fix: fix audit log resolver

Signed-off-by: Sarah Funkhouser <[email protected]>
theopenlane · Jan 13, 2025 · 048e685 · 048e685
1 parent 0f84319
commit 048e685
Show file tree

Hide file tree

Showing 131 changed files with 304 additions and 1,790 deletions.
diff --git a/fga/model/model.fga b/fga/model/model.fga
@@ -40,7 +40,7 @@ type organization
     define can_view: [service] or member or admin or owner or can_edit or can_view from parent
     # additional fine-grained permissions
     # allow owner and assigned users to view audit logs
-    define audit_log_viewer: [user] or owner or audit_log_viewer from parent
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     # allow members to invite other members
     define can_invite_members: [user] or member or can_edit or can_invite_members from parent
     # only allow users with edit access to the org to invite other admins
@@ -98,13 +98,14 @@ type group
     define can_edit: [service] or admin or owner from parent or can_edit from parent
     define can_view: [service] or member or admin or can_view from parent
     # additional fine-grained permissions
-    define audit_log_viewer: [user] or audit_log_viewer from parent
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
 # files have their permissions defined by the parent object (like a control or a procedure), users with access to the parent object will have access to the file
 type file
   relations
     define can_view: [user] or can_delete or can_edit or can_view from parent
     define can_edit: [user] or can_delete or can_edit from parent
     define can_delete: [user] or can_delete from parent
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, program, organization, control, procedure, group, template, document_data, contact, internal_policy, narrative]
 # programs are associated with an organization but do not inherit access from the organization with
 # the exception of the owner of the organization who will have access to all programs
@@ -131,7 +132,7 @@ type program
     # allow users or groups to be blocked from view + edit access
     define blocked: [user, group#member]
     # allow owner and assigned users to view audit logs
-    define audit_log_viewer: [user] or admin
+    define audit_log_viewer: ([user, service] or admin or audit_log_viewer from parent) and can_view
     # allow members to invite other members
     define can_invite_members: [user] or member or can_edit
     # only allow users with edit access to the org to invite other admins
@@ -146,6 +147,7 @@ type control
     define can_view: [user] or ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or ((can_edit from parent or editor) but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, program]
     define viewer: [group#member]
     define editor: [group#member]
@@ -157,6 +159,7 @@ type subcontrol
     define can_view: [user] or can_view from parent
     define can_edit: [user] or can_edit from parent
     define can_delete: [user] or can_delete from parent
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, control]
 # control objectives inherit access from the associated program or from associated groups
 # the control objective author will be assigned as an admin of the control objective
@@ -165,6 +168,7 @@ type control_objective
     define can_view: [user] or ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or ((can_edit from parent or editor) but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, program]
     define viewer: [group#member]
     define editor: [group#member]
@@ -177,6 +181,7 @@ type risk
     define can_view: [user] or ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or ((can_edit from parent or editor) but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, program]
