Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go.mod #59

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update go.mod #59

wants to merge 2 commits into from

Conversation

aidenwang9867
Copy link
Owner

No description provided.

@github-actions
Copy link

github-actions bot commented Jun 30, 2022
edited by aidenwang9867
Loading

Hi there 👋, here are the dependency changes on your code commit 799b408d202cbba0bd3c6df514c6fb19b0a4e1a6

@github-actions
Copy link

added vulnerable actions: actions/checkout @ ec3a7ce113134d7a93b817d10a8272cb61118579

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/internal/checksum @ v1.1.3

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/internal/presigned-url @ v1.9.3

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/sts @ v1.16.3

added vulnerable gomod: google.golang.org/protobuf @ v1.28.0

added vulnerable gomod: gopkg.in/yaml.v3 @ v3.0.0-20210107192922-496545a6307b

added vulnerable gomod: github.com/ossf/scorecard/v4 @ v4.1.0

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/internal/ini @ v1.3.10

added vulnerable gomod: github.com/onsi/gomega @ v1.18.1

added vulnerable gomod: cloud.google.com/go/secretmanager @ v1.3.0

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/config @ v1.15.3

added vulnerable gomod: github.com/davecgh/go-spew @ v1.1.1

added vulnerable gomod: github.com/google/go-replayers/httpreplay @ v1.1.1

added vulnerable gomod: github.com/onsi/ginkgo @ v1.16.4

added vulnerable gomod: golang.org/x/net @ v0.0.0-20220401154927-543a649e0bdd

added vulnerable gomod: google.golang.org/grpc @ v1.45.0

added vulnerable gomod: github.com/onsi/ginkgo/v2 @ v2.1.3

added vulnerable gomod: golang.org/x/oauth2 @ v0.0.0-20220309155454-6242fa91716a

added vulnerable actions: actions/dependency-review-action @ 3f943b86c9a289f4e632c632695e2e0898d9d67d

added vulnerable gomod: github.com/gogo/protobuf @ v1.3.2

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/internal/s3shared @ v1.13.3

added vulnerable gomod: github.com/aws/smithy-go @ v1.11.2

added vulnerable gomod: github.com/h2non/filetype @ v1.1.3

added vulnerable gomod: github.com/pkg/errors @ v0.9.1

added vulnerable gomod: github.com/google/martian @ v2.1.1-0.20190517191504-25dcb96d9e51+incompatible

added vulnerable gomod: github.com/aws/aws-sdk-go-v2 @ v1.16.2

added vulnerable gomod: github.com/golang-jwt/jwt/v4 @ v4.4.1

added vulnerable gomod: github.com/mattn/go-colorable @ v0.1.12

added vulnerable gomod: github.com/moby/buildkit @ v0.8.3

added vulnerable gomod: github.com/fatih/color @ v1.13.0

added vulnerable gomod: github.com/golang/groupcache @ v0.0.0-20210331224755-41bb18bfe9da

added vulnerable gomod: github.com/jmespath/go-jmespath @ v0.4.0

added vulnerable actions: golangci/golangci-lint-action @ b517f99ae23d86ecc4c0dec08dcf48d2336abc29

added vulnerable actions: sigstore/cosign-installer @ main

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/secretsmanager @ v1.15.4

added vulnerable gomod: github.com/google/martian/v3 @ v3.3.2

added vulnerable gomod: github.com/sirupsen/logrus @ v1.8.1

added vulnerable gomod: github.com/mattn/go-isatty @ v0.0.14

added vulnerable gomod: github.com/rogpeppe/go-internal @ v1.8.1-0.20210923151022-86f73c517451

added vulnerable gomod: github.com/bradleyfalzon/ghinstallation/v2 @ v2.0.4

added vulnerable gomod: github.com/rs/zerolog @ v1.26.1

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/internal/configsources @ v1.1.9

