From 19a6a46281b43cc89bd14511550df6b664a9cf3b Mon Sep 17 00:00:00 2001
From: Brandon Mitchell <git@bmitch.net>
Date: Sun, 6 Apr 2025 09:03:29 -0400
Subject: [PATCH] Version bump

- Go to v1.24.2
- ECR Helper to latest commit
- anchore/syft to v1.22.0
- library/registry to v3.0.0
- securego/gosec to v2.22.3
- google/osv-scanner to v2.0.1

Signed-off-by: Brandon Mitchell <git@bmitch.net>
---
 .github/workflows/docker.yml      |  2 +-
 .github/workflows/go.yml          |  2 +-
 .osv-scanner.toml                 |  2 +-
 .version-bump.lock                | 22 +++++++++++-----------
 Makefile                          | 10 +++++-----
 build/Dockerfile.regbot           |  4 ++--
 build/Dockerfile.regbot.buildkit  |  4 ++--
 build/Dockerfile.regctl           |  4 ++--
 build/Dockerfile.regctl.buildkit  |  4 ++--
 build/Dockerfile.regsync          |  4 ++--
 build/Dockerfile.regsync.buildkit |  4 ++--
 11 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index f48ffbe..7a2ee46 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -128,7 +128,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
       id: syft
       with:
-        syft-version: "v1.21.0"
+        syft-version: "v1.22.0"
     
     # Dogfooding, use regctl to modify regclient images to improve reproducibility
     - name: Install regctl
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 753b1be..c8a5b35 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -63,7 +63,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
       id: syft
       with:
-        syft-version: "v1.21.0"
+        syft-version: "v1.22.0"
 