     define viewer: [group#member]
     define editor: [group#member]
@@ -189,6 +194,7 @@ type narrative
     define can_view: [user] or ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or ((can_edit from parent or editor) but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, program]
     define viewer: [group#member]
     define editor: [group#member]
@@ -201,6 +207,7 @@ type internal_policy
     define can_view: ([user] and member from parent) or admin or ((can_view from parent or viewer) but not blocked)
     define can_edit: ([user] and member from parent) or admin or (editor but not blocked)
     define can_delete: ([user] and member from parent) or admin or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     # the parent of the policy will be the organization, not all permissions will be inherited
     define parent: [organization]
     # allow a user or service to be assigned to add edit permissions
@@ -219,6 +226,7 @@ type procedure
     define can_view: ([user] and member from parent) or admin or ((can_view from parent or viewer) but not blocked)
     define can_edit: ([user] and member from parent) or admin or (editor but not blocked)
     define can_delete: ([user] and member from parent) or admin or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     # the parent of the procedure will be the organization, not all permissions will be inherited
     define parent: [organization]
     # allow a user or service to be assigned to add edit permissions
@@ -238,6 +246,7 @@ type template
     define can_view: [user] or ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or (editor but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [organization]
     # allow a group to be assigned to add edit/view permissions for a set of users
     define editor: [group#member]
@@ -251,6 +260,7 @@ type document_data
     define can_view: [user] or  ((can_view from parent or viewer) but not blocked)
     define can_edit: [user] or ((can_edit from parent or editor) but not blocked)
     define can_delete: [user] or ((can_delete from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [template]
     # allow a group to be assigned to add edit/view permissions for a set of users
     define editor: [group#member]
@@ -263,6 +273,7 @@ type contact
   relations
     define can_view: ([user] and member from parent) or ((can_view from parent or viewer) but not blocked)
     define can_edit: ([user] and member from parent) or ((can_edit from parent or editor) but not blocked)
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define can_delete: ([user] and member from parent) or can_delete from parent
     # allow a group to be assigned to add edit permissions for a set of users
     define editor: [group#member]
@@ -278,4 +289,5 @@ type task
     define can_edit: [user, service] or assignee or can_delete or can_edit from parent
     define can_delete: [user, service] or can_delete from parent
     define assignee: [user]
+    define audit_log_viewer: ([user, service] or audit_log_viewer from parent) and can_view
     define parent: [user, service, program, organization, control, procedure, group, internal_policy, subcontrol, control_objective]
diff --git a/go.mod b/go.mod
@@ -65,10 +65,10 @@ require (
 	github.com/theopenlane/echo-prometheus v0.1.0
 	github.com/theopenlane/echox v0.2.1
 	github.com/theopenlane/emailtemplates v0.1.2
-	github.com/theopenlane/entx v0.3.1
+	github.com/theopenlane/entx v0.3.2-0.20250113041122-b17a779b1940
 	github.com/theopenlane/gqlgen-plugins v0.4.2
 	github.com/theopenlane/httpsling v0.2.2
-	github.com/theopenlane/iam v0.6.0
+	github.com/theopenlane/iam v0.6.1-0.20250113040833-db1e66d239bd
