@@ -5,7 +5,7 @@ go 1.26.3
55require (
66 cuelang.org/go v0.16.0
77 github.com/CycloneDX/cyclonedx-go v0.10.0
8- github.com/MakeNowJust/heredoc v1 .0.0
8+ github.com/MakeNowJust/heredoc/v2 v2 .0.1
99 github.com/Maldris/go-billy-afero v0.0.0-20200815120323-e9d3de59c99a
1010 github.com/conforma/crds/api v0.1.7
1111 github.com/conforma/go-gather v1.2.0
@@ -29,7 +29,7 @@ require (
2929 github.com/open-policy-agent/opa v1.15.2
3030 github.com/package-url/packageurl-go v0.1.3
3131 github.com/qri-io/jsonpointer v0.1.1
32- github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
32+ github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
3333 github.com/secure-systems-lab/go-securesystemslib v0.10.0
3434 github.com/sigstore/cosign/v3 v3.0.4
3535 github.com/sigstore/rekor v1.5.0
@@ -102,20 +102,20 @@ require (
102102 github.com/agext/levenshtein v1.2.3 // indirect
103103 github.com/agnivade/levenshtein v1.2.1 // indirect
104104 github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect
105- github.com/alibabacloud-go/cr-20160607 v1 .0.1 // indirect
106- github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
107- github.com/alibabacloud-go/darabonba-openapi v0 .2.1 // indirect
105+ github.com/alibabacloud-go/cr-20160607/v2 v2 .0.0 // indirect
106+ github.com/alibabacloud-go/cr-20181201/v3 v3.1.2 // indirect
107+ github.com/alibabacloud-go/darabonba-openapi/v2 v2 .2.2 // indirect
108108 github.com/alibabacloud-go/debug v1.0.1 // indirect
109109 github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
110110 github.com/alibabacloud-go/openapi-util v0.1.1 // indirect
111111 github.com/alibabacloud-go/tea v1.2.2 // indirect
112- github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
112+ github.com/alibabacloud-go/tea-utils/v2 v2.0.9 // indirect
113113 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 // indirect
114114 github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
115115 github.com/aliyun/credentials-go v1.3.9 // indirect
116116 github.com/anchore/go-struct-converter v0.1.0 // indirect
117117 github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
118- github.com/apparentlymart/go-textseg/v15 v15 .0.0 // indirect
118+ github.com/apparentlymart/go-textseg/v16 v16 .0.0 // indirect
119119 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
120120 github.com/aws/aws-sdk-go-v2 v1.41.4 // indirect
121121 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.7 // indirect
@@ -145,8 +145,8 @@ require (
145145 github.com/blang/semver v3.5.1+incompatible // indirect
146146 github.com/bufbuild/protocompile v0.14.1 // indirect
147147 github.com/bytecodealliance/wasmtime-go/v39 v39.0.1 // indirect
148- github.com/cenkalti/backoff/v4 v4.3.0 // indirect
149- github.com/cenkalti/backoff/v5 v5 .0.3 // indirect
148+ github.com/cenkalti/backoff/v6 v6.0.1 // indirect
149+ github.com/cenkalti/backoff/v6 v6 .0.1 // indirect
150150 github.com/cespare/xxhash/v2 v2.3.0 // indirect
151151 github.com/chainguard-dev/git-urls v1.0.2 // indirect
152152 github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
@@ -196,7 +196,7 @@ require (
196196 github.com/gkampitakis/ciinfo v0.3.2 // indirect
197197 github.com/go-akka/configuration v0.0.0-20200606091224-a002c0330665 // indirect
198198 github.com/go-chi/chi/v5 v5.2.4 // indirect
199- github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
199+ github.com/go-git/gcfg/v2 v2.0.2 // indirect
