Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add osv-scalibr as a dependency extraction method for PR remediation #4688

Merged
merged 8 commits into from
Oct 10, 2024
Merged

Add osv-scalibr as a dependency extraction method for PR remediation #4688

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
66b7bd6
Add osv-scalibr as a dependency extraction method for PR remediation
evankanderson Oct 8, 2024
6d8807a
Merge remote-tracking branch 'upstream/main' into pr-scalibr
evankanderson Oct 8, 2024
ba4923e
Remove unused constant
evankanderson Oct 8, 2024
51cf1d3
Merge remote-tracking branch 'upstream/main' into pr-scalibr
evankanderson Oct 9, 2024
fcd79ea
Address feedback from @erikvarga
evankanderson Oct 10, 2024
fb12756
Merge remote-tracking branch 'upstream/main' into pr-scalibr
evankanderson Oct 10, 2024
171fcb7
Revert to older github.com/containerd/errgroup, as v0.3.0 is breaking…
evankanderson Oct 10, 2024
d92e0ef
Fix lint errors
evankanderson Oct 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions docs/docs/ref/proto.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

37 changes: 35 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ require (
github.com/erikgeiser/promptkit v0.9.0
github.com/evanphx/json-patch/v5 v5.9.0
github.com/fergusstrange/embedded-postgres v1.29.0
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-billy/v5 v5.5.1-0.20240927131424-c1ee0b97d109
github.com/go-git/go-git/v5 v5.12.0
github.com/go-playground/validator/v10 v10.22.1
github.com/go-viper/mapstructure/v2 v2.2.1
Expand All @@ -31,6 +31,7 @@ require (
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.2
github.com/google/go-github/v63 v63.0.0
github.com/google/osv-scalibr v0.1.4-0.20241008174812-047e6a2b425d
github.com/google/uuid v1.6.0
github.com/gorilla/handlers v1.5.2
github.com/gorilla/securecookie v1.1.2
Expand Down Expand Up @@ -97,10 +98,15 @@ require (

require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/BurntSushi/toml v1.4.0 // indirect
github.com/CycloneDX/cyclonedx-go v0.9.0 // indirect
github.com/Masterminds/squirrel v1.5.4 // indirect
github.com/MicahParks/keyfunc/v2 v2.1.0 // indirect
github.com/Microsoft/hcsshim v0.11.7 // indirect
github.com/alecthomas/chroma/v2 v2.14.0 // indirect
github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 // indirect
github.com/anderseknert/roast v0.2.0 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
Expand All @@ -120,24 +126,36 @@ require (
github.com/aymerick/douceur v0.2.0 // indirect
github.com/charmbracelet/x/ansi v0.2.3 // indirect
github.com/charmbracelet/x/term v0.2.0 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/containerd v1.7.22 // indirect
github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/continuity v0.4.3 // indirect
github.com/containerd/errdefs v0.2.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/coreos/go-semver v0.3.1 // indirect
github.com/deckarep/golang-set/v2 v2.6.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/dlclark/regexp2 v1.11.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
github.com/erikvarga/go-rpmdb v0.0.0-20240208180226-b97e041ef9af // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-chi/chi/v5 v5.1.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-sql-driver/mysql v1.8.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
github.com/google/go-github/v61 v61.0.0 // indirect
github.com/google/osv-scanner v1.7.1 // indirect
github.com/gorilla/css v1.0.1 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
github.com/hashicorp/go-sockaddr v1.0.5 // indirect
Expand All @@ -158,11 +176,18 @@ require (
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/option v1.0.1 // indirect
github.com/mattn/go-localereader v0.0.1 // indirect
github.com/mattn/go-sqlite3 v1.14.22 // indirect
github.com/mfridman/interpolate v0.0.2 // indirect
github.com/minio/highwayhash v1.0.3 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/buildkit v0.15.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.7.1 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/motemen/go-nuts v0.0.0-20220604134737-2658d0104f31 // indirect
Expand All @@ -178,6 +203,8 @@ require (
github.com/nikunjy/rules v1.5.0 // indirect
github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
github.com/oklog/ulid/v2 v2.1.0 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/openfga/api/proto v0.0.0-20240906203051-102620ef2a66 // indirect
github.com/openfga/language/pkg/go v0.2.0-beta.2 // indirect
github.com/package-url/packageurl-go v0.1.3 // indirect
Expand All @@ -194,16 +221,22 @@ require (
github.com/signalfx/splunk-otel-go/instrumentation/internal v1.19.0 // indirect
github.com/sigstore/sigstore v1.8.9 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect
github.com/spdx/tools-golang v0.5.3 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/theupdateframework/go-tuf/v2 v2.0.1 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
github.com/yuin/goldmark-emoji v1.0.3 // indirect
github.com/zitadel/logging v0.6.1 // indirect
github.com/zitadel/schema v1.3.0 // indirect
go.etcd.io/bbolt v1.3.10 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
gotest.tools/v3 v3.5.1 // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 // indirect
Expand All @@ -230,7 +263,7 @@ require (
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/cyphar/filepath-securejoin v0.2.5 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
Expand Down
Loading
Loading