Skip to content

Fix issue #99: Trivy Vulnerability Detections (bump dependencies) #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
trinitronx wants to merge 13 commits into from
Closed

Fix issue #99: Trivy Vulnerability Detections (bump dependencies) #121

trinitronx wants to merge 13 commits into from

Conversation

@trinitronx
Copy link
Contributor

@trinitronx trinitronx commented Jul 16, 2025

Checklist

Not all of these might apply to your change but the more you are able to check
the easier it will be to get your contribution merged.

  • CI passes - See: Test CI: Fix issue #99 Trivy Vulnerability Detections trinitronx/checkmake#1
  • Description of proposed change:
    • Fix CVE alerts #99
    • Bump Go to 1.24
    • Bump all dependencies to latest except olekukonko/tablewriter (kept @ v0.0.5 due to breaking API changes)
    • Bump GitHub Actions Go version to 1.24
    • Bump all GitHub Actions to latest & fix warnings / annotations
    • Bump Docker container to Go 1.24 & latest stable Alpine 3.22
  • Documentation (README, docs/, man pages) is updated
  • Existing issue is referenced if there is one - CVE alerts #99
  • Unit tests for the proposed change - N/A (no change, but passing with CI updates & fixes listed above)

trinitronx added 13 commits July 16, 2025 03:06
@trinitronx
Update go.mod, go.sum for go 1.23 + deps
ab807b8
@trinitronx
Run: go mod vendor
6a2f3e9
@trinitronx
Revert olekukonko/tablewriter to v0.0.5 (API breakage)
c1e6a2d
@trinitronx
Run: go mod vendor (with olekukonko/tablewriter@v0.0.5)
b732ad5
@trinitronx
ci: Bump Go to v1.24, actions/setup-go@v5
cd161a8
@trinitronx
ci: Bump pre-commit/action@v3.0.1
68e09b3
@trinitronx
ci: Bump actions/checkout@v4
e056203
@trinitronx
ci: Bump go to v1.24 in Dockerfile & fix docker lint warning
afabc36 
Warning was:

     1 warning found (use docker --debug to expand):
     - FromAsCasing: 'as' and 'FROM' keywords' casing do not match (line 1)
@trinitronx
ci: Bump docker image to alpine:3.22
dfa3273
@trinitronx
ci: Reorder actions setup-go & checkout for caching
063938a 
New setup-go@v5 action supports caching, but only if go.sum file exists.
Fix is to checkout repo before running setup-go action.

Warning was:

    Warning: Restore cache failed: Dependencies file is not found in /home/runner/work/checkmake/checkmake. Supported file pattern: go.sum
@trinitronx
ci: Bump actions/setup-python@v5
f002062
@trinitronx
docs: Update README Go references to 1.24
f38c235
@trinitronx
docs: Update README pre-commit example
b78487c 
Match versions to latest:

- actions/checkout@v4
- actions/setup-python@v5
- pre-commit/action@v3.0.1
@trinitronx trinitronx mentioned this pull request Jul 18, 2025
Closed
@lafrenierejm
Copy link
Contributor

lafrenierejm commented Aug 7, 2025

See also #126 to automate future dependency updates.

@obnoxxx
Copy link
Collaborator

obnoxxx commented Aug 11, 2025

Thank you for your conytibution, @trinitronx !

This is now outdated since depenabot started to bring in some updates. Closing this, but we might decide to start it over if dependabot does not catch everything..

@obnoxxx obnoxxx closed this Aug 11, 2025
@trinitronx trinitronx mentioned this pull request Aug 27, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CVE alerts

3 participants

@trinitronx @lafrenierejm @obnoxxx