 	github.com/theopenlane/newman v0.1.2
 	github.com/theopenlane/riverboat v0.0.7
 	github.com/theopenlane/utils v0.4.2
@@ -255,8 +255,8 @@ require (
 	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
 	github.com/stbenjam/no-sprintf-host-port v0.2.0 // indirect
 	github.com/tdakkota/asciicheck v0.3.0 // indirect
-	github.com/testcontainers/testcontainers-go v0.34.0 // indirect
-	github.com/testcontainers/testcontainers-go/modules/openfga v0.34.0 // indirect
+	github.com/testcontainers/testcontainers-go v0.35.0 // indirect
+	github.com/testcontainers/testcontainers-go/modules/openfga v0.35.0 // indirect
 	github.com/tetafro/godot v1.4.18 // indirect
 	github.com/timakin/bodyclose v0.0.0-20241017074824-adbc21e6bf36 // indirect
 	github.com/timonwong/loggercheck v0.10.1 // indirect
@@ -368,7 +368,7 @@ require (
 	github.com/google/go-tpm v0.9.1 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
 	github.com/gookit/color v1.5.4
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -479,13 +479,13 @@ require (
 	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/sync v0.10.0
 	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/time v0.8.0 // indirect
+	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
-	google.golang.org/api v0.214.0 // indirect
+	google.golang.org/api v0.216.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 // indirect
 	google.golang.org/grpc v1.69.2 // indirect
-	google.golang.org/protobuf v1.36.1 // indirect
+	google.golang.org/protobuf v1.36.2 // indirect
 	gopkg.in/cheggaaa/pb.v2 v2.0.7
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1

diff --git a/go.sum b/go.sum
@@ -478,8 +478,8 @@ github.com/google/wire v0.6.0 h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=
 github.com/google/wire v0.6.0/go.mod h1:F4QhpQ9EDIdJ1Mbop/NZBRB+5yrR6qg3BnctaoUk6NA=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
-github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
-github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
+github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q=
+github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA=
 github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
 github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
@@ -955,10 +955,10 @@ github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA
 github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
 github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=
 github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
-github.com/testcontainers/testcontainers-go v0.34.0 h1:5fbgF0vIN5u+nD3IWabQwRybuB4GY8G2HHgCkbMzMHo=
-github.com/testcontainers/testcontainers-go v0.34.0/go.mod h1:6P/kMkQe8yqPHfPWNulFGdFHTD8HB2vLq/231xY2iPQ=
-github.com/testcontainers/testcontainers-go/modules/openfga v0.34.0 h1:Y5ZFzu6eANOViDjXFxAdyu+68LMQdok9GUdQJiwVjp0=
-github.com/testcontainers/testcontainers-go/modules/openfga v0.34.0/go.mod h1:0IWpmPSJOXpAUCHLgbhiE1fTOR69XJ/rnbdiQfkwLfc=
+github.com/testcontainers/testcontainers-go v0.35.0 h1:uADsZpTKFAtp8SLK+hMwSaa+X+JiERHtd4sQAFmXeMo=
+github.com/testcontainers/testcontainers-go v0.35.0/go.mod h1:oEVBj5zrfJTrgjwONs1SsRbnBtH9OKl+IGl3UMcr2B4=
+github.com/testcontainers/testcontainers-go/modules/openfga v0.35.0 h1:VhGTzl9Ygl2io9UcXAVzPvLvxOI6jA+6jTxcLgEXMPA=
+github.com/testcontainers/testcontainers-go/modules/openfga v0.35.0/go.mod h1:fjBXJ+FfsCTGLm65ibBSlJ+O2Cb/gANF4tZQaAHyM5E=
 github.com/tetafro/godot v1.4.18 h1:ouX3XGiziKDypbpXqShBfnNLTSjR8r3/HVzrtJ+bHlI=
 github.com/tetafro/godot v1.4.18/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio=
 github.com/theopenlane/beacon v0.1.1 h1:68a5Hg0vYMJMBzY9NEXt8rLDpnZrgl7VKaNsvHubaMQ=