200200 github.com/go-git/go-billy/v5 v5.9.0 // indirect
201201 github.com/go-ini/ini v1.67.0 // indirect
202202 github.com/go-jose/go-jose/v4 v4.1.4 // indirect
@@ -226,14 +226,14 @@ require (
226226 github.com/goccy/go-json v0.10.5 // indirect
227227 github.com/goccy/go-yaml v1.18.0 // indirect
228228 github.com/gogo/protobuf v1.3.2 // indirect
229- github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
229+ github.com/golang-jwt/jwt/v5 v5.3.1 // indirect
230230 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
231- github.com/golang/snappy v0 .0.4 // indirect
231+ github.com/golang/snappy v1 .0.0 // indirect
232232 github.com/google/cel-go v0.28.0 // indirect
233233 github.com/google/certificate-transparency-go v1.3.2 // indirect
234234 github.com/google/flatbuffers v25.2.10+incompatible // indirect
235235 github.com/google/gnostic-models v0.7.0 // indirect
236- github.com/google/go-github/v73 v73 .0.0 // indirect
236+ github.com/google/go-github/v88 v88 .0.0 // indirect
237237 github.com/google/go-jsonnet v0.22.0 // indirect
238238 github.com/google/go-querystring v1.2.0 // indirect
239239 github.com/google/s2a-go v0.1.9 // indirect
@@ -243,11 +243,11 @@ require (
243243 github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
244244 github.com/hashicorp/aws-sdk-go-base/v2 v2.0.0-beta.72 // indirect
245245 github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
246- github.com/hashicorp/go-getter v1.8.6 // indirect
246+ github.com/hashicorp/go-getter/v2 v2.2.3 // indirect
247247 github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
248248 github.com/hashicorp/go-version v1.9.0 // indirect
249249 github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
250- github.com/hashicorp/hcl v1.0.1-vault-7 // indirect
250+ github.com/hashicorp/hcl/v2 v2.24.0 // indirect
251251 github.com/hashicorp/hcl/v2 v2.23.0 // indirect
252252 github.com/huandu/go-clone v1.7.3 // indirect
253253 github.com/huandu/go-sqlbuilder v1.39.1 // indirect
@@ -257,7 +257,7 @@ require (
257257 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
258258 github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
259259 github.com/json-iterator/go v1.1.12 // indirect
260- github.com/jstemmer/go-junit-report v1.0 .0 // indirect
260+ github.com/jstemmer/go-junit-report/v2 v2.1 .0 // indirect
261261 github.com/kevinburke/ssh_config v1.2.0 // indirect
262262 github.com/klauspost/compress v1.18.6 // indirect
263263 github.com/klauspost/cpuid/v2 v2.3.0 // indirect
@@ -268,7 +268,7 @@ require (
268268 github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
269269 github.com/lestrrat-go/httpcc v1.0.1 // indirect
270270 github.com/lestrrat-go/httprc/v3 v3.0.2 // indirect
271- github.com/lestrrat-go/jwx/v3 v3 .0.13 // indirect
271+ github.com/lestrrat-go/jwx/v4 v4 .0.2 // indirect
272272 github.com/lestrrat-go/option/v2 v2.0.0 // indirect
273273 github.com/letsencrypt/boulder v0.20260223.0 // indirect
274274 github.com/logrusorgru/aurora v2.0.3+incompatible // indirect
@@ -303,7 +303,7 @@ require (
303303 github.com/olekukonko/tablewriter v1.1.2 // indirect
304304 github.com/opencontainers/go-digest v1.0.0 // indirect
305305 github.com/opencontainers/image-spec v1.1.1 // indirect
306- github.com/owenrumney/go-sarif/v2 v2 .3.3 // indirect
306+ github.com/owenrumney/go-sarif/v3 v3 .3.0 // indirect
307307 github.com/pelletier/go-toml/v2 v2.3.0 // indirect