added vulnerable gomod: github.com/frankban/quicktest @ v1.13.1

added vulnerable gomod: cloud.google.com/go/kms @ v1.4.0

added vulnerable gomod: github.com/google/go-github/v41 @ v41.0.0

added vulnerable gomod: github.com/rivo/uniseg @ v0.2.0

added vulnerable gomod: cloud.google.com/go/iam @ v0.3.0

added vulnerable gomod: cloud.google.com/go/storage @ v1.21.0

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream @ v1.4.1

added vulnerable gomod: google.golang.org/appengine @ v1.6.7

added vulnerable gomod: mvdan.cc/sh/v3 @ v3.4.2

added vulnerable gomod: golang.org/x/text @ v0.3.7

added vulnerable gomod: github.com/golang/mock @ v1.6.0

added vulnerable actions: github/codeql-action/init @ 7502d6e991ca767d2db617bfd823a1ed925a0d59

added vulnerable actions: actions/upload-artifact @ 6673cd052c4cd6fcf4b4e6e60ea986c889389535

added vulnerable gomod: golang.org/x/xerrors @ v0.0.0-20200804184101-5ec99f83aff1

added vulnerable gomod: google.golang.org/api @ v0.74.0

added vulnerable gomod: github.com/shurcooL/githubv4 @ v0.0.0-20210725200734-83ba7b4c9228

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/feature/s3/manager @ v1.11.3

added vulnerable gomod: github.com/shurcooL/graphql @ v0.0.0-20200928012149-18c5c3165e3a

added vulnerable gomod: github.com/pmezard/go-difflib @ v1.0.0

added vulnerable gomod: github.com/robfig/cron @ v1.2.0

added vulnerable actions: github/codeql-action/upload-sarif @ 7502d6e991ca767d2db617bfd823a1ed925a0d59

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/credentials @ v1.11.2

added vulnerable gomod: github.com/jmespath/go-jmespath/internal/testify @ v1.5.1

added vulnerable actions: github/codeql-action/autobuild @ 7502d6e991ca767d2db617bfd823a1ed925a0d59

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 @ v2.4.3

added vulnerable gomod: github.com/mattn/go-ieproxy @ v0.0.3

added vulnerable gomod: golang.org/x/sync @ v0.0.0-20210220032951-036812b2e83c

added vulnerable gomod: google.golang.org/genproto @ v0.0.0-20220401170504-314d38edb7de

added vulnerable gomod: github.com/stretchr/testify @ v1.7.0

added vulnerable gomod: github.com/Azure/azure-pipeline-go @ v0.2.3

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/sso @ v1.11.3

added vulnerable gomod: github.com/bombsimon/logrusr/v2 @ v2.0.1

added vulnerable actions: actions/setup-go @ 2

added vulnerable gomod: github.com/rhysd/actionlint @ v1.6.8

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding @ v1.9.1

added vulnerable gomod: github.com/googleapis/gax-go/v2 @ v2.2.0

added vulnerable gomod: github.com/containerd/typeurl @ v1.0.2

added vulnerable gomod: github.com/google/wire @ v0.5.0

added vulnerable actions: github/codeql-action/analyze @ 7502d6e991ca767d2db617bfd823a1ed925a0d59

added vulnerable gomod: github.com/aws/aws-sdk-go @ v1.43.31

added vulnerable gomod: github.com/google/go-github/v38 @ v38.1.0

added vulnerable gomod: github.com/Azure/azure-storage-blob-go @ v0.14.0

added vulnerable gomod: github.com/golang/protobuf @ v1.5.2

added vulnerable gomod: github.com/google/uuid @ v1.3.0

added vulnerable gomod: go.opencensus.io @ v0.23.0

added vulnerable gomod: github.com/mattn/go-runewidth @ v0.0.13

added vulnerable gomod: cloud.google.com/go @ v0.100.2

added vulnerable gomod: github.com/go-logr/logr @ v1.2.2

added vulnerable gomod: golang.org/x/sys @ v0.0.0-20220330033206-e17cdc41300f

added vulnerable gomod: github.com/google/go-github/v43 @ v43.0.0

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/feature/ec2/imds @ v1.12.3

added vulnerable gomod: gotest.tools @ v2.2.0+incompatible

added vulnerable gomod: github.com/google/go-replayers/grpcreplay @ v1.1.0

added vulnerable gomod: github.com/kr/pretty @ v0.3.0

added vulnerable actions: ossf/scorecard-action @ c1aec4ac820532bab364f02a81873c555a0ba3a1

