true + } } } - return input[:groupStart] + input[bodyStart:index-1] + input[index:] + + return index - 2, hasAlternation } func isEscaped(input string, position int) bool { diff --git a/regex/operators/assembler_test.go b/regex/operators/assembler_test.go index b764b0b..b7da26a 100644 --- a/regex/operators/assembler_test.go +++ b/regex/operators/assembler_test.go @@ -1015,3 +1015,48 @@ func (s *assemblerTestSuite) TestAssemble_FlagGroupReplacementWithEscapedParenth s.Require().NoError(err) s.Equal(contents, output) } + +// regexp/syntax procudes flag groups we don't want. Make sure that +// Removal of those groups does not remove groups that are semantically +// relevant, which is the case when the flag group wraps an alternation. +func (s *assemblerTestSuite) TestAssemble_ReplaceFlagGroupsWithAlternations() { + contents := `(?-s:(?s:.)(?i:A|B .))` + expected := `.(?:A|B .)` + assembler := NewAssembler(s.ctx) + + output, err := assembler.Run(contents) + + s.Require().NoError(err) + s.Equal(expected, output) +} + +func (s *assemblerTestSuite) TestAssemble_RemoveOutermostNonMatchingGroup() { + contents := `(?:ab|cd)` + expected := `ab|cd` + assembler := NewAssembler(s.ctx) + + output, err := assembler.Run(contents) + + s.Require().NoError(err) + s.Equal(expected, output) +} +func (s *assemblerTestSuite) TestAssemble_RemoveOutermostNonMatchingGroup_WithExtraGroup() { + contents := `(?:(?:ab|cd))` + expected := `ab|cd` + assembler := NewAssembler(s.ctx) + + output, err := assembler.Run(contents) + + s.Require().NoError(err) + s.Equal(expected, output) +} + +func (s *assemblerTestSuite) TestAssemble_RemoveOutermostNonMatchingGroup_Dont() { + contents := `(?:ab|cd)e|fg` + assembler := NewAssembler(s.ctx) + + output, err := assembler.Run(contents) + + s.Require().NoError(err) + s.Equal(contents, output) +} diff --git a/regex/operators/operators.go b/regex/operators/operators.go index 1c2f955..23ffe89 100644 --- a/regex/operators/operators.go +++ b/regex/operators/operators.go @@ -6,6 +6,7 @@ package operators import ( "errors" "io" + "strings" "github.com/rs/zerolog/log" @@ -15,11 +16,12 @@ import ( var logger = log.With().Str("component", "operators").Logger() type Operator struct { - name string - details map[string]string - lines []string - stats *Stats - ctx *processors.Context + name string + details map[string]string + lines []string + stats *Stats + ctx *processors.Context + groupReplacementStringBuilder *strings.Builder } type ProcessorStack struct { diff --git a/renovate.json b/renovate.json index 455a5eb..8dc99f4 100644 --- a/renovate.json +++ b/renovate.json @@ -4,7 +4,6 @@ "config:base", "schedule:weekly" ], - "ignoreDeps": ["github.com/itchyny/rassemble-go"], "packageRules": [ { "groupName": "all non-major dependencies", From 8de76d32a78786f416165caf84cde88c7c40a4a0 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sun, 7 Jul 2024 08:21:48 +0200 Subject: [PATCH 34/58] chore: improve documentation of new code --- regex/operators/assembler.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/regex/operators/assembler.go b/regex/operators/assembler.go index 01dc3af..ea06021 100644 --- a/regex/operators/assembler.go +++ b/regex/operators/assembler.go @@ -284,7 +284,7 @@ func (o *Operator) dontUseFlagsForMetaCharacters(input string) string { // to remove a top level group, in which case alternations with and without // the group would be equivalent. func (o *Operator) removeGroup(input string, groupStart int, bodyStart int, ignoreAlternations bool) string { - bodyEnd, hasAlternation := o.findGroupEnd(input, bodyStart) + bodyEnd, hasAlternation := o.findGroupBodyEnd(input, bodyStart) hasAlternation = hasAlternation && !ignoreAlternations o.groupReplacementStringBuilder.Reset() @@ -300,13 +300,14 @@ func (o *Operator) removeGroup(input string, groupStart int, bodyStart int, igno return o.groupReplacementStringBuilder.String() } +// Removes the topmost non-capturing group if it is redundant. func (o *Operator) removeOutermostNonCapturingGroup(input string) string { matcher := regexp.MustCompile(`^\(\?:.