Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update osv-scanner minor #1414

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

fix(deps): update osv-scanner minor #1414

wants to merge 7 commits into from
+83 −70

Conversation

renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Nov 24, 2024
edited by cuixq
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
deps.dev/api/v3 v3.0.0-20241010035105-b3ba03369df1 -> v3.0.0-20241223232618-f8b47b9fbbab age adoption passing confidence require patch
deps.dev/util/maven 3890182 -> 3e2fcc7 age adoption passing confidence require digest
deps.dev/util/resolve 3890182 -> d36e05e age adoption passing confidence require digest
deps.dev/util/semver b3ba033 -> 018358f age adoption passing confidence require digest
github.com/CycloneDX/cyclonedx-go v0.9.1 -> v0.9.2 age adoption passing confidence require patch
github.com/charmbracelet/bubbletea v1.1.1 -> v1.2.4 age adoption passing confidence require minor
github.com/go-git/go-billy/v5 v5.5.0 -> v5.6.0 age adoption passing confidence require minor
github.com/google/osv-scalibr 6da1802 -> fd6877f require digest
github.com/jedib0t/go-pretty/v6 v6.6.0 -> v6.6.5 age adoption passing confidence require patch
github.com/ossf/osv-schema/bindings/go c44c784 -> 57fd3dd age adoption passing confidence require digest
golang.org/x/exp f66d83c -> b2144cd age adoption passing confidence require digest
golang.org/x/mod v0.21.0 -> v0.22.0 age adoption passing confidence require minor
google.golang.org/grpc v1.67.1 -> v1.69.2 age adoption passing confidence require minor
google.golang.org/protobuf v1.35.1 -> v1.36.1 age adoption passing confidence require minor

Release Notes

CycloneDX/cyclonedx-go (github.com/CycloneDX/cyclonedx-go)

v0.9.2

Compare Source

Changelog

Features
Fixes
Building and Packaging
Others
charmbracelet/bubbletea (github.com/charmbracelet/bubbletea)

v1.2.4

Compare Source

Changelog

Bug fixes
Other work

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v1.2.3

Compare Source

Altscreen-not-altscreen

This release fixes a sneaky longstanding bug in the renderer where mis-paints could happen when toggling in and out of the altscreen if the height of the TUI changed whilst in the altscreen. Special thanks to @​applejag for reporting the issue and @​semihbkgr for the fix.

Changelog

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v1.2.2

Compare Source

Hi! This release fixes some bugs found the fast new renderer introduced in v1.2.0. Happy rendering!

Fixed

New Contributors

Full Changelog: charmbracelet/bubbletea@v1.2.0...v1.2.2

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v1.2.1

Compare Source

v1.2.0

Compare Source

It’s performance boost time

Sometimes you have to take matters into your own hands. That’s exactly what @​LeperGnome did when he wanted faster rendering. This release features adjustments to the rendering algorithm for faster repaints. We encourage you to upgrade and give it a go!

[!NOTE]
Renderer changes are no laughing matter. We’ve tested the new renderer extensively, however if you notice any bugs let us know. Rendering accuracy is among our top priorities.

Changelog

New Contributors

Full Changelog: charmbracelet/bubbletea@v1.1.2...v1.2.0

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v1.1.2

Compare Source

A tiny tiny release that fixes the tests on Windows, and uses the latest ansi package definitions.

Changelog
New Features
  • 12b04c5d6001056875bc712f81fa1efd470fa592: feat(ci): use meta lint workflow (@​aymanbagabas)
  • 3209d62ae751da63a38237666d6706ab7c9f0006: feat(ci): use meta lint-sync workflow to sync linter config (@​aymanbagabas)
Bug fixes
  • 566879aa33ce13f27a6bdab4a274e08be01bac9c: fix(ci): run lint workflow on all platforms (@​aymanbagabas)
  • cd1e4d34a7e0232ea94afcc168eec107450aa332: fix: exec tests on windows (@​aymanbagabas)
Documentation updates
  • d928d8dcabcd4bca0efc22fb661de0cc27c66b21: docs: update contributing guidelines (#​1186) (@​bashbunni)
  • de4788dc763d5a6ce7ca555c5ee6fce3179dedc4: docs: update readme badge images (@​aymanbagabas)

