Skip to content

Commit 24c4d98

Browse files
decebaldecebal
committed
fix: smallfix audits
1 parent 6328d77 commit 24c4d98

9 files changed

Lines changed: 46 additions & 32 deletions

File tree

.github/workflows/ci.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,6 @@ jobs:
3030

3131
- name: Lint workflow files
3232
uses: rhysd/[email protected]
33-
with:
34-
github_token: ${{ secrets.GITHUB_TOKEN }}
3533

3634
# Validate workflow structure with act (dry-run)
3735
workflow-validate:
@@ -188,7 +186,7 @@ jobs:
188186
- name: Set up Go
189187
uses: actions/setup-go@v5
190188
with:
191-
go-version: "1.22"
189+
go-version: "1.24"
192190
cache-dependency-path: apps/control-plane/go.sum
193191

194192
- name: Download dependencies

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -235,7 +235,7 @@ jobs:
235235
- name: Set up Go
236236
uses: actions/setup-go@v5
237237
with:
238-
go-version: "1.22"
238+
go-version: "1.24"
239239

240240
- name: Build
241241
working-directory: apps/control-plane

.github/workflows/security.yml

Lines changed: 16 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -52,19 +52,20 @@ jobs:
5252
- name: Rust dependency audit
5353
if: matrix.name == 'rust'
5454
working-directory: ${{ matrix.working-directory }}
55-
run: cargo audit --ignore RUSTSEC-2020-0071
55+
run: cargo audit
5656

5757
# Go dependencies
5858
- name: Set up Go
5959
if: matrix.name == 'go'
6060
uses: actions/setup-go@v5
6161
with:
62-
go-version: "1.22"
62+
go-version: "1.24"
6363

6464
- name: Go vulnerability check
6565
if: matrix.name == 'go'
6666
working-directory: ${{ matrix.working-directory }}
6767
run: |
68+
go mod tidy
6869
go install golang.org/x/vuln/cmd/govulncheck@latest
6970
govulncheck ./...
7071
@@ -108,7 +109,7 @@ jobs:
108109
if: matrix.language == 'go'
109110
uses: actions/setup-go@v5
110111
with:
111-
go-version: "1.22"
112+
go-version: "1.24"
112113
cache-dependency-path: apps/control-plane/go.sum
113114

114115
- name: Build Go
@@ -190,7 +191,7 @@ jobs:
190191
- name: Set up Go
191192
uses: actions/setup-go@v5
192193
with:
193-
go-version: "1.22"
194+
go-version: "1.24"
194195

195196
- name: Install go-licenses
196197
run: go install github.com/google/go-licenses@latest
@@ -227,21 +228,22 @@ jobs:
227228
steps:
228229
- name: Generate summary
229230
run: |
230-
echo "## 🔒 Security Scan Summary" >> $GITHUB_STEP_SUMMARY
231-
echo "" >> $GITHUB_STEP_SUMMARY
232-
echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
233-
echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
234-
235231
status() {
236-
case $1 in
232+
case "$1" in
237233
success) echo "✅ Passed" ;;
238234
failure) echo "❌ Failed" ;;
239235
skipped) echo "⏭️ Skipped" ;;
240236
*) echo "⚠️ Unknown" ;;
241237
esac
242238
}
243239
244-
echo "| Dependency Audit | $(status ${{ needs.dependency-audit.result }}) |" >> $GITHUB_STEP_SUMMARY
245-
echo "| CodeQL Analysis | $(status ${{ needs.codeql.result }}) |" >> $GITHUB_STEP_SUMMARY
246-
echo "| Container Scan | $(status ${{ needs.container-scan.result }}) |" >> $GITHUB_STEP_SUMMARY
247-
echo "| License Check | $(status ${{ needs.license-check.result }}) |" >> $GITHUB_STEP_SUMMARY
240+
{
241+
echo "## 🔒 Security Scan Summary"
242+
echo ""
243+
echo "| Check | Status |"
244+
echo "|-------|--------|"
245+
echo "| Dependency Audit | $(status "${{ needs.dependency-audit.result }}") |"
246+
echo "| CodeQL Analysis | $(status "${{ needs.codeql.result }}") |"
247+
echo "| Container Scan | $(status "${{ needs.container-scan.result }}") |"
248+
echo "| License Check | $(status "${{ needs.license-check.result }}") |"
249+
} >> "$GITHUB_STEP_SUMMARY"

