chore(deps): lock file maintenance vulnfeeds by renovate-bot · Pull Request #2562 · google/osv.dev

renovate-bot · 2024-09-03T15:33:04Z

This PR contains the following updates:

Package	Type	Update	Change
		lockFileMaintenance	All locks refreshed
cloud.google.com/go/logging	require	minor	`v1.10.0` -> `v1.11.0`
cloud.google.com/go/secretmanager	require	minor	`v1.13.1` -> `v1.14.0`
github.com/google/osv-scanner	require	minor	`v1.7.4` -> `v1.8.4`
github.com/sethvargo/go-retry	require	minor	`v0.2.4` -> `v0.3.0`
golang	stage	minor	`1.22.5-alpine` -> `1.23.1-alpine`
golang.org/x/exp	require	digest	`fc45aab` -> `701f63a`
markdownify	dependencies	minor	`==0.11.6` -> `==0.13.1`
pandas (source)	dependencies	minor	`==2.1.3` -> `==2.2.2`
pylint (changelog)	dev-dependencies	patch	`3.2.5` -> `3.2.7`
python-dateutil	dependencies	minor	`==2.8.2` -> `==2.9.0.post0`

🔧 This Pull Request updates lock files to use the latest dependency versions.

Release Notes

google/osv-scanner (github.com/google/osv-scanner)

`v1.8.4`

Compare Source

Features:

Feature #1177 Adds --upgrade-config flag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous --disallow-major-upgrades and --disallow-package-upgrades flags.

Fixes:

Bug #1123 Issue when running osv-scanner on project running with golang 1.22 #1123

Misc:

Feature #638 Update go policy to use stable go version for builds (updated to go 1.23)

`v1.8.3`

Compare Source

Features:

Feature #889 OSV-Scanner now provides "vertical" output format!

Fixes:

Bug #1115 Ensure that semantic is passed a valid models.Ecosystem.
Bug #1140 Add Maven dependency management to override client.
Bug #1149 Handle Maven parent relative path.

Misc:

Feature #1091 Improved the runtime of DiffVulnerabilityResults. Thanks @neilnaveen!
Feature #1125 Workflow for stale issue and PR management.

`v1.8.2`

Compare Source

Features:

Feature #1014 Adding CycloneDX 1.4 and 1.5 output format. Thanks @marcwieserdev!

Fixes:

Bug #769 Fixed missing vulnerabilities for debian purls for --experimental-local-db.
Bug #1055 Ensure that package exists in affected property.
Bug #1072 Filter out unimportant vulnerabilities from vuln group.
Bug #1077 Fix rate osv-scanner deadlock.
Bug #924 Ensure that npm dependencies retain their "production" grouping.

`v1.8.1`

Compare Source

Features:

Feature #35
OSV-Scanner now scans transitive dependencies in Maven pom.xml files!
See our documentation for more information.
Feature #944
The osv-scanner.toml configuration file can now filter specific packages with new [[PackageOverrides]] sections:
```
[[PackageOverrides]]
```

`v1.8.0`

Compare Source

Features:

Feature #35
OSV-Scanner now scans transitive dependencies in Maven pom.xml files!
See our documentation for more information.
Feature #944
The osv-scanner.toml configuration file can now filter specific packages with new [[PackageOverrides]] sections:
```
[[PackageOverrides]]
```

sethvargo/go-retry (github.com/sethvargo/go-retry)

`v0.3.0`

Compare Source

What's Changed

Add DoValue, which requires generics and bumps to Go 1.21 by @sethvargo in https://github.com/sethvargo/go-retry/pull/26

Full Changelog: sethvargo/go-retry@v0.2.4...v0.3.0

matthewwithanm/python-markdownify (markdownify)

pandas-dev/pandas (pandas)

`v2.2.2`

Compare Source

`v2.2.1`: Pandas 2.2.1

Compare Source

We are pleased to announce the release of pandas 2.2.1.
This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes.
Pandas 2.2.1 supports Python 3.9 and higher.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

`v2.2.0`

Compare Source

`v2.1.4`: Pandas 2.1.4

Compare Source

This is a patch release in the 2.1.x series and includes some regression and bug fixes, and a security fix. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pylint-dev/pylint (pylint)

`v3.2.7`

Compare Source

What's new in Pylint 3.2.7?

