bryk-io
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependency-review.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/maintenance.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/maintenance.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.gitleaksignore‎
Lines changed: 13 additions & 12 deletions b/‎.gitleaksignore‎
Lines changed: 13 additions & 12 deletions
diff --git a/‎Makefile‎
Lines changed: 2 additions & 1 deletion b/‎Makefile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎buf.gen.yaml‎
Lines changed: 3 additions & 3 deletions b/‎buf.gen.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎buf.lock‎
Lines changed: 2 additions & 2 deletions b/‎buf.lock‎
Lines changed: 2 additions & 2 deletions
@@ -127,7 +127,7 @@ jobs:
         id: buf-setup
         uses: bufbuild/buf-action@8f4a1456a0ab6a1eb80ba68e53832e6fcfacc16c # v1.3.0
         with:
-          version: 1.59.0
+          version: 1.62.1
           lint: true
           format: true
           breaking: ${{ !contains(env.commit_msg, '[skip buf-breaking]') }}
 
@@ -52,7 +52,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,7 +62,7 @@ jobs:
 
       # Auto build attempts to build any compiled languages  (C/C++, C#, or Java).
       - name: Auto build
-        uses: github/codeql-action/autobuild@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
 
       # Run manual build only if auto-build fails
       - name: Manual build
@@ -75,4 +75,4 @@ jobs:
       # Can be excluded if the commit message contains: [skip codeql]
       - name: Perform CodeQL analysis
         if: ${{ !contains(env.commit_msg, '[skip codeql]') }}
-        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
@@ -26,4 +26,4 @@ jobs:
       # Scan dependencies
       # https://github.com/actions/dependency-review-action
       - name: Dependency review
-        uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
@@ -18,7 +18,7 @@ jobs:
           egress-policy: audit
 
       - name: Tag stale issues and PRs
-        uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
+        uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
         with:
           # On the 'debug' mode the action will not perform any operation.
           # Add the secret ACTIONS_STEP_DEBUG with a value of 'true' in the repository.
 
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload results to code-scanning
-        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
         with:
           sarif_file: results.sarif
@@ -6,6 +6,9 @@
 # Deps
 vendor/**
 
+# Buf dependencies; updated with: `buf export --all -o .buf-deps`
+.buf-deps
+
 # NodeJS
 node_modules
 package-lock.json
 
@@ -1,12 +1,13 @@
-4b14aa74b3347c928b8bd70114dfe362a6ba0353:net/drpc/testdata/server.sample_key:private-key:1
-4b14aa74b3347c928b8bd70114dfe362a6ba0353:net/drpc/testdata/ca.sample_key:private-key:1
-4b14aa74b3347c928b8bd70114dfe362a6ba0353:net/drpc/testdata/bad.sample_key:private-key:1
-0cda6a8918625e28ce256d15572c36588eaab413:did/key_type.go:generic-api-key:28
-97f3b9cf16c95dd95126df996450f3bbd5a226fb:net/rpc/testdata/server.sample_key:private-key:1
-97f3b9cf16c95dd95126df996450f3bbd5a226fb:net/rpc/testdata/ca.sample_key:private-key:1
-97f3b9cf16c95dd95126df996450f3bbd5a226fb:net/rpc/testdata/bad.sample_key:private-key:1
-4213b06c2ecb968182d8d13343be82ca9e5a365c:net/http/testdata/ca.sample_key:private-key:1
-4213b06c2ecb968182d8d13343be82ca9e5a365c:net/http/testdata/server.sample_key:private-key:1
-2096763359dba6025823f5676a0eb092f8caebee:net/loader/testdata/server.sample_key:private-key:1
-2096763359dba6025823f5676a0eb092f8caebee:net/loader/testdata/ca.sample_key:private-key:1
-73c3f9b6f09f1bf8361ef60719791364eec14b87:buf.yaml:generic-api-key:17
+buf.yaml:generic-api-key:5
+buf.yaml:generic-api-key:17
+net/loader/testdata/ca.sample_key:private-key:1
+net/loader/testdata/server.sample_key:private-key:1
+net/http/testdata/ca.sample_key:private-key:1
+net/http/testdata/server.sample_key:private-key:1
+net/rpc/testdata/bad.sample_key:private-key:1
+net/rpc/testdata/ca.sample_key:private-key:1
+net/rpc/testdata/server.sample_key:private-key:1
+did/key_type.go:generic-api-key:28
+net/drpc/testdata/bad.sample_key:private-key:1
+net/drpc/testdata/ca.sample_key:private-key:1
+net/drpc/testdata/server.sample_key:private-key:1
@@ -45,7 +45,6 @@ fuzz:
 lint:
 	# Go code
 	golangci-lint run -v ./$(pkg)
-	semgrep --config "p/trailofbits"
 
 ## protos: Compile all protobuf definitions and RPC services
 protos:
@@ -63,9 +62,11 @@ scan-ci:
 # https://go.googlesource.com/vuln
 scan-deps:
 	govulncheck -mode source -scan package ./...
+	semgrep --config "p/trailofbits"
 
 ## scan-secrets: Scan project code for accidentally leaked secrets
 # https://gitleaks.io
+# gitleaks dir --no-banner -f json -r - | jq -r '.[].Fingerprint' > .gitleaksignore
 scan-secrets:
 	gitleaks git -v
 
 
@@ -20,16 +20,16 @@ plugins:
     out: .
     opt:
       - paths=source_relative
-  - remote: buf.build/grpc/go:v1.5.1
+  - remote: buf.build/grpc/go:v1.6.0
     out: .
     opt:
       - paths=source_relative
       - require_unimplemented_servers=true
-  - remote: buf.build/grpc-ecosystem/openapiv2:v2.27.3
+  - remote: buf.build/grpc-ecosystem/openapiv2:v2.27.4
     out: .
     opt:
       - logtostderr=true
-  - remote: buf.build/grpc-ecosystem/gateway:v2.27.3
+  - remote: buf.build/grpc-ecosystem/gateway:v2.27.4
     out: .
     opt:
       - paths=source_relative
 
@@ -8,5 +8,5 @@ deps:
     commit: 61b203b9a9164be9a834f58c37be6f62
     digest: b5:7811a98b35bd2e4ae5c3ac73c8b3d9ae429f3a790da15de188dc98fc2b77d6bb10e45711f14903af9553fa9821dff256054f2e4b7795789265bc476bec2f088c
   - name: buf.build/grpc-ecosystem/grpc-gateway
-    commit: 4c5ba75caaf84e928b7137ae5c18c26a
-    digest: b5:c113e62fb3b29289af785866cae062b55ec8ae19ab3f08f3004098928fbca657730a06810b2012951294326b95669547194fa84476b9e9b688d4f8bf77a0691d
+    commit: 6467306b4f624747aaf6266762ee7a1c
+    digest: b5:c2caa61467d992749812c909f93c07e9a667da33c758a7c1973d63136c23b3cafcc079985b12cdf54a10049ed3297418f1eda42cdffdcf34113792dcc3a990af