Updating cdxgen-go version in go.mod #718
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Scan results with current version:
Scan results after version update:
Sample SBOM used: |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #718 +/- ##
==========================================
- Coverage 78.88% 78.32% -0.57%
==========================================
Files 85 85
Lines 6035 6035
==========================================
- Hits 4761 4727 -34
- Misses 1068 1100 +32
- Partials 206 208 +2 ☔ View full report in Codecov by Sentry. |
andrewpollock
referenced
this pull request
in google/osv.dev
Jun 12, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | | | [cloud.google.com/go/logging](https://togithub.com/googleapis/google-cloud-go) | require | minor | `v1.8.1` -> `v1.10.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [cloud.google.com/go/secretmanager](https://togithub.com/googleapis/google-cloud-go) | require | minor | `v1.11.4` -> `v1.13.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/atombender/go-jsonschema](https://togithub.com/atombender/go-jsonschema) | require | minor | `v0.14.1` -> `v0.16.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.11.0` -> `v5.12.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/google/osv-scanner](https://togithub.com/google/osv-scanner) | require | minor | `v1.4.3` -> `v1.7.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang | stage | digest | `9d8429e` -> `9bdd569` | | | | | | golang.org/x/exp | require | digest | `6522937` -> `fc45aab` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>atombender/go-jsonschema (github.com/atombender/go-jsonschema)</summary> ### [`v0.16.0`](https://togithub.com/omissis/go-jsonschema/releases/tag/v0.16.0) [Compare Source](https://togithub.com/atombender/go-jsonschema/compare/v0.15.0...v0.16.0) This release introduces several new improvements: - Improve support for non-case-sensitive languages - Make generated go more stable, and solve annoying big diffs - Fix generated code for non-nullable types with two options - Removes nil check for `required` properties - Add support for additionalProperties when other fields exist #### What's Changed - Enhance splitIdentifierByCaseAndSeparators to support non-case-sensitive languages by [@​zrma](https://togithub.com/zrma) in [https://github.com/omissis/go-jsonschema/pull/170](https://togithub.com/omissis/go-jsonschema/pull/170) - Stable output: Add some more names to anonymous Method classes by [@​RobQuistNL](https://togithub.com/RobQuistNL) in [https://github.com/omissis/go-jsonschema/pull/169](https://togithub.com/omissis/go-jsonschema/pull/169) - Fix non-nullable type with two options by [@​jagregory](https://togithub.com/jagregory) in [https://github.com/omissis/go-jsonschema/pull/205](https://togithub.com/omissis/go-jsonschema/pull/205) - Removes nil check for `required` properties by [@​Henkoglobin](https://togithub.com/Henkoglobin) in [https://github.com/omissis/go-jsonschema/pull/215](https://togithub.com/omissis/go-jsonschema/pull/215) - Add support for additionalProperties when other fields exist by [@​codeboten](https://togithub.com/codeboten) and [@​omissis](https://togithub.com/omissis) in [https://github.com/omissis/go-jsonschema/pull/218](https://togithub.com/omissis/go-jsonschema/pull/218) - Update go and all deps by [@​omissis](https://togithub.com/omissis) in [https://github.com/omissis/go-jsonschema/pull/217](https://togithub.com/omissis/go-jsonschema/pull/217) - Several [@​renovate](https://togithub.com/renovate) PRs - fix(deps): update golang.org/x/exp digest to [`1b97071`](https://togithub.com/atombender/go-jsonschema/commit/1b97071) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/190](https://togithub.com/omissis/go-jsonschema/pull/190) - fix(deps): update module github.com/goccy/go-yaml to v1.11.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/191](https://togithub.com/omissis/go-jsonschema/pull/191) - fix(deps): update golang.org/x/exp digest to [`2c58cdc`](https://togithub.com/atombender/go-jsonschema/commit/2c58cdc) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/193](https://togithub.com/omissis/go-jsonschema/pull/193) - chore(deps): update golang docker tag to v1.22.