Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): lock file maintenance vulnfeeds #2998

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): lock file maintenance vulnfeeds #2998

wants to merge 1 commit into from
+175 −273

Conversation

renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Dec 17, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
lockFileMaintenance All locks refreshed
cloud.google.com/go/secretmanager require patch v1.14.2 -> v1.14.3 age adoption passing confidence
pylint (changelog) dev-dependencies patch 3.3.2 -> 3.3.3 age adoption passing confidence
cloud.google.com/go/logging require minor v1.12.0 -> v1.13.0 age adoption passing confidence
github.com/go-git/go-git/v5 require minor v5.12.0 -> v5.13.1 age adoption passing confidence
github.com/google/osv-scanner require patch v1.9.1 -> v1.9.2 age adoption passing confidence
golang.org/x/exp require digest 1829a12 -> 7d7fa50 age adoption passing confidence

🔧 This Pull Request updates lock files to use the latest dependency versions.

Release Notes

pylint-dev/pylint (pylint)

v3.3.3

Compare Source

What's new in Pylint 3.3.3?

Release date: 2024-12-23

False Positives Fixed

  • Fix false positives for undefined-variable for classes using Python 3.12
    generic type syntax.

    Closes #​9335

  • Fix a false positive for use-implicit-booleaness-not-len. No lint should be emitted for
    generators (len is not defined for generators).

    Refs #​10100

Other Bug Fixes

  • Fix Unable to import 'collections.abc' (import-error) on Python 3.13.1.

    Closes #​10112

go-git/go-git (github.com/go-git/go-git/v5)

v5.13.1

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.13.0...v5.13.1

v5.13.0

Compare Source

What's Changed

New Contributors

Full Changelog: go-git/go-git@v5.12.0...v5.13.0

google/osv-scanner (github.com/google/osv-scanner)

v1.9.2

Compare Source

Changelog

Fixes:
  • Bug #​1327 Parsing crash on malformed pnpm lockfile.
  • Bug #​1377 Warn if a vulnerability is ignored multiple times in the same config.
  • Bug #​1394 Guided remediation: handle extraneous/missing packages in package-lock.json more leniently.
  • Bug #​1443 Go call analysis now works with Go version up to v1.23.4.
  • Bug #​1436 Only fetch Maven snapshots and releases when enabled.
  • Bug #​1456 Remove redundant calls from PreFetch.

New Contributors

Full Changelog: google/osv-scanner@v1.9.1...v1.9.2

Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Dec 17, 2024
@renovate-bot renovate-bot force-pushed the renovate/vulnfeeds branch 4 times, most recently from b404d59 to 43bfcee Compare December 24, 2024 04:16
@forking-renovate Forking Renovate
Copy link

forking-renovate bot commented Dec 28, 2024
edited
Loading

ℹ Artifact update notice

File name: vulnfeeds/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 23 additional dependencies were updated

Details:

Package Change
cloud.google.com/go v0.116.0 -> v0.117.0
cloud.google.com/go/auth v0.9.9 -> v0.13.0
cloud.google.com/go/auth/oauth2adapt v0.2.4 -> v0.2.6
cloud.google.com/go/compute/metadata v0.5.2 -> v0.6.0
cloud.google.com/go/iam v1.2.1 -> v1.2.2
cloud.google.com/go/longrunning v0.6.1 -> v0.6.2
github.com/ProtonMail/go-crypto v1.0.0 -> v1.1.3
github.com/cyphar/filepath-securejoin v0.2.4 -> v0.3.6
github.com/go-git/go-billy/v5 v5.5.0 -> v5.6.1
github.com/googleapis/gax-go/v2 v2.13.0 -> v2.14.0
github.com/skeema/knownhosts v1.2.2 -> v1.3.0
go.opentelemetry.io/otel v1.29.0 -> v1.31.0
go.opentelemetry.io/otel/metric v1.29.0 -> v1.31.0
go.opentelemetry.io/otel/trace v1.29.0 -> v1.31.0
golang.org/x/net v0.32.0 -> v0.33.0
golang.org/x/oauth2 v0.23.0 -> v0.24.0
golang.org/x/time v0.7.0 -> v0.8.0
google.golang.org/api v0.203.0 -> v0.214.0
google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 -> v0.0.0-20241118233622-e639e219e697
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 -> v0.0.0-20241118233622-e639e219e697
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/grpc v1.67.1 -> v1.69.0
google.golang.org/protobuf v1.35.1 -> v1.35.2

@renovate-bot renovate-bot force-pushed the renovate/vulnfeeds branch 2 times, most recently from 3182a7e to ecf93a6 Compare January 2, 2025 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hogo6002 hogo6002 hogo6002 approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@renovate-bot @hogo6002