From 22f1dca17512505e2f483bd8a5dd4e6fb921da3a Mon Sep 17 00:00:00 2001 From: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> Date: Mon, 28 Oct 2024 10:36:58 -0400 Subject: [PATCH] Update to Go 1.23 (#139) * Update to Go 1.23 Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> * Raise Grype severity cutoff level Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> * Update Grype workflow action Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> * Update setup-go Go version Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> * Force usage of Go 1.23.2 in build job Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> --------- Signed-off-by: Jeffrey Friedman <20387583+jeffreyfriedman@users.noreply.github.com> --- .github/workflows/build.yml | 7 ++++--- go.mod | 4 +--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf31259..d848e8b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,8 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: '1.21' + # Force version to solve cache restore issue: https://github.com/actions/setup-go/issues/506 + go-version: 1.23.2 check-latest: true # https://github.com/actions/setup-go#check-latest-version cache: true # https://github.com/actions/setup-go#caching-dependency-files-and-build-outputs @@ -51,11 +52,11 @@ jobs: - name: Grype scan id: scan - uses: anchore/scan-action@v3 + uses: anchore/scan-action@v5 with: path: "." fail-build: true - severity-cutoff: negligible + severity-cutoff: medium output-format: sarif - name: Upload SARIF report diff --git a/go.mod b/go.mod index 0b0260a..181f68d 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/rad-security/kbom -go 1.22.0 - -toolchain go1.22.3 +go 1.23 require ( github.com/CycloneDX/cyclonedx-go v0.7.2