Commit graph

93 commits

Author SHA1 Message Date
renovate[bot]
d34f8b77d5 chore(deps): update all dependencies 2024-05-13 14:19:10 +02:00
Cosmin Cojocar
8658b8eab6 Update Go to version 2.22.3 in CI and release
Signed-off-by: Cosmin Cojocar <cosmin@cojocar.ch>
2024-05-12 11:40:57 +02:00
renovate[bot]
cf29d543e2 chore(deps): update all dependencies 2024-05-02 10:27:10 +02:00
Cosmin Cojocar
3b23ec8f09 Update to go 1.22.2
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-04-08 11:51:51 +02:00
Cosmin Cojocar
903c75b05e Update go version to 1.22.1 and 1.21.8
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-03-07 12:23:46 +01:00
Cosmin Cojocar
26e57d6b34 Update CI to go version 1.22
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2024-02-12 10:08:56 +01:00
renovate[bot]
e60b8d88e0 chore(deps): update all dependencies 2024-02-12 09:36:56 +01:00
renovate[bot]
1285eb7300 chore(deps): update all dependencies 2024-02-05 09:59:32 +01:00
renovate[bot]
277553c23d chore(deps): update all dependencies 2024-01-22 09:42:14 +01:00
renovate[bot]
187adabe34 chore(deps): update all dependencies 2023-12-18 10:42:31 +01:00
renovate[bot]
e1f27ba8fc chore(deps): update actions/setup-go action to v5 2023-12-11 10:12:41 +01:00
Cosmin Cojocar
bc03d1c1bc
Update go version to 1.21.5 and 1.20.12 (#1084)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-12-08 14:19:34 +01:00
Pooja Shah
24c614bf16 Added ppc64le support 2023-11-16 10:07:21 +01:00
Cosmin Cojocar
6d56592f09 Update Go to version 1.21.4 and 1.20.11
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-11-10 10:38:54 +01:00
Cosmin Cojocar
6b12a71071 Update cosign version to v2.2.0 2023-10-13 15:19:58 +02:00
Cosmin Cojocar
dd08f99f53
Update to Go 1.21.3 and 1.20.10 (#1035)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-11 10:18:12 +02:00
Cosmin Cojocar
2b62dd1d8a
Use a step ID in github release action to get the digest of the image (#1028)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-09 10:35:36 +02:00
Cosmin Cojocar
53fc0c3c83
Update to go version 1.21.2 and 1.20.9 (#1027)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-10-09 09:35:41 +02:00
renovate[bot]
f6a64969a3 chore(deps): update all dependencies 2023-09-18 08:40:10 +02:00
Cosmin Cojocar
aebe20cfba Drop support for go 1.19.x since go team doesn't ship anymore security fixes for it
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-11 11:26:07 +02:00
Cosmin Cojocar
7a98537c9a Update to latest go version
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-09-11 11:26:07 +02:00
renovate[bot]
b192f06cca
chore(deps): update all dependencies (#1011)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-09-11 10:53:32 +02:00
Cosmin Cojocar
6a2c5e16a1
Update cosign to version v2.1.1 (#1000)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-08-17 09:53:01 +02:00
Cosmin Cojocar
a89e9d5a7a
Enable go 1.21.0 in the CI build (#998)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-08-14 09:59:18 +02:00
Cosmin Cojocar
7d51bfe004
Update to go version 1.20.7 and 1.19.12 (#993)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-08-07 10:05:55 +02:00
Cosmin Cojocar
3a6fd99e54
Update to Go version 1.19.11 and 1.20.6 (#981)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-07-13 09:53:11 +02:00
renovate[bot]
82364a710c
chore(deps): update all dependencies (#974)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-06-19 09:15:01 +02:00
Cosmin Cojocar
b824c10eb4 Update build script to go version 1.20.5
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-06-07 08:53:25 +02:00
Cosmin Cojocar
87cc45e1cd
Use image digest instead of tag when signing the released image with cosign (#960)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-05-17 15:58:25 +02:00
Cosmin Cojocar
c5ea1b7bdd
Update cosign to latest version in release Github action (#958)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2023-05-17 15:27:49 +02:00
Cosmin Cojocar
ae3c2f787c
Update go version in build and release scripts (#957) 2023-05-15 12:05:44 +02:00
Cosmin Cojocar
47bfd4eb6f
Update Go version to 1.20.3 (#953) 2023-04-18 10:18:21 +02:00
Cosmin Cojocar
96bb741801 Use the latest version 2023-03-20 10:25:45 +01:00
Cosmin Cojocar
8e7cf4bd72 Bump the go versions and golanci 2023-03-20 10:25:45 +01:00
renovate[bot]
e7bfcd1d53
chore(deps): update all dependencies (#942)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-03-20 09:23:03 +01:00
Cosmin Cojocar
2071786199 Update Go version in CI builds 2023-02-16 09:45:28 +01:00
Cosmin Cojocar
8aa00db022
Remove the version form ci github action 2023-02-08 11:33:30 +01:00
Cosmin Cojocar
d22a7b6ede
Add gosec version as an input parameter to GitHub action (#927)
* Add gosec version as a paramter to the Github action

