From ec84672f0480e4c41d0a71f48b9541ce9ec09f9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Nov 2023 10:19:07 +0000
Subject: [PATCH 1/3] ci: Bump actions/setup-go from 2 to 4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/release.yaml                 | 2 +-
 .github/workflows/static-unit-integration.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 43d4d18..4dbd815 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -55,7 +55,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GO_VERSION }}
 
diff --git a/.github/workflows/static-unit-integration.yaml b/.github/workflows/static-unit-integration.yaml
index 4654936..a2f7d06 100644
--- a/.github/workflows/static-unit-integration.yaml
+++ b/.github/workflows/static-unit-integration.yaml
@@ -11,7 +11,7 @@ jobs:
         platform: [ubuntu-latest]
     runs-on: ${{ matrix.platform }}
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go-version }}
 
@@ -47,7 +47,7 @@ jobs:
         platform: [ubuntu-latest]
     runs-on: ${{ matrix.platform }}
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v4
         with:
           go-version: ${{ matrix.go-version }}
 

From 2f6b5737854512e77ce8520ba810adc14fac36b5 Mon Sep 17 00:00:00 2001
From: Bradley Jones <bradley.jones@anchore.com>
Date: Wed, 8 Nov 2023 11:13:03 +0000
Subject: [PATCH 2/3] chore: bump bouncer version to v0.4.0

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 7158612..c5444cc 100644
--- a/Makefile
+++ b/Makefile
@@ -19,7 +19,7 @@ COVERAGE_THRESHOLD := 50
 CLUSTER_NAME=anchore-k8s-inventory-testing
 
 GOLANG_CI_VERSION=v1.52.2
-GOBOUNCER_VERSION=v0.3.0
+GOBOUNCER_VERSION=v0.4.0
 GORELEASER_VERSION=v1.18.2
 
 ## Build variables

From 1ff06bdfa6dcf99afb4ac47862484019e3cb6b26 Mon Sep 17 00:00:00 2001
From: Bradley Jones <bradley.jones@anchore.com>
Date: Wed, 8 Nov 2023 13:09:20 +0000
Subject: [PATCH 3/3] chore: add boring crypto to bouncer ignore list

Signed-off-by: Bradley Jones <bradley.jones@anchore.com>
---
 .bouncer.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.bouncer.yaml b/.bouncer.yaml
index 119d1c7..9a3447d 100644
--- a/.bouncer.yaml
+++ b/.bouncer.yaml
@@ -6,4 +6,6 @@ permit:
   - ISC
 ignore-packages:
   # packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
-  - github.com/package-url/packageurl-go
\ No newline at end of file
+  - github.com/package-url/packageurl-go
+  # crypto/internal/boring is released under the openSSL license as a part of the Golang Standard Libary
+  - crypto/internal/boring