From 8b66cc893e968f8253f73c0723696c3cd1821c77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jan 2023 19:08:15 -0500 Subject: [PATCH 1/4] chore(deps): bump debian from `7ca0fec` to `12931ad` (#3904) Bumps debian from `7ca0fec` to `12931ad`. --- updated-dependencies: - dependency-name: debian dependency-type: direct:production ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f4db1f034..23e4ac70c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,7 +30,7 @@ RUN make build-go NAME=pomerium RUN touch /config.yaml # build our own root trust store from current stable -FROM debian:stable@sha256:7ca0fecd790bd1297cb92c4405906b0c4d7df22c8a5f0367a2697daf73c99cd7 as casource +FROM debian:stable@sha256:12931ad2bfd4a9609cf8ef7898f113d67dce8058f0c27f01c90ef7bdd5a61bfb as casource RUN apt-get update && apt-get install -y ca-certificates # Remove expired root (https://github.com/pomerium/pomerium/issues/2653) RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt && update-ca-certificates From dcfe50ad31f766ddefeaff89d503b540d3985273 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jan 2023 19:15:56 -0500 Subject: [PATCH 2/4] chore(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 (#3894) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/c56af957549030174b10d6867f20e78cfd7debc5...37abcedcc1da61a57767b7588cb9d03eb57e28b3) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Denis Mishin --- .github/workflows/docker-main.yaml | 4 ++-- .github/workflows/test.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/docker-main.yaml b/.github/workflows/docker-main.yaml index f359b9ecf..d4cd18b2f 100644 --- a/.github/workflows/docker-main.yaml +++ b/.github/workflows/docker-main.yaml @@ -47,7 +47,7 @@ jobs: echo ::set-output name=sha-tag::${SHA_TAG} - name: Docker Publish - Main - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile @@ -60,7 +60,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: Docker Publish - Debug - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile.debug diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 23bf4a298..383640e2a 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -209,7 +209,7 @@ jobs: uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 - name: Docker Build - uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 + uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 with: context: . file: ./Dockerfile From 206b73f4caf8b30779a6c5eff37306e48f8b4202 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jan 2023 19:16:34 -0500 Subject: [PATCH 3/4] chore(deps): bump golang from 1.19.4-buster to 1.19.5-buster (#3902) Bumps golang from 1.19.4-buster to 1.19.5-buster. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Denis Mishin --- Dockerfile | 2 +- Dockerfile.debug | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 23e4ac70c..5a3ce5816 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN make yarn COPY ./ui/ ./ui/ RUN make build-ui -FROM golang:1.19.4-buster@sha256:7c97baef6d7a48c2520691e38cca1c56a86b0cad36831c01d959913711f30aa3 as build +FROM golang:1.19.5-buster@sha256:150a98859da4c88935958d21d4fca1c74a139eac88e1eb2364c8f60d69236ede as build WORKDIR /go/src/github.com/pomerium/pomerium RUN apt-get update \ diff --git a/Dockerfile.debug b/Dockerfile.debug index 42b300daf..edaa98465 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -13,7 +13,7 @@ RUN make yarn COPY ./ui/ ./ui/ RUN make build-ui -FROM golang:1.19.4-buster@sha256:7c97baef6d7a48c2520691e38cca1c56a86b0cad36831c01d959913711f30aa3 as build +FROM golang:1.19.5-buster@sha256:150a98859da4c88935958d21d4fca1c74a139eac88e1eb2364c8f60d69236ede as build WORKDIR /go/src/github.com/pomerium/pomerium RUN apt-get update \ From abbedad7483ffe6537ccfcaf3711c8f725e4055a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Jan 2023 20:59:11 -0500 Subject: [PATCH 4/4] chore(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0 (#3893) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.51.0 to 1.52.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.51.0...v1.52.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Denis Mishin --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 87c70c806..39ca1b766 100644 --- a/go.mod +++ b/go.mod @@ -69,7 +69,7 @@ require ( golang.org/x/sync v0.1.0 google.golang.org/api v0.105.0 google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6 - google.golang.org/grpc v1.51.0 + google.golang.org/grpc v1.52.0 google.golang.org/protobuf v1.28.1 gopkg.in/yaml.v3 v3.0.1 namespacelabs.dev/go-filenotify v0.0.0-20220511192020-53ea11be7eaa diff --git a/go.sum b/go.sum index 40ec3ff3c..59c611e89 100644 --- a/go.sum +++ b/go.sum @@ -1449,8 +1449,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.51.0 h1:E1eGv1FTqoLIdnBCZufiSHgKjlqG6fKFf6pPWtMTh8U= -google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=