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/195](https://togithub.com/omissis/go-jsonschema/pull/195) - chore(deps): update dependency golangci-lint to v1.56.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/196](https://togithub.com/omissis/go-jsonschema/pull/196) - chore(deps): update dependency golangci-lint to v1.56.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/197](https://togithub.com/omissis/go-jsonschema/pull/197) - chore(deps): update dependency shfmt to v3.8.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/198](https://togithub.com/omissis/go-jsonschema/pull/198) - fix(deps): update golang.org/x/exp digest to [`ec58324`](https://togithub.com/atombender/go-jsonschema/commit/ec58324) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/199](https://togithub.com/omissis/go-jsonschema/pull/199) - chore(deps): update dependency golangci-lint to v1.56.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/200](https://togithub.com/omissis/go-jsonschema/pull/200) - fix(deps): update golang.org/x/exp digest to [`814bf88`](https://togithub.com/atombender/go-jsonschema/commit/814bf88) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/201](https://togithub.com/omissis/go-jsonschema/pull/201) - chore(deps): update golang docker tag to v1.22.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/202](https://togithub.com/omissis/go-jsonschema/pull/202) - chore(deps): update dependency shellcheck to v0.10.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/203](https://togithub.com/omissis/go-jsonschema/pull/203) - chore(deps): update codecov/codecov-action action to v4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/192](https://togithub.com/omissis/go-jsonschema/pull/192) - fix(deps): update golang.org/x/exp digest to [`c7f7c64`](https://togithub.com/atombender/go-jsonschema/commit/c7f7c64) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/206](https://togithub.com/omissis/go-jsonschema/pull/206) - fix(deps): update golang.org/x/exp digest to [`a85f2c6`](https://togithub.com/atombender/go-jsonschema/commit/a85f2c6) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/207](https://togithub.com/omissis/go-jsonschema/pull/207) - chore(deps): update dependency golangci-lint to v1.57.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/208](https://togithub.com/omissis/go-jsonschema/pull/208) - chore(deps): update dependency golangci-lint to v1.57.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/209](https://togithub.com/omissis/go-jsonschema/pull/209) - fix(deps): update golang.org/x/exp digest to [`a685a6e`](https://togithub.com/atombender/go-jsonschema/commit/a685a6e) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/210](https://togithub.com/omissis/go-jsonschema/pull/210) - chore(deps): update dependency golangci-lint to v1.57.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/211](https://togithub.com/omissis/go-jsonschema/pull/211) - chore(deps): update golang docker tag to v1.22.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/212](https://togithub.com/omissis/go-jsonschema/pull/212) - fix(deps): update golang.org/x/exp digest to [`c0f41cb`](https://togithub.com/atombender/go-jsonschema/commit/c0f41cb) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/213](https://togithub.com/omissis/go-jsonschema/pull/213) - fix(deps): update golang.org/x/exp digest to [`93d18d7`](https://togithub.com/atombender/go-jsonschema/commit/93d18d7) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/214](https://togithub.com/omissis/go-jsonschema/pull/214) - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/atombender/go-jsonschema/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/216](https://togithub.com/omissis/go-jsonschema/pull/216) #### New Contributors - [@​zrma](https://togithub.com/zrma) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/170](https://togithub.com/omissis/go-jsonschema/pull/170) - [@​RobQuistNL](https://togithub.com/RobQuistNL) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/169](https://togithub.com/omissis/go-jsonschema/pull/169) - [@​jagregory](https://togithub.com/jagregory) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/205](https://togithub.com/omissis/go-jsonschema/pull/205) - [@​Henkoglobin](https://togithub.com/Henkoglobin) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/215](https://togithub.com/omissis/go-jsonschema/pull/215) - [@​codeboten](https://togithub.com/codeboten) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/218](https://togithub.com/omissis/go-jsonschema/pull/218) (replaces [https://github.com/omissis/go-jsonschema/pull/189](https://togithub.com/omissis/go-jsonschema/pull/189)) **Full Changelog**: omissis/go-jsonschema@v0.15.0...v0.16.0 ### [`v0.15.0`](https://togithub.com/omissis/go-jsonschema/releases/tag/v0.15.0) [Compare Source](https://togithub.com/atombender/go-jsonschema/compare/v0.14.1...v0.15.0) This release introduces one new feature and a fix: - support for `file://` schema in references - support for yaml file references #### What's Changed - feat: add support for "file://" schema in $refs by [@​omissis](https://togithub.com/omissis) in [https://github.com/omissis/go-jsonschema/pull/147](https://togithub.com/omissis/go-jsonschema/pull/147) - fix: support for yaml file references by [@​johanneswuerbach](https://togithub.com/johanneswuerbach) in [https://github.com/omissis/go-jsonschema/pull/179](https://togithub.com/omissis/go-jsonschema/pull/179) - chore: split generate.go file by [@​AlbertoBarba](https://togithub.com/AlbertoBarba) in [https://github.com/omissis/go-jsonschema/pull/153](https://togithub.com/omissis/go-jsonschema/pull/153) - chore(deps): update dependency golangci-lint to v1.55.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/162](https://togithub.com/omissis/go-jsonschema/pull/162) - chore(deps): update golang docker tag to v1.21.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/165](https://togithub.com/omissis/go-jsonschema/pull/165) - chore(deps): update golang docker tag to v1.21.5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/174](https://togithub.com/omissis/go-jsonschema/pull/174) - chore(deps): update actions/setup-go action to v5 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/175](https://togithub.com/omissis/go-jsonschema/pull/175) - chore(deps): update golang docker tag to v1.21.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/184](https://togithub.com/omissis/go-jsonschema/pull/184) - fix(deps): update module github.com/spf13/cobra to v1.8.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/163](https://togithub.com/omissis/go-jsonschema/pull/163) - fix(deps): update golang.org/x/exp digest to [`2478ac8`](https://togithub.com/atombender/go-jsonschema/commit/2478ac8) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/166](https://togithub.com/omissis/go-jsonschema/pull/166) - fix(deps): update golang.org/x/exp digest to [`9a3e603`](https://togithub.com/atombender/go-jsonschema/commit/9a3e603) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/168](https://togithub.com/omissis/go-jsonschema/pull/168) - fix(deps): update golang.org/x/exp digest to [`6522937`](https://togithub.com/atombender/go-jsonschema/commit/6522937) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/172](https://togithub.com/omissis/go-jsonschema/pull/172) - fix(deps): update golang.org/x/exp digest to [`f3f8817`](https://togithub.com/atombender/go-jsonschema/commit/f3f8817) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/176](https://togithub.com/omissis/go-jsonschema/pull/176) - fix(deps): update golang.org/x/exp digest to [`aacd6d4`](https://togithub.com/atombender/go-jsonschema/commit/aacd6d4) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/178](https://togithub.com/omissis/go-jsonschema/pull/178) - fix(deps): update golang.org/x/exp digest to [`dc181d7`](https://togithub.com/atombender/go-jsonschema/commit/dc181d7) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/180](https://togithub.com/omissis/go-jsonschema/pull/180) - fix(deps): update golang.org/x/exp digest to [`02704c9`](https://togithub.com/atombender/go-jsonschema/commit/02704c9) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/181](https://togithub.com/omissis/go-jsonschema/pull/181) - fix(deps): update golang.org/x/exp digest to [`be819d1`](https://togithub.com/atombender/go-jsonschema/commit/be819d1) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/182](https://togithub.com/omissis/go-jsonschema/pull/182) - fix(deps): update golang.org/x/exp digest to [`0dcbfd6`](https://togithub.com/atombender/go-jsonschema/commit/0dcbfd6) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/185](https://togithub.com/omissis/go-jsonschema/pull/185) - fix(deps): update golang.org/x/exp digest to [`db7319d`](https://togithub.com/atombender/go-jsonschema/commit/db7319d) by [@​renovate](https://togithub.com/renovate) in [https://github.com/omissis/go-jsonschema/pull/186](https://togithub.com/omissis/go-jsonschema/pull/186) #### New Contributors - [@​johanneswuerbach](https://togithub.com/johanneswuerbach) made their first contribution in [https://github.com/omissis/go-jsonschema/pull/179](https://togithub.com/omissis/go-jsonschema/pull/179) **Full Changelog**: omissis/go-jsonschema@v0.14.1...v0.15.0 </details> <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.12.0`](https://togithub.com/go-git/go-git/releases/tag/v5.12.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.11.0...v5.12.0) #### What's Changed - git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by [@​moranCohen26](https://togithub.com/moranCohen26) in [https://github.com/go-git/go-git/pull/994](https://togithub.com/go-git/go-git/pull/994) - git: Signer: fix usage of crypto.Signer interface by [@​wlynch](https://togithub.com/wlynch) in [https://github.com/go-git/go-git/pull/1029](https://togithub.com/go-git/go-git/pull/1029) - git: Remote, fetch, adds the prune option. by [@​juliens](https://togithub.com/juliens) in [https://github.com/go-git/go-git/pull/366](https://togithub.com/go-git/go-git/pull/366) - git: Add crypto.Signer option to CommitOptions. by [@​wlynch](https://togithub.com/wlynch) in [https://github.com/go-git/go-git/pull/996](https://togithub.com/go-git/go-git/pull/996) - git: Worktree checkout tag hash id ([#​959](https://togithub.com/go-git/go-git/issues/959)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [https://github.com/go-git/go-git/pull/966](https://togithub.com/go-git/go-git/pull/966) - git: Worktree, Don't panic on empty or root path when checking if it is valid by [@​tim775](https://togithub.com/tim775) in [https://github.com/go-git/go-git/pull/1042](https://togithub.com/go-git/go-git/pull/1042) - git: Add commit validation for Reset by [@​pjbgf](https://togithub.com/pjbgf) in [https://github.com/go-git/go-git/pull/1048](https://togithub.com/go-git/go-git/pull/1048) - git: worktree_commit, Fix amend commit to apply changes. Fixes [#​1024](https://togithub.com/go-git/go-git/issues/1024) by [@​onee-only](https://togithub.com/onee-only) in [https://github.com/go-git/go-git/pull/1045](https://togithub.com/go-git/go-git/pull/1045) - git: Implement Merge function with initial `FastForwardMerge` support by [@​pjbgf](https://togithub.com/pjbgf) in [https://github.com/go-git/go-git/pull/1044](https://togithub.com/go-git/go-git/pull/1044) - plumbing: object, Make first commit visible on logs filtered with filename. Fixes [#​191](https://togithub.com/go-git/go-git/issues/191) by [@​onee-only](https://togithub.com/onee-only) in [https://github.com/go-git/go-git/pull/1036](https://togithub.com/go-git/go-git/pull/1036) - plumbing: no panic in printStats function. Fixes [#​177](https://togithub.com/go-git/go-git/issues/177) by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [https://github.com/go-git/go-git/pull/971](https://togithub.com/go-git/go-git/pull/971) - plumbing: object, Optimize logging with file. by [@​onee-only](https://togithub.com/onee-only) in [https://github.com/go-git/go-git/pull/1046](https://togithub.com/go-git/go-git/pull/1046) - plumbing: object, check legitimacy in (\*Tree).Encode by [@​niukuo](https://togithub.com/niukuo) in [https://github.com/go-git/go-git/pull/967](https://togithub.com/go-git/go-git/pull/967) - plumbing: format/gitattributes, close file in ReadAttributesFile by [@​prskr](https://togithub.com/prskr) in [https://github.com/go-git/go-git/pull/1018](https://togithub.com/go-git/go-git/pull/1018) - plumbing: check setAuth error. Fixes [#​185](https://togithub.com/go-git/go-git/issues/185) by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [https://github.com/go-git/go-git/pull/969](https://togithub.com/go-git/go-git/pull/969) - plumbing: object, fix variable defaultUtf8CommitMessageEncoding name spell error by [@​Jerry-yz](https://togithub.com/Jerry-yz) in [https://github.com/go-git/go-git/pull/987](https://togithub.com/go-git/go-git/pull/987) - utils: merkletrie, calculate filesystem node's hash lazily. by [@​candid82](https://togithub.com/candid82) in [https://github.com/go-git/go-git/pull/825](https://togithub.com/go-git/go-git/pull/825) - utils: update comment in node.go's Hash() by [@​codablock](https://togithub.com/codablock) in [https://github.com/go-git/go-git/pull/992](https://togithub.com/go-git/go-git/pull/992) - \_example: fix 404 link and added ssh-agent clone link by [@​grinish21](https://togithub.com/grinish21) in [https://github.com/go-git/go-git/pull/1022](https://togithub.com/go-git/go-git/pull/1022) - \_example: checkout-branch example by [@​dlambda](https://togithub.com/dlambda) in [https://github.com/go-git/go-git/pull/446](https://togithub.com/go-git/go-git/pull/446) - \_example: example for git clone using ssh-agent by [@​pjbgf](https://togithub.com/pjbgf) in [https://github.com/go-git/go-git/pull/998](https://togithub.com/go-git/go-git/pull/998) #### New Contributors - [@​candid82](https://togithub.com/candid82) made their first contribution in [https://github.com/go-git/go-git/pull/825](https://togithub.com/go-git/go-git/pull/825) - [@​codablock](https://togithub.com/codablock) made their first contribution in [https://github.com/go-git/go-git/pull/992](https://togithub.com/go-git/go-git/pull/992) - [@​Jerry-yz](https://togithub.com/Jerry-yz) made their first contribution in [https://github.com/go-git/go-git/pull/987](https://togithub.com/go-git/go-git/pull/987) - [@​wlynch](https://togithub.com/wlynch) made their first contribution in [https://github.com/go-git/go-git/pull/996](https://togithub.com/go-git/go-git/pull/996) - [@​moranCohen26](https://togithub.com/moranCohen26) made their first contribution in [https://github.com/go-git/go-git/pull/994](https://togithub.com/go-git/go-git/pull/994) - [@​grinish21](https://togithub.com/grinish21) made their first contribution in [https://github.com/go-git/go-git/pull/1022](https://togithub.com/go-git/go-git/pull/1022) - [@​prskr](https://togithub.com/prskr) made their first contribution in [https://github.com/go-git/go-git/pull/1018](https://togithub.com/go-git/go-git/pull/1018) - [@​dlambda](https://togithub.com/dlambda) made their first contribution in [https://github.com/go-git/go-git/pull/446](https://togithub.com/go-git/go-git/pull/446) - [@​juliens](https://togithub.com/juliens) made their first contribution in [https://github.com/go-git/go-git/pull/366](https://togithub.com/go-git/go-git/pull/366) - [@​onee-only](https://togithub.com/onee-only) made their first contribution in [https://github.com/go-git/go-git/pull/1036](https://togithub.com/go-git/go-git/pull/1036) - [@​tim775](https://togithub.com/tim775) made their first contribution in [https://github.com/go-git/go-git/pull/1042](https://togithub.com/go-git/go-git/pull/1042) - [@​niukuo](https://togithub.com/niukuo) made their first contribution in [https://github.com/go-git/go-git/pull/967](https://togithub.com/go-git/go-git/pull/967) - [@​avoidalone](https://togithub.com/avoidalone) made their first contribution in [https://github.com/go-git/go-git/pull/1047](https://togithub.com/go-git/go-git/pull/1047) **Full Changelog**: go-git/go-git@v5.11.0...v5.12.0 </details> <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.7.4`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v174) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.3...v1.7.4) ##### Features: - [Feature #​943](https://togithub.com/google/osv-scanner/pull/943) Support scanning gradle/verification-metadata.xml files. ##### Misc: - [Bug #​968](https://togithub.com/google/osv-scanner/issues/968) Hide unimportant Debian vulnerabilities to reduce noise. ### [`v1.7.3`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v173) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.2...v1.7.3) ##### Features: - [Feature #​934](https://togithub.com/google/osv-scanner/pull/934) add support for PNPM v9 lockfiles. ##### Fixes: - [Bug #​938](https://togithub.com/google/osv-scanner/issues/938) Ensure the sarif output has a stable order. - [Bug #​922](https://togithub.com/google/osv-scanner/issues/922) Support filtering on alias IDs in Guided Remediation. ### [`v1.7.