{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":565629124,"defaultBranch":"main","name":"osv-scanner","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-11-14T01:05:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1715300910.0","currentOid":""},"activityList":{"items":[{"before":"6f96ecb86ee791b6a76152fab22ebf7918149a04","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-6ae23530b6","pushedAt":"2024-05-10T00:28:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"6f96ecb86ee791b6a76152fab22ebf7918149a04","ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-6ae23530b6","pushedAt":"2024-05-09T04:00:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the npm_and_yarn group across 1 directory with 31 updates\n\nBumps the npm_and_yarn group with 27 updates in the /internal/remediation/fixtures/santatracker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |\n| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |\n| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |\n| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |\n| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |\n| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.5` |\n| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |\n| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |\n| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |\n| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.11.3` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |\n| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |\n| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |\n| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |\n| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |\n| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.4.0` |\n| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |\n| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |\n| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |\n| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |\n\n\n\nUpdates `dat.gui` from 0.7.3 to 0.7.8\n- [Release notes](https://github.com/dataarts/dat.gui/releases)\n- [Commits](https://github.com/dataarts/dat.gui/compare/v0.7.3...v0.7.8)\n\nUpdates `google-closure-library` from v20190909.0.0 to 20200315.0.0\n- [Release notes](https://github.com/google/closure-library/releases)\n- [Commits](https://github.com/google/closure-library/compare/v20190909...v20200315)\n\nUpdates `jsdom` from 12.2.0 to 16.5.0\n- [Release notes](https://github.com/jsdom/jsdom/releases)\n- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)\n- [Commits](https://github.com/jsdom/jsdom/compare/12.2.0...16.5.0)\n\nUpdates `json5` from 2.1.0 to 2.2.2\n- [Release notes](https://github.com/json5/json5/releases)\n- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/json5/json5/compare/v2.1.0...v2.2.2)\n\nUpdates `terser` from 3.10.11 to 4.8.1\n- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/terser/terser/compare/3.10.11...v4.8.1)\n\nUpdates `semver` from 5.5.1 to 5.7.2\n- [Release notes](https://github.com/npm/node-semver/releases)\n- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)\n- [Commits](https://github.com/npm/node-semver/compare/v5.5.1...v5.7.2)\n\nUpdates `@babel/traverse` from 7.6.0 to 7.24.5\n- [Release notes](https://github.com/babel/babel/releases)\n- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/babel/babel/commits/v7.24.5/packages/babel-traverse)\n\nUpdates `y18n` from 4.0.0 to 4.0.3\n- [Release notes](https://github.com/yargs/y18n/releases)\n- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)\n- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)\n\nUpdates `yargs-parser` from 10.1.0 to 21.1.1\n- [Release notes](https://github.com/yargs/yargs-parser/releases)\n- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs-parser/compare/v10.1.0...yargs-parser-v21.1.1)\n\nUpdates `yargs` from 12.0.2 to 17.7.2\n- [Release notes](https://github.com/yargs/yargs/releases)\n- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs/compare/v12.0.2...v17.7.2)\n\nUpdates `acorn` from 5.7.3 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 7.1.0 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 6.0.2 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `ajv` from 5.5.2 to 6.12.6\n- [Release notes](https://github.com/ajv-validator/ajv/releases)\n- [Commits](https://github.com/ajv-validator/ajv/compare/v5.5.2...v6.12.6)\n\nUpdates `browserslist` from 4.3.2 to 4.7.0\n- [Release notes](https://github.com/browserslist/browserslist/releases)\n- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/browserslist/browserslist/compare/4.3.2...4.7.0)\n\nUpdates `node-fetch` from 2.6.6 to 2.6.7\n- [Release notes](https://github.com/node-fetch/node-fetch/releases)\n- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)\n\nUpdates `firebase` from 8.10.0 to 8.10.1\n- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)\n- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)\n\nUpdates `get-func-name` from 2.0.0 to 2.0.2\n- [Release notes](https://github.com/chaijs/get-func-name/releases)\n- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)\n\nUpdates `glob-parent` from 5.0.0 to 5.1.2\n- [Release notes](https://github.com/gulpjs/glob-parent/releases)\n- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2)\n\nUpdates `tough-cookie` from 2.4.3 to 2.5.0\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.4.3...v2.5.0)\n\nUpdates `ws` from 6.2.1 to 6.2.2\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/6.2.1...6.2.2)\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n- [Commits](https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0)\n\nUpdates `jsprim` from 1.4.1 to 1.4.2\n- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)\n- [Commits](https://github.com/joyent/node-jsprim/compare/v1.4.1...v1.4.2)\n\nUpdates `lodash` from 4.17.20 to 4.17.21\n- [Release notes](https://github.com/lodash/lodash/releases)\n- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)\n- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)\n\nUpdates `mocha` from 5.2.0 to 10.4.0\n- [Release notes](https://github.com/mochajs/mocha/releases)\n- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v10.4.0)\n\nUpdates `mocha-headless-server` from 0.1.2 to 0.1.4\n- [Commits](https://github.com/samthor/mocha-headless-server/commits)\n\nUpdates `node-forge` from 0.10.0 to 1.3.1\n- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/digitalbazaar/forge/compare/0.10.0...v1.3.1)\n\nUpdates `google-p12-pem` from 3.1.2 to 3.1.4\n- [Release notes](https://github.com/googleapis/google-p12-pem/releases)\n- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-p12-pem/compare/v3.1.2...v3.1.4)\n\nUpdates `path-parse` from 1.0.6 to 1.0.7\n- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)\n\nUpdates `pathval` from 1.1.0 to 1.1.1\n- [Release notes](https://github.com/chaijs/pathval/releases)\n- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1)\n\nUpdates `qs` from 6.5.2 to 6.5.3\n- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)\n\nUpdates `request` from 2.88.0 to 2.88.2\n- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/request/request/commits)\n\n---\nupdated-dependencies:\n- dependency-name: dat.gui\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: google-closure-library\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: jsdom\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: json5\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: terser\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: semver\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@babel/traverse\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: y18n\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs-parser\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ajv\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: browserslist\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: node-fetch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: firebase\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: get-func-name\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: glob-parent\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: tough-cookie\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ws\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: json-schema\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: jsprim\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: lodash\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: minimatch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: mocha\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: mocha-headless-server\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: node-forge\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: google-p12-pem\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: path-parse\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: pathval\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: qs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: request\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the npm_and_yarn group across 1 directory with 31 u…"}},{"before":"645d5b0bb9c14741b2147a5305b684e4abc039e0","after":"5e53ae86671c98c24469eaf5742b163eabc07995","ref":"refs/heads/main","pushedAt":"2024-05-09T03:55:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"GR: Add test universe generation script and tests for patch generation (#967)\n\nMade a go script that creates a universe file for the\r\n`MockResolutionClient` (#909) from the current real deps.dev & OSV data\r\nused during in-place / relock / relax computation.\r\n\r\nThis has let me add some real-world in-place & relax patch generation\r\ntest cases to test for regression without it breaking constantly due to\r\nnew versions. I've only added one universe because the files are pretty\r\nlarge.\r\n\r\nThe in-place/relax patch generation tests are basically end-to-end tests\r\n- it's not really written in a way that makes testing only the patch\r\ncomputation functionality possible. (This might be a code smell, but I\r\ndon't think it's practical to structure the code in such a way).","shortMessageHtmlLink":"GR: Add test universe generation script and tests for patch generation ("}},{"before":"90e628cb43c44a9d9d1a18e646e168ea7bccaabf","after":"645d5b0bb9c14741b2147a5305b684e4abc039e0","ref":"refs/heads/main","pushedAt":"2024-05-08T06:08:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update golang:1.21-alpine3.19 docker digest to b3aea8d (#973)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | digest | `ed8ce6c` -> `b3aea8d` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->","shortMessageHtmlLink":"chore(deps): update golang:1.21-alpine3.19 docker digest to b3aea8d (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284752507\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/973\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/973/hovercard\" href=\"https://github.com/google/osv-scanner/pull/973\">#…</a>"}},{"before":"f86f846ee1ababfec4a074721591b93ba0c16778","after":"90e628cb43c44a9d9d1a18e646e168ea7bccaabf","ref":"refs/heads/main","pushedAt":"2024-05-08T05:42:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"v1.7.3 changelog and version bump (#972)","shortMessageHtmlLink":"v1.7.3 changelog and version bump (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284662044\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/972\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/972/hovercard\" href=\"https://github.com/google/osv-scanner/pull/972\">#972</a>)"}},{"before":"3be8effba8947e491192f5974d1af22a9bf75718","after":"f86f846ee1ababfec4a074721591b93ba0c16778","ref":"refs/heads/main","pushedAt":"2024-05-08T04:17:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update gomod go version (#971)\n\nUpdate to the latest go1.21 version","shortMessageHtmlLink":"Update gomod go version (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284634397\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/971\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/971/hovercard\" href=\"https://github.com/google/osv-scanner/pull/971\">#971</a>)"}},{"before":"e2adeb55120e84ebc14efa4df71693bf1b5a5c89","after":"3be8effba8947e491192f5974d1af22a9bf75718","ref":"refs/heads/main","pushedAt":"2024-05-08T00:30:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Fix tests; add newly discovered vulns (#970)\n\nI wish they would stop discovering new vulnerabilities.","shortMessageHtmlLink":"Fix tests; add newly discovered vulns (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284429217\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/970\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/970/hovercard\" href=\"https://github.com/google/osv-scanner/pull/970\">#970</a>)"}},{"before":"56ab40c293c02a6027ffc9f774016597eaf96b4f","after":null,"ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-07T01:44:20.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"}},{"before":"cc7261ec1186504a65712ede7a3eb2de77e4d42d","after":"e2adeb55120e84ebc14efa4df71693bf1b5a5c89","ref":"refs/heads/main","pushedAt":"2024-05-07T01:44:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update go.mod to 1.21.9 (#907)","shortMessageHtmlLink":"Update go.mod to 1.21.9 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2234499284\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/907\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/907/hovercard\" href=\"https://github.com/google/osv-scanner/pull/907\">#907</a>)"}},{"before":"9fee15096f987411e86bb71a40b59d141360ced4","after":"cc7261ec1186504a65712ede7a3eb2de77e4d42d","ref":"refs/heads/main","pushedAt":"2024-05-06T23:51:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"chore: import `sys` in Python generators (#966)\n\nThe irony of this is not lost on me 😅","shortMessageHtmlLink":"chore: import <code>sys</code> in Python generators (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2281956506\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/966\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/966/hovercard\" href=\"https://github.com/google/osv-scanner/pull/966\">#966</a>)"}},{"before":"94dc496e862c5454eaf8c1c85380fc06302a4ed7","after":"9fee15096f987411e86bb71a40b59d141360ced4","ref":"refs/heads/main","pushedAt":"2024-05-06T07:52:31.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: upgrade `golangci/golangci-lint-action` to v5 (#964)\n\nCherry-picked from #897\r\n\r\n---\r\n\r\nWe can drop the `skip-pkg-cache` option now as caching has been removed\r\nin favor of `actions/setup-go`s caching","shortMessageHtmlLink":"ci: upgrade <code>golangci/golangci-lint-action</code> to v5 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2279944423\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/964\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/964/hovercard\" href=\"https://github.com/google/osv-scanner/pull/964\">#964</a>)"}},{"before":"cbc967811e30dba675850f88e70612461cd3264b","after":"94dc496e862c5454eaf8c1c85380fc06302a4ed7","ref":"refs/heads/main","pushedAt":"2024-05-06T07:52:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore: only extract versions from packages in the generator ecosystem (#957)\n\nCherry-picked from https://github.com/G-Rath/osv-detector/pull/241\r\n\r\n---\r\n\r\nCurrently the generators assume that all packages in an OSV are for\r\ntheir respective ecosystem which since they download ecosystem-specific\r\ndatabases is _mostly_ true, but there are a few OSVs that are for\r\npackages that exist across more than one ecosystem.\r\n\r\nThis has not been a problem up until now because either the versions in\r\nsuch OSVs happen to be compatible with native ecosystem version parser\r\nor we're skipping invalid versions for legacy reasons, but now\r\nGHSA-5844-q3fc-56rh exists which has versions that are invalid in Ruby.","shortMessageHtmlLink":"chore: only extract versions from packages in the generator ecosystem (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274060615\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/957\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/957/hovercard\" href=\"https://github.com/google/osv-scanner/pull/957\">…</a>"}},{"before":"9df682974cc0245e3feccc394e1c515e81c30726","after":"cbc967811e30dba675850f88e70612461cd3264b","ref":"refs/heads/main","pushedAt":"2024-05-06T07:50:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"refactor: encapsulate getting the working directory in a helper function (#961)\n\nThis \"improves\" our coverage artificially since the unhappy path is not\r\ncoverable and this reduces us from three uncoverable lines to one.\r\n\r\nI think this is worth doing as it feels more representative especially\r\nsince we're panicking meaning we consider this a very unlikely and \"on\r\nfire\" situation, so we're hiding that within a particular function whose\r\nname makes that clear a la `regexp.MustCompile`","shortMessageHtmlLink":"refactor: encapsulate getting the working directory in a helper funct…"}},{"before":"7360e3aadd94b4eaa2f1419378c88cd21d8798ca","after":"9df682974cc0245e3feccc394e1c515e81c30726","ref":"refs/heads/main","pushedAt":"2024-05-06T01:41:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"refactor: apply Rubocop to Ruby generator (#956)\n\nCherry-pick of https://github.com/G-Rath/osv-detector/pull/240\r\n\r\n---\r\n\r\nThis is all pretty harmless but there's some nice small improvements in\r\nhere","shortMessageHtmlLink":"refactor: apply Rubocop to Ruby generator (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274055819\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/956\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/956/hovercard\" href=\"https://github.com/google/osv-scanner/pull/956\">#956</a>)"}},{"before":"57578ab37a0ebba1b2cf3f8cf58fa662aa6e53e0","after":"7360e3aadd94b4eaa2f1419378c88cd21d8798ca","ref":"refs/heads/main","pushedAt":"2024-05-06T01:41:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"test: remove future snapshots (#960)\n\nThese got included in #938 even though they're for #937 and it seems\r\nthat `go-snaps` does not error about this even though it will clean them\r\nup if run with `UPDATE_SNAPS=clean`.","shortMessageHtmlLink":"test: remove future snapshots (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2276845883\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/960\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/960/hovercard\" href=\"https://github.com/google/osv-scanner/pull/960\">#960</a>)"}},{"before":"f0cd900a5f9e1695f7af12b271fdbdaef90e77b4","after":"57578ab37a0ebba1b2cf3f8cf58fa662aa6e53e0","ref":"refs/heads/main","pushedAt":"2024-05-06T01:37:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#935)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [actions/checkout](https://togithub.com/actions/checkout) | action |\r\npatch | `v4.1.1` -> `v4.1.4` |\r\n|\r\n[actions/download-artifact](https://togithub.com/actions/download-artifact)\r\n| action | patch | `v4.1.4` -> `v4.1.7` |\r\n| [actions/setup-go](https://togithub.com/actions/setup-go) | action |\r\npatch | `v5.0.0` -> `v5.0.1` |\r\n|\r\n[actions/upload-artifact](https://togithub.com/actions/upload-artifact)\r\n| action | patch | `v4.3.1` -> `v4.3.3` |\r\n| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)\r\n| action | patch | `v4.3.0` -> `v4.3.1` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | minor | `v3.24.10` -> `v3.25.3` |\r\n|\r\n[golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action)\r\n| action | patch | `v4.0.0` -> `v4.0.1` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>actions/checkout (actions/checkout)</summary>\r\n\r\n###\r\n[`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4)\r\n\r\n- Disable `extensions.worktreeConfig` when disabling `sparse-checkout`\r\nby [@&#8203;jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1692](https://togithub.com/actions/checkout/pull/1692)\r\n- Add dependabot config by\r\n[@&#8203;cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1688](https://togithub.com/actions/checkout/pull/1688)\r\n- Bump the minor-actions-dependencies group with 2 updates by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1693](https://togithub.com/actions/checkout/pull/1693)\r\n- Bump word-wrap from 1.2.3 to 1.2.5 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1643](https://togithub.com/actions/checkout/pull/1643)\r\n\r\n###\r\n[`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3)\r\n\r\n#### What's Changed\r\n\r\n- Update `actions/checkout` version in `update-main-version.yml` by\r\n[@&#8203;jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1650](https://togithub.com/actions/checkout/pull/1650)\r\n- Check git version before attempting to disable `sparse-checkout` by\r\n[@&#8203;jww3](https://togithub.com/jww3) in\r\n[https://github.com/actions/checkout/pull/1656](https://togithub.com/actions/checkout/pull/1656)\r\n- Add SSH user parameter by\r\n[@&#8203;cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1685](https://togithub.com/actions/checkout/pull/1685)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/checkout/compare/v4.1.2...v4.1.3\r\n\r\n###\r\n[`v4.1.2`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.1...v4.1.2)\r\n\r\n- Fix: Disable sparse checkout whenever `sparse-checkout` option is not\r\npresent [@&#8203;dscho](https://togithub.com/dscho) in\r\n[https://github.com/actions/checkout/pull/1598](https://togithub.com/actions/checkout/pull/1598)\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>actions/download-artifact (actions/download-artifact)</summary>\r\n\r\n###\r\n[`v4.1.7`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.6...v4.1.7)\r\n\r\n#### What's Changed\r\n\r\n- Update\r\n[@&#8203;actions/artifact](https://togithub.com/actions/artifact)\r\ndependency by [@&#8203;bethanyj28](https://togithub.com/bethanyj28) in\r\n[https://github.com/actions/download-artifact/pull/325](https://togithub.com/actions/download-artifact/pull/325)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7\r\n\r\n###\r\n[`v4.1.6`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.5...v4.1.6)\r\n\r\n#### What's Changed\r\n\r\n- updating `@actions/artifact` dependency to v2.1.6 by\r\n[@&#8203;eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/download-artifact/pull/324](https://togithub.com/actions/download-artifact/pull/324)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6\r\n\r\n###\r\n[`v4.1.5`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.4...v4.1.5)\r\n\r\n#### What's Changed\r\n\r\n- Update readme with v3/v2/v1 deprecation notice by\r\n[@&#8203;robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/download-artifact/pull/322](https://togithub.com/actions/download-artifact/pull/322)\r\n- Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact`\r\nto v2.1.5\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>actions/setup-go (actions/setup-go)</summary>\r\n\r\n###\r\n[`v5.0.1`](https://togithub.com/actions/setup-go/releases/tag/v5.0.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-go/compare/v5.0.0...v5.0.1)\r\n\r\n#### What's Changed\r\n\r\n- Bump undici from 5.28.2 to 5.28.3 and dependencies upgrade by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) ,\r\n[@&#8203;HarithaVattikuti](https://togithub.com/HarithaVattikuti) in\r\n[https://github.com/actions/setup-go/pull/465](https://togithub.com/actions/setup-go/pull/465)\r\n- Update documentation with latest V5 release notes by\r\n[@&#8203;ab](https://togithub.com/ab) in\r\n[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)\r\n- Update version documentation by\r\n[@&#8203;178inaba](https://togithub.com/178inaba) in\r\n[https://github.com/actions/setup-go/pull/458](https://togithub.com/actions/setup-go/pull/458)\r\n- Documentation update of `actions/setup-go` to v5 by\r\n[@&#8203;chenrui333](https://togithub.com/chenrui333) in\r\n[https://github.com/actions/setup-go/pull/449](https://togithub.com/actions/setup-go/pull/449)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;ab](https://togithub.com/ab) made their first contribution in\r\n[https://github.com/actions/setup-go/pull/459](https://togithub.com/actions/setup-go/pull/459)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/setup-go/compare/v5.0.0...v5.0.1\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>actions/upload-artifact (actions/upload-artifact)</summary>\r\n\r\n###\r\n[`v4.3.3`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.2...v4.3.3)\r\n\r\n##### What's Changed\r\n\r\n- updating `@actions/artifact` dependency to v2.1.6 by\r\n[@&#8203;eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/upload-artifact/pull/565](https://togithub.com/actions/upload-artifact/pull/565)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3\r\n\r\n###\r\n[`v4.3.2`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.1...v4.3.2)\r\n\r\n#### What's Changed\r\n\r\n- Update release-new-action-version.yml by\r\n[@&#8203;konradpabjan](https://togithub.com/konradpabjan) in\r\n[https://github.com/actions/upload-artifact/pull/516](https://togithub.com/actions/upload-artifact/pull/516)\r\n- Minor fix to the migration readme by\r\n[@&#8203;andrewakim](https://togithub.com/andrewakim) in\r\n[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)\r\n- Update readme with v3/v2/v1 deprecation notice by\r\n[@&#8203;robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/upload-artifact/pull/561](https://togithub.com/actions/upload-artifact/pull/561)\r\n- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`\r\nto v1.0.1 by [@&#8203;eggyhead](https://togithub.com/eggyhead) in\r\n[https://github.com/actions/upload-artifact/pull/562](https://togithub.com/actions/upload-artifact/pull/562)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;andrewakim](https://togithub.com/andrewakim) made their first\r\ncontribution in\r\n[https://github.com/actions/upload-artifact/pull/523](https://togithub.com/actions/upload-artifact/pull/523)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>codecov/codecov-action (codecov/codecov-action)</summary>\r\n\r\n###\r\n[`v4.3.1`](https://togithub.com/codecov/codecov-action/compare/v4.3.0...v4.3.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/codecov/codecov-action/compare/v4.3.0...v4.3.1)\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>github/codeql-action (github/codeql-action)</summary>\r\n\r\n###\r\n[`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)\r\n\r\n###\r\n[`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)\r\n\r\n###\r\n[`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)\r\n\r\n###\r\n[`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>golangci/golangci-lint-action\r\n(golangci/golangci-lint-action)</summary>\r\n\r\n###\r\n[`v4.0.1`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v4.0.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/golangci/golangci-lint-action/compare/v4.0.0...v4.0.1)\r\n\r\n<!-- Release notes generated using configuration in .github/release.yml\r\nat v4.0.1 -->\r\n\r\n#### What's Changed\r\n\r\n##### Documentation\r\n\r\n- docs: update the version of the action used in the README example by\r\n[@&#8203;178inaba](https://togithub.com/178inaba) in\r\n[https://github.com/golangci/golangci-lint-action/pull/977](https://togithub.com/golangci/golangci-lint-action/pull/977)\r\n\r\n##### Dependencies\r\n\r\n- build(deps): bump\r\n[@&#8203;types/semver](https://togithub.com/types/semver) from 7.5.6 to\r\n7.5.7 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/969](https://togithub.com/golangci/golangci-lint-action/pull/969)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 6.20.0 to 6.21.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/970](https://togithub.com/golangci/golangci-lint-action/pull/970)\r\n- build(deps-dev): bump eslint-plugin-simple-import-sort from 10.0.0 to\r\n12.0.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/971](https://togithub.com/golangci/golangci-lint-action/pull/971)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 6.20.0 to 6.21.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/973](https://togithub.com/golangci/golangci-lint-action/pull/973)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.16 to\r\n20.11.17 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/972](https://togithub.com/golangci/golangci-lint-action/pull/972)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.17 to\r\n20.11.19 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/979](https://togithub.com/golangci/golangci-lint-action/pull/979)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 6.21.0 to 7.0.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/980](https://togithub.com/golangci/golangci-lint-action/pull/980)\r\n- build(deps): bump undici from 5.26.3 to 5.28.3 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/976](https://togithub.com/golangci/golangci-lint-action/pull/976)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.19 to\r\n20.11.20 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/985](https://togithub.com/golangci/golangci-lint-action/pull/985)\r\n- build(deps): bump\r\n[@&#8203;types/semver](https://togithub.com/types/semver) from 7.5.7 to\r\n7.5.8 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/986](https://togithub.com/golangci/golangci-lint-action/pull/986)\r\n- build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/987](https://togithub.com/golangci/golangci-lint-action/pull/987)\r\n- build(deps): bump tmp from 0.2.1 to 0.2.3 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/989](https://togithub.com/golangci/golangci-lint-action/pull/989)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 6.21.0 to 7.1.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/988](https://togithub.com/golangci/golangci-lint-action/pull/988)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.20 to\r\n20.11.24 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/990](https://togithub.com/golangci/golangci-lint-action/pull/990)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.1.0 to 7.1.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/991](https://togithub.com/golangci/golangci-lint-action/pull/991)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.24 to\r\n20.11.25 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/992](https://togithub.com/golangci/golangci-lint-action/pull/992)\r\n- build(deps-dev): bump typescript from 5.3.3 to 5.4.2 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/993](https://togithub.com/golangci/golangci-lint-action/pull/993)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.1.0 to 7.1.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/994](https://togithub.com/golangci/golangci-lint-action/pull/994)\r\n- build(deps): bump\r\n[@&#8203;actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 2.2.0 to 2.2.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/995](https://togithub.com/golangci/golangci-lint-action/pull/995)\r\n- build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in\r\n/sample-go-mod by [@&#8203;dependabot](https://togithub.com/dependabot)\r\nin\r\n[https://github.com/golangci/golangci-lint-action/pull/997](https://togithub.com/golangci/golangci-lint-action/pull/997)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.1.1 to 7.2.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/998](https://togithub.com/golangci/golangci-lint-action/pull/998)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.25 to\r\n20.11.28 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1000](https://togithub.com/golangci/golangci-lint-action/pull/1000)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.1.1 to 7.2.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/999](https://togithub.com/golangci/golangci-lint-action/pull/999)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.2.0 to 7.3.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1003](https://togithub.com/golangci/golangci-lint-action/pull/1003)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.28 to\r\n20.11.30 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1004](https://togithub.com/golangci/golangci-lint-action/pull/1004)\r\n- build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1005](https://togithub.com/golangci/golangci-lint-action/pull/1005)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.2.0 to 7.3.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1006](https://togithub.com/golangci/golangci-lint-action/pull/1006)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.11.30 to\r\n20.12.2 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1007](https://togithub.com/golangci/golangci-lint-action/pull/1007)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.3.1 to 7.4.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1008](https://togithub.com/golangci/golangci-lint-action/pull/1008)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.3.1 to 7.4.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1009](https://togithub.com/golangci/golangci-lint-action/pull/1009)\r\n- build(deps): bump undici from 5.28.3 to 5.28.4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1010](https://togithub.com/golangci/golangci-lint-action/pull/1010)\r\n- build(deps-dev): bump typescript from 5.4.3 to 5.4.4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1011](https://togithub.com/golangci/golangci-lint-action/pull/1011)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.12.2 to\r\n20.12.5 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1012](https://togithub.com/golangci/golangci-lint-action/pull/1012)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.4.0 to 7.5.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1013](https://togithub.com/golangci/golangci-lint-action/pull/1013)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.4.0 to 7.5.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1014](https://togithub.com/golangci/golangci-lint-action/pull/1014)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.12.5 to\r\n20.12.7 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1016](https://togithub.com/golangci/golangci-lint-action/pull/1016)\r\n- build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1017](https://togithub.com/golangci/golangci-lint-action/pull/1017)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.5.0 to 7.6.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1019](https://togithub.com/golangci/golangci-lint-action/pull/1019)\r\n- build(deps-dev): bump eslint-plugin-simple-import-sort from 12.0.0 to\r\n12.1.0 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1018](https://togithub.com/golangci/golangci-lint-action/pull/1018)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.5.0 to 7.7.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1022](https://togithub.com/golangci/golangci-lint-action/pull/1022)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.6.0 to 7.7.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1023](https://togithub.com/golangci/golangci-lint-action/pull/1023)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;178inaba](https://togithub.com/178inaba) made their first\r\ncontribution in\r\n[https://github.com/golangci/golangci-lint-action/pull/977](https://togithub.com/golangci/golangci-lint-action/pull/977)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/golangci/golangci-lint-action/compare/v4.0.0...v4.0.1\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->","shortMessageHtmlLink":"chore(deps): update workflows (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2255156305\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/935\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/935/hovercard\" href=\"https://github.com/google/osv-scanner/pull/935\">#935</a>)"}},{"before":"d34afea8780bcdaa3ac6d2c004441b80ade79191","after":"f0cd900a5f9e1695f7af12b271fdbdaef90e77b4","ref":"refs/heads/main","pushedAt":"2024-05-06T01:16:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#945)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n| [deps.dev/api/v3](https://togithub.com/google/deps.dev) |\r\n`v3.0.0-20240411010756-f6f382da6e02` ->\r\n`v3.0.0-20240503042720-6166138ce783` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2fapi%2fv3/v3.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2fapi%2fv3/v3.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2fapi%2fv3/v3.0.0-20240411010756-f6f382da6e02/v3.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2fapi%2fv3/v3.0.0-20240411010756-f6f382da6e02/v3.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [deps.dev/util/maven](https://togithub.com/google/deps.dev) |\r\n`v0.0.0-20240411010756-f6f382da6e02` ->\r\n`v0.0.0-20240503042720-6166138ce783` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2futil%2fmaven/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2futil%2fmaven/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2futil%2fmaven/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2futil%2fmaven/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [deps.dev/util/resolve](https://togithub.com/google/deps.dev) |\r\n`v0.0.0-20240411010756-f6f382da6e02` ->\r\n`v0.0.0-20240503042720-6166138ce783` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2futil%2fresolve/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2futil%2fresolve/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2futil%2fresolve/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2futil%2fresolve/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [deps.dev/util/semver](https://togithub.com/google/deps.dev) |\r\n`v0.0.0-20240411010756-f6f382da6e02` ->\r\n`v0.0.0-20240503042720-6166138ce783` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/deps.dev%2futil%2fsemver/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/deps.dev%2futil%2fsemver/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/deps.dev%2futil%2fsemver/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/deps.dev%2futil%2fsemver/v0.0.0-20240411010756-f6f382da6e02/v0.0.0-20240503042720-6166138ce783?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[github.com/charmbracelet/bubbletea](https://togithub.com/charmbracelet/bubbletea)\r\n| `v0.25.0` -> `v0.26.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v0.25.0/v0.26.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v0.25.0/v0.26.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[github.com/gkampitakis/go-snaps](https://togithub.com/gkampitakis/go-snaps)\r\n| `v0.5.3` -> `v0.5.4` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.3/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgkampitakis%2fgo-snaps/v0.5.3/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[github.com/jedib0t/go-pretty/v6](https://togithub.com/jedib0t/go-pretty)\r\n| `v6.5.8` -> `v6.5.9` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.8/v6.5.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjedib0t%2fgo-pretty%2fv6/v6.5.8/v6.5.9?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [github.com/urfave/cli/v2](https://togithub.com/urfave/cli) |\r\n`v2.27.1` -> `v2.27.2` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2furfave%2fcli%2fv2/v2.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2furfave%2fcli%2fv2/v2.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2furfave%2fcli%2fv2/v2.27.1/v2.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2furfave%2fcli%2fv2/v2.27.1/v2.27.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| golang.org/x/term | `v0.19.0` -> `v0.20.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fterm/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fterm/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fterm/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fterm/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)\r\n| `v1.33.0` -> `v1.34.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.34.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.34.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.33.0/v1.34.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.33.0/v1.34.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>charmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)</summary>\r\n\r\n###\r\n[`v0.26.1`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.0...v0.26.1)\r\n\r\nThis is a quick one to fix a Windows shortcoming in the last release\r\nacutely identified by our pal\r\n[@&#8203;jon4hz](https://togithub.com/jon4hz). Thank you!\r\n\r\n#### What's Changed\r\n\r\n- fix: support more shift and ctrl modifiers on windows by\r\n[@&#8203;jon4hz](https://togithub.com/jon4hz) in\r\n[https://github.com/charmbracelet/bubbletea/pull/995](https://togithub.com/charmbracelet/bubbletea/pull/995)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/bubbletea/compare/v0.26.0...v0.26.1\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.social/@&#8203;charmcli), or\r\n[Discord](https://charm.sh/chat).\r\n\r\n###\r\n[`v0.26.0`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.25.0...v0.26.0)\r\n\r\n### Bracketed Paste, Windows Improvements, Mainframes, and more\r\n\r\nWhat do tapioca balls, IBM mainframes, and the Microsoft Windows Console\r\nAPI have in common? Bubble Tea v0.26.0, that’s what. Let’s get to it.\r\n\r\n#### ⚡️ Windows Input Improvements\r\n\r\nA few years ago [@&#8203;erikgeiser](https://togithub.com/erikgeiser), a\r\npenetration tester and ex-particle physicist, wrote this awesome library\r\ncalled [coninput](https://togithub.com/erikgeiser/coninput) to majorly\r\nimprove Bubble Tea input on Windows.\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) has\r\nimplemented the library in Bubble Tea and input on Windows is roughly\r\n1000 times better now. In the short term, this means that for Windows\r\nusers inputting non-Latin characters (like Greek, Cyrillic, Korean,\r\nChinese and so on) stuff will “just work.”\r\n\r\nThe bigger news, however, is that this paves the way for Windows parity\r\nwith our forthcoming support for super high fidelity input via [Kitty\r\nKeyboard](https://sw.kovidgoyal.net/kitty/keyboard-protocol/) and\r\n[Fixterms](https://www.leonerd.org.uk/hacks/fixterms/).\r\n\r\n#### 🍳 Hot Windows Resize Events\r\n\r\nTerminal emulators on Windows don’t support the `SIGWINCH` signal, which\r\nis sent when the terminal is resized. It’s been a huge bummer for a\r\nreally long time. Thanks (again) to\r\n[@&#8203;erikgeiser](https://togithub.com/erikgeiser) and\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas), we’re now\r\nable to reach deep into Windows’ underpinnings, detect window resizes,\r\nand send\r\n[`tea.WindowSizeMsg`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#WindowSizeMsg)s\r\naccordingly! This is a glorious moment for Bubble Tea on Windows indeed.\r\n\r\n#### 🫠 Bracketed Paste\r\n\r\nWhile building a query editor for a CockroachDB client,\r\n[@&#8203;knz](https://togithub.com/knz) noticed that Bubble Tea didn't\r\nsupport [Bracketed Paste](https://cirw.in/blog/bracketed-paste).\r\nPerformance-wise, that sucks because it means pasting large bodies of\r\ntext (like SQL queries) will normally be seen as a bunch of little\r\nsuccessive keypresses. That’s where Bracketed Paste comes in. When\r\nenabled at the terminal-level Bracketed Paste lets you slam down a bunch\r\nof text with one big, fat input event.\r\n\r\nBubble Tea enables bracketed paste by default, however you can opt out\r\nof it with the\r\n[`WithoutBracketedPaste()`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#WithoutBracketedPaste)\r\nprogram option:\r\n\r\n```go\r\np := tea.NewProgram(myCuteModel, tea.WithoutBracketedPaste())\r\n```\r\n\r\nYou can also enable and disable it on demand with the\r\n[`EnableBracketedPaste()`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#EnableBracketedPaste)\r\nand\r\n[`DisableBracketedPaste()`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#DisableBracketedPaste)\r\ncommands.\r\n\r\n#### 🌿 Multiline `tea.Println`\r\n\r\nIn case you forgot,\r\n[`tea.Println`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#Println)\r\n(and it’s brother\r\n[`tea.Printf`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.0#Printf))\r\nis a `Cmd` that lets you print unmanaged output above a Bubble Tea\r\nprogram, similar to what you see with package managers like `apt-get`.\r\nThanks to\r\n[@&#8203;Adjective-Object](https://togithub.com/Adjective-Object) (who\r\nalso implemented `tea.Println` in the first place) now you can send\r\nmulti-line output, too. For a `tea.Println` refresher see [the package\r\nmanager\r\nexample](https://togithub.com/charmbracelet/bubbletea/tree/master/examples/package-manager).\r\n\r\n#### 📀 Hello, z/OS\r\n\r\nDon’t you think it’s about time we all ran Bubble Tea apps on our\r\nmainframes? Thanks to\r\n[@&#8203;dustin-ward](https://togithub.com/dustin-ward) that dream is\r\nnow a reality, so long as you have a\r\n[z/OS](https://www.ibm.com/products/zos) mainframe. We're thrilled to\r\nannounce that Bubble Tea is now fully supported on z/OS.\r\n\r\n#### 🌹 Bug fixes\r\n\r\nBugfixes are the unsung heroes that sometimes get buried below the\r\nfeature listings. This release has them and they’re good ones; see the\r\nchangelog below for details.\r\n\r\n#### Changelog\r\n\r\n##### New!\r\n\r\n- bracketed paste by [@&#8203;knz](https://togithub.com/knz) in\r\n[https://github.com/charmbracelet/bubbletea/pull/397](https://togithub.com/charmbracelet/bubbletea/pull/397)\r\n- use windows console input buffer + resize events on windows by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/878](https://togithub.com/charmbracelet/bubbletea/pull/878)\r\n- multiline `tea.Println()` messages by\r\n[@&#8203;Adjective-Object](https://togithub.com/Adjective-Object) in\r\n[https://github.com/charmbracelet/bubbletea/pull/490](https://togithub.com/charmbracelet/bubbletea/pull/490)\r\n- z/OS support by\r\n[@&#8203;dustin-ward](https://togithub.com/dustin-ward) in\r\n[https://github.com/charmbracelet/bubbletea/pull/913](https://togithub.com/charmbracelet/bubbletea/pull/913)\r\n\r\n##### Changed\r\n\r\n- use go 1.18; update bubbles by\r\n[@&#8203;caarlos0](https://togithub.com/caarlos0) in\r\n[https://github.com/charmbracelet/bubbletea/pull/916](https://togithub.com/charmbracelet/bubbletea/pull/916)\r\n\r\n##### Fixed\r\n\r\n- fix deadlock condition on model init panic by\r\n[@&#8203;eolso](https://togithub.com/eolso) in\r\n[https://github.com/charmbracelet/bubbletea/pull/926](https://togithub.com/charmbracelet/bubbletea/pull/926)\r\n- reduce console/term dependencies by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/897](https://togithub.com/charmbracelet/bubbletea/pull/897)\r\n- optimize batches with one item by\r\n[@&#8203;systay](https://togithub.com/systay) in\r\n[https://github.com/charmbracelet/bubbletea/pull/875](https://togithub.com/charmbracelet/bubbletea/pull/875)\r\n\r\n##### New Contributors\r\n\r\n- [@&#8203;kevgo](https://togithub.com/kevgo) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/893](https://togithub.com/charmbracelet/bubbletea/pull/893)\r\n- [@&#8203;canack](https://togithub.com/canack) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/890](https://togithub.com/charmbracelet/bubbletea/pull/890)\r\n- [@&#8203;Pheon-Dev](https://togithub.com/Pheon-Dev) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/621](https://togithub.com/charmbracelet/bubbletea/pull/621)\r\n- [@&#8203;rusinikita](https://togithub.com/rusinikita) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/835](https://togithub.com/charmbracelet/bubbletea/pull/835)\r\n- [@&#8203;hedhyw](https://togithub.com/hedhyw) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/864](https://togithub.com/charmbracelet/bubbletea/pull/864)\r\n- [@&#8203;mat2cc](https://togithub.com/mat2cc) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/871](https://togithub.com/charmbracelet/bubbletea/pull/871)\r\n- [@&#8203;stefanlogue](https://togithub.com/stefanlogue) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/855](https://togithub.com/charmbracelet/bubbletea/pull/855)\r\n- [@&#8203;BigJk](https://togithub.com/BigJk) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/885](https://togithub.com/charmbracelet/bubbletea/pull/885)\r\n- [@&#8203;sharunkumar](https://togithub.com/sharunkumar) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/839](https://togithub.com/charmbracelet/bubbletea/pull/839)\r\n- [@&#8203;timmattison](https://togithub.com/timmattison) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/908](https://togithub.com/charmbracelet/bubbletea/pull/908)\r\n- [@&#8203;dustin-ward](https://togithub.com/dustin-ward) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/913](https://togithub.com/charmbracelet/bubbletea/pull/913)\r\n- [@&#8203;jaymorelli96](https://togithub.com/jaymorelli96) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/802](https://togithub.com/charmbracelet/bubbletea/pull/802)\r\n- [@&#8203;siddhantac](https://togithub.com/siddhantac) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/906](https://togithub.com/charmbracelet/bubbletea/pull/906)\r\n- [@&#8203;taigrr](https://togithub.com/taigrr) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/853](https://togithub.com/charmbracelet/bubbletea/pull/853)\r\n- [@&#8203;systay](https://togithub.com/systay) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/875](https://togithub.com/charmbracelet/bubbletea/pull/875)\r\n- [@&#8203;gabe565](https://togithub.com/gabe565) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/728](https://togithub.com/charmbracelet/bubbletea/pull/728)\r\n- [@&#8203;zMoooooritz](https://togithub.com/zMoooooritz) made their\r\nfirst contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/902](https://togithub.com/charmbracelet/bubbletea/pull/902)\r\n- [@&#8203;j178](https://togithub.com/j178) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/709](https://togithub.com/charmbracelet/bubbletea/pull/709)\r\n- [@&#8203;arisnacg](https://togithub.com/arisnacg) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/948](https://togithub.com/charmbracelet/bubbletea/pull/948)\r\n- [@&#8203;braheezy](https://togithub.com/braheezy) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/950](https://togithub.com/charmbracelet/bubbletea/pull/950)\r\n- [@&#8203;dhth](https://togithub.com/dhth) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/949](https://togithub.com/charmbracelet/bubbletea/pull/949)\r\n- [@&#8203;tearingItUp786](https://togithub.com/tearingItUp786) made\r\ntheir first contribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/944](https://togithub.com/charmbracelet/bubbletea/pull/944)\r\n- [@&#8203;aschey](https://togithub.com/aschey) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/597](https://togithub.com/charmbracelet/bubbletea/pull/597)\r\n- [@&#8203;petergloor](https://togithub.com/petergloor) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/955](https://togithub.com/charmbracelet/bubbletea/pull/955)\r\n- [@&#8203;kaifulee](https://togithub.com/kaifulee) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/957](https://togithub.com/charmbracelet/bubbletea/pull/957)\r\n- [@&#8203;danenania](https://togithub.com/danenania) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/971](https://togithub.com/charmbracelet/bubbletea/pull/971)\r\n- [@&#8203;cuibuwei](https://togithub.com/cuibuwei) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/977](https://togithub.com/charmbracelet/bubbletea/pull/977)\r\n- [@&#8203;agvxov](https://togithub.com/agvxov) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/972](https://togithub.com/charmbracelet/bubbletea/pull/972)\r\n- [@&#8203;eolso](https://togithub.com/eolso) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/bubbletea/pull/926](https://togithub.com/charmbracelet/bubbletea/pull/926)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/bubbletea/compare/v0.25.0...v0.25.1\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.social/@&#8203;charmcli), or\r\n[Discord](https://charm.sh/chat).\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>gkampitakis/go-snaps\r\n(github.com/gkampitakis/go-snaps)</summary>\r\n\r\n###\r\n[`v0.5.4`](https://togithub.com/gkampitakis/go-snaps/releases/tag/v0.5.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/gkampitakis/go-snaps/compare/v0.5.3...v0.5.4)\r\n\r\n#### What's Changed\r\n\r\n- fix: slice bounds out of range \\[:5] by\r\n[@&#8203;zregvart](https://togithub.com/zregvart) in\r\n[https://github.com/gkampitakis/go-snaps/pull/98](https://togithub.com/gkampitakis/go-snaps/pull/98)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;zregvart](https://togithub.com/zregvart) made their first\r\ncontribution in\r\n[https://github.com/gkampitakis/go-snaps/pull/98](https://togithub.com/gkampitakis/go-snaps/pull/98)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/gkampitakis/go-snaps/compare/v0.5.3...v0.5.4\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)</summary>\r\n\r\n###\r\n[`v6.5.9`](https://togithub.com/jedib0t/go-pretty/releases/tag/v6.5.9)\r\n\r\n[Compare\r\nSource](https://togithub.com/jedib0t/go-pretty/compare/v6.5.8...v6.5.9)\r\n\r\n#### What's Changed\r\n\r\n- table: html row automerge support by\r\n[@&#8203;hindessm](https://togithub.com/hindessm) in\r\n[https://github.com/jedib0t/go-pretty/pull/319](https://togithub.com/jedib0t/go-pretty/pull/319)\r\n- table: update note about auto-merge by\r\n[@&#8203;hindessm](https://togithub.com/hindessm) in\r\n[https://github.com/jedib0t/go-pretty/pull/320](https://togithub.com/jedib0t/go-pretty/pull/320)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;hindessm](https://togithub.com/hindessm) made their first\r\ncontribution in\r\n[https://github.com/jedib0t/go-pretty/pull/319](https://togithub.com/jedib0t/go-pretty/pull/319)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/jedib0t/go-pretty/compare/v6.5.8...v6.5.9\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>urfave/cli (github.com/urfave/cli/v2)</summary>\r\n\r\n### [`v2.27.2`](https://togithub.com/urfave/cli/releases/tag/v2.27.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/urfave/cli/compare/v2.27.1...v2.27.2)\r\n\r\n#### What's Changed\r\n\r\n- Cleanup: Remove unnecessary intermediate variables by\r\n[@&#8203;1ambd4](https://togithub.com/1ambd4) in\r\n[https://github.com/urfave/cli/pull/1857](https://togithub.com/urfave/cli/pull/1857)\r\n- Docs:(issue\\_1866) Fix documentation on filepath vs env preference by\r\n[@&#8203;dearchap](https://togithub.com/dearchap) in\r\n[https://github.com/urfave/cli/pull/1867](https://togithub.com/urfave/cli/pull/1867)\r\n- Fix:(issue\\_1860) Remove hidden flags from flag categories by\r\n[@&#8203;dearchap](https://togithub.com/dearchap) in\r\n[https://github.com/urfave/cli/pull/1868](https://togithub.com/urfave/cli/pull/1868)\r\n- Fix repeated \\[arguments...] in usage template in v2 by\r\n[@&#8203;edeustua](https://togithub.com/edeustua) in\r\n[https://github.com/urfave/cli/pull/1872](https://togithub.com/urfave/cli/pull/1872)\r\n- Update dependencies, actions steps, and usage for v2-maint by\r\n[@&#8203;meatballhat](https://togithub.com/meatballhat) in\r\n[https://github.com/urfave/cli/pull/1888](https://togithub.com/urfave/cli/pull/1888)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;1ambd4](https://togithub.com/1ambd4) made their first\r\ncontribution in\r\n[https://github.com/urfave/cli/pull/1857](https://togithub.com/urfave/cli/pull/1857)\r\n- [@&#8203;edeustua](https://togithub.com/edeustua) made their first\r\ncontribution in\r\n[https://github.com/urfave/cli/pull/1872](https://togithub.com/urfave/cli/pull/1872)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/urfave/cli/compare/v2.27.1...v2.27.2\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>protocolbuffers/protobuf-go\r\n(google.golang.org/protobuf)</summary>\r\n\r\n###\r\n[`v1.34.0`](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.33.0...v1.34.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.33.0...v1.34.0)\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMjEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2267660223\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/945\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/945/hovercard\" href=\"https://github.com/google/osv-scanner/pull/945\">#945</a>)"}},{"before":"9039e93b4e94da4c34adfadc78b2d82f80cb33db","after":"d34afea8780bcdaa3ac6d2c004441b80ade79191","ref":"refs/heads/main","pushedAt":"2024-05-06T00:31:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance (#962)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Update | Change |\r\n|---|---|\r\n| lockFileMaintenance | All locks refreshed |\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->\r\n\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): lock file maintenance (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2279584261\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/962\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/962/hovercard\" href=\"https://github.com/google/osv-scanner/pull/962\">#962</a>)"}},{"before":"c2bd45ef971a48d186526d609146d572cc5ec07c","after":"9039e93b4e94da4c34adfadc78b2d82f80cb33db","ref":"refs/heads/main","pushedAt":"2024-05-06T00:20:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Fix snapshot for test (#963)\n\nJackson core released a new version that automated updates is now\r\nupdating to, updating the fixtures to keep the tests passing.","shortMessageHtmlLink":"Fix snapshot for test (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2279811579\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/963\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/963/hovercard\" href=\"https://github.com/google/osv-scanner/pull/963\">#963</a>)"}},{"before":"9236fb416e1c9ee02ddbc52ae6c974964bb0b131","after":"c2bd45ef971a48d186526d609146d572cc5ec07c","ref":"refs/heads/main","pushedAt":"2024-05-03T03:15:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"fix: ensure the sarif output has a stable order (#938)\n\nThis stabilizes the order in the SARIF output so that it is\r\ndeterministic, as #937 proved it was not.","shortMessageHtmlLink":"fix: ensure the sarif output has a stable order (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2257975927\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/938\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/938/hovercard\" href=\"https://github.com/google/osv-scanner/pull/938\">#938</a>)"}},{"before":"f1c4fc91fd15ab0002191794b595de4c76a427c3","after":"9236fb416e1c9ee02ddbc52ae6c974964bb0b131","ref":"refs/heads/main","pushedAt":"2024-05-03T03:14:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"chore: support skipping known unsupported comparisons in generators (#954)\n\nCherry pick of https://github.com/G-Rath/osv-detector/pull/185\r\n\r\n> This is really all because of Maven, whose version comparison\r\nimplementation is apparently pretty buggy - for now I'm going to ignore\r\nit and hope that in ~6 months when I check back on things at least some\r\nof the bugs will be fixed.\r\n\r\nThis is already included in the CRAN generator","shortMessageHtmlLink":"chore: support skipping known unsupported comparisons in generators (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274011730\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/954\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/954/hovercard\" href=\"https://github.com/google/osv-scanner/pull/954\">#…</a>"}},{"before":"37f290f53cefb146bd89a136f6d44b468d5bde15","after":"f1c4fc91fd15ab0002191794b595de4c76a427c3","ref":"refs/heads/main","pushedAt":"2024-05-02T23:20:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance (#936)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Update | Change |\r\n|---|---|\r\n| lockFileMaintenance | All locks refreshed |\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"chore(deps): lock file maintenance (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2255156317\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/936\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/936/hovercard\" href=\"https://github.com/google/osv-scanner/pull/936\">#936</a>)"}},{"before":"b23fa296f8eafa355ece9125b12cbef36a1569b7","after":"37f290f53cefb146bd89a136f6d44b468d5bde15","ref":"refs/heads/main","pushedAt":"2024-05-02T23:19:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore: improve version fixture generators for local usage (#953)\n\nThis updates the generators used to build fixtures for `semantic` in a\r\nfew different ways particularly if you're running them locally:\r\n- you can use `VERSION_GENERATOR_PRINT` to control if successes,\r\nfailures, or everything is outputted\r\n  - if any comparisons fail, then the generator will exit with code 1\r\n- the generated fixture file will now assuredly have a final newline, in\r\naccordance with our editor config\r\n\r\n---\r\n\r\nthis is the first of a couple of updates to the generators based on what\r\nI've already done in `osv-detector`","shortMessageHtmlLink":"chore: improve version fixture generators for local usage (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2272791713\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/953\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/953/hovercard\" href=\"https://github.com/google/osv-scanner/pull/953\">#953</a>)"}},{"before":"6a43a9173e8a7bfc1f5fa2ac155dcf5522e5fca9","after":"b23fa296f8eafa355ece9125b12cbef36a1569b7","ref":"refs/heads/main","pushedAt":"2024-05-02T23:19:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: cancel in-progress runs when new changes are pushed (#959)\n\nThis saves a bit of processing power, and also can help Codecov by\r\nreducing some of the API calls it makes which impact rate limiting","shortMessageHtmlLink":"ci: cancel in-progress runs when new changes are pushed (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274114881\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/959\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/959/hovercard\" href=\"https://github.com/google/osv-scanner/pull/959\">#959</a>)"}},{"before":"8abdafa2c8c5b7eecc93998cbe84cf7a0a8a80fe","after":"6a43a9173e8a7bfc1f5fa2ac155dcf5522e5fca9","ref":"refs/heads/main","pushedAt":"2024-05-02T06:28:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Automated Updates: support parents and dependency imports (#890)\n\nThis PR adds support for parents and dependency imports:\r\n - fetching and parsing upstream pom.xml files\r\n - then merging the data into Maven project\r\n- add `RequirementsFromOtherPOMs` to system-specific data to store\r\nrequirements that we don't have access\r\n\r\nSome of the Maven code should be provided by `deps.dev/util/maven` and\r\n`deps.dev/util/resolve` soon...","shortMessageHtmlLink":"Automated Updates: support parents and dependency imports (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2209564348\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/890\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/890/hovercard\" href=\"https://github.com/google/osv-scanner/pull/890\">#890</a>)"}},{"before":"97029011c8adaf14f03fa66519836063204bf474","after":"8abdafa2c8c5b7eecc93998cbe84cf7a0a8a80fe","ref":"refs/heads/main","pushedAt":"2024-05-02T03:02:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":" GR: Support filtering on alias IDs (#946)\n\nCheck the vuln's aliases when using the `--vulns` or `--ignore-vulns`\r\nflag.\r\nCloses #922","shortMessageHtmlLink":" GR: Support filtering on alias IDs (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2270256244\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/946\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/946/hovercard\" href=\"https://github.com/google/osv-scanner/pull/946\">#946</a>)"}},{"before":"559d0c9b2bc9ed6bd133fd83ca43ff265118ba19","after":"97029011c8adaf14f03fa66519836063204bf474","ref":"refs/heads/main","pushedAt":"2024-05-02T00:12:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: ensure input name case matches just to be safe (#955)\n\nI'm pretty sure that inputs are case-insensitive, but to be on the safe\r\nside let's update this to match anyway","shortMessageHtmlLink":"ci: ensure input name case matches just to be safe (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274044961\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/955\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/955/hovercard\" href=\"https://github.com/google/osv-scanner/pull/955\">#955</a>)"}},{"before":"2b165ea5d42248d2d9b2602b48bc6eb2e2d1ced8","after":"559d0c9b2bc9ed6bd133fd83ca43ff265118ba19","ref":"refs/heads/main","pushedAt":"2024-05-01T00:18:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"refactor: use `maps` functions instead of custom implementations (#940)\n\nThis replaces some of our custom code for map-based operations with\r\nalmost-standard-library versions","shortMessageHtmlLink":"refactor: use <code>maps</code> functions instead of custom implementations (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2259705879\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/940\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/940/hovercard\" href=\"https://github.com/google/osv-scanner/pull/940\">#940</a>)"}},{"before":"4a14def265083d4cc2036a15a81d30916f062510","after":"2b165ea5d42248d2d9b2602b48bc6eb2e2d1ced8","ref":"refs/heads/main","pushedAt":"2024-04-30T23:50:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"test: update snapshots due to external vulnerability changes (#951)\n\nLooks like this has been withdrawn","shortMessageHtmlLink":"test: update snapshots due to external vulnerability changes (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2272652003\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/951\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/951/hovercard\" href=\"https://github.com/google/osv-scanner/pull/951\">#951</a>)"}},{"before":"83efb370ee0548fcac736c91a670fb8cb63ad329","after":"4a14def265083d4cc2036a15a81d30916f062510","ref":"refs/heads/main","pushedAt":"2024-04-30T23:04:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"ci: upgrade Codecov to v4 (#941)\n\nThis will hopefully resolve the issues we're having with the v3 action,\r\nbut requires the `CODECOV_TOKEN` secret to be configured per [this\r\ndocument](https://docs.codecov.com/docs/adding-the-codecov-token) which\r\nneeds to be done by someone with repository permissions to set secrets.","shortMessageHtmlLink":"ci: upgrade Codecov to v4 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2259832201\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/941\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/941/hovercard\" href=\"https://github.com/google/osv-scanner/pull/941\">#941</a>)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERhtmJgA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv-scanner"}