Merge branch 'main' into improve-upgrade-test

zarf-dev · Jun 6, 2023 · 93ef809 · 93ef809
2 parents 0d98cd0 + 4978ab0
commit 93ef809
Show file tree

Hide file tree

Showing 14 changed files with 750 additions and 1,365 deletions.
diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
@@ -4,7 +4,7 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
       with:
         go-version: 1.19.x
         cache: true
diff --git a/.github/workflows/nightly-ecr.yml b/.github/workflows/nightly-ecr.yml
@@ -32,7 +32,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
+        uses: aws-actions/configure-aws-credentials@5727f247b64f324ec403ac56ae05e220fd02b65f # v2.1.0
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           aws-region: us-east-1

diff --git a/.github/workflows/nightly-eks.yml b/.github/workflows/nightly-eks.yml
@@ -40,7 +40,7 @@ jobs:
         uses: ./.github/actions/packages
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0
+        uses: aws-actions/configure-aws-credentials@5727f247b64f324ec403ac56ae05e220fd02b65f # v2.1.0
         with:
           role-to-assume: ${{ secrets.AWS_NIGHTLY_ROLE }}
           aws-region: us-east-1

diff --git a/.github/workflows/scan-codeql.yml b/.github/workflows/scan-codeql.yml
@@ -48,7 +48,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -59,6 +59,6 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -45,6 +45,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
         with:
           sarif_file: results.sarif
diff --git a/.grype.yaml b/.grype.yaml
@@ -4,11 +4,8 @@ ignore:
   # This vulnerability does not affect Zarf as we do not instantiate a rekor client
   - vulnerability: GHSA-2h5h-59f5-c5x9
 
+  # This vulnerability does not affect Zarf as we do not instantiate a rekor client
+  - vulnerability: GHSA-frqx-jfcm-6jjr
+
   # From rouille - The Zarf injector does not expose endpoints that use multipart form data
   - vulnerability: GHSA-mc8h-8q98-g5hr
-
-  # From go-git - Zarf does not use go-git (or its imported crypto libraries) to generate secrets
-  - vulnerability: GHSA-2q89-485c-9j2x
-
-  # From go-git - Zarf does not use go-git (or its imported crypto libraries) to generate secrets
-  - vulnerability: CVE-2023-1732