*\)$`) if !matcher.MatchString(input) { return input } - bodyEnd, _ := o.findGroupEnd(input, 3) + bodyEnd, _ := o.findGroupBodyEnd(input, 3) if bodyEnd+1 < len(input)-1 { return input } @@ -314,7 +315,10 @@ func (o *Operator) removeOutermostNonCapturingGroup(input string) string { return o.removeGroup(input, 0, 3, true) } -func (o *Operator) findGroupEnd(input string, groupBodyStart int) (int, bool) { +// Returns the index of the last token of the group whose body starts at +// `groupBodyStart`. Resturns `true`, as the second value, if the group +// has an alternation on the topmost level, `false` otherwise. +func (o *Operator) findGroupBodyEnd(input string, groupBodyStart int) (int, bool) { hasAlternation := false parensCounter := 1 index := groupBodyStart From 62a054e13545132e05137d154805a209e6a001a5 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sun, 7 Jul 2024 08:36:28 +0200 Subject: [PATCH 35/58] fix: update module version to v2 This is required for `go install` to work. --- chore/update_copyright.go | 4 ++-- cmd/chore_update_copyright.go | 4 ++-- cmd/regex.go | 2 +- cmd/regex_compare.go | 6 +++--- cmd/regex_format.go | 8 ++++---- cmd/regex_generate.go | 6 +++--- cmd/regex_update.go | 8 ++++---- cmd/root_test.go | 2 +- cmd/self_update.go | 2 +- cmd/self_update_test.go | 2 +- cmd/util_renumber_tests.go | 4 ++-- cmd/util_renumber_tests_test.go | 2 +- cmd/version.go | 2 +- context/context.go | 2 +- go.mod | 2 +- main.go | 4 ++-- regex/operators/assembler.go | 6 +++--- regex/operators/assembler_test.go | 6 +++--- regex/operators/operators.go | 2 +- regex/parser/definition_test.go | 4 ++-- regex/parser/include_except_test.go | 4 ++-- regex/parser/include_multiple_test.go | 4 ++-- regex/parser/include_test.go | 4 ++-- regex/parser/include_with_definition_test.go | 4 ++-- regex/parser/parser.go | 8 ++++---- regex/parser/parser_test.go | 6 +++--- regex/processors/assemble.go | 2 +- regex/processors/assemble_test.go | 2 +- regex/processors/cmdline_test.go | 4 ++-- regex/processors/context.go | 2 +- regex/processors/processors_test.go | 2 +- util/renumber_tests.go | 4 ++-- 32 files changed, 62 insertions(+), 62 deletions(-) diff --git a/chore/update_copyright.go b/chore/update_copyright.go index 3e1c30f..eb1ff50 100644 --- a/chore/update_copyright.go +++ b/chore/update_copyright.go @@ -12,8 +12,8 @@ import ( "github.com/rs/zerolog/log" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" ) var logger = log.With().Str("component", "update-copyright").Logger() diff --git a/cmd/chore_update_copyright.go b/cmd/chore_update_copyright.go index 9541019..7555bb2 100644 --- a/cmd/chore_update_copyright.go +++ b/cmd/chore_update_copyright.go @@ -10,8 +10,8 @@ import ( "github.com/Masterminds/semver/v3" "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/chore" - "github.com/coreruleset/crs-toolchain/context" + "github.com/coreruleset/crs-toolchain/v2/chore" + "github.com/coreruleset/crs-toolchain/v2/context" ) var choreUpdateCopyrightCmd = createChoreUpdateCopyrightCommand() diff --git a/cmd/regex.go b/cmd/regex.go index d7c1fb7..ee7501c 100644 --- a/cmd/regex.go +++ b/cmd/regex.go @@ -10,7 +10,7 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/regex" + "github.com/coreruleset/crs-toolchain/v2/regex" ) // generateCmd represents the generate command diff --git a/cmd/regex_compare.go b/cmd/regex_compare.go index 12c7bef..beb5be7 100644 --- a/cmd/regex_compare.go +++ b/cmd/regex_compare.go @@ -18,9 +18,9 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type ComparisonError struct { diff --git a/cmd/regex_format.go b/cmd/regex_format.go index 50528df..bc69620 100644 --- a/cmd/regex_format.go +++ b/cmd/regex_format.go @@ -16,10 +16,10 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/parser" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/parser" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) const ( diff --git a/cmd/regex_generate.go b/cmd/regex_generate.go index 3a8fa91..e460bc3 100644 --- a/cmd/regex_generate.go +++ b/cmd/regex_generate.go @@ -11,9 +11,9 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/operators" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/operators" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) // generateCmd represents the generate command diff --git a/cmd/regex_update.go b/cmd/regex_update.go index cad06cf..7f3a598 100644 --- a/cmd/regex_update.go +++ b/cmd/regex_update.go @@ -17,10 +17,10 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/operators" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/operators" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) // updateCmd represents the update command diff --git a/cmd/root_test.go b/cmd/root_test.go index 3d669eb..76a079d 100644 --- a/cmd/root_test.go +++ b/cmd/root_test.go @@ -12,7 +12,7 @@ import ( "github.com/rs/zerolog" "github.com/stretchr/testify/suite" - loggerConfig "github.com/coreruleset/crs-toolchain/logger" + loggerConfig "github.com/coreruleset/crs-toolchain/v2/logger" ) type rootTestSuite struct { diff --git a/cmd/self_update.go b/cmd/self_update.go index 691d1bf..b832509 100644 --- a/cmd/self_update.go +++ b/cmd/self_update.go @@ -6,7 +6,7 @@ package cmd import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/internal/updater" + "github.com/coreruleset/crs-toolchain/v2/internal/updater" ) // selfUpdateCmd represents the self-update command diff --git a/cmd/self_update_test.go b/cmd/self_update_test.go index eafcade..b73630a 100644 --- a/cmd/self_update_test.go +++ b/cmd/self_update_test.go @@ -14,7 +14,7 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/internal/updater" + "github.com/coreruleset/crs-toolchain/v2/internal/updater" ) type selfUpdateTestSuite struct { diff --git a/cmd/util_renumber_tests.go b/cmd/util_renumber_tests.go index 999ada9..d17fa34 100644 --- a/cmd/util_renumber_tests.go +++ b/cmd/util_renumber_tests.go @@ -11,8 +11,8 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/util" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/util" ) // renumberTestsCommand represents the update command diff --git a/cmd/util_renumber_tests_test.go b/cmd/util_renumber_tests_test.go index ee74628..bea16ce 100644 --- a/cmd/util_renumber_tests_test.go +++ b/cmd/util_renumber_tests_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/util" + "github.com/coreruleset/crs-toolchain/v2/util" ) type renumberTestsTestSuite struct { diff --git a/cmd/version.go b/cmd/version.go index 52e8596..d058a78 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -9,7 +9,7 @@ import ( "github.com/spf13/cobra" - "github.com/coreruleset/crs-toolchain/internal/updater" + "github.com/coreruleset/crs-toolchain/v2/internal/updater" ) func init() { diff --git a/context/context.go b/context/context.go index 66ef6ea..b4d23c9 100644 --- a/context/context.go +++ b/context/context.go @@ -4,7 +4,7 @@ package context import ( - "github.com/coreruleset/crs-toolchain/configuration" + "github.com/coreruleset/crs-toolchain/v2/configuration" ) type Context struct { diff --git a/go.mod b/go.mod index 3c23f65..24189c5 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/coreruleset/crs-toolchain +module github.com/coreruleset/crs-toolchain/v2 go 1.22 diff --git a/main.go b/main.go index ddf61d9..9dfad4d 100644 --- a/main.go +++ b/main.go @@ -4,9 +4,9 @@ package main import ( - _ "github.com/coreruleset/crs-toolchain/logger" + _ "github.com/coreruleset/crs-toolchain/v2/logger" - "github.com/coreruleset/crs-toolchain/cmd" + "github.com/coreruleset/crs-toolchain/v2/cmd" ) // nolint: gochecknoglobals diff --git a/regex/operators/assembler.go b/regex/operators/assembler.go index ea06021..e9b5262 100644 --- a/regex/operators/assembler.go +++ b/regex/operators/assembler.go @@ -14,9 +14,9 @@ import ( "github.com/itchyny/rassemble-go" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/parser" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/parser" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) // Create the processor stack diff --git a/regex/operators/assembler_test.go b/regex/operators/assembler_test.go index b7da26a..c6d25b0 100644 --- a/regex/operators/assembler_test.go +++ b/regex/operators/assembler_test.go @@ -9,9 +9,9 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/configuration" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/configuration" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type assemblerTestSuite struct { diff --git a/regex/operators/operators.go b/regex/operators/operators.go index 23ffe89..5dc4731 100644 --- a/regex/operators/operators.go +++ b/regex/operators/operators.go @@ -10,7 +10,7 @@ import ( "github.com/rs/zerolog/log" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) var logger = log.With().Str("component", "operators").Logger() diff --git a/regex/parser/definition_test.go b/regex/parser/definition_test.go index d33a47b..41d4b98 100644 --- a/regex/parser/definition_test.go +++ b/regex/parser/definition_test.go @@ -15,8 +15,8 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserDefinitionTestSuite struct { diff --git a/regex/parser/include_except_test.go b/regex/parser/include_except_test.go index 2ab2598..b3b7db6 100644 --- a/regex/parser/include_except_test.go +++ b/regex/parser/include_except_test.go @@ -14,8 +14,8 @@ import ( "github.com/google/uuid" "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserIncludeExceptTestSuite struct { diff --git a/regex/parser/include_multiple_test.go b/regex/parser/include_multiple_test.go index cd3c7d1..23b8de6 100644 --- a/regex/parser/include_multiple_test.go +++ b/regex/parser/include_multiple_test.go @@ -15,8 +15,8 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserMultiIncludeTestSuite struct { diff --git a/regex/parser/include_test.go b/regex/parser/include_test.go index 5c22270..91d4edb 100644 --- a/regex/parser/include_test.go +++ b/regex/parser/include_test.go @@ -15,8 +15,8 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserIncludeTestSuite struct { diff --git a/regex/parser/include_with_definition_test.go b/regex/parser/include_with_definition_test.go index 83dab8d..2a4ccbc 100644 --- a/regex/parser/include_with_definition_test.go +++ b/regex/parser/include_with_definition_test.go @@ -13,8 +13,8 @@ import ( "github.com/rs/zerolog" "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserIncludeWithDefinitions struct { diff --git a/regex/parser/parser.go b/regex/parser/parser.go index 0d3663d..3d7b895 100644 --- a/regex/parser/parser.go +++ b/regex/parser/parser.go @@ -20,8 +20,8 @@ import ( "dario.cat/mergo" "github.com/rs/zerolog/log" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) var logger = log.With().Str("component", "parser").Logger() @@ -288,12 +288,12 @@ func parseFile(rootParser *Parser, filename string, definitions map[string]strin // Merge prefixes, and suffixes from include files into another parser. // All of these need to be treated as local to the source parser. -// We removed flag merging because of https://github.com/coreruleset/crs-toolchain/issues/72 +// We removed flag merging because of https://github.com/coreruleset/crs-toolchain/v2/issues/72 func mergePrefixesSuffixes(target *Parser, source *Parser, out *bytes.Buffer) (*bytes.Buffer, error) { logger.Trace().Msg("merging prefixes, suffixes from included file") // If the included file has flags, this is an error if len(source.Flags) > 0 { - return new(bytes.Buffer), errors.New("include files must not contain flags. See https://github.com/coreruleset/crs-toolchain/issues/71") + return new(bytes.Buffer), errors.New("include files must not contain flags. See https://github.com/coreruleset/crs-toolchain/v2/issues/71") } // IMPORTANT: don't write the assemble block at all if there are no flags, prefixes, or // suffixes. Enclosing the output in an assemble block can change the semantics, for example, diff --git a/regex/parser/parser_test.go b/regex/parser/parser_test.go index 2a60f0c..8b6d8ea 100644 --- a/regex/parser/parser_test.go +++ b/regex/parser/parser_test.go @@ -13,9 +13,9 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" - "github.com/coreruleset/crs-toolchain/regex/processors" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" + "github.com/coreruleset/crs-toolchain/v2/regex/processors" ) type parserTestSuite struct { diff --git a/regex/processors/assemble.go b/regex/processors/assemble.go index b484f5d..c3272c4 100644 --- a/regex/processors/assemble.go +++ b/regex/processors/assemble.go @@ -10,7 +10,7 @@ import ( "github.com/itchyny/rassemble-go" - "github.com/coreruleset/crs-toolchain/regex" + "github.com/coreruleset/crs-toolchain/v2/regex" ) const ( diff --git a/regex/processors/assemble_test.go b/regex/processors/assemble_test.go index eca3ffe..1fedc1d 100644 --- a/regex/processors/assemble_test.go +++ b/regex/processors/assemble_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" + "github.com/coreruleset/crs-toolchain/v2/context" ) type assembleTestSuite struct { diff --git a/regex/processors/cmdline_test.go b/regex/processors/cmdline_test.go index 3c82a4b..ce09f3b 100644 --- a/regex/processors/cmdline_test.go +++ b/regex/processors/cmdline_test.go @@ -9,8 +9,8 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/configuration" - "github.com/coreruleset/crs-toolchain/context" + "github.com/coreruleset/crs-toolchain/v2/configuration" + "github.com/coreruleset/crs-toolchain/v2/context" ) type cmdLineTestSuite struct { diff --git a/regex/processors/context.go b/regex/processors/context.go index f4f14cc..609c27c 100644 --- a/regex/processors/context.go +++ b/regex/processors/context.go @@ -7,7 +7,7 @@ import ( "fmt" "io" - "github.com/coreruleset/crs-toolchain/context" + "github.com/coreruleset/crs-toolchain/v2/context" ) type Context struct { diff --git a/regex/processors/processors_test.go b/regex/processors/processors_test.go index 5cc022a..4075914 100644 --- a/regex/processors/processors_test.go +++ b/regex/processors/processors_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/suite" - "github.com/coreruleset/crs-toolchain/context" + "github.com/coreruleset/crs-toolchain/v2/context" ) type processorTestSuite struct { diff --git a/util/renumber_tests.go b/util/renumber_tests.go index 24288bb..fb135a6 100644 --- a/util/renumber_tests.go +++ b/util/renumber_tests.go @@ -14,8 +14,8 @@ import ( "github.com/rs/zerolog/log" - "github.com/coreruleset/crs-toolchain/context" - "github.com/coreruleset/crs-toolchain/regex" + "github.com/coreruleset/crs-toolchain/v2/context" + "github.com/coreruleset/crs-toolchain/v2/regex" ) var logger = log.With().Str("component", "renumber-tests").Logger() From dab52b490febb19ded356c298eb1f59ed2f2b73e Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sun, 7 Jul 2024 08:39:42 +0200 Subject: [PATCH 36/58] chore: remove unused function parameters --- cmd/regex_compare.go | 8 ++++---- cmd/regex_update.