fix(deps): update module github.com/google/go-github/v53 to v55 (#2712)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/google/go-github/v53](https://togithub.com/google/go-github) | require | major | `v53.2.0` -> `v55.0.0` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>google/go-github (github.com/google/go-github/v53)</summary> ### [`v55.0.0`](https://togithub.com/google/go-github/releases/tag/v55.0.0) [Compare Source](https://togithub.com/google/go-github/compare/v54.0.0...v55.0.0) This release contains the following breaking API changes: - Add missing fields to SecurityAdvisoryEvent and rename others ([#2889](https://togithub.com/google/go-github/issues/2889)) and the following additional changes: - Bump go-github from v53 to v54 in /scrape ([#2882](https://togithub.com/google/go-github/issues/2882)) - Add support for enable/disable private vulnerability reporting on repositories ([#2887](https://togithub.com/google/go-github/issues/2887)) - Add support for organization, repository webhook configuration ([#2885](https://togithub.com/google/go-github/issues/2885)) - Return json.Unmarshal error when importing issues deferred ([#2892](https://togithub.com/google/go-github/issues/2892)) - Remove dependency on "golang.org/x/oauth2" ([#2895](https://togithub.com/google/go-github/issues/2895)) - Add support for dependabot_alert webhook event ([#2888](https://togithub.com/google/go-github/issues/2888)) - Fix merge issue from field renaming ([#2906](https://togithub.com/google/go-github/issues/2906)) - Add missing CodeScanning endpoints ([#2900](https://togithub.com/google/go-github/issues/2900)) - Update package constructors ([#2904](https://togithub.com/google/go-github/issues/2904)) - Fix serialization of repository_names conditions object ([#2910](https://togithub.com/google/go-github/issues/2910)) - Bump actions/checkout from 3 to 4 ([#2912](https://togithub.com/google/go-github/issues/2912)) - Bump version of go-github to v55.0.0 ([#2914](https://togithub.com/google/go-github/issues/2914)) ### [`v54.0.0`](https://togithub.com/google/go-github/releases/tag/v54.0.0) [Compare Source](https://togithub.com/google/go-github/compare/v53.2.0...v54.0.0) This release contains the following breaking API changes: - Fix ListPullRequestsWithCommit option type ([#2822](https://togithub.com/google/go-github/issues/2822)) - Support repository_id in org ruleset conditions ([#2825](https://togithub.com/google/go-github/issues/2825)) - Fix repo rules bypass settings ([#2831](https://togithub.com/google/go-github/issues/2831)) - Fix old_name field in AuditEntry ([#2849](https://togithub.com/google/go-github/issues/2849)) and the following additional changes: - Bump golang.org/x/net from 0.10.0 to 0.11.0 in /scrape ([#2814](https://togithub.com/google/go-github/issues/2814)) - Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 ([#2812](https://togithub.com/google/go-github/issues/2812)) - Bump github.com/google/go-github/v53 from 53.0.0 to 53.2.0 in /scrape ([#2813](https://togithub.com/google/go-github/issues/2813)) - Add Runner to generate-jitconfig method ([#2818](https://togithub.com/google/go-github/issues/2818)) - Remove unnecessary use of fmt.Sprintf ([#2819](https://togithub.com/google/go-github/issues/2819)) - Use bytes.Equal instead of bytes.Compare ([#2820](https://togithub.com/google/go-github/issues/2820)) - Fix CreateOrUpdateOrgSecret regression introduced in v53 ([#2817](https://togithub.com/google/go-github/issues/2817)) - Add Repository struct to SecretScanningAlert ([#2823](https://togithub.com/google/go-github/issues/2823)) - Add support for personal access tokens request review API ([#2827](https://togithub.com/google/go-github/issues/2827)) - Add support for personal_access_token_request webhook event type ([#2826](https://togithub.com/google/go-github/issues/2826)) - Support line comments on PRs ([#2833](https://togithub.com/google/go-github/issues/2833)) - Implement installation_target webhook event type ([#2829](https://togithub.com/google/go-github/issues/2829)) - Add secret type display to secret scanning alert ([#2834](https://togithub.com/google/go-github/issues/2834)) - Use a sentinel error when blocking paths for RepositoriesServices.GetContents ([#2837](https://togithub.com/google/go-github/issues/2837)) - Add support for SAML SSO authorization APIs ([#2835](https://togithub.com/google/go-github/issues/2835)) - Bump golang.org/x/net from 0.11.0 to 0.12.0 in /scrape ([#2839](https://togithub.com/google/go-github/issues/2839)) - Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 ([#2840](https://togithub.com/google/go-github/issues/2840)) - Add Dependabot field in security_and_analysis ([#2846](https://togithub.com/google/go-github/issues/2846)) - Add new query params for AlertListOptions ([#2848](https://togithub.com/google/go-github/issues/2848)) - Add old_name field to AuditEntry ([#2843](https://togithub.com/google/go-github/issues/2843)) - Add OldLogin field to AuditEntryData ([#2850](https://togithub.com/google/go-github/issues/2850)) - Check for nil pointer in update rule parameters ([#2854](https://togithub.com/google/go-github/issues/2854)) - Fix dropped test error ([#2858](https://togithub.com/google/go-github/issues/2858)) - Bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 ([#2859](https://togithub.com/google/go-github/issues/2859)) - Bump golang.org/x/net from 0.12.0 to 0.14.0 in /scrape ([#2860](https://togithub.com/google/go-github/issues/2860)) - Add ListOptions pagination for Dependabot alerts ([#2853](https://togithub.com/google/go-github/issues/2853)) - Add support for Security Advisories Request CVE endpoint ([#2857](https://togithub.com/google/go-github/issues/2857)) - Add support for the security and analysis webhook event ([#2862](https://togithub.com/google/go-github/issues/2862)) - Add support for projects_v2 and projects_v2\_item webhook events ([#2868](https://togithub.com/google/go-github/issues/2868)) - Defer closing body before checking HTTP status code ([#2870](https://togithub.com/google/go-github/issues/2870)) - Add GetAutomatedSecurityFixes to report status ([#2842](https://togithub.com/google/go-github/issues/2842)) - Adding missing field important to find branch in fork from same owner ([#2873](https://togithub.com/google/go-github/issues/2873)) - Add WorkflowRun and Workflow to DeploymentEvent ([#2755](https://togithub.com/google/go-github/issues/2755)) - Replace deprectated crypto/ssh/terminal module in examples ([#2876](https://togithub.com/google/go-github/issues/2876)) - Update workflow to use Go 1.21 and 1.20 ([#2878](https://togithub.com/google/go-github/issues/2878)) - Add TriggeringActor to WorkflowRun ([#2879](https://togithub.com/google/go-github/issues/2879)) - Add WebhookTypes and EventForType methods ([#2865](https://togithub.com/google/go-github/issues/2865)) - Add support for fetching SBOMs ([#2869](https://togithub.com/google/go-github/issues/2869)) - Add SubmoduleGitURL to RepositoryContent ([#2880](https://togithub.com/google/go-github/issues/2880)) - Bump version of go-github to v54.0.0 ([#2881](https://togithub.com/google/go-github/issues/2881)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).  Signed-off-by: Mend Renovate <[email protected]> Co-authored-by: laurentsimon <[email protected]>
slsa-framework · Sep 13, 2023 · 29207b4 · 29207b4
1 parent 2e67802
commit 29207b4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 17 deletions.
diff --git a/github/client.go b/github/client.go
@@ -17,7 +17,7 @@ package github
 import (
 	"context"
 