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v172) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.1...v1.7.2) ##### Fixes: - [Bug #​899](https://togithub.com/google/osv-scanner/issues/899) Guided Remediation: Parse paths in npmrc auth fields correctly. - [Bug #​908](https://togithub.com/google/osv-scanner/issues/908) Fix rust call analysis by explicitly disabling stripping of debug info. - [Bug #​914](https://togithub.com/google/osv-scanner/issues/914) Fix regression for go call analysis introduced in 1.7.0. ### [`v1.7.1`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v171) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.0...v1.7.1) (There is no Github release for this version) ##### Fixes - [Bug #​856](https://togithub.com/google/osv-scanner/issues/856) Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors. ##### API Features - [Feature #​781](https://togithub.com/google/osv-scanner/pull/781) add `MakeVersionRequestsWithContext()` - [Feature #​857](https://togithub.com/google/osv-scanner/pull/857) API and networking related errors now has their own error and exit code (Exit Code 129) ### [`v1.7.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v170) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.2...v1.7.0) ##### Features - [Feature #​352](https://togithub.com/google/osv-scanner/issues/352) Guided Remediation Introducing our new experimental guided remediation feature on `osv-scanner fix` subcommand. See our [docs](https://google.github.io/osv-scanner/experimental/guided-remediation/) for detailed usage instructions. - [Feature #​805](https://togithub.com/google/osv-scanner/pull/805) Include CVSS MaxSeverity in JSON output. ##### Fixes - [Bug #​818](https://togithub.com/google/osv-scanner/pull/818) Align GoVulncheck Go version with go.mod. - [Bug #​797](https://togithub.com/google/osv-scanner/pull/797) Don't traverse gitignored dirs for gitignore files. ##### Miscellaneous - [#​831](https://togithub.com/google/osv-scanner/pull/831) Remove version number from the release binary name. ### [`v1.6.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v162) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.1...v1.6.2) ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add subcommands! OSV-Scanner now has subcommands! The base command has been moved to `scan` (currently the only commands is `scan`). By default if you do not pass in a command, `scan` will be used, so CLI remains backwards compatible. This is a building block to adding the guided remediation feature. See [issue #​352](https://togithub.com/google/osv-scanner/issues/352) for more details! - [Feature #​776](https://togithub.com/google/osv-scanner/pull/776) Add pdm lockfile support. ##### API Features - [Feature #​754](https://togithub.com/google/osv-scanner/pull/754) Add dependency groups to flattened vulnerabilities output. ### [`v1.6.1`](https://togithub.com/google/osv-scanner/releases/tag/v1.6.1) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.0...v1.6.1) ### v1.6.0/v1.6.1: ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add support for NuGet lock files version 2. - [Feature #​655](https://togithub.com/google/osv-scanner/pull/655) Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. - [Feature #​702](https://togithub.com/google/osv-scanner/pull/702) Created an option to skip/disable upload to code scanning. - [Feature #​732](https://togithub.com/google/osv-scanner/pull/732) Add option to not fail on vulnerability being found for GitHub Actions. - [Feature #​729](https://togithub.com/google/osv-scanner/pull/729) Verify the spdx licenses passed in to the license allowlist. ##### Fixes - [Bug #​736](https://togithub.com/google/osv-scanner/pull/736) Show ecosystem and version even if git is shown if the info exists. - [Bug #​703](https://togithub.com/google/osv-scanner/pull/703) Return