From 23d7596398cbea52eecd00dcc54f9cdd0ca40ebb Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 14:23:30 -0700 Subject: [PATCH] octo-sts/0.4.2-r1: cve remediation (#33275) octo-sts/0.4.2-r1: fix GHSA-29wx-vh33-7x7r Advisory data: https://github.com/wolfi-dev/advisories/blob/main/octo-sts.advisories.yaml Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- octo-sts.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/octo-sts.yaml b/octo-sts.yaml index e81fbf31fed..a9546737491 100644 --- a/octo-sts.yaml +++ b/octo-sts.yaml @@ -1,7 +1,7 @@ package: name: octo-sts version: 0.4.2 - epoch: 1 + epoch: 2 description: A GitHub App that acts like a Security Token Service (STS) for the Github API. copyright: - license: Apache-2.0 @@ -14,6 +14,11 @@ pipeline: repository: https://github.com/octo-sts/app tag: v${{package.version}} + - uses: go/bump + with: + deps: github.com/golang-jwt/jwt/v4@v4.5.1 + modroot: octo-sts + - uses: go/build with: modroot: octo-sts