308308 github.com/peterh/liner v1.2.2 // indirect
309309 github.com/pjbgf/sha1cd v0.6.0 // indirect
@@ -325,7 +325,7 @@ require (
325325 github.com/segmentio/asm v1.2.1 // indirect
326326 github.com/sergi/go-diff v1.4.0 // indirect
327327 github.com/shibumi/go-pathspec v1.3.0 // indirect
328- github.com/shirou/gopsutil/v3 v3.23.12 // indirect
328+ github.com/shirou/gopsutil/v4 v4.26.6 // indirect
329329 github.com/shoenig/go-m1cpu v0.1.6 // indirect
330330 github.com/shteou/go-ignore v0.3.1 // indirect
331331 github.com/sigstore/fulcio v1.8.4 // indirect
@@ -342,14 +342,14 @@ require (
342342 github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
343343 github.com/tchap/go-patricia/v2 v2.3.3 // indirect
344344 github.com/thales-e-security/pool v0.0.2 // indirect
345- github.com/theupdateframework/go-tuf v0.7.0 // indirect
345+ github.com/theupdateframework/go-tuf/v2 v2.4.2 // indirect
346346 github.com/theupdateframework/go-tuf/v2 v2.4.1 // indirect
347347 github.com/tidwall/gjson v1.18.0 // indirect
348348 github.com/tidwall/match v1.1.1 // indirect
349349 github.com/tidwall/pretty v1.2.1 // indirect
350350 github.com/tidwall/sjson v1.2.5 // indirect
351351 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
352- github.com/tjfoc/gmsm v1.4.1 // indirect
352+ github.com/tjfoc/gmsm/v2 v2.0.0 // indirect
353353 github.com/tklauser/go-sysconf v0.3.12 // indirect
354354 github.com/tklauser/numcpus v0.6.1 // indirect
355355 github.com/tmccombs/hcl2json v0.6.7 // indirect
@@ -367,7 +367,7 @@ require (
367367 github.com/yashtewari/glob-intersection v0.2.0 // indirect
368368 github.com/yusufpapurcu/wmi v1.2.3 // indirect
369369 github.com/zclconf/go-cty v1.16.2 // indirect
370- gitlab.com/gitlab-org/api/client-go v1.11 .0 // indirect
370+ gitlab.com/gitlab-org/api/client-go/v2 v2.44 .0 // indirect
371371 go.opentelemetry.io/auto/sdk v1.2.1 // indirect
372372 go.opentelemetry.io/contrib/detectors/gcp v1.39.0 // indirect
373373 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 // indirect
@@ -388,7 +388,7 @@ require (
388388 go.uber.org/automaxprocs v1.6.0 // indirect
389389 go.uber.org/multierr v1.11.0 // indirect
390390 go.uber.org/zap v1.28.0 // indirect
391- go.yaml.in/yaml/v2 v2.4.3 // indirect
391+ go.yaml.in/yaml/v3 v3.0.4 // indirect
392392 go.yaml.in/yaml/v3 v3.0.4 // indirect
393393 golang.org/x/crypto v0.53.0 // indirect
394394 golang.org/x/mod v0.36.0 // indirect
@@ -397,14 +397,14 @@ require (
397397 golang.org/x/term v0.44.0 // indirect
398398 golang.org/x/time v0.15.0 // indirect
399399 golang.org/x/tools v0.45.0 // indirect
400- gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
400+ gomodules.xyz/jsonpatch/v3 v3.0.1 // indirect
401401 google.golang.org/api v0.271.0 // indirect
402402 google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 // indirect
403403 google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
404404 google.golang.org/genproto/googleapis/rpc v0.0.0-20260406210006-6f92a3bedf2d // indirect
405405 google.golang.org/grpc v1.80.0 // indirect
406406 google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af // indirect
407- gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
407+ gopkg.in/evanphx/json-patch.v5 v5.9.11 // indirect
408408 gopkg.in/inf.v0 v0.9.1 // indirect
409409 gopkg.in/ini.v1 v1.67.1 // indirect
410410 gopkg.in/warnings.v0 v0.1.2 // indirect
0 commit comments