Skip to content

Commit ac08d43

Browse files
timbastintimbastin
committed
updates dependencies
1 parent a2c8e79 commit ac08d43

7 files changed

Lines changed: 796 additions & 542 deletions

File tree

go.mod

Lines changed: 117 additions & 113 deletions
Large diffs are not rendered by default.

go.sum

Lines changed: 257 additions & 0 deletions
Large diffs are not rendered by default.

nix/crane.nix

Lines changed: 4 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,32 +4,27 @@
44

55
buildGoModule rec {
66
pname = "crane";
7-
version = "0.21.3";
7+
version = "0.21.5";
88

99
src = fetchFromGitHub {
1010
owner = "google";
1111
repo = "go-containerregistry";
1212
rev = "v${version}";
13-
hash = "sha256-BfKiBjfL5th1TPpw6hpno04MffLnXmOVq7BsGUCkPT0=";
13+
hash = "sha256-2cC2fZe22K8mPIXa8YI1MgUlEn6p1z7RBEQhFjYNsxA=";
1414
};
1515

1616
# Source tree includes a vendor/ directory.
1717
vendorHash = null;
1818

19-
subPackages = [
20-
"cmd/crane"
21-
"cmd/gcrane"
22-
];
19+
subPackages = [ "cmd/crane" "cmd/gcrane" ];
2320

2421
ldflags = [
2522
"-s"
2623
"-w"
2724
"-X github.com/google/go-containerregistry/cmd/crane/cmd.Version=v${version}"
2825
"-X github.com/google/go-containerregistry/internal/version.Version=${version}"
2926
];
30-
env = {
31-
CGO_ENABLED = 0;
32-
};
27+
env = { CGO_ENABLED = 0; };
3328
nativeBuildInputs = [ installShellFiles ];
3429

3530
postInstall = "";

nix/devguard.nix

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,8 @@
3333
inherit src;
3434
# vendorHash differs per OS because `go mod vendor` applies build constraints.
3535
vendorHash = if lib.hasSuffix "-darwin" system
36-
then "sha256-dIdEIzV/ZPxbfKn73g8vydjqrP1osIGoq2hnqtqAaIo="
37-
else "sha256-vRd0SFu7i6NQOQCqLZDXaMxnMgq1TYjkD/fZsF3Q9NQ=";
36+
then "sha256-Z36CfY7CqDwnGaeT/3kr8+LL7Uu7Sg0E3nvvnUg8bcM="
37+
else "sha256-hxKsFo9eeLWcJQxrKGgzMpfzqQxZxk4dzrjTbMIgxMo=";
3838
inherit ldflags;
3939
buildFlags =
4040
[ "-trimpath" ]; # compiler-level flag, mirrors Makefile FLAGS

nix/python-tools/pyproject.toml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,12 @@ name = "devguard-scanner-tools"
33
version = "0.1.0"
44
requires-python = ">=3.13"
55
dependencies = [
6-
"semgrep==1.157.0",
7-
"checkov==3.2.517",
6+
"semgrep==1.161.0",
7+
"checkov==3.2.526",
88
]
99

1010
[tool.uv]
1111
# Pin transitive deps to versions that fix known CVEs.
1212
# These constraints are enforced during `uv lock` and captured in uv.lock —
1313
# no manual Nix overrides needed.
14-
constraint-dependencies = [
15-
"aiohttp==3.13.4",
16-
]
14+
constraint-dependencies = []

nix/python-tools/uv.lock

Lines changed: 410 additions & 410 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

nix/trivy.nix

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,19 @@
44

55
buildGoModule rec {
66
pname = "trivy";
7-
version = "0.69.3";
7+
version = "0.70.0";
88

99
src = fetchFromGitHub {
1010
owner = "aquasecurity";
1111
repo = "trivy";
1212
rev = "v${version}";
13-
hash = "sha256-lzFcLyrORA+1LxS4nzJVvilg29GTNiGRmnjJ47ev/yU=";
13+
hash = "sha256-xMj5xA/q3ekMW8k1aHCKa5hsYZSFShghOO5K6MnDCBo=";
1414
};
1515

1616
# vendor hash differs across Linux and Darwin builds — bypass the source
1717
# vendor dir entirely and fetch modules via the Go module proxy.
1818
proxyVendor = true;
19-
vendorHash = "sha256-aqSB2pakYH713GSbIAHwAL9Gio17MzZtwqfh9sbzDBs=";
19+
vendorHash = "sha256-VbkCDzSF8gHxXpzzNxtPVRqUn/4l0AVHNzlsOKmXNG8=";
2020

2121
subPackages = [ "cmd/trivy" ];
2222

0 commit comments

Comments
 (0)