Merge pull request #256 from apptainer/dependabot/go_modules/main/github.com/spf13/pflag-1.0.6

DrDaveD · web-flow · commit e6d10643042f · 2025-01-30T11:18:30.000-06:00
build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,8 +33,20 @@ jobs:
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
 
+      - name: Install jq
+        run: sudo apt-get update && sudo apt-get install -y jq
+
       - name: Check for vulnerabilities
-        run: $HOME/go/bin/govulncheck ./...
+        run: |
+            $HOME/go/bin/govulncheck -format json ./...|jq -r .finding.osv|grep -v null|sort -u >/tmp/vuln-cves
+            CVES="$(cat .govulncheck-ignorecves .govulncheck-ignorecves /tmp/vuln-cves|sort|uniq -u)"
+            if [ -n "$CVES" ]; then
+                echo >&2
+                echo "***" govulncheck CVES that are not ignored: $CVES "***" >&2
+                echo >&2
+                set -x
+                $HOME/go/bin/govulncheck -show verbose ./...
+            fi
 
       - name: Build Source
         run: go build ./...
diff --git a/.govulncheck-ignorecves b/.govulncheck-ignorecves
@@ -0,0 +1,2 @@
+GO-2025-3373
+GO-2025-3420
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/sebdah/goldie/v2 v2.5.5
 	github.com/sigstore/sigstore v1.8.12
 	github.com/spf13/cobra v1.8.1
-	github.com/spf13/pflag v1.0.5
+	github.com/spf13/pflag v1.0.6
 )
 
 require (
diff --git a/go.sum b/go.sum
@@ -63,8 +63,9 @@ github.com/sigstore/sigstore v1.8.12 h1:S8xMVZbE2z9ZBuQUEG737pxdLjnbOIcFi5v9UFfk
 github.com/sigstore/sigstore v1.8.12/go.mod h1:+PYQAa8rfw0QdPpBcT+Gl3egKD9c+TUgAlF12H3Nmjo=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ require (`
`11`	`11`	`github.com/sebdah/goldie/v2 v2.5.5`
`12`	`12`	`github.com/sigstore/sigstore v1.8.12`
`13`	`13`	`github.com/spf13/cobra v1.8.1`
`14`		`- github.com/spf13/pflag v1.0.5`
	`14`	`+ github.com/spf13/pflag v1.0.6`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`require (`