     - name: Build artifacts
       if: startsWith( github.ref, 'refs/tags/v' ) || github.ref == 'refs/heads/main'
diff --git a/.osv-scanner.toml b/.osv-scanner.toml
index 4187746..16c27b4 100644
--- a/.osv-scanner.toml
+++ b/.osv-scanner.toml
@@ -1 +1 @@
-GoVersionOverride = "1.24.1"
+GoVersionOverride = "1.24.2"
diff --git a/.version-bump.lock b/.version-bump.lock
index eab3a1e..ad3fc3b 100644
--- a/.version-bump.lock
+++ b/.version-bump.lock
@@ -1,9 +1,9 @@
 {"name":"docker-arg-alpine-digest","key":"docker.io/library/alpine:3.21.3","version":"sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c"}
 {"name":"docker-arg-alpine-tag","key":"docker.io/library/alpine","version":"3.21.3"}
-{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c"}
+{"name":"docker-arg-ecr","key":"https://github.com/awslabs/amazon-ecr-credential-helper.git:main","version":"a72d01f94f8baa4d6aac3e2a005c85d86c75f406"}
 {"name":"docker-arg-gcr","key":"https://github.com/GoogleCloudPlatform/docker-credential-gcr.git","version":"v2.1.27"}
-{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.24.1-alpine","version":"sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386"}
-{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.24.1"}
+{"name":"docker-arg-go-digest","key":"docker.io/library/golang:1.24.2-alpine","version":"sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee"}
+{"name":"docker-arg-go-tag","key":"docker.io/library/golang","version":"1.24.2"}
 {"name":"docker-arg-lunajson","key":"https://github.com/grafi-tt/lunajson.git:master","version":"3d10600874527d71519b33ecbb314eb93ccd1df6"}
 {"name":"docker-arg-semver","key":"https://github.com/kikito/semver.lua.git:master","version":"a4b708ba243208d46e575da870af969dca46a94d"}
 {"name":"gha-alpine-digest","key":"docker.io/library/alpine:3.21.3","version":"sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c"}
@@ -12,7 +12,7 @@
 {"name":"gha-cosign-version","key":"https://github.com/sigstore/cosign.git","version":"v2.4.3"}
 {"name":"gha-golang-matrix","key":"golang-matrix","version":"[\"1.22\", \"1.23\", \"1.24\"]"}
 {"name":"gha-golang-release","key":"golang-latest","version":"1.24"}
-{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.21.0"}
+{"name":"gha-syft-version","key":"docker.io/anchore/syft","version":"v1.22.0"}
 {"name":"gha-uses-commit","key":"https://github.com/actions/checkout.git:v4.2.2","version":"11bd71901bbe5b1630ceea73d27597364c9af683"}
 {"name":"gha-uses-commit","key":"https://github.com/actions/setup-go.git:v5.4.0","version":"0aaccfd150d50ccaeb58ebd88d36e91967a5f35b"}
 {"name":"gha-uses-commit","key":"https://github.com/actions/stale.git:v9.1.0","version":"5bef64f19d7facfb25b37b414482c7164d639639"}
@@ -35,18 +35,18 @@
 {"name":"gha-uses-semver","key":"https://github.com/sigstore/cosign-installer.git","version":"v3.8.1"}
 {"name":"gha-uses-semver","key":"https://github.com/softprops/action-gh-release.git","version":"v2.2.1"}
 {"name":"go-mod-golang-release","key":"golang-oldest","version":"1.22"}
-{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"2.8.3"}
+{"name":"makefile-ci-distribution","key":"docker.io/library/registry","version":"3.0.0"}
 {"name":"makefile-ci-zot","key":"ghcr.io/project-zot/zot-linux-amd64","version":"v2.1.2"}
 {"name":"makefile-go-vulncheck","key":"https://go.googlesource.com/vuln.git","version":"v1.1.4"}
 {"name":"makefile-gomajor","key":"https://github.com/icholy/gomajor.git","version":"v0.14.0"}
-{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.22.2"}
+{"name":"makefile-gosec","key":"https://github.com/securego/gosec.git","version":"v2.22.3"}
 {"name":"makefile-markdown-lint","key":"docker.io/davidanson/markdownlint-cli2","version":"v0.17.2"}
-{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.0.0"}
+{"name":"makefile-osv-scanner","key":"https://github.com/google/osv-scanner.git","version":"v2.0.1"}
 {"name":"makefile-staticcheck","key":"https://github.com/dominikh/go-tools.git","version":"v0.6.1"}
-{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.21.0","version":"sha256:eaf0517f7dcd9a29915eabb2c007dbc65b2f3f31f6e17906717e506d1d37a1c0"}
-{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.21.0"}
-{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.21.0"}
-{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.24.1"}
+{"name":"makefile-syft-container-digest","key":"anchore/syft:v1.22.0","version":"sha256:b7b38b51897feb0a8118bbfe8e43a1eb94aaef31f8d0e4663354e42834a12126"}
+{"name":"makefile-syft-container-tag","key":"anchore/syft","version":"v1.22.0"}
+{"name":"makefile-syft-version","key":"docker.io/anchore/syft","version":"v1.22.0"}
+{"name":"osv-golang-release","key":"docker.io/library/golang","version":"1.24.2"}
 {"name":"shell-alpine-digest","key":"docker.io/library/alpine:3.21.3","version":"sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c"}
 {"name":"shell-alpine-tag-base","key":"docker.io/library/alpine","version":"3"}
 {"name":"shell-alpine-tag-comment","key":"docker.io/library/alpine","version":"3.21.3"}
diff --git a/Makefile b/Makefile
index c87eb1c..c05ccca 100644
--- a/Makefile
+++ b/Makefile
@@ -35,13 +35,13 @@ ifeq "$(strip $(VER_BUMP))" ''
 endif
 MARKDOWN_LINT_VER?=v0.17.2
 GOMAJOR_VER?=v0.14.0
-GOSEC_VER?=v2.22.2
+GOSEC_VER?=v2.22.3
 GO_VULNCHECK_VER?=v1.1.4
-OSV_SCANNER_VER?=v2.0.0
+OSV_SCANNER_VER?=v2.0.1
 SYFT?=$(shell command -v syft 2>/dev/null)
 SYFT_CMD_VER:=$(shell [ -x "$(SYFT)" ] && echo "v$$($(SYFT) version | awk '/^Version: / {print $$2}')" || echo "0")
-SYFT_VERSION?=v1.21.0
-SYFT_CONTAINER?=anchore/syft:v1.21.0@sha256:eaf0517f7dcd9a29915eabb2c007dbc65b2f3f31f6e17906717e506d1d37a1c0
+SYFT_VERSION?=v1.22.0
+SYFT_CONTAINER?=anchore/syft:v1.22.0@sha256:b7b38b51897feb0a8118bbfe8e43a1eb94aaef31f8d0e4663354e42834a12126
 ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
 	SYFT=docker run --rm \
 		-v "$(shell pwd)/:$(shell pwd)/" -w "$(shell pwd)" \
@@ -49,7 +49,7 @@ ifneq "$(SYFT_CMD_VER)" "$(SYFT_VERSION)"
 		$(SYFT_CONTAINER)
 endif
 STATICCHECK_VER?=v0.6.1
-CI_DISTRIBUTION_VER?=2.8.3
+CI_DISTRIBUTION_VER?=3.0.0
 CI_ZOT_VER?=v2.1.2
 
