Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): lock file maintenance vulnfeeds #2816

Merged
merged 3 commits into from
Nov 1, 2024
Merged

chore(deps): lock file maintenance vulnfeeds #2816

merged 3 commits into from
Nov 1, 2024

Conversation

renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Oct 29, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
lockFileMaintenance All locks refreshed
cloud.google.com/go/secretmanager require patch v1.14.1 -> v1.14.2 age adoption passing confidence
github.com/atombender/go-jsonschema require minor v0.16.0 -> v0.17.0 age adoption passing confidence
github.com/google/osv-scanner require patch v1.9.0 -> v1.9.1 age adoption passing confidence

🔧 This Pull Request updates lock files to use the latest dependency versions.

Release Notes

atombender/go-jsonschema (github.com/atombender/go-jsonschema)

v0.17.0

Compare Source

Highlights

  • Implement pattern validation for strings
  • Implement numeric validation
  • Introduce unmarshalling for additional properties
  • Update go to 1.22.8 in ci and dev
  • Allow CustomNameTypes to specify nillability

What's Changed

New Contributors

Full Changelog: omissis/go-jsonschema@v0.16.0...v0.17.0

google/osv-scanner (github.com/google/osv-scanner)

v1.9.1

Compare Source

Features:
Fixes:
  • Bug #​604 Use correct path separator in SARIF output when on Windows.
  • Bug #​330 Warn about and ignore duplicate entries in SBOMs.
  • Bug #​1325 Set CharsetReader and Entity when reading pom.xml.
  • Bug #​1310 Update spdx license ids.
  • Bug #​1288 Sort sbom packages by PURL.
  • Bug #​1285 Improve handling if docker exits with a non-zero code when trying to scan images
API Changes:
  • Deprecate auxillary public packages: As part of the V2 update described above, we have started deprecating some of the auxillary packages
    which are not commonly used to give us more room to make better API designs. These include:
    • config
    • depsdev
    • grouper
    • spdx

Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Oct 29, 2024
@forking-renovate Forking Renovate
Copy link

ℹ Artifact update notice

File name: vulnfeeds/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 11 additional dependencies were updated

Details:

Package Change
cloud.google.com/go v0.115.1 -> v0.116.0
cloud.google.com/go/auth v0.9.3 -> v0.9.9
cloud.google.com/go/compute/metadata v0.5.1 -> v0.5.2
golang.org/x/time v0.6.0 -> v0.7.0
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 -> v0.0.0-20240903120638-7835f813f4da
google.golang.org/api v0.197.0 -> v0.203.0
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20241015192408-796eee8c2d53
google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20241007155032-5fefd90f89a9
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20241015192408-796eee8c2d53
google.golang.org/grpc v1.67.0 -> v1.67.1
google.golang.org/protobuf v1.34.2 -> v1.35.1

@forking-renovate Forking Renovate
Copy link

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@hogo6002 hogo6002 merged commit 40dbb9d into google:master Nov 1, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hogo6002 hogo6002 hogo6002 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @hogo6002