search

google / osv.dev

Open source vulnerability DB and triage service.
https://osv.dev
Apache License 2.0
1.49k stars 186 forks source link

chore(deps): lock file maintenance vulnfeeds #2630

Closed renovate-bot closed 1 week ago

renovate-bot commented 1 week ago

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
lockFileMaintenance All locks refreshed
cloud.google.com/go/secretmanager require patch v1.14.0 -> v1.14.1 age adoption passing confidence
github.com/google/osv-scanner require patch v1.8.4 -> v1.8.5 age adoption passing confidence

🔧 This Pull Request updates lock files to use the latest dependency versions.

Release Notes

google/osv-scanner (github.com/google/osv-scanner) ### [`v1.8.5`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v185) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.4...v1.8.5) ##### Features: - [Feature #​1160](https://redirect.github.com/google/osv-scanner/pull/1160) Support fetching snapshot versions from a Maven registry. - [Feature #​1177](https://redirect.github.com/google/osv-scanner/pull/1177) Support composite-based package overrides. This allows for ignoring entire manifests when scanning. - [Feature #​1210](https://redirect.github.com/google/osv-scanner/pull/1210) Add FIXED-VULN-IDS to guided remediation non-interactive output. ##### Fixes: - [Bug #​1220](https://redirect.github.com/google/osv-scanner/issues/1220) Fix govulncheck calls on C code. - [Bug #​1236](https://redirect.github.com/google/osv-scanner/pull/1236) Alpine package scanning now falls back to latest release version if no release version can be found.

Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR was generated by Mend Renovate. View the repository job log.

forking-renovate[bot] commented 1 week ago

ℹ Artifact update notice

File name: vulnfeeds/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

Details:

Package Change
cloud.google.com/go/auth v0.9.0 -> v0.9.3
cloud.google.com/go/iam v1.1.13 -> v1.2.0
cloud.google.com/go/longrunning v0.5.11 -> v0.6.0
github.com/googleapis/enterprise-certificate-proxy v0.3.2 -> v0.3.3
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 -> v0.54.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 -> v0.54.0
go.opentelemetry.io/otel v1.28.0 -> v1.29.0
go.opentelemetry.io/otel/metric v1.28.0 -> v1.29.0
go.opentelemetry.io/otel/trace v1.28.0 -> v1.29.0
google.golang.org/api v0.193.0 -> v0.196.0
google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 -> v0.0.0-20240903143218-8af14fe29dc1
google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 -> v0.0.0-20240903143218-8af14fe29dc1
google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 -> v0.0.0-20240903143218-8af14fe29dc1
google.golang.org/grpc v1.65.0 -> v1.66.0