@@ -10,7 +10,7 @@ require (
1010 github.com/google/go-cmp v0.6.0
1111 github.com/google/go-github/v59 v59.0.0
1212 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79
13- github.com/ossf/scorecard/v4 v4.13.2-0.20240326192505-153e06d99fed
13+ github.com/ossf/scorecard/v5 v5.0.0-rc2
1414 github.com/rhysd/actionlint v1.7.1
1515 github.com/rs/zerolog v1.33.0
1616 github.com/shurcooL/githubv4 v0.0.0-20210725200734-83ba7b4c9228
@@ -20,14 +20,15 @@ require (
2020)
2121
2222require (
23- cloud.google.com/go v0.112.1 // indirect
24- cloud.google.com/go/compute v1.25.0 // indirect
25- cloud.google.com/go/compute/metadata v0.2.3 // indirect
26- cloud.google.com/go/iam v1.1.6 // indirect
27- cloud.google.com/go/secretmanager v1.11.5 // indirect
28- cloud.google.com/go/storage v1.39.1 // indirect
23+ cloud.google.com/go v0.112.2 // indirect
24+ cloud.google.com/go/auth v0.3.0 // indirect
25+ cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
26+ cloud.google.com/go/compute/metadata v0.3.0 // indirect
27+ cloud.google.com/go/iam v1.1.7 // indirect
28+ cloud.google.com/go/secretmanager v1.12.0 // indirect
29+ cloud.google.com/go/storage v1.40.0 // indirect
2930 dario.cat/mergo v1.0.0 // indirect
30- deps.dev/api/v3alpha v0 .0.0-20240312000934-38ffc8dd1d92 // indirect
31+ deps.dev/api/v3 v3 .0.0-20240411010756-f6f382da6e02 // indirect
3132 github.com/BurntSushi/toml v1.3.2 // indirect
3233 github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
3334 github.com/Microsoft/go-winio v0.6.1 // indirect
@@ -64,7 +65,7 @@ require (
6465 github.com/fsnotify/fsnotify v1.7.0 // indirect
6566 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
6667 github.com/go-git/go-billy/v5 v5.5.0 // indirect
67- github.com/go-git/go-git/v5 v5.11 .0 // indirect
68+ github.com/go-git/go-git/v5 v5.12 .0 // indirect
6869 github.com/go-logr/logr v1.4.1 // indirect
6970 github.com/go-logr/stdr v1.2.2 // indirect
7071 github.com/gogo/protobuf v1.3.2 // indirect
@@ -75,45 +76,44 @@ require (
7576 github.com/google/go-github/v53 v53.2.0 // indirect
7677 github.com/google/go-github/v62 v62.0.0 // indirect
7778 github.com/google/go-querystring v1.1.0 // indirect
78- github.com/google/osv-scanner v1.7.1 // indirect
79+ github.com/google/osv-scanner v1.7.2 // indirect
7980 github.com/google/s2a-go v0.1.7 // indirect
8081 github.com/google/uuid v1.6.0 // indirect
8182 github.com/google/wire v0.6.0 // indirect
8283 github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
83- github.com/googleapis/gax-go/v2 v2.12.2 // indirect
84+ github.com/googleapis/gax-go/v2 v2.12.3 // indirect
8485 github.com/h2non/filetype v1.1.3 // indirect
8586 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
8687 github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
8788 github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 // indirect
8889 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
89- github.com/jedib0t/go-pretty/v6 v6.5.5 // indirect
90+ github.com/jedib0t/go-pretty/v6 v6.5.8 // indirect
9091 github.com/jmespath/go-jmespath v0.4.0 // indirect
9192 github.com/kevinburke/ssh_config v1.2.0 // indirect
9293 github.com/klauspost/compress v1.17.7 // indirect
9394 github.com/mattn/go-colorable v0.1.13 // indirect
9495 github.com/mattn/go-isatty v0.0.20 // indirect
9596 github.com/mattn/go-runewidth v0.0.15 // indirect
9697 github.com/mitchellh/go-homedir v1.1.0 // indirect
97- github.com/moby/buildkit v0.13.1 // indirect
98+ github.com/moby/buildkit v0.13.2 // indirect
9899 github.com/opencontainers/go-digest v1.0.0 // indirect
99100 github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
100- github.com/owenrumney/go-sarif/v2 v2.3.0 // indirect
101+ github.com/owenrumney/go-sarif/v2 v2.3.1 // indirect
101102 github.com/package-url/packageurl-go v0.1.2 // indirect
102103 github.com/pandatix/go-cvss v0.6.2 // indirect
103104 github.com/pjbgf/sha1cd v0.3.0 // indirect
104105 github.com/pkg/errors v0.9.1 // indirect
105106 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
106107 github.com/rivo/uniseg v0.4.7 // indirect
107108 github.com/robfig/cron/v3 v3.0.1 // indirect
108- github.com/sergi/go-diff v1.3.1 // indirect
109+ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
109110 github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
110111 github.com/sirupsen/logrus v1.9.3 // indirect
111- github.com/skeema/knownhosts v1.2.1 // indirect
112+ github.com/skeema/knownhosts v1.2.2 // indirect
112113 github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect
113- github.com/spdx/tools-golang v0.5.3 // indirect
114- github.com/stretchr/testify v1.9.0 // indirect
114+ github.com/spdx/tools-golang v0.5.4 // indirect
115115 github.com/vbatts/tar-split v0.11.5 // indirect
116- github.com/xanzy/go-gitlab v0.101 .0 // indirect
116+ github.com/xanzy/go-gitlab v0.103 .0 // indirect
117117 github.com/xanzy/ssh-agent v0.3.3 // indirect
118118 go.opencensus.io v0.24.0 // indirect
119119 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
@@ -122,23 +122,22 @@ require (
122122 go.opentelemetry.io/otel/metric v1.24.0 // indirect
123123 go.opentelemetry.io/otel/trace v1.24.0 // indirect
124124 golang.org/x/crypto v0.22.0 // indirect
125- golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
126- golang.org/x/mod v0.16 .0 // indirect
125+ golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
126+ golang.org/x/mod v0.17 .0 // indirect
127127 golang.org/x/net v0.24.0 // indirect
128- golang.org/x/oauth2 v0.18 .0 // indirect
128+ golang.org/x/oauth2 v0.20 .0 // indirect
129129 golang.org/x/sys v0.20.0 // indirect
130- golang.org/x/text v0.14 .0 // indirect
130+ golang.org/x/text v0.15 .0 // indirect
131131 golang.org/x/time v0.5.0 // indirect
132- golang.org/x/tools v0.19 .0 // indirect
132+ golang.org/x/tools v0.20 .0 // indirect
133133 golang.org/x/vuln v1.0.4 // indirect
134134 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
135- google.golang.org/api v0.169.0 // indirect
136- google.golang.org/appengine v1.6.8 // indirect
137- google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
138- google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
139- google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect
140- google.golang.org/grpc v1.62.1 // indirect
141- google.golang.org/protobuf v1.33.0 // indirect
135+ google.golang.org/api v0.177.0 // indirect
136+ google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect
137+ google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect
138+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect
139+ google.golang.org/grpc v1.63.2 // indirect
140+ google.golang.org/protobuf v1.34.0 // indirect
142141 gopkg.in/warnings.v0 v0.1.2 // indirect
143142 gopkg.in/yaml.v3 v3.0.1 // indirect
144143 gotest.tools/v3 v3.5.1 // indirect
0 commit comments