diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index b818cd3e..29816519 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -385,7 +385,7 @@ jobs: - name: Upload Trivy SARIF to GitHub Security if: always() && steps.trivy-sarif-check.outputs.exists == 'true' # github/codeql-action v4 - uses: github/codeql-action/upload-sarif@1a97b0f94ec9297d6f58aefe5a6b5441c045bed4 + uses: github/codeql-action/upload-sarif@1dbebad653b49a8cce7da97e33aa7a9e33a82651 with: sarif_file: 'trivy-binary-results.sarif' category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event_name == 'workflow_run' && github.event.workflow_run.head_branch || github.ref_name) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }} diff --git a/backend/go.mod b/backend/go.mod index be19ceb1..e1765e3b 100644 --- a/backend/go.mod +++ b/backend/go.mod @@ -16,8 +16,8 @@ require ( github.com/robfig/cron/v3 v3.0.1 github.com/sirupsen/logrus v1.9.4 github.com/stretchr/testify v1.11.1 - golang.org/x/crypto v0.48.0 - golang.org/x/net v0.51.0 + golang.org/x/crypto v0.49.0 + golang.org/x/net v0.52.0 golang.org/x/text v0.35.0 golang.org/x/time v0.15.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 diff --git a/backend/go.sum b/backend/go.sum index 268f570d..174c134e 100644 --- a/backend/go.sum +++ b/backend/go.sum @@ -204,10 +204,14 @@ golang.org/x/arch v0.25.0 h1:qnk6Ksugpi5Bz32947rkUgDt9/s5qvqDPl/gBKdMJLE= golang.org/x/arch v0.25.0/go.mod h1:0X+GdSIP+kL5wPmpK7sdkEVTt2XoYP0cSjQSbZBwOi8= golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 701b64ee..5627fd2b 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -54,9 +54,9 @@ "@vitest/eslint-plugin": "^1.6.10", "@vitest/ui": "^4.1.0-beta.6", "autoprefixer": "^10.4.27", - "eslint": "^10.0.0", + "eslint": "^10.0.3", "eslint-import-resolver-typescript": "^4.4.4", - "eslint-plugin-import-x": "^4.16.1", + "eslint-plugin-import-x": "^4.16.2", "eslint-plugin-jsx-a11y": "^6.10.2", "eslint-plugin-no-unsanitized": "^4.1.5", "eslint-plugin-promise": "^7.2.1", diff --git a/frontend/package.json b/frontend/package.json index f0497a2c..faea336f 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -73,9 +73,9 @@ "@vitest/eslint-plugin": "^1.6.10", "@vitest/ui": "^4.1.0-beta.6", "autoprefixer": "^10.4.27", - "eslint": "^10.0.0", + "eslint": "^10.0.3", "eslint-import-resolver-typescript": "^4.4.4", - "eslint-plugin-import-x": "^4.16.1", + "eslint-plugin-import-x": "^4.16.2", "eslint-plugin-jsx-a11y": "^6.10.2", "eslint-plugin-no-unsanitized": "^4.1.5", "eslint-plugin-promise": "^7.2.1", @@ -100,13 +100,13 @@ "overrides": { "typescript": "^6.0.1-rc", "eslint-plugin-react-hooks": { - "eslint": "^10.0.0" + "eslint": "^10.0.3" }, "eslint-plugin-jsx-a11y": { - "eslint": "^10.0.0" + "eslint": "^10.0.3" }, "eslint-plugin-promise": { - "eslint": "^10.0.0" + "eslint": "^10.0.3" }, "@vitejs/plugin-react": { "vite": "8.0.0-beta.18"