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/regex_compare.go b/cmd/regex_compare.go index 12c7bef..ebd2fa2 100644 --- a/cmd/regex_compare.go +++ b/cmd/regex_compare.go @@ -132,7 +132,7 @@ func performCompare(processAll bool, ctx *processors.Context) error { if err != nil && len(chainOffsetString) > 0 { return errors.New("failed to match chain offset. Value must not be larger than 255") } - regex := runAssemble(filePath, ctx) + regex := runAssemble(filePath) err = processRegexForCompare(id, uint8(chainOffset), regex, ctx) if err != nil && errors.Is(err, &ComparisonError{}) { failed = true @@ -154,7 +154,7 @@ func performCompare(processAll bool, ctx *processors.Context) error { return &ComparisonError{} } } else { - regex := runAssemble(path.Join(ctx.RootContext().AssemblyDir(), ruleValues.fileName), ctx) + regex := runAssemble(path.Join(ctx.RootContext().AssemblyDir(), ruleValues.fileName)) return processRegexForCompare(ruleValues.id, ruleValues.chainOffset, regex, ctx) } return nil @@ -177,7 +177,7 @@ func processRegexForCompare(ruleId string, chainOffset uint8, regex string, ctxt logger.Debug().Msgf("Processing regex-assembly file %s", filePath) currentRegex := readCurrentRegex(filePath, ruleId, chainOffset) - return compareRegex(filePath, ruleId, chainOffset, regex, currentRegex) + return compareRegex(ruleId, regex, currentRegex) } func readCurrentRegex(filePath string, ruleId string, chainOffset uint8) string { @@ -220,7 +220,7 @@ func readCurrentRegex(filePath string, ruleId string, chainOffset uint8) string return found[0][2] } -func compareRegex(filePath string, ruleId string, chainOffset uint8, generatedRegex string, currentRegex string) error { +func compareRegex(ruleId string, generatedRegex string, currentRegex string) error { if currentRegex == generatedRegex { fmt.Println("Regex of", ruleId, "has not changed") return nil diff --git a/cmd/regex_update.go b/cmd/regex_update.go index cad06cf..fa355af 100644 --- a/cmd/regex_update.go +++ b/cmd/regex_update.go @@ -129,7 +129,7 @@ func performUpdate(processAll bool, ctx *processors.Context) { } } -func runAssemble(filePath string, ctx *processors.Context) string { +func runAssemble(filePath string) string { // FIXME: duplicated in generate.go rootContext := context.New(rootValues.workingDirectory.String(), rootValues.configurationFileName.String()) ctxt := processors.NewContext(rootContext) @@ -158,7 +158,7 @@ func runAssemble(filePath string, ctx *processors.Context) string { func processRule(ruleId string, chainOffset uint8, dataFilePath string, ctxt *processors.Context) { logger.Info().Msgf("Processing %s, chain offset %d", ruleId, chainOffset) - regex := runAssemble(dataFilePath, ctxt) + regex := runAssemble(dataFilePath) rulePrefix := ruleId[:3] matches, err := filepath.Glob(fmt.Sprintf("%s/*-%s-*", ctxt.RootContext().RulesDir(), rulePrefix)) From fd46195e96ebb7e25438ae8b3cfc6986c616f330 Mon Sep 17 00:00:00 2001 From: Max Leske <250711+theseion@users.noreply.github.com> Date: Sun, 7 Jul 2024 15:53:00 +0200 Subject: [PATCH 37/58] chore: remove obsolete comment --- cmd/regex_update.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/regex_update.go b/cmd/regex_update.go index 7b751f0..5a60a36 100644 --- a/cmd/regex_update.go +++ b/cmd/regex_update.go @@ -130,7 +130,6 @@ func performUpdate(processAll bool, ctx *processors.Context) { } func runAssemble(filePath string) string { - // FIXME: duplicated in generate.go rootContext := context.New(rootValues.workingDirectory.String(), rootValues.configurationFileName.String()) ctxt := processors.NewContext(rootContext) assembler := operators.NewAssembler(ctxt) From 7483e8662c43e725d560736a081a45ebc2be62a3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 01:04:10 +0000 Subject: [PATCH 38/58] chore(deps): update all non-major dependencies --- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b13e858..c624817 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,10 +24,10 @@ jobs: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 - name: Set up Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 124976d..4212a9f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif From 1c0418179b83829d0229ec3d6cd7c4b2b75a54a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 02:09:07 +0000 Subject: [PATCH 39/58] chore(deps): update all non-major dependencies --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a27387b..6d13240 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,18 +41,18 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2f40899..756ed51 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: v1.22.x cache: true diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 90bf801..90e7c63 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -29,7 +29,7 @@ jobs: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ matrix.go-version }} cache: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c624817..c50f0f1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 - name: Set up Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ^1.22 cache: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4212a9f..0d52ae3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From 18a2d847e3630f6d567fd70aba4b38b7155f0e86 Mon Sep 17 00:00:00 2001 From: Felipe Zipitria <felipe.zipitria@owasp.org> Date: Mon, 15 Jul 2024 14:20:57 +0200 Subject: [PATCH 40/58] chore: use common renovatebot config Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org> --- renovate.json | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/renovate.json b/renovate.json index 8dc99f4..f05dc6b 100644 --- a/renovate.json +++ b/renovate.json @@ -1,32 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base", + "local>coreruleset/renovate-config", "schedule:weekly" - ], - "packageRules": [ - { - "groupName": "all non-major dependencies", - "groupSlug": "all-minor-patch", - "matchPackagePatterns": [ - "*" - ], - "matchUpdateTypes": [ - "minor", - "patch" - ], - "matchSourceUrlPrefixes": ["https://github.com/"], - "prBodyDefinitions": { - "OpenSSF": "[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})" - }, - "prBodyColumns": [ - "Package", - "Type", - "Update", - "Change", - "Pending", - "OpenSSF" - ] - } ] } From 3cec35082a6f2719e74c25c4d401de513f9a37e2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 09:52:58 +0000 Subject: [PATCH 41/58] chore(deps): update all non-major dependencies in .github/workflows/release.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6d13240..dcceb06 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c50f0f1..e263fa0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 @@ -36,7 +36,7 @@ jobs: cache: true - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0d52ae3..77bf6a4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From b39a0ac8476dd2d33a4253508a88dd5e19e9ab56 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 00:47:34 +0000 Subject: [PATCH 42/58] chore(deps): update all non-major dependencies in .github/workflows/release.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index dcceb06..40e6d97 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e263fa0..fa0df3a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 77bf6a4..c181b85 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From f71a9195f019bc518de83e2a094fd789d64d2fc6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 11:57:25 +0000 Subject: [PATCH 43/58] chore(deps): update alpine docker tag to v3.20.2 in dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 18a902f..5874464 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 +FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 RUN apk add --no-cache ca-certificates From 27e1a55d813de2750f550412e5ee26be913ef1a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 19:50:58 +0000 Subject: [PATCH 44/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 40e6d97..53e7b12 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fa0df3a..101d306 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c181b85..6f65b66 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From b4e3cd1d965e63a3c0ea39d1a771a7b0187cb256 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 24 Aug 2024 00:05:23 +0000 Subject: [PATCH 45/58] fix(deps): update all non-major dependencies in go.mod --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- go.mod | 2 +- go.sum | 2 ++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 53e7b12..4ef33d0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6f65b66..1228376 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 24189c5..3d6f752 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/coreruleset/crs-toolchain/v2 go 1.22 require ( - dario.cat/mergo v1.0.0 + dario.cat/mergo v1.0.1 github.com/magefile/mage v1.15.0 github.com/spf13/cobra v1.8.1 ) diff --git a/go.sum b/go.sum index dfceeba..e2a4606 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= From f25e2566fec49ee589cd43d8c54b28f3c40bfa6a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 00:45:09 +0000 Subject: [PATCH 46/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 4 ++-- go.mod | 2 +- go.sum | 2 ++ 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4ef33d0..258c051 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1228376..7d1a3a9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 3d6f752..20a1bd1 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( ) require ( - github.com/Masterminds/semver/v3 v3.2.1 + github.com/Masterminds/semver/v3 v3.3.0 github.com/creativeprojects/go-selfupdate v1.3.0 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.2 diff --git a/go.sum b/go.sum index e2a4606..c7266e2 100644 --- a/go.sum +++ b/go.sum @@ -6,6 +6,8 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.3.0 