Merge pull request #112 from sudo-bmitch/pr-update-20240606

Version bump

.github/workflows/docker.yml

@@ -97,7 +97,7 @@ jobs:
 
     - name: Login to GHCR
       if: github.repository_owner == 'olareg'
-      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
+      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
@@ -129,7 +129,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
       id: syft
       with:
-        syft-version: "v1.4.1"
+        syft-version: "v1.5.0"
 
     # Use regctl to modify olareg images to improve reproducibility
     - name: Install regctl

.github/workflows/go.yml

@@ -63,7 +63,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
       id: syft
       with:
-        syft-version: "v1.4.1"
+        syft-version: "v1.5.0"
 
     - name: Build artifacts
       if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'

.github/workflows/scorecard.yml

@@ -47,6 +47,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: results.sarif

.osv-scanner.toml

@@ -1 +1 @@
-GoVersionOverride = "1.22.3"
+GoVersionOverride = "1.22.4"

.version-bump.lock

@@ -4,19 +4,19 @@
 {"name":"gha-uses-semver","key":"actions/upload-artifact","version":"v4.3.3"}
 {"name":"gha-uses-semver","key":"anchore/sbom-action","version":"v0.16.0"}
 {"name":"gha-uses-semver","key":"docker/build-push-action","version":"v5.3.0"}
-{"name":"gha-uses-semver","key":"docker/login-action","version":"v3.1.0"}
+{"name":"gha-uses-semver","key":"docker/login-action","version":"v3.2.0"}
 {"name":"gha-uses-semver","key":"docker/setup-buildx-action","version":"v3.3.0"}
 {"name":"gha-uses-semver","key":"fgrosse/go-coverage-report","version":"v1.0.0"}
-{"name":"gha-uses-semver","key":"github/codeql-action","version":"v3.25.6"}
+{"name":"gha-uses-semver","key":"github/codeql-action","version":"v3.25.8"}
 {"name":"gha-uses-semver","key":"ossf/scorecard-action","version":"v2.3.3"}
 {"name":"gha-uses-semver","key":"sigstore/cosign-installer","version":"v3.5.0"}
 {"name":"gha-uses-semver","key":"softprops/action-gh-release","version":"v2.0.5"}
 {"name":"git-tag-semver","key":"github.com/dominikh/go-tools","version":"v0.4.7"}
-{"name":"git-tag-semver","key":"github.com/google/osv-scanner","version":"v1.7.3"}
-{"name":"git-tag-semver","key":"github.com/icholy/gomajor","version":"v0.10.1"}
+{"name":"git-tag-semver","key":"github.com/google/osv-scanner","version":"v1.7.4"}
+{"name":"git-tag-semver","key":"github.com/icholy/gomajor","version":"v0.11.0"}
 {"name":"git-tag-semver","key":"github.com/securego/gosec","version":"v2.20.0"}
 {"name":"git-tag-semver","key":"github.com/sigstore/cosign","version":"v2.2.4"}
-{"name":"git-tag-semver","key":"go.googlesource.com/vuln","version":"v1.1.1"}
+{"name":"git-tag-semver","key":"go.googlesource.com/vuln","version":"v1.1.2"}
 {"name":"github-commit-match","key":"actions/checkout:v4.1.1","version":"b4ffde65f46336ab88eb53be808477a3936bae11"}
 {"name":"github-commit-match","key":"actions/checkout:v4.1.2","version":"9bb56186c3b09b4f86b1c65136769dd318469633"}
 {"name":"github-commit-match","key":"actions/checkout:v4.1.4","version":"0ad4b8fadaa221de15dcec353f45205ec38ea70b"}
@@ -45,6 +45,7 @@
 {"name":"github-commit-match","key":"docker/build-push-action:v5.3.0","version":"2cdde995de11925a030ce8070c3d77a52ffcf1c0"}
 {"name":"github-commit-match","key":"docker/login-action:v3.0.0","version":"343f7c4344506bcbf9b4de18042ae17996df046d"}
 {"name":"github-commit-match","key":"docker/login-action:v3.1.0","version":"e92390c5fb421da1463c202d546fed0ec5c39f20"}
+{"name":"github-commit-match","key":"docker/login-action:v3.2.0","version":"0d4c9c5ea7693da7b068278f7b52bda2a190a446"}
 {"name":"github-commit-match","key":"docker/setup-buildx-action:v3.0.0","version":"f95db51fddba0c2d1ec667646a06c2ce06100226"}
 {"name":"github-commit-match","key":"docker/setup-buildx-action:v3.1.0","version":"0d103c3126aa41d772a8362f6aa67afac040f80c"}
 {"name":"github-commit-match","key":"docker/setup-buildx-action:v3.2.0","version":"2b51285047da1547ffb1b2203d8be4c0af6b1f20"}
@@ -64,6 +65,7 @@
 {"name":"github-commit-match","key":"github/codeql-action:v3.25.3","version":"d39d31e687223d841ef683f52467bd88e9b21c14"}
 {"name":"github-commit-match","key":"github/codeql-action:v3.25.4","version":"ccf74c947955fd1cf117aef6a0e4e66191ef6f61"}
 {"name":"github-commit-match","key":"github/codeql-action:v3.25.6","version":"9fdb3e49720b44c48891d036bb502feb25684276"}
+{"name":"github-commit-match","key":"github/codeql-action:v3.25.8","version":"2e230e8fe0ad3a14a340ad0815ddb96d599d2aff"}
 {"name":"github-commit-match","key":"ossf/scorecard-action:v2.3.1","version":"0864cf19026789058feabb7e87baa5f140aac736"}
 {"name":"github-commit-match","key":"ossf/scorecard-action:v2.3.3","version":"dc50aa9510b46c811795eb24b2f1ba02a914e534"}
 {"name":"github-commit-match","key":"regclient/actions:main","version":"2dac4eff5925ed07edbfe12d2d11af6304df29a6"}
@@ -85,6 +87,7 @@
 {"name":"registry-digest-arg","key":"docker.io/library/golang:1.22.1-alpine","version":"sha256:0466223b8544fb7d4ff04748acc4d75a608234bf4e79563bff208d2060c0dd79"}
 {"name":"registry-digest-arg","key":"docker.io/library/golang:1.22.2-alpine","version":"sha256:cdc86d9f363e8786845bea2040312b4efa321b828acdeb26f393faa864d887b0"}
 {"name":"registry-digest-arg","key":"docker.io/library/golang:1.22.3-alpine","version":"sha256:b8ded51bad03238f67994d0a6b88680609b392db04312f60c23358cc878d4902"}
+{"name":"registry-digest-arg","key":"docker.io/library/golang:1.22.4-alpine","version":"sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8"}
 {"name":"registry-digest-arg-match","key":"docker.io/library/alpine:3.19.1","version":"sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b"}
 {"name":"registry-digest-arg-match","key":"docker.io/library/alpine:3.20.0","version":"sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd"}
 {"name":"registry-digest-match","key":"anchore/syft:v0.100.0","version":"sha256:df7b07bfadff45e0135d74f22478f47b16ac6aff4e8dbd93133fcae3bbbb790d"}
@@ -98,12 +101,13 @@
 {"name":"registry-digest-match","key":"anchore/syft:v1.2.0","version":"sha256:6e70eb6e34380ae2e9397f7dbe1b0e1e329a53e71b18fc3b1d2089e367fc114a"}
 {"name":"registry-digest-match","key":"anchore/syft:v1.3.0","version":"sha256:93384e4f46c62cc827960f0e3323516576590811d246dd97556ebbf71112db49"}
 {"name":"registry-digest-match","key":"anchore/syft:v1.4.1","version":"sha256:24feb76496d558c52a09a859de569fc71cb147d9aff01edab885accae5363150"}
+{"name":"registry-digest-match","key":"anchore/syft:v1.5.0","version":"sha256:7e622b5d92a6ec0727fb4bd48046b644f459c33b54e9ea9025a764d324177cd2"}
 {"name":"registry-golang-latest","key":"golang-latest","version":"1.22"}
 {"name":"registry-golang-matrix","key":"golang-matrix","version":"[\"1.20\", \"1.21\", \"1.22\"]"}
 {"name":"registry-golang-oldest","key":"golang-oldest","version":"1.20"}
-{"name":"registry-tag-arg-semver","key":"anchore/syft","version":"v1.4.1"}
+{"name":"registry-tag-arg-semver","key":"anchore/syft","version":"v1.5.0"}
 {"name":"registry-tag-arg-semver","key":"davidanson/markdownlint-cli2","version":"v0.13.0"}
 {"name":"registry-tag-arg-semver","key":"docker.io/library/alpine","version":"3.20.0"}
-{"name":"registry-tag-arg-semver","key":"docker.io/library/golang","version":"1.22.3"}
+{"name":"registry-tag-arg-semver","key":"docker.io/library/golang","version":"1.22.4"}
 {"name":"registry-tag-arg-semver-major","key":"docker.io/library/alpine","version":"3"}
-{"name":"registry-tag-match-semver","key":"anchore/syft","version":"v1.4.1"}
+{"name":"registry-tag-match-semver","key":"anchore/syft","version":"v1.5.0"}