@@ -971,14 +971,14 @@ github.com/theopenlane/echox v0.2.1 h1:ZhVkimmWxpKITf67oM57SrLWeIdnV8+dNXlC+VzlR
 github.com/theopenlane/echox v0.2.1/go.mod h1:4j/Hx0uoLk5gVzdA83Qqz7xBEmqpoEP+OnzVaw2p6/o=
 github.com/theopenlane/emailtemplates v0.1.2 h1:0l/PlokMjH8mARToQXWFvhBwvs9mtcaZqBlDicPYNHg=
 github.com/theopenlane/emailtemplates v0.1.2/go.mod h1:ZVTSMr+jKZZDH1IDTYBzR5nF/FPGt+IAPOJmet/WPi8=
-github.com/theopenlane/entx v0.3.1 h1:tkd7/ZJkC/sJCrsaOxUfwki2nm6Z5OccPP/6xLVjJH0=
-github.com/theopenlane/entx v0.3.1/go.mod h1:RgxEEXHQm17VPvnTtn+BhijbsuyQmydgYXHSkGdgXyc=
+github.com/theopenlane/entx v0.3.2-0.20250113041122-b17a779b1940 h1:rsEIxzvtNKPdcpi6Ka88Ck1owpVs9p8E4G1GXyxZbuc=
+github.com/theopenlane/entx v0.3.2-0.20250113041122-b17a779b1940/go.mod h1:vr/8Z6wQ3XFR1mH9Ql56wFERRXxVwII1AEk00jRY0Ec=
 github.com/theopenlane/gqlgen-plugins v0.4.2 h1:iCNIDUJBo85DBcEEFiOyFwyfOhGRwKeWpFkKDsmBm9s=
 github.com/theopenlane/gqlgen-plugins v0.4.2/go.mod h1:j5Rxw3JjB7/jY0G430N0AJAtk28xkX4SGnj59+O40hI=
 github.com/theopenlane/httpsling v0.2.2 h1:QqJo/VsjeiM6/RnWZpRQX3I7T62j5u9WdXo52zUWyi0=
 github.com/theopenlane/httpsling v0.2.2/go.mod h1:mrSaIZs4lhcBsOJCv/n67N7eDZ/skD6vA8l8y9MDrKk=
-github.com/theopenlane/iam v0.6.0 h1:Xnnj8CwP/rxE942GbN5gwGl/mtTHIMY4Rwme+9OXwhw=
-github.com/theopenlane/iam v0.6.0/go.mod h1:sBFDr0l3HO4EBTsMuvL+yRpU/2OZw79teYgC0kztW/k=
+github.com/theopenlane/iam v0.6.1-0.20250113040833-db1e66d239bd h1:qRUdf+Z7W8Qy6uroWGsOtGrnTi4FF++LwMeKBuqccnI=
+github.com/theopenlane/iam v0.6.1-0.20250113040833-db1e66d239bd/go.mod h1:Pf+uD768hdOXpUM3CD+RChHCoh7bsCh/YCKoE3aCyEE=
 github.com/theopenlane/newman v0.1.2 h1:BKn1fjT4tU7AxonFjx+4QNAIq0B9ZlT2wM9cWgBA6Hs=
 github.com/theopenlane/newman v0.1.2/go.mod h1:Z6lRBzDVJeGl+Rh8hZ1fIvybBpm0AxuoP1Lj6wY8ylw=
 github.com/theopenlane/riverboat v0.0.7 h1:zT/H6ipMRLVYQEGLGgwUI6B1wXEBS0ARhkfzv+Pekwg=
@@ -1274,8 +1274,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -1316,8 +1316,8 @@ golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 h1:LLhsEBxRTBLuKlQxFBYUO
 golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
 gonum.org/v1/gonum v0.15.1 h1:FNy7N6OUZVUaWG9pTiD+jlhdQ3lMP+/LcTpJ6+a8sQ0=
 gonum.org/v1/gonum v0.15.1/go.mod h1:eZTZuRFrzu5pcyjN5wJhcIhnUdNijYxX1T2IcrOGY0o=
-google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA=
-google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE=
+google.golang.org/api v0.216.0 h1:xnEHy+xWFrtYInWPy8OdGFsyIfWJjtVnO39g7pz2BFY=
+google.golang.org/api v0.216.0/go.mod h1:K9wzQMvWi47Z9IU7OgdOofvZuw75Ge3PPITImZR/UyI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -1327,8 +1327,8 @@ google.golang.org/genproto v0.0.0-20240812133136-8ffd90a71988 h1:CT2Thj5AuPV9phr
 google.golang.org/genproto v0.0.0-20240812133136-8ffd90a71988/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc=
 google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb h1:B7GIB7sr443wZ/EAEl7VZjmh1V6qzkt5V+RYcUYtS1U=
 google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:E5//3O5ZIG2l71Xnt+P/CYUY8Bxs8E7WMoZ9tlcMbAY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422 h1:3UsHvIr4Wc2aW4brOaSCmcxh9ksica6fHEr8P1XhkYw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250106144421-5f5ef82da422/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -1345,8 +1345,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
-google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.2 h1:R8FeyR1/eLmkutZOM5CWghmo5itiG9z0ktFlTVLuTmU=
+google.golang.org/protobuf v1.36.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/VividCortex/ewma.v1 v1.1.1 h1:tWHEKkKq802K/JT9RiqGCBU5fW3raAPnJGTE9ostZvg=
 gopkg.in/VividCortex/ewma.v1 v1.1.1/go.mod h1:TekXuFipeiHWiAlO1+wSS23vTcyFau5u3rxXUSXj710=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=