Bump dependencies

.github/dependabot.yml

@@ -6,5 +6,9 @@ updates:
       interval: daily
   - package-ecosystem: gomod
     directory: lambda
+    schedule:
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: /
     schedule:
       interval: daily

.github/workflows/pr.yml

@@ -10,18 +10,18 @@ on:
 
 jobs:
   golang:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Go
         id: setup
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v6
         with:
-          go-version: '1.21.x'
+          go-version-file: 'lambda/go.mod'
 
       - name: Install dependencies
         id: deps
@@ -41,18 +41,16 @@ jobs:
         run: go test ./... -cover
 
   terraform:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup Terraform
         id: setup
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: '1.5.7'
+        uses: hashicorp/setup-terraform@v3
 
       - name: Terraform Format
         id: format
@@ -66,17 +64,26 @@ jobs:
         id: validate
         run: terraform validate
 
-      - name: tfsec
-        id: tfsec
-        uses: aquasecurity/tfsec-action@b466648d6e39e7c75324f25d83891162a721f2d6 # v1.0.3
+      - name: Trivy Scan Config
+        id: trivy-config
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: 'config'
+          scan-ref: '.'
+
+      - name: Trivy Scan Filesystem
+        id: trivy-fs
+        uses: aquasecurity/trivy-action@0.33.1
         with:
-          github_token: ${{ github.token }}
+          scan-type: 'fs'
+          scan-ref: '.'
+          skip-setup-trivy: true
 
       - name: Setup TFLint
         id: tflint-setup
-        uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
+        uses: terraform-linters/setup-tflint@v6.2.1
         with:
-          tflint_version: v0.48.0
+          tflint_version: 'latest'
 
       - name: Init TFLint
         id: tflint-init

lambda.tf

@@ -65,22 +65,26 @@ resource "aws_iam_role_policy_attachment" "xray" {
   role       = aws_iam_role.lambda_role.name
 }
 
-resource "null_resource" "build_lambda" {
+resource "terraform_data" "build_lambda" {
   provisioner "local-exec" {
     working_dir = "lambda"
     command     = "GOARCH=${var.architecture} GOOS=linux go build -o bootstrap main.go"
   }
 
-  triggers = {
+  triggers_replace = {
     always_run = timestamp()
   }
 }
 
 data "archive_file" "lambda_zip" {
-  depends_on  = [null_resource.build_lambda]
-  type        = "zip"
-  source_file = "${path.module}/lambda/bootstrap"
   output_path = "lambda/lambda.zip"
+  source_file = "${path.module}/lambda/bootstrap"
+
+  type = "zip"
+
+  depends_on = [
+    terraform_data.build_lambda
+  ]
 }
 
 # tfsec:ignore:aws-lambda-enable-tracing Tracing is optional.

lambda/go.mod

@@ -1,47 +1,61 @@
 module opa_lambda
 
-go 1.21
-toolchain go1.24.1
+go 1.24.6
 
 require (
-	github.com/aws/aws-lambda-go v1.47.0
-	github.com/aws/aws-sdk-go v1.55.6
-	github.com/open-policy-agent/opa v1.3.0
-	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.10.0
+	github.com/aws/aws-lambda-go v1.52.0
+	github.com/aws/aws-sdk-go v1.55.8
+	github.com/open-policy-agent/opa v1.13.1
+	github.com/sirupsen/logrus v1.9.4
+	github.com/stretchr/testify v1.11.1
 )
 
 require (
 	github.com/agnivade/levenshtein v1.2.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.4 // indirect
+	github.com/lestrrat-go/dsig v1.0.0 // indirect
+	github.com/lestrrat-go/dsig-secp256k1 v1.0.0 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc/v3 v3.0.4 // indirect
+	github.com/lestrrat-go/jwx/v3 v3.0.13 // indirect
+	github.com/lestrrat-go/option/v2 v2.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/client_golang v1.21.1 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
-	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
+	github.com/prometheus/client_golang v1.23.2 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.67.5 // indirect
+	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20250401214520-65e299d6c5c9 // indirect
+	github.com/segmentio/asm v1.2.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/tchap/go-patricia/v2 v2.3.2 // indirect
+	github.com/tchap/go-patricia/v2 v2.3.3 // indirect
+	github.com/valyala/fastjson v1.6.7 // indirect
+	github.com/vektah/gqlparser/v2 v2.5.31 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/otel v1.35.0 // indirect
-	go.opentelemetry.io/otel/metric v1.35.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
-	go.opentelemetry.io/otel/trace v1.35.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.3 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/crypto v0.47.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	google.golang.org/protobuf v1.36.11 // indirect
+	gopkg.in/ini.v1 v1.67.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
 )