 .PHONY: .FORCE
diff --git a/build/Dockerfile.regbot b/build/Dockerfile.regbot
index fb16269..062106b 100644
--- a/build/Dockerfile.regbot
+++ b/build/Dockerfile.regbot
@@ -1,7 +1,7 @@
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
 ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d
diff --git a/build/Dockerfile.regbot.buildkit b/build/Dockerfile.regbot.buildkit
index b3a00aa..51c4c52 100644
--- a/build/Dockerfile.regbot.buildkit
+++ b/build/Dockerfile.regbot.buildkit
@@ -2,8 +2,8 @@
 
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 ARG LUNAJSON_COMMIT=3d10600874527d71519b33ecbb314eb93ccd1df6
 ARG SEMVER_COMMIT=a4b708ba243208d46e575da870af969dca46a94d
diff --git a/build/Dockerfile.regctl b/build/Dockerfile.regctl
index b863af3..a374f3e 100644
--- a/build/Dockerfile.regctl
+++ b/build/Dockerfile.regctl
@@ -1,7 +1,7 @@
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 
 FROM ${REGISTRY}/library/golang:${GO_VER} AS golang
diff --git a/build/Dockerfile.regctl.buildkit b/build/Dockerfile.regctl.buildkit
index bd94aa6..5f115b6 100644
--- a/build/Dockerfile.regctl.buildkit
+++ b/build/Dockerfile.regctl.buildkit
@@ -2,8 +2,8 @@
 
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 
 FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang
diff --git a/build/Dockerfile.regsync b/build/Dockerfile.regsync
index 9d71dbd..486535f 100644
--- a/build/Dockerfile.regsync
+++ b/build/Dockerfile.regsync
@@ -1,7 +1,7 @@
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 
 FROM ${REGISTRY}/library/golang:${GO_VER} AS golang
diff --git a/build/Dockerfile.regsync.buildkit b/build/Dockerfile.regsync.buildkit
index 686746f..a810bcd 100644
--- a/build/Dockerfile.regsync.buildkit
+++ b/build/Dockerfile.regsync.buildkit
@@ -2,8 +2,8 @@
 
 ARG REGISTRY=docker.io
 ARG ALPINE_VER=3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
-ARG GO_VER=1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
-ARG ECR_HELPER_VER=abf9177720e144f3f8401f4df3dd2d2e9c2eaf5c
+ARG GO_VER=1.24.2-alpine@sha256:7772cb5322baa875edd74705556d08f0eeca7b9c4b5367754ce3f2f00041ccee
+ARG ECR_HELPER_VER=a72d01f94f8baa4d6aac3e2a005c85d86c75f406
 ARG GCR_HELPER_VER=v2.1.27
 
 FROM --platform=$BUILDPLATFORM ${REGISTRY}/library/golang:${GO_VER} AS golang