Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update osv-scanner minor #1532

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update osv-scanner minor #1532

wants to merge 1 commit into from
+63 −60

Conversation

renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Jan 26, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
deps.dev/api/v3 v3.0.0-20250114022823-c1ebdca3d00a -> v3.0.0-20250129021108-7b38e5d02c19 age adoption passing confidence require patch
deps.dev/util/maven c1ebdca -> 7b38e5d age adoption passing confidence require digest
deps.dev/util/resolve c1ebdca -> 7b38e5d age adoption passing confidence require digest
deps.dev/util/semver c1ebdca -> 7b38e5d age adoption passing confidence require digest
github.com/gkampitakis/go-snaps v0.5.8 -> v0.5.9 age adoption passing confidence require patch
github.com/go-git/go-git/v5 v5.13.1 -> v5.13.2 age adoption passing confidence require patch
github.com/google/osv-scalibr 34aef7c -> 358fcf5 require digest
github.com/ossf/osv-schema/bindings/go 8059be3 -> d868137 age adoption passing confidence require digest
golang.org/x/exp 7588d65 -> e0ece0d age adoption passing confidence require digest
google.golang.org/grpc v1.69.4 -> v1.70.0 age adoption passing confidence require minor
google.golang.org/protobuf v1.36.3 -> v1.36.4 age adoption passing confidence require patch

Release Notes

gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)

v0.5.9

Compare Source

What's Changed

Full Changelog: gkampitakis/go-snaps@v0.5.8...v0.5.9

Kudos to @​orloffv for this issue https://github.com/gkampitakis/go-snaps/pull/116

go-git/go-git (github.com/go-git/go-git/v5)

v5.13.2

Compare Source

What's Changed

Full Changelog: go-git/go-git@v5.13.1...v5.13.2

grpc/grpc-go (google.golang.org/grpc)

v1.70.0: Release 1.70.0

Compare Source

Behavior Changes

  • client: reject service configs containing an invalid retryPolicy in accordance with gRFCs A21 and A6. (#​7905)
    • Note that this is a potential breaking change for some users using an invalid configuration, but continuing to allow this behavior would violate our cross-language compatibility requirements.

New Features

  • xdsclient: fallback to a secondary management server (if specified in the bootstrap configuration) when the primary is down is enabled by default. Can be disabled by setting the environment variable GRPC_EXPERIMENTAL_XDS_FALLBACK to false. (#​7949)
  • experimental/credentials: experimental transport credentials are added which don't enforce ALPN. (#​7980)
    • These credentials will be removed in an upcoming grpc-go release. Users must not rely on these credentials directly. Instead, they should either vendor a specific version of gRPC or copy the relevant credentials into their own codebase if absolutely necessary.

Bug Fixes

  • xds: fix a possible deadlock that happens when both the client application and the xDS management server (responsible for configuring the client) are using the xds:/// scheme in their target URIs. (#​8011)

Performance

  • server: for unary requests, free raw request message data as soon as parsing is finished instead of waiting until the method handler returns. (#​7998)

Documentation

  • examples/features/gracefulstop: add example to demonstrate server graceful stop. (#​7865)
protocolbuffers/protobuf-go (google.golang.org/protobuf)

v1.36.4

Compare Source

Full Changelog: protocolbuffers/protobuf-go@v1.36.3...v1.36.4

Bug fixes:
CL/642975: reflect/protodesc: fix panic when working with dynamicpb

Maintenance:
CL/643276: internal_gengo: avoid allocations in rawDescGZIP() accessors
CL/642857: internal_gengo: switch back from string literal to hex byte slice
CL/642055: internal_gengo: use unsafe.StringData() to avoid a descriptor copy
CL/638135: internal_gengo: store raw descriptor in .rodata section

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Jan 26, 2025
@forking-renovate Forking Renovate
Copy link

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 7 additional dependencies were updated

Details:

Package Change
github.com/ProtonMail/go-crypto v1.1.3 -> v1.1.5
github.com/pjbgf/sha1cd v0.3.0 -> v0.3.2
go.opentelemetry.io/otel v1.31.0 -> v1.32.0
go.opentelemetry.io/otel/metric v1.31.0 -> v1.32.0
go.opentelemetry.io/otel/trace v1.31.0 -> v1.32.0
google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 -> v0.0.0-20241202173237-19429a94021a
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 -> v0.0.0-20241202173237-19429a94021a

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from 2eec4db to e2afca9 Compare January 27, 2025 20:43
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 3 times, most recently from da5c39d to e02cc3c Compare January 28, 2025 02:05
@codecov-commenter
Copy link

codecov-commenter commented Jan 28, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.29%. Comparing base (cd7cc8a) to head (3a0d3ac).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1532      +/-   ##
==========================================
- Coverage   69.31%   69.29%   -0.02%     
==========================================
  Files         200      200              
  Lines       19038    19038              
==========================================
- Hits        13196    13193       -3     
- Misses       5135     5137       +2     
- Partials      707      708       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 7 times, most recently from 4804d6c to c83e431 Compare January 30, 2025 00:56
@cuixq
Copy link
Contributor

cuixq commented Jan 30, 2025

google/osv-scalibr@358fcf5 should fix the go.mod issue

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from c83e431 to 6e57292 Compare January 30, 2025 03:11
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from 6e57292 to 3a0d3ac Compare January 30, 2025 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cuixq cuixq cuixq approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renovate-bot @codecov-commenter @cuixq