chore: fix dependabot alerts (#2208)

#2192 #2193 #2194 #2195 #2196 #2197 #2198 #2199 #2200 #2201 #2202 #2203 #2204 #2205 #2206 #2207 Signed-off-by: Ramkumar Chinchani <[email protected]>
project-zot · Jan 29, 2024 · 580df42 · 580df42
1 parent 9def35f
commit 580df42
Show file tree

Hide file tree

Showing 12 changed files with 247 additions and 421 deletions.
diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml
@@ -24,7 +24,7 @@ jobs:
         run: make BENCH_OUTPUT=ci-cd run-bench
       # Download previous benchmark result from cache (if exists)
       - name: Download previous benchmark data
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ./cache
           key: ${{ runner.os }}-gen1-benchmark

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -33,7 +33,7 @@ jobs:
           go-version: 1.20.x
       - name: Cache go dependencies
         id: cache-go-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -42,7 +42,7 @@ jobs:
             ${{ runner.os }}-go-mod-
       - name: Cache go build output
         id: cache-go-build
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cache/go-build

diff --git a/.github/workflows/cluster.yaml b/.github/workflows/cluster.yaml
@@ -160,7 +160,7 @@ jobs:
 
       # Download previous benchmark result from cache (if exists)
       - name: Download previous benchmark data
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ./cache
           key: ${{ runner.os }}-gen1-benchmark-stateless-cluster

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -53,7 +53,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2.22.9
+      uses: github/codeql-action/init@v3.23.2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -64,7 +64,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2.22.9
+      uses: github/codeql-action/autobuild@v3.23.2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -77,4 +77,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2.22.9
+      uses: github/codeql-action/analyze@v3.23.2
diff --git a/.github/workflows/oci-conformance-action.yaml b/.github/workflows/oci-conformance-action.yaml
@@ -59,7 +59,7 @@ jobs:
     - run: mkdir -p .out/ && mv {report.html,junit.xml} .out/
       if: always()
     - name: Upload test results zip as build artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: oci-test-results-${{ github.sha }}
         path: .out/

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -215,7 +215,7 @@ jobs:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2.22.9
+        uses: github/codeql-action/upload-sarif@v3.23.2
         with:
           sarif_file: 'trivy-results.sarif'
 

diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
@@ -49,14 +49,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@v3 # v3.0.0
+        uses: actions/upload-artifact@v4 # v3.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v2.22.9 # v1.0.26
+        uses: github/codeql-action/upload-sarif@v3.23.2 # v1.0.26
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -24,7 +24,7 @@ jobs:
           go-version: 1.20.x
       - name: Cache go dependencies
         id: cache-go-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -47,7 +47,7 @@ jobs:
           AWS_ACCESS_KEY_ID: fake
           AWS_SECRET_ACCESS_KEY: fake
       - name: upload coverage
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage-minimal
           path: coverage-minimal.txt
@@ -63,7 +63,7 @@ jobs:
           go-version: 1.20.x
       - name: Cache go dependencies
         id: cache-go-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -86,7 +86,7 @@ jobs:
           AWS_ACCESS_KEY_ID: fake
           AWS_SECRET_ACCESS_KEY: fake
       - name: upload coverage
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage-extended
           path: coverage-extended.txt
@@ -102,7 +102,7 @@ jobs:
           go-version: 1.20.x
       - name: Cache go dependencies
         id: cache-go-dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/go/pkg/mod
@@ -119,7 +119,7 @@ jobs:
       - name: run zot privileged tests
         run: sudo env "PATH=$PATH" make privileged-test
       - name: upload coverage
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage-devmode
           path: coverage-dev-*.txt
@@ -135,7 +135,7 @@ jobs:
           cache: false
           go-version: 1.20.x
       - name: download all workflow coverage files
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
       - name: merge code coverage
         run: |
           cd $GITHUB_WORKSPACE

diff --git a/.github/workflows/web-scan.yaml b/.github/workflows/web-scan.yaml
@@ -56,7 +56,7 @@ jobs:
         env:
           FLAVOR: ${{ matrix.flavor }}
       - name: ZAP Scan Rest API
-        uses: zaproxy/action-baseline@v0.10.0
+        uses: zaproxy/action-baseline@v0.11.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           docker_name: 'owasp/zap2docker-stable'