h1:Hs+14cJ7Um7xbRpmkmrKEfkZGwec3vZLPWTVEFwYXBc= From ec82af8800b4792a8cf6ab5654227d90e522a2ce Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 00:14:11 +0000 Subject: [PATCH 47/58] chore(deps): update alpine docker tag to v3.20.3 in dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5874464..349bc1b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 +FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d RUN apk add --no-cache ca-certificates From 5f246c0b47acc9221c2a13154d84ba23a5a7b44e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 13 Sep 2024 18:45:28 +0000 Subject: [PATCH 48/58] chore(deps): update github/codeql-action action to v3.26.7 in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 258c051..dfaed74 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 7d1a3a9..328f274 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From 3cb0c2f88bfe63736232e163033b30a55358d7d0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 19:12:42 +0000 Subject: [PATCH 49/58] chore(deps): update github/codeql-action action to v3.26.9 in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index dfaed74..9103d3f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 328f274..d3bd1f9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From 948ef8c6f05ceb1c691d89cd13242cbb3b911ed6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 19:36:02 +0000 Subject: [PATCH 50/58] chore(deps): update actions/checkout action to v4.2.0 in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9103d3f..3406940 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 756ed51..9b7ba75 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 90e7c63..9a0ecf6 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 101d306..f5bf9fd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d3bd1f9..d32f28c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false From e75a1283e43ece5c518de277ee1ecf69d9180ab6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 16:11:49 +0000 Subject: [PATCH 51/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3406940..de1ef19 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f5bf9fd..4f3d6b4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Set up Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d32f28c..ccbe154 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: sarif_file: results.sarif From 6fb26cc80387766bf2a292982642d840baac5ef5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 01:00:09 +0000 Subject: [PATCH 52/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/lint.yml | 2 +- .github/workflows/regression.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 6 +++--- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index de1ef19..fe40151 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9b7ba75..5409f36 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 9a0ecf6..dffca0b 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,7 +27,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4f3d6b4..44e9d35 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ccbe154..60bf890 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif From ca327ac1f4197cf50198af42910cdd79f6518e5c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 21 Oct 2024 04:33:22 +0000 Subject: [PATCH 53/58] fix(deps): update all non-major dependencies in go.mod (#182) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- go.mod | 14 +++++++------- go.sum | 14 ++++++++++++++ 4 files changed, 25 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fe40151..5092dea 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 60bf890..dd49c29 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 20a1bd1..36c46de 100644 --- a/go.mod +++ b/go.mod @@ -10,14 +10,14 @@ require ( require ( github.com/Masterminds/semver/v3 v3.3.0 - github.com/creativeprojects/go-selfupdate v1.3.0 + github.com/creativeprojects/go-selfupdate v1.4.0 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.2 gopkg.in/yaml.v3 v3.0.1 ) require ( - code.gitea.io/sdk/gitea v0.18.0 // indirect + code.gitea.io/sdk/gitea v0.19.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/davidmz/go-pageant v1.0.2 // indirect github.com/go-fed/httpsig v1.1.0 // indirect @@ -31,11 +31,11 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ulikunitz/xz v0.5.12 // indirect - github.com/xanzy/go-gitlab v0.106.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/time v0.5.0 // indirect + github.com/xanzy/go-gitlab v0.112.