From 1766ab35c5a982eac9fb07288c947d13cbd37619 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 15:43:00 +0000 Subject: [PATCH 1/4] Bump github.com/code-gorilla-au/odize in the prod group Bumps the prod group with 1 update: [github.com/code-gorilla-au/odize](https://github.com/code-gorilla-au/odize). Updates `github.com/code-gorilla-au/odize` from 1.3.4 to 1.3.5 - [Release notes](https://github.com/code-gorilla-au/odize/releases) - [Commits](https://github.com/code-gorilla-au/odize/compare/v1.3.4...v1.3.5) --- updated-dependencies: - dependency-name: github.com/code-gorilla-au/odize dependency-version: 1.3.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 5200d2b..ff9d0ba 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/code-gorilla-au/fetch go 1.25.3 -require github.com/code-gorilla-au/odize v1.3.4 +require github.com/code-gorilla-au/odize v1.3.5 require ( github.com/code-gorilla-au/env v1.1.1 // indirect diff --git a/go.sum b/go.sum index e6bc460..eda0e73 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,6 @@ github.com/code-gorilla-au/env v1.1.1 h1:4rkSwCnyymKh+KGAOPx3fEg9v2ZV5i9r92bSf7xvnCE= github.com/code-gorilla-au/env v1.1.1/go.mod h1:KE4Ymfz5MhMi7SX3ZKH4iMFAHsDCvwOV8WTzgpwzzE4= -github.com/code-gorilla-au/odize v1.3.4 h1:QHEM7v8/qH9R0QO6tVWh0yKr+VMv3RGC3PcIADwDGVA= -github.com/code-gorilla-au/odize v1.3.4/go.mod h1:Q6uRMcQWCPldPNtlxiaWdA78vaPibTLZIO5owiM96Cw= +github.com/code-gorilla-au/odize v1.3.5 h1:Bjb0c1NXRkbEppsCs2PSN4DHWy3yWIggTXdroibWF54= +github.com/code-gorilla-au/odize v1.3.5/go.mod h1:+PtShsIEca9bAfxltU00OVD75aR5NvtkpOW/HGHdi9w= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= From 60390069f6ebcead65a038d2f7eca0b1c21cb4c2 Mon Sep 17 00:00:00 2001 From: frag223 Date: Mon, 2 Mar 2026 07:35:13 +1100 Subject: [PATCH 2/4] adding prefix for deps --- .github/dependabot.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 9df3b0f..9e5a798 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -2,6 +2,8 @@ version: 2 updates: - package-ecosystem: gomod + commit-message: + prefix: "CHORE" directory: / schedule: interval: monthly From 398a6e88cacf2a620e2a5465824a68ee715799e7 Mon Sep 17 00:00:00 2001 From: frag223 Date: Mon, 2 Mar 2026 07:38:43 +1100 Subject: [PATCH 3/4] fixing vulnerability --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index ff9d0ba..b7b1282 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/code-gorilla-au/fetch -go 1.25.3 +go 1.25.5 require github.com/code-gorilla-au/odize v1.3.5 From 000064c92ff68ad409fc32d9ee7bae46d4ca0960 Mon Sep 17 00:00:00 2001 From: frag223 Date: Mon, 2 Mar 2026 07:45:21 +1100 Subject: [PATCH 4/4] removing trivy --- .github/workflows/pull-request.yaml | 7 ------- go.mod | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml index 97f07bb..dfebe42 100644 --- a/.github/workflows/pull-request.yaml +++ b/.github/workflows/pull-request.yaml @@ -19,13 +19,6 @@ jobs: with: fetch-depth: 0 - - name: Run Trivy vulnerability scanner in fs mode - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - scan-ref: '.' - trivy-config: trivy.yaml - golang: runs-on: ubuntu-latest steps: diff --git a/go.mod b/go.mod index b7b1282..22db793 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/code-gorilla-au/fetch -go 1.25.5 +go 1.25.7 require github.com/code-gorilla-au/odize v1.3.5