apps/control-plane/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# Chronos Control Plane - Production-Optimized Multi-Stage Dockerfile
44
# =============================================================================
55

6-
ARG GO_VERSION=1.22
6+
ARG GO_VERSION=1.24
77
ARG ALPINE_VERSION=3.20
88

99
# =============================================================================

apps/control-plane/go.mod

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/allsource/control-plane
22

3-
go 1.22
3+
go 1.24
44

55
require (
66
github.com/dgrijalva/jwt-go v3.2.0+incompatible
@@ -45,10 +45,10 @@ require (
4545
go.opentelemetry.io/otel/metric v1.21.0 // indirect
4646
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
4747
golang.org/x/arch v0.3.0 // indirect
48-
golang.org/x/crypto v0.18.0 // indirect
49-
golang.org/x/net v0.20.0 // indirect
50-
golang.org/x/sys v0.16.0 // indirect
51-
golang.org/x/text v0.14.0 // indirect
48+
golang.org/x/crypto v0.36.0 // indirect
49+
golang.org/x/net v0.38.0 // indirect
50+
golang.org/x/sys v0.31.0 // indirect
51+
golang.org/x/text v0.23.0 // indirect
5252
google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect
5353
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
5454
google.golang.org/grpc v1.59.0 // indirect

apps/control-plane/go.sum

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -118,8 +118,8 @@ golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
118118
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
119119
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
120120
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
121-
golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
122-
golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
121+
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
122+
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
123123
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
124124
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
125125
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -128,8 +128,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
128128
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
129129
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
130130
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
131-
golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
132-
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
131+
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
132+
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
133133
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
134134
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
135135
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -143,8 +143,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
143143
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
144144
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
145145
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
146-
golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
147-
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
146+
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
147+
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
148148
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
149149
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
150150
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -156,8 +156,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
156156
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
157157
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
158158
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
159-
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
160-
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
159+
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
160+
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
161161
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
162162
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
163163
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

apps/core/.cargo/audit.toml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# cargo-audit configuration
2+
# https://github.com/rustsec/rustsec/tree/main/cargo-audit
3+
4+
[advisories]
5+
# Advisories to ignore (with justification)
6+
ignore = [
7+
# chrono uses an old version of time crate - low risk, no patch available yet
8+
# https://rustsec.org/advisories/RUSTSEC-2020-0071
9+
"RUSTSEC-2020-0071",
10+
]

apps/query-service/mix.exs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ defmodule QueryServiceEx.MixProject do
9191
{:credo, "~> 1.7", only: [:dev, :test], runtime: false},
9292
{:dialyxir, "~> 1.4", only: [:dev, :test], runtime: false},
9393
{:ex_doc, "~> 0.31", only: :dev, runtime: false},
94+
{:mix_audit, "~> 2.1", only: [:dev, :test], runtime: false},
9495

