Update module github.com/owenrumney/go-sarif/v2 to v2.1.3

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package	Type	Update	Change
github.com/owenrumney/go-sarif/v2	require	patch	`v2.1.2` -> `v2.1.3`

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

owenrumney/go-sarif

### [`v2.1.3`](https://togithub.com/owenrumney/go-sarif/releases/tag/v2.1.3) [Compare Source](https://togithub.com/owenrumney/go-sarif/compare/v2.1.2...v2.1.3) #### What's Changed - Bump github.com/stretchr/testify from 1.7.4 to 1.8.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/48](https://togithub.com/owenrumney/go-sarif/pull/48) - Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/52](https://togithub.com/owenrumney/go-sarif/pull/52) - Bump github.com/zclconf/go-cty from 1.10.0 to 1.12.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/54](https://togithub.com/owenrumney/go-sarif/pull/54) - Bump github.com/zclconf/go-cty from 1.12.1 to 1.13.0 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/55](https://togithub.com/owenrumney/go-sarif/pull/55) - Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/56](https://togithub.com/owenrumney/go-sarif/pull/56) - Bump github.com/zclconf/go-cty from 1.13.0 to 1.13.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/owenrumney/go-sarif/pull/57](https://togithub.com/owenrumney/go-sarif/pull/57) **Full Changelog**: https://github.com/owenrumney/go-sarif/compare/v2.1.2...v2.1.3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[x] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: .github/workflows/go.sum

Command failed: docker run --rm --name=renovate_sidecar --label=renovate_child -v "/mnt/renovate/gh/ah-ha-admin/refactored-memory":"/mnt/renovate/gh/ah-ha-admin/refactored-memory" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -v "/tmp/containerbase":"/tmp/containerbase" -e GOPATH -e GOPROXY -e GOFLAGS -e CGO_ENABLED -e GIT_CONFIG_KEY_0 -e GIT_CONFIG_VALUE_0 -e GIT_CONFIG_KEY_1 -e GIT_CONFIG_VALUE_1 -e GIT_CONFIG_KEY_2 -e GIT_CONFIG_VALUE_2 -e GIT_CONFIG_COUNT -e BUILDPACK_CACHE_DIR -e CONTAINERBASE_CACHE_DIR -w "/mnt/renovate/gh/ah-ha-admin/refactored-memory/.github/workflows" docker.io/containerbase/sidecar bash -l -c "install-tool golang 1.20.2 && go get -d -t ./..."
go: github.com/docker/docker/v23@v23.0.1+incompatible: missing github.com/docker/docker/go.mod and .../v23/go.mod at revision v23.0.1

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated
refactored-memory	❌ Failed (Inspect)			Mar 17, 2023 at 9:01PM (UTC)
refactored-memory-pif7	❌ Failed (Inspect)			Mar 17, 2023 at 9:01PM (UTC)

commit-lint[bot] commented 1 year ago

Contributors

renovate[bot], ah-ha-admin

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR

netlify[bot] commented 1 year ago

Deploy Preview for gorgeous-jalebi-1d9cf4 failed.

Name	Link
Latest commit	179e20dbf9bf06c1e7a2b23897bde6324d20dfdc
Latest deploy log	https://app.netlify.com/sites/gorgeous-jalebi-1d9cf4/deploys/6414d525aff6e70007be40f8

squash-labs[bot] commented 1 year ago

Manage this branch in Squash

Test this branch here: https://renovategithubcom-owenrumney-g-ugrmt.squash.io

guardrails[bot] commented 1 year ago

:warning: We detected 18 security issues in this pull request:

Mode: paranoid | Total findings: 18 | Considered vulnerability: 18

Hard-Coded Secrets (11)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#HexHighEntropyString) | Title: **Hex High Entropy String**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/##SomeNotes#L213 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#HexHighEntropyString) | Title: **Hex High Entropy String**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/AndroidManifest.xml#L6 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#Base64HighEntropyString) | Title: **Base64 High Entropy String**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#stackhawk-api-key) | Title: **StackHawk API Key**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/stackhawk.yml#L1 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#stackhawk-api-key) | Title: **StackHawk API Key**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/stackhawk.yml#L93 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/Sexflixxxvip00/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/action.yml#L16 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/action.yml#L512 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/static.yml#L9 More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---

Vulnerable Libraries (5)

Severity | Details ----- | -------- N/A | [actionpack@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/Gemfile.lock#L5) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [activerecord@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/Gemfile.lock#L12) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [activesupport@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/Gemfile.lock#L6) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [globalid@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/Gemfile.lock#L41) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [rack@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/Gemfile.lock#L32) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* More info on how to fix Vulnerable Libraries in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/using_vulnerable_libraries.html?utm_source=ghpr). ---

Insecure Use of Dangerous Function (2)

Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) | Title: **Non-static OS command execution**, Severity: High
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/.github/workflows/setup.rb#L16 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) | Title: **Non-static OS command execution**, Severity: High
https://github.com/ah-ha-admin/refactored-memory/blob/179e20dbf9bf06c1e7a2b23897bde6324d20dfdc/setup.rb#L16 More info on how to fix Insecure Use of Dangerous Function in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

ah-ha-admin / refactored-memory