The Charm logo

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

go-git/go-billy (github.com/go-git/go-billy/v5)

v5.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: go-git/go-billy@v5.5.0...v5.6.0

jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)

v6.6.5

Compare Source

What's Changed

Full Changelog: jedib0t/go-pretty@v6.6.4...v6.6.5

v6.6.4

Compare Source

What's Changed

Full Changelog: jedib0t/go-pretty@v6.6.3...v6.6.4

v6.6.3

Compare Source

What's Changed

Full Changelog: jedib0t/go-pretty@v6.6.2...v6.6.3

v6.6.2

Compare Source

What's Changed

Full Changelog: jedib0t/go-pretty@v6.6.1...v6.6.2

v6.6.1

Compare Source

What's Changed

Full Changelog: jedib0t/go-pretty@v6.6.0...v6.6.1

grpc/grpc-go (google.golang.org/grpc)

v1.69.2: Release 1.69.2

Compare Source

Bug Fixes

  • stats/experimental: add type aliases for symbols (Metrics/etc) that were moved to the stats package (#​7929).
  • client: set user-agent string to the correct version.

v1.69.0: Release 1.69.0

Compare Source

Known Issues

  • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. A fix is expected to be a part of grpc-go v1.70. (#​7556)

New Features

  • stats/opentelemetry: Introduce new APIs to enable OpenTelemetry instrumentation for metrics on servers and clients (#​7874)
  • xdsclient: add support to fallback to lower priority servers when higher priority ones are down (#​7701)
  • dns: Add support for link local IPv6 addresses (#​7889)
  • The new experimental pickfirst LB policy (disabled by default) supports Happy Eyeballs, interleaving IPv4 and IPv6 address as described in RFC-8305 section 4, to attempt connections to multiple backends concurrently. The experimental pickfirst policy can be enabled by setting the environment variable GRPC_EXPERIMENTAL_ENABLE_NEW_PICK_FIRST to true. (#​7725, #​7742)
  • balancer/pickfirst: Emit metrics from the pick_first load balancing policy (#​7839)
  • grpc: export MethodHandler, which is the type of an already-exported field in MethodDesc (#​7796)

Bug Fixes

  • credentials/google: set scope for application default credentials (#​7887)
  • xds: fix edge-case issues where some clients or servers would not initialize correctly or would not receive errors when resources are invalid or unavailable if another channel or server with the same target was already in use . (#​7851, #​7853)
  • examples: fix the debugging example, which was broken by a recent change (#​7833)

Behavior Changes

  • client: update retry attempt backoff to apply jitter per updates to gRFC A6. (#​7869)
  • balancer/weightedroundrobin: use the pick_first LB policy to manage connections (#​7826)

API Changes

  • balancer: An internal method is added to the balancer.SubConn interface to force implementors to embed a delegate implementation. This requirement is present in the interface documentation, but wasn't enforced earlier. (#​7840)

Performance Improvements

  • mem: implement a ReadAll() method for more efficient io.Reader consumption (#​7653)
  • mem: use slice capacity instead of length to determine whether to pool buffers or directly allocate them (#​7702)

Documentation

  • examples/csm_observability: Add xDS Credentials and switch server to be xDS enabled (#​7875)

v1.68.2: Release 1.68.2

Compare Source

Dependencies

  • Remove the experimental stats/opentelemetry module and instead add the experimental packages it contains directly into the main google.golang.org/grpc module (#​7936)

v1.68.1: Release 1.68.1

Compare Source

Bug Fixes

  • credentials/alts: avoid SRV and TXT lookups for handshaker service to work around hangs caused by buggy versions of systemd-resolved. (#​7861)

Dependencies

  • Relax minimum Go version requirement from go1.22.7 to go1.22. (#​7831)

v1.68.0: Release 1.68.0

Compare Source

Behavior Changes

  • stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environment variable, rather than parsing from bootstrap file (#​7740)
  • orca (experimental): if using an ORCA listener, it must now be registered only on a READY SubConn, and the listener will automatically be stopped when the connection is lost. (#​7663)
  • client: ClientConn.Close() now closes transports simultaneously and waits for transports to be closed before returning. (#​7666)
  • credentials: TLS credentials created via NewTLS that use tls.Config.GetConfigForClient will now have CipherSuites, supported TLS versions and ALPN configured automatically. These were previously only set for configs not using the GetConfigForClient option. (#​7709)

Bug Fixes

  • transport: prevent deadlock in client transport shutdown when writing the GOAWAY frame hangs. (#​7662)
  • mem: reuse buffers more accurately by using slice capacity instead of length (#​7702)
  • status: Fix regression caused by #​6919 in status.Details() causing it to return a wrapped type when getting proto messages generated with protoc-gen-go < v1. (#​7724)

Dependencies

  • Bump minimum supported Go version to go1.22.7. (#​7624)

v1.67.3: Release 1.67.3

Compare Source

Dependencies

  • Remove the experimental stats/opentelemetry module and instead add the experimental packages it contains directly into the main google.golang.org/grpc module.