an error if both license scanning and local/offline scanning is enabled simultaneously. - [Bug #​718](https://togithub.com/google/osv-scanner/pull/718) Fixed parsing of SBOMs generated by the latest CycloneDX. - [Bug #​704](https://togithub.com/google/osv-scanner/pull/704) Get go stdlib version from go.mod. ##### API Features - [Feature #​727](https://togithub.com/google/osv-scanner/pull/727) Changes to `Reporter` methods to add verbosity levels and to deprecate functions. #### New Contributors - [@​geekNero](https://togithub.com/geekNero) made their first contribution in [https://github.com/google/osv-scanner/pull/718](https://togithub.com/google/osv-scanner/pull/718) **Full Changelog**: google/osv-scanner@v1.5.0...v1.6.0-alpha3 ### [`v1.6.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v160) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.5.0...v1.6.0) ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add support for NuGet lock files version 2. - [Feature #​655](https://togithub.com/google/osv-scanner/pull/655) Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. - [Feature #​702](https://togithub.com/google/osv-scanner/pull/702) Created an option to skip/disable upload to code scanning. - [Feature #​732](https://togithub.com/google/osv-scanner/pull/732) Add option to not fail on vulnerability being found for GitHub Actions. - [Feature #​729](https://togithub.com/google/osv-scanner/pull/729) Verify the spdx licenses passed in to the license allowlist. ##### Fixes - [Bug #​736](https://togithub.com/google/osv-scanner/pull/736) Show ecosystem and version even if git is shown if the info exists. - [Bug #​703](https://togithub.com/google/osv-scanner/pull/703) Return an error if both license scanning and local/offline scanning is enabled simultaneously. - [Bug #​718](https://togithub.com/google/osv-scanner/pull/718) Fixed parsing of SBOMs generated by the latest CycloneDX. - [Bug #​704](https://togithub.com/google/osv-scanner/pull/704) Get go stdlib version from go.mod. ##### API Features - [Feature #​727](https://togithub.com/google/osv-scanner/pull/727) Changes to `Reporter` methods to add verbosity levels and to deprecate functions. ### [`v1.5.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.3...v1.5.0) ##### Features - [Feature #​501](https://togithub.com/google/osv-scanner/pull/501) Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information! - [Feature #​642](https://togithub.com/google/osv-scanner/pull/642) Support scanning `renv` files for the R language ecosystem. - [Feature #​513](https://togithub.com/google/osv-scanner/pull/513) Stabilize call analysis for Go! The experimental `--experimental-call-analysis` flag has now been updated to: --call-analysis=<language/all> --no-call-analysis=<language/all> with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation! - [Feature #​676](https://togithub.com/google/osv-scanner/pull/676) Simplify return codes: - Return 0 if there are no findings or errors. - Return 1 if there are any findings (license violations or vulnerabilities). - Return 128 if no packages are found. - [Feature #​651](https://togithub.com/google/osv-scanner/pull/651) CVSS v4.0 support. - [Feature #​60](https://togithub.com/google/osv-scanner/pull/60) [Pre-commit hook](https://pre-commit.com/) support. ##### Fixes - [Bug #​639](https://togithub.com/google/osv-scanner/issues/639) We now filter local packages from scans, and report the filtering of those packages. - [Bug #​645](https://togithub.com/google/osv-scanner/issues/645) Properly handle file/url paths on Windows. - [Bug #​660](https://togithub.com/google/osv-scanner/issues/660) Remove noise from failed lockfile parsing. - [Bug #​649](https://togithub.com/google/osv-scanner/issues/649) No longer include vendored libraries in C/C++ package analysis. - [Bug #​634](https://togithub.com/google/osv-scanner/issues/634) Fix filtering of aliases to also include non OSV aliases ##### Miscellaneous - The minimum go version has been updated to go1.21 from go1.18. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current version makes osv-scanner unusable against SBOM generated by the latest version of CycloneDx/cdxgen