release: 3.5.3

- https://github.com/rhysd/actionlint is cool

.github/actionlint-matcher.json

@@ -0,0 +1,17 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "actionlint",
+      "pattern": [
+        {
+          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
+          "file": 1,
+          "line": 2,
+          "column": 3,
+          "message": 4,
+          "code": 5
+        }
+      ]
+    }
+  ]
+}

.github/workflows/cd.yml

@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: cd
 
@@ -10,11 +11,11 @@ jobs:
   release-dockerimage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Extract dyndnsd version from tag name
       run: |
-        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV
+        echo "DYNDNSD_VERSION=${GITHUB_REF#refs/*/v}" >> "$GITHUB_ENV"
 
     - name: Wait for dyndnsd ${{ env.DYNDNSD_VERSION }} gem to be available
       run: |
@@ -22,6 +23,7 @@ jobs:
         for retry in $(seq 1 5); do
           echo "Checking if dyndnsd $DYNDNSD_VERSION gem is retrievable from rubygems.org (try #$retry)..."
           sudo gem install dyndnsd -v "$DYNDNSD_VERSION"
+          # shellcheck disable=SC2181
           if [ $? -eq 0 ]; then
             exit 0
           fi

.github/workflows/ci.yml

@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: ci
 
@@ -22,7 +23,7 @@ jobs:
         - '3.0'
         - '3.1'
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Ruby ${{ matrix.ruby-version }}
       uses: ruby/setup-ruby@v1
       with:
@@ -32,3 +33,13 @@ jobs:
     - name: Lint and Test
       run: |
         bundle exec rake ci
+
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Check workflow files
+      run: |
+        echo "::add-matcher::.github/actionlint-matcher.json"
+        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+        ./actionlint

.github/workflows/dockerhub.yml

@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: dockerhub
 

.github/workflows/vulnscan.yml

@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
 name: vulnscan
 
@@ -10,15 +11,14 @@ jobs:
   scan-released-dockerimages:
     runs-on: ubuntu-latest
     env:
-      TRIVY_LIGHT: 'true'
       TRIVY_IGNORE_UNFIXED: 'true'
       TRIVY_REMOVED_PKGS: 'true'
     steps:
     - name: Install Trivy
       run: |
-        mkdir -p $GITHUB_WORKSPACE/bin
+        mkdir -p "$GITHUB_WORKSPACE/bin"
         echo "$GITHUB_WORKSPACE/bin" >> "$GITHUB_PATH"
-        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b $GITHUB_WORKSPACE/bin
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b "$GITHUB_WORKSPACE/bin"
     - name: Download Trivy DB
       run: |
         trivy image --download-db-only

CHANGELOG.md

@@ -1,6 +1,24 @@
 # Changelog
 
-## 3.5.0 (January 8, 2021)
+## 3.5.3 (May 5th, 2022)
+
+OTHER:
+
+- re-release 3.5.2 to rebuild Docker image with security vulnerabilities fixes
+
+## 3.5.2 (April 7th, 2022)
+
+OTHER:
+
+- re-release 3.5.1 to rebuild Docker image with security vulnerabilities fixes
+
+## 3.5.1 (February 17th, 2022)
+
+OTHER:
+
+- re-release 3.5.0 to rebuild Docker image with security vulnerabilities fixes
+
+## 3.5.0 (January 8th, 2022)
 
 IMPROVEMENTS:
 

Rakefile

@@ -22,10 +22,10 @@ namespace :solargraph do
 end
 
 # renovate: datasource=github-tags depName=hadolint/hadolint
-hadolint_version = 'v2.8.0'
+hadolint_version = 'v2.10.0'
 
 # renovate: datasource=github-tags depName=aquasecurity/trivy
-trivy_version = 'v0.22.0'
+trivy_version = 'v0.27.1'
 
 namespace :docker do
   ci_image = 'cmur2/dyndnsd:ci'
@@ -47,7 +47,7 @@ namespace :docker do
   task :scan do
     ver = trivy_version.gsub('v', '')
     sh "if [ ! -e ./trivy ]; then wget -q -O - https://github.com/aquasecurity/trivy/releases/download/v#{ver}/trivy_#{ver}_Linux-64bit.tar.gz | tar -xzf - trivy; fi"
-    sh "./trivy #{ci_image}"
+    sh "./trivy image #{ci_image}"
   end
 
   desc 'End-to-end test the CI Docker image'

docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15.0
+FROM alpine:3.15.4
 
 EXPOSE 5353 8080
 

docker/ci/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15.0
+FROM alpine:3.15.4
 
 EXPOSE 5353 8080
 

dyndnsd.gemspec

@@ -41,8 +41,8 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rack-test'
   s.add_development_dependency 'rake'
   s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rubocop', '~> 1.24.0'
+  s.add_development_dependency 'rubocop', '~> 1.28.1'
   s.add_development_dependency 'rubocop-rake', '~> 0.6.0'
-  s.add_development_dependency 'rubocop-rspec', '~> 2.7.0'
+  s.add_development_dependency 'rubocop-rspec', '~> 2.10.0'
   s.add_development_dependency 'solargraph', '~> 0.44.0'
 end

lib/dyndnsd/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Dyndnsd
-  VERSION = '3.5.0'
+  VERSION = '3.5.3'
 end