-	"github.com/google/go-github/v53/github"
+	"github.com/google/go-github/v55/github"
 	"golang.org/x/oauth2"
 )
 

diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/go-openapi/strfmt v0.21.7
 	github.com/go-openapi/swag v0.22.4
 	github.com/google/go-cmp v0.5.9
-	github.com/google/go-github/v53 v53.2.0
+	github.com/google/go-github/v55 v55.0.0
 	github.com/in-toto/in-toto-golang v0.9.0
 	github.com/pelletier/go-toml v1.9.5
 	github.com/secure-systems-lab/go-securesystemslib v0.7.0
@@ -177,14 +177,14 @@ require (
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
 	golang.org/x/mod v0.11.0 // indirect
 	golang.org/x/net v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/term v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/term v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.9.3 // indirect
 	google.golang.org/api v0.128.0 // indirect

diff --git a/go.sum b/go.sum
@@ -456,8 +456,8 @@ github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6
 github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/go-github/v50 v50.2.0 h1:j2FyongEHlO9nxXLc+LP3wuBSVU9mVxfpdYUexMpIfk=
 github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q=
-github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI=
-github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao=
+github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLNb9x9cg=
+github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -898,8 +898,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1078,14 +1078,14 @@ golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
-golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1098,8 +1098,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

diff --git a/slsa/clientprovider.go b/slsa/clientprovider.go
@@ -17,7 +17,7 @@ package slsa
 import (
 	"context"
 
-	githubapi "github.com/google/go-github/v53/github"
+	githubapi "github.com/google/go-github/v55/github"
 
 	"github.com/slsa-framework/slsa-github-generator/github"
 )