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/time v0.7.0 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect ) diff --git a/go.sum b/go.sum index c7266e2..2878323 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y= +code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= @@ -12,6 +14,8 @@ github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.3.0 h1:Hs+14cJ7Um7xbRpmkmrKEfkZGwec3vZLPWTVEFwYXBc= github.com/creativeprojects/go-selfupdate v1.3.0/go.mod h1:uYJeumb6ECaI6bhc5dvH3Htjz1KoMArQjFt1P8m71Tc= +github.com/creativeprojects/go-selfupdate v1.4.0 h1:4ePPd2CPCNl/YoPXeVxpuBLDUZh8rMEKP5ac+1Y/r5c= +github.com/creativeprojects/go-selfupdate v1.4.0/go.mod h1:oPG7LmzEmS6OxfqEm620k5VKxP45xFZNKMkp4V5qqUY= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= @@ -74,17 +78,23 @@ github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -93,6 +103,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= @@ -100,6 +112,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= From 4f5a5a64c9bb22121210b3d059d6f2b52664f9cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 03:26:36 +0000 Subject: [PATCH 54/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml (#183) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 10 +++++----- .github/workflows/lint.yml | 4 ++-- .github/workflows/regression.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5092dea..347c780 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,21 +38,21 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5409f36..ca1d1a3 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,9 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: v1.22.x cache: true diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index dffca0b..03c8804 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -27,9 +27,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go-version }} cache: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 44e9d35..47641bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - @@ -30,7 +30,7 @@ jobs: uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ^1.22 cache: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index dd49c29..bd1fa12 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif From d00cd1c939e30306b97f304be76b534cb0290ddc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 01:17:00 +0000 Subject: [PATCH 55/58] chore(deps): update all non-major dependencies in .github/workflows/scorecard.yml (#184) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 347c780..577d62a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 47641bd..6c145ab 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,7 +43,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 if: startsWith(github.ref, 'refs/tags/') with: version: latest diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index bd1fa12..d2e769e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From 0f16ee13ea6b06edf1db503fcd9351a34fbeca2a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 02:10:34 +0000 Subject: [PATCH 56/58] chore(deps): update github/codeql-action action to v3.27.4 in .github/workflows/scorecard.yml (#187) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 577d62a..8727af6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d2e769e..0ca2ac2 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 1b5b09ade84791ffc6332f883226d7f5a08697c5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 03:36:07 +0000 Subject: [PATCH 57/58] chore(deps): update alpine:3.20.3 docker digest to 1e42bbe in dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 349bc1b..9d13af8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # Copyright 2022 OWASP Core Rule Set Project # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d +FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a RUN apk add --no-cache ca-certificates From 73968489a7c84d432dbfe6f4e87991dea7ba64ba Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 00:48:04 +0000 Subject: [PATCH 58/58] fix(deps): update all non-major dependencies in go.mod (#189) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- go.mod | 4 ++-- go.sum | 4 ++++ 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8727af6..7d28675 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,12 +47,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0ca2ac2..5afa1c4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/go.mod b/go.mod index 36c46de..1215191 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( ) require ( - github.com/Masterminds/semver/v3 v3.3.0 + github.com/Masterminds/semver/v3 v3.3.1 github.com/creativeprojects/go-selfupdate v1.4.0 github.com/google/uuid v1.6.0 github.com/itchyny/rassemble-go v0.1.2 @@ -43,5 +43,5 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/rs/zerolog v1.33.0 github.com/spf13/pflag v1.0.5 // indirect - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 ) diff --git a/go.sum b/go.sum index 2878323..77e1694 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creativeprojects/go-selfupdate v1.3.0 h1:Hs+14cJ7Um7xbRpmkmrKEfkZGwec3vZLPWTVEFwYXBc= @@ -74,6 +76,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA=