Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): lock file maintenance vulnfeeds (#1832)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | [cloud.google.com/go/secretmanager](https://togithub.com/googleapis/google-cloud-go) | require | patch | `v1.11.1` -> `v1.11.4` | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.9.0` -> `v5.10.1` | | [github.com/google/go-cmp](https://togithub.com/google/go-cmp) | require | minor | `v0.5.9` -> `v0.6.0` | | [github.com/google/osv-scanner](https://togithub.com/google/osv-scanner) | require | patch | `v1.4.0` -> `v1.4.3` | | golang | stage | digest | `f475434` -> `70afe55` | | golang.org/x/exp | require | digest | `7918f67` -> `6522937` | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.10.1`](https://togithub.com/go-git/go-git/releases/tag/v5.10.1) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.0...v5.10.1) #### What's Changed - Worktree, ignore ModeSocket files by [@​steiler](https://togithub.com/steiler) in [go-git/go-git#930 - git: add tracer package by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#916 - remote: Flip clause for fast-forward only check by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#875 - plumbing: transport/ssh, Fix nil pointer dereference caused when an unreachable proxy server is set. Fixes [#​900](https://togithub.com/go-git/go-git/issues/900) by [@​anandf](https://togithub.com/anandf) in [go-git/go-git#901 - plumbing: uppload-server-info, implement upload-server-info by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#896 - plumbing: optimise memory consumption for filesystem storage by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#799 - plumbing: format/packfile, Refactor patch delta by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#908 - plumbing: fix empty uploadpack request error by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#932 - plumbing: transport/git, Improve tests error message by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#752 - plumbing: format/pktline, Respect pktline error-line errors by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#936 - utils: remove ioutil.Pipe and use std library io.Pipe by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#922 - utils: move trace to utils by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#931 - cli: separate go module for cli by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#914 - build: bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#887 - build: bump actions/setup-go from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#891 - build: bump github.com/skeema/knownhosts from 1.2.0 to 1.2.1 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#888 - build: bump actions/checkout from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#890 - build: bump golang.org/x/sys from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#907 - build: bump golang.org/x/text from 0.13.0 to 0.14.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#906 - build: bump golang.org/x/crypto from 0.14.0 to 0.15.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#917 - build: bump golang.org/x/net from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#918 #### New Contributors - [@​anandf](https://togithub.com/anandf) made their first contribution in [go-git/go-git#901 - [@​steiler](https://togithub.com/steiler) made their first contribution in [go-git/go-git#930 **Full Changelog**: go-git/go-git@v5.10.0...v5.10.1 ### [`v5.10.0`](https://togithub.com/go-git/go-git/releases/tag/v5.10.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.9.0...v5.10.0) #### What's Changed - PlainInitOptions.Bare and allow using InitOptions with PlainInitWithOptions by [@​ThinkChaos](https://togithub.com/ThinkChaos) in [go-git/go-git#782 - Worktree, apply ProxyOption on Pull by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#840 - Repository: add clone --shared feature by [@​enverbisevac](https://togithub.com/enverbisevac) in [go-git/go-git#860 - build: Add github workflow to check commit message format by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#867 - Improve handling of remote errors by [@​makkes](https://togithub.com/makkes) in [go-git/go-git#866 - build(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [go-git/go-git#873 - plumbing: commitgraph, Add generation v2 support by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#869 - plumbing: protocol/packp, Add validation for decodeLine by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#868 - plumbing: parse the encoding header of the commit object by [@​liwenqiu](https://togithub.com/liwenqiu) in [go-git/go-git#761 - plumbing: commitgraph, allow SHA256 commit-graphs by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#853 - plumbing: commitgraph, Allow reading commit-graph chains by [@​zeripath](https://togithub.com/zeripath) in [go-git/go-git#854 - plumbing/object: Support mergetag in merge commits by [@​adityasaky](https://togithub.com/adityasaky) in [go-git/go-git#847 #### New Contributors - [@​nodivbyzero](https://togithub.com/nodivbyzero) made their first contribution in [go-git/go-git#840 - [@​adityasaky](https://togithub.com/adityasaky) made their first contribution in [go-git/go-git#847 - [@​hezhizhen](https://togithub.com/hezhizhen) made their first contribution in [go-git/go-git#836 - [@​0x34d](https://togithub.com/0x34d) made their first contribution in [go-git/go-git#855 - [@​liwenqiu](https://togithub.com/liwenqiu) made their first contribution in [go-git/go-git#761 - [@​enverbisevac](https://togithub.com/enverbisevac) made their first contribution in [go-git/go-git#860 - [@​makkes](https://togithub.com/makkes) made their first contribution in [go-git/go-git#866 **Full Changelog**: go-git/go-git@v5.9.0...v5.10.0 </details> <details> <summary>google/go-cmp (github.com/google/go-cmp)</summary> ### [`v0.6.0`](https://togithub.com/google/go-cmp/releases/tag/v0.6.0) [Compare Source](https://togithub.com/google/go-cmp/compare/v0.5.9...v0.6.0) New API: - ([#​340](https://togithub.com/google/go-cmp/issues/340)) Add `cmpopts.EquateComparable` Documentation changes: - ([#​337](https://togithub.com/google/go-cmp/issues/337)) Use of hotlinking of Go identifiers Build changes: - ([#​325](https://togithub.com/google/go-cmp/issues/325)) Remove purego fallbacks Testing changes: - ([#​322](https://togithub.com/google/go-cmp/issues/322)) Run tests for Go 1.20 version - ([#​332](https://togithub.com/google/go-cmp/issues/332)) Pin GitHub action versions - ([#​327](https://togithub.com/google/go-cmp/issues/327)) set workflow permission to read-only </details> <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.4.3`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v143) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.2...v1.4.3) ##### Features - [Feature #​621](https://togithub.com/google/osv-scanner/pull/621) Add support for scanning vendored C/C++ files. - [Feature #​581](https://togithub.com/google/osv-scanner/pull/581) Scan submodules commit hashes. ##### Fixes - [Bug #​626](https://togithub.com/google/osv-scanner/issues/626) Fix gitignore matching for root directory - [Bug #​622](https://togithub.com/google/osv-scanner/issues/622) Go binary not found should not be an error - [Bug #​588](https://togithub.com/google/osv-scanner/issues/588) handle npm/yarn aliased packages - [Bug #​607](https://togithub.com/google/osv-scanner/pull/607) fix: remove some extra newlines in sarif report ### [`v1.4.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v142) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.1...v1.4.2) ##### Fixes - [Bug #​574](https://togithub.com/google/osv-scanner/issues/574) Support versions with build metadata in `yarn.lock` files - [Bug #​599](https://togithub.com/google/osv-scanner/issues/599) Add name field to sarif rule output ### [`v1.4.1`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v141) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.0...v1.4.1) ##### Features - [Feature #​534](https://togithub.com/google/osv-scanner/pull/534) New SARIF format that separates out individual vulnerabilities, see https://github.com/google/osv-scanner/issue/216 - [Experimental Feature #​57](https://togithub.com/google/osv-scanner/issues/57) Experimental Github Action! Have a look at https://google.github.io/osv-scanner/experimental/ for how to use the new Github Action in your repo. Experimental, so might change with only a minor update. ##### API Features - [Feature #​557](https://togithub.com/google/osv-scanner/pull/557) Add new ecosystems, and a slice containing all of them. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
- Loading branch information