Makefile

@@ -30,14 +30,14 @@ ifeq "$(strip $(VER_BUMP))" ''
 		$(VER_BUMP_CONTAINER)
 endif
 MARKDOWN_LINT_VER?=v0.13.0
-GOMAJOR_VER?=v0.10.1
+GOMAJOR_VER?=v0.11.0
 GOSEC_VER?=v2.20.0
-GO_VULNCHECK_VER?=v1.1.1
-OSV_SCANNER_VER?=v1.7.3
+GO_VULNCHECK_VER?=v1.1.2
+OSV_SCANNER_VER?=v1.7.4
 SYFT?=$(shell command -v syft 2>/dev/null)
 SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0")
-SYFT_VERSION?=v1.4.1
-SYFT_CONTAINER?=anchore/syft:v1.4.1@sha256:24feb76496d558c52a09a859de569fc71cb147d9aff01edab885accae5363150
+SYFT_VERSION?=v1.5.0
+SYFT_CONTAINER?=anchore/syft:v1.5.0@sha256:7e622b5d92a6ec0727fb4bd48046b644f459c33b54e9ea9025a764d324177cd2
 ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
 	SYFT=docker run --rm \
 		-v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \

build/Dockerfile.olareg

@@ -1,6 +1,6 @@
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
-ARG GO_VER=1.22.3-alpine@sha256:b8ded51bad03238f67994d0a6b88680609b392db04312f60c23358cc878d4902
+ARG GO_VER=1.22.4-alpine@sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8
 
 FROM ${REGISTRY}/library/golang:${GO_VER} as golang
 RUN apk add --no-cache \

build/Dockerfile.olareg.buildkit

@@ -2,7 +2,7 @@
 
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd
-ARG GO_VER=1.22.3-alpine@sha256:b8ded51bad03238f67994d0a6b88680609b392db04312f60c23358cc878d4902
+ARG GO_VER=1.22.4-alpine@sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8
 
 FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} as golang
 RUN apk add --no-cache \