9596
# Testcontainers for database testing
9697
{:testcontainers, "~> 1.13", only: :test},

apps/query-service/mix.lock

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
"metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm", "69b09adddc4f74a40716ae54d140f93beb0fb8978d8636eaded0c31b6f099f16"},
3434
"mime": {:hex, :mime, "2.0.7", "b8d739037be7cd402aee1ba0306edfdef982687ee7e9859bee6198c1e7e2f128", [:mix], [], "hexpm", "6171188e399ee16023ffc5b76ce445eb6d9672e2e241d2df6050f3c771e80ccd"},
3535
"mimerl": {:hex, :mimerl, "1.4.0", "3882a5ca67fbbe7117ba8947f27643557adec38fa2307490c4c4207624cb213b", [:rebar3], [], "hexpm", "13af15f9f68c65884ecca3a3891d50a7b57d82152792f3e19d88650aa126b144"},
36+
"mix_audit": {:hex, :mix_audit, "2.1.5", "c0f77cee6b4ef9d97e37772359a187a166c7a1e0e08b50edf5bf6959dfe5a016", [:make, :mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.11", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "87f9298e21da32f697af535475860dc1d3617a010e0b418d2ec6142bc8b42d69"},
3637
"mox": {:hex, :mox, "1.2.0", "a2cd96b4b80a3883e3100a221e8adc1b98e4c3a332a8fc434c39526babafd5b3", [:mix], [{:nimble_ownership, "~> 1.0", [hex: :nimble_ownership, repo: "hexpm", optional: false]}], "hexpm", "c7b92b3cc69ee24a7eeeaf944cd7be22013c52fcb580c1f33f50845ec821089a"},
3738
"nimble_options": {:hex, :nimble_options, "1.1.1", "e3a492d54d85fc3fd7c5baf411d9d2852922f66e69476317787a7b2bb000a61b", [:mix], [], "hexpm", "821b2470ca9442c4b6984882fe9bb0389371b8ddec4d45a9504f00a66f650b44"},
3839
"nimble_ownership": {:hex, :nimble_ownership, "1.0.2", "fa8a6f2d8c592ad4d79b2ca617473c6aefd5869abfa02563a77682038bf916cf", [:mix], [], "hexpm", "098af64e1f6f8609c6672127cfe9e9590a5d3fcdd82bc17a377b8692fd81a879"},
@@ -63,4 +64,6 @@
6364
"websock": {:hex, :websock, "0.5.3", "2f69a6ebe810328555b6fe5c831a851f485e303a7c8ce6c5f675abeb20ebdadc", [:mix], [], "hexpm", "6105453d7fac22c712ad66fab1d45abdf049868f253cf719b625151460b8b453"},
6465
"websock_adapter": {:hex, :websock_adapter, "0.5.8", "3b97dc94e407e2d1fc666b2fb9acf6be81a1798a2602294aac000260a7c4a47d", [:mix], [{:bandit, ">= 0.6.0", [hex: :bandit, repo: "hexpm", optional: true]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.6", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:websock, "~> 0.5", [hex: :websock, repo: "hexpm", optional: false]}], "hexpm", "315b9a1865552212b5f35140ad194e67ce31af45bcee443d4ecb96b5fd3f3782"},
6566
"websockex": {:hex, :websockex, "0.5.1", "9de28d37bbe34f371eb46e29b79c94c94fff79f93c960d842fbf447253558eb4", [:mix], [{:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8ef39576ed56bc3804c9cd8626f8b5d6b5721848d2726c0ccd4f05385a3c9f14"},
67+
"yamerl": {:hex, :yamerl, "0.10.0", "4ff81fee2f1f6a46f1700c0d880b24d193ddb74bd14ef42cb0bcf46e81ef2f8e", [:rebar3], [], "hexpm", "346adb2963f1051dc837a2364e4acf6eb7d80097c0f53cbdc3046ec8ec4b4e6e"},
68+
"yaml_elixir": {:hex, :yaml_elixir, "2.12.0", "30343ff5018637a64b1b7de1ed2a3ca03bc641410c1f311a4dbdc1ffbbf449c7", [:mix], [{:yamerl, "~> 0.10", [hex: :yamerl, repo: "hexpm", optional: false]}], "hexpm", "ca6bacae7bac917a7155dca0ab6149088aa7bc800c94d0fe18c5238f53b313c6"},
6669
}

0 commit comments

Comments
 (0)