v1.67.2: Release 1.67.2

Compare Source

Bug Fixes

  • credentials/alts: avoid SRV and TXT lookups for handshaker service to work around hangs caused by buggy versions of systemd-resolved. (#​7861)
protocolbuffers/protobuf-go (google.golang.org/protobuf)

v1.36.1

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.36.0...v1.36.1

Bug fixes:
CL/638495: internal/impl: revert IsSynthetic() check to fix panic

Maintenance:
CL/637475: internal/errors: delete compatibility code for Go before 1.13

v1.36.0

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.35.2...v1.36.0

User-visible changes:

CL/635139: src/google/protobuf: document UnmarshalJSON / API level behavior
CL/635138: reflect/protoreflect: use [] syntax to reference method
CL/635137: proto: add reference to size semantics with lazy decoding to comment
CL/634818: compiler/protogen: allow overriding API level from --go_opt
CL/634817: cmd/protoc-gen-go: generate _protoopaque variant for hybrid
CL/634816: all: regenerate.bash for Opaque API
CL/634815: all: Release the Opaque API
CL/634015: types/descriptorpb: regenerate using latest protobuf v29.1 release
CL/632735: internal/impl: skip synthetic oneofs in messageInfo
CL/627876: all: start v1.35.2-devel

v1.35.2

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.35.1...v1.35.2

Maintenance:

CL/623115: proto: refactor equal_test from explicit table to use makeMessages()
CL/623116: encoding/prototext: use testmessages_test.go approach, too
CL/623117: internal/testprotos/test: add nested message field with [lazy=true]
CL/624415: proto: switch messageset_test to use makeMessages() injection point
CL/624416: internal/impl: fix TestMarshalMessageSetLazyRace (was a no-op!)

User-visible changes:

CL/618395: encoding/protojson: allow missing value for Any of type Empty
CL/618979: all: implement strip_enum_prefix editions feature
CL/622575: testing/protocmp: document behavior when combining Ignore and Sort

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Nov 24, 2024
@codecov-commenter
Copy link

codecov-commenter commented Nov 24, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.32%. Comparing base (d9660dc) to head (ac89c5d).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1414   +/-   ##
=======================================
  Coverage   67.32%   67.32%           
=======================================
  Files         194      194           
  Lines       18354    18354           
=======================================
  Hits        12356    12356           
  Misses       5327     5327           
  Partials      671      671

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate-bot renovate-bot changed the title fix(deps): update module github.com/charmbracelet/bubbletea to v1.2.3 fix(deps): update module github.com/charmbracelet/bubbletea to v1.2.4 Nov 25, 2024
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 2 times, most recently from d86dc3e to f7d71fc Compare November 27, 2024 22:22
@renovate-bot renovate-bot changed the title fix(deps): update module github.com/charmbracelet/bubbletea to v1.2.4 fix(deps): update osv-scanner minor Nov 27, 2024
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 2 times, most recently from 6426bc7 to cdf323c Compare December 4, 2024 17:45
@forking-renovate Forking Renovate
Copy link

forking-renovate bot commented Dec 4, 2024
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 9 additional dependencies were updated

Details:

Package Change
github.com/charmbracelet/x/ansi v0.2.3 -> v0.4.5
github.com/charmbracelet/x/term v0.2.0 -> v0.2.1
github.com/cyphar/filepath-securejoin v0.2.4 -> v0.2.5
golang.org/x/crypto v0.28.0 -> v0.31.0
golang.org/x/sys v0.26.0 -> v0.28.0
golang.org/x/text v0.19.0 -> v0.21.0
golang.org/x/tools v0.26.0 -> v0.28.0
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241015192408-796eee8c2d53
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241015192408-796eee8c2d53

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 8 times, most recently from ee40aef to 07f93c2 Compare December 10, 2024 21:24
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 13 times, most recently from df8683e to e24c981 Compare December 17, 2024 14:24
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 3 times, most recently from 7bd171b to e04a778 Compare December 18, 2024 03:48
@forking-renovate Forking Renovate
Copy link

forking-renovate bot commented Dec 18, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -d -t ./...
go: module deps.dev/api/[email protected] requires go >= 1.23; switching to go1.23.4
go: downloading go1.23.4 (linux/amd64)
go: download go1.23.4: golang.org/[email protected]: verifying module: checksum database disabled by GOSUMDB=off

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 7 times, most recently from 6510fa2 to e8b1fed Compare December 23, 2024 00:40
cuixq
cuixq approved these changes Dec 23, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from 3962f3b to d2d07fa Compare December 23, 2024 22:45
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from dd2f961 to 909c675 Compare December 23, 2024 23:50
@forking-renovate Forking Renovate
Copy link

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex another-rex left review comments

@cuixq cuixq cuixq approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@renovate-bot @codecov-commenter @cuixq @another-rex