added vulnerable gomod: gocloud.dev @ v0.25.0

added vulnerable gomod: cloud.google.com/go/compute @ v1.5.0

added vulnerable gomod: github.com/google/go-github @ v17.0.0+incompatible

added vulnerable gomod: github.com/googleapis/gax-go @ v2.0.2+incompatible

added vulnerable gomod: github.com/aws/aws-sdk-go-v2/service/s3 @ v1.26.3

updatedvulnerable gomod: golang.org/x/crypto @ v0.0.0-20220331220935-ae2d96664a29 (old) ➡️ gomod @ golang.org/x/crypto @ v0.0.0-20220331220935-ae2d96664a29 (new)

updatedvulnerable gomod: gopkg.in/check.v1 @ v1.0.0-20201130134442-10cb98267c6c (old) ➡️ gomod @ gopkg.in/check.v1 @ v1.0.0-20201130134442-10cb98267c6c (new)

updatedvulnerable gomod: gopkg.in/yaml.v2 @ v2.4.0 (old) ➡️ gomod @ gopkg.in/yaml.v2 @ v2.4.0 (new)

updatedvulnerable gomod: github.com/kr/text @ v0.2.0 (old) ➡️ gomod @ github.com/kr/text @ v0.2.0 (new)

updatedvulnerable gomod: github.com/google/go-cmp @ v0.5.8 (old) ➡️ gomod @ github.com/google/go-cmp @ v0.5.8 (new)

removed gomod: github.com/dgrijalva/jwt-go @ v3.2.0+incompatible

removed gomod: github.com/google/go-github/v35 @ v35.1.0

removed gomod: github.com/google/go-querystring @ 1.1.0

removed gomod: github.com/niemeyer/pretty @ v0.0.0-20200227124842-a10e7caefd8e

removed gomod: github.com/google/go-github/v29 @ v29.0.2

removed gomod: github.com/bradleyfalzon/ghinstallation @ v1.1.1

@aidenwang9867 aidenwang9867 mentioned this pull request Jul 7, 2022
Closed
@aidenwang9867
Copy link
Owner Author

aidenwang9867 commented Jul 18, 2022
edited
Loading

Scorecards' Github action Dependency-diff Report

Dependency-diffs (changes) between the BASE commit 112997623f24d5f677ff9155f3868964d4b81df3 and the HEAD commit main:

added Scorecard Score: 5.8 gocloud.dev @ 0.23.0 (new)

added Scorecard Score: 7.0 sigs.k8s.io/yaml @ 1.3.0 (new)

added updated github.com/google/go-github/v35 @ 35.2.0 (new) github.com/google/go-github/v35 @ 35.1.0 (removed)

removed Scorecard Score: 9.0 github.com/google/go-cmp @ 0.5.4

removed Scorecard Score: 5.5 github.com/ossf/scorecard @ 1.2.1-0.20210722153731-89c8e2af3131

removed Scorecard Score: 0.0 github.com/rs/zerolog @ 1.22.0

removed golang.org/x/crypto @ 0.0.0-20201203163018-be400aefbc4c

@aidenwang9867 aidenwang9867 mentioned this pull request Jul 21, 2022
Open
@aidenwang9867
Copy link
Owner Author

Scorecard Action Dependency-diff Report

Dependency-diffs (changes) between the BASE main and the HEAD dev:

added deps.dev Score: 8.2 cloud.google.com/go/bigquery @ 1.36.0

added deps.dev Score: 7.6 gocloud.dev @ 0.23.0

added deps.dev Score: 4.4 sigs.k8s.io/yaml @ 1.3.0

added updated deps.dev google.golang.org/protobuf @ v1.28.1 google.golang.org/protobuf @ v1.28.0

added updated deps.dev github.com/google/go-github/v35 @ 35.2.0 github.com/google/go-github/v35 @ 35.1.0

removed deps.dev github.com/ossf/scorecard @ 1.2.1-0.20210722153731-89c8e2af3131

removed deps.dev github.com/rs/zerolog @ 1.22.0

removed deps.dev golang.org/x/crypto @ 0.0.0-20201203163018-be400aefbc4c

removed deps.dev github.com/google/go-cmp @ 0.5.4

This is an experimental feature of the Scorecard Action. The scores are aggregate scores calculated by the checks specified in the workflow file. Please refer to Scorecard Checks for more details. Please also see the corresponding deps.dev tag for a more comprehensive view of your dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aidenwang9867