* Run gosec as a github action as part of CI
2023-02-08 10:40:36 +01:00
Cosmin Cojocar
2d6b0a5b0f
Update release build script (#924)
* Remove deprecated goreleaser flag from release build script

* Update cosign version to v1.13.1
2023-02-06 14:39:25 +01:00
renovate[bot]
54f56c7d6a
chore(deps): update all dependencies (#922)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-06 14:16:49 +01:00
Cosmin Cojocar
df14837174
Update to Go 1.20 and fix unit tests (#923)
* Fix unit tests for Go 1.20

* Update to Go 1.20 in the build scripts

* Remove support for 1.18 in the build

* Fix the golangci lint version according to Go version used

* Fix golangci version string

* Fix gci linter warning

* Remove golint in favour of golangci
2023-02-06 14:15:05 +01:00
Cosmin Cojocar
b4270dd020
Update Go to latest version (#920) 2023-01-31 10:00:24 +01:00
Cosmin Cojocar
c5d217da7a
Update Go version in CI script (#913)
* Update Go version in CI script

* Introduce back an additional check for filepath clean to fix the unit tests
2023-01-09 16:49:02 +01:00
renovate[bot]
11898d512a
chore(deps): update all dependencies (#906)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-01-02 17:35:12 +01:00
Cosmin Cojocar
0acfbb436c
Update Go version in CI scripts (#889) 2022-11-08 09:54:40 +01:00
Cosmin Cojocar
1af1d5bb49
Pin release build to Go version 1.19.2 (#882) 2022-10-17 11:06:43 +02:00
Sebastiaan van Stijn
ed386818fd
go.mod: ginkgo/v2 v2.3.1, golang.org/x/text v0.3.8, update go versions (#880)
* gha: remove go1.17, temporarily force 1.18.7, 1.19.2

The  security scanner is flagging the code to have a vulnerability, but it's
detecting that we're running go1.18.6, not "latest" (go1.18.7 at time of writing).

Temporarily pinning to go1.18.7 to force installing the latest version:

    Vulnerability #1: GO-2022-1039
      Programs which compile regular expressions from untrusted
      sources may be vulnerable to memory exhaustion or denial of
      service. The parsed regexp representation is linear in the size
      of the input, but in some cases the constant factor can be as
      high as 40,000, making relatively small regexps consume much
      larger amounts of memory. After fix, each regexp being parsed is
      limited to a 256 MB memory footprint. Regular expressions whose
      representation would use more space than that are rejected.
      Normal use of regular expressions is unaffected.

      Call stacks in your code:
      Error:       helpers.go:463:26: github.com/securego/gosec/v2.ExcludedDirsRegExp calls regexp.MustCompile, which eventually calls regexp/syntax.Parse

      Found in: regexp/syntax@go1.18.6
      Fixed in: regexp/syntax@go1.19.2
      More info: https://pkg.go.dev/vuln/GO-2022-1039

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

* go.mod: github.com/onsi/ginkgo/v2 v2.3.1

CI was failing because of a mismatch:

    /home/runner/go/bin/ginkgo -v --fail-fast
    Ginkgo detected a version mismatch between the Ginkgo CLI and the version of Ginkgo imported by your packages:
      Ginkgo CLI Version:
        2.3.1
      Mismatched package versions found:
       2.2.0 used by gosec

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

* go.mod: golang.org/x/text v0.3.8

to address GO-2022-1059

    The vulnerabilities below are in packages that you import, but your code
    doesn't appear to call any vulnerable functions. You may not need to take any
    action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
    for details.

    Vulnerability #1: GO-2022-1059
      An attacker may cause a denial of service by crafting an Accept-Language
      header which ParseAcceptLanguage will take significant time to parse.

      Found in: golang.org/x/text/language@v0.3.7
      Fixed in: golang.org/x/text/language@v0.3.8
      More info: https://pkg.go.dev/vuln/GO-2022-1059

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-17 10:05:13 +02:00
Cosmin Cojocar
d3933f9e14 chore: add support for Go 1.19
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-08-08 10:56:19 +02:00
Cosmin Cojocar
21fcd2f904
Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
2022-07-26 11:08:30 +02:00
Sascha Grunert
05f3ca80f9
Pin cosign-installer to v2 (#824)
We now have tags available in the cosign-installer, which allows us to
pin the latest release via `v2`.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2022-06-23 14:50:50 +02:00