Release date: 2024-08-31

False Positives Fixed

Fixed a false positive unreachable for NoReturn coroutine functions.

Closes #9840

Other Bug Fixes

Fix crash in refactoring checker when calling a lambda bound as a method.

Closes #9865
Fix a crash in undefined-loop-variable when providing the iterable argument to enumerate().

Closes #9875
Fix to address indeterminacy of error message in case a module name is same as another in a separate namespace.

Refs #9883

`v3.2.6`

Compare Source

What's new in Pylint 3.2.6?

Release date: 2024-07-21

False Positives Fixed

Quiet false positives for unexpected-keyword-arg when pylint cannot
determine which of two or more dynamically defined classes is being instantiated.

Closes #9672
Fix a false positive for missing-param-doc where a method which is decorated with typing.overload was expected to have a docstring specifying its parameters.

Closes #9739
Fix a regression that raised invalid-name on class attributes merely
overriding invalid names from an ancestor.

Closes #9765
Treat assert_never() the same way when imported from typing_extensions.

Closes #9780
Fix a false positive for consider-using-min-max-builtin when the assignment target is an attribute.

Refs #9800

Other Bug Fixes

Fix an AssertionError arising from properties that return partial functions.

Closes #9214
Fix a crash when a subclass extends __slots__.

Closes #9814

dateutil/dateutil (python-dateutil)

`v2.9.0.post0`

Compare Source

Version 2.9.0.post0 (2024-03-01)

Bugfixes

Pinned setuptools_scm to <8, which should make the generated _version.py file compatible with all supported versions of Python.

`v2.9.0`

Compare Source

Version 2.9.0 (2024-02-29)

Data updates

Updated tzdata version to 2024a. (gh pr #1342)

Features

Made all dateutil submodules lazily imported using PEP 562. On Python 3.7+, things like import dateutil; dateutil.tz.gettz("America/New_York") will now work without explicitly importing dateutil.tz, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue #771, gh pr #1007)

Bugfixes

Removed a call to datetime.utcfromtimestamp, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr #1284), fixed by Thomas Grainger (gh pr #1285).

Documentation changes

Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by @hawkEye-01 (gh issue #1167). Fixed by @Mifrill (gh pr #1168)

Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

forking-renovate · 2024-09-03T15:33:05Z

ℹ Artifact update notice

File name: vulnfeeds/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

29 additional dependencies were updated

Details:

Package	Change
`cloud.google.com/go`	`v0.113.0` -> `v0.115.1`
`cloud.google.com/go/auth`	`v0.4.1` -> `v0.9.0`
`cloud.google.com/go/auth/oauth2adapt`	`v0.2.2` -> `v0.2.4`
`cloud.google.com/go/compute/metadata`	`v0.3.0` -> `v0.5.0`
`cloud.google.com/go/iam`	`v1.1.8` -> `v1.1.13`
`cloud.google.com/go/longrunning`	`v0.5.7` -> `v0.5.11`
`github.com/go-logr/logr`	`v1.4.1` -> `v1.4.2`
`github.com/google/s2a-go`	`v0.1.7` -> `v0.1.8`
`github.com/googleapis/gax-go/v2`	`v2.12.4` -> `v2.13.0`
`go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc`	`v0.49.0` -> `v0.52.0`
`go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`	`v0.49.0` -> `v0.53.0`
`go.opentelemetry.io/otel`	`v1.24.0` -> `v1.28.0`
`go.opentelemetry.io/otel/metric`	`v1.24.0` -> `v1.28.0`
`go.opentelemetry.io/otel/trace`	`v1.24.0` -> `v1.28.0`
`golang.org/x/crypto`	`v0.24.0` -> `v0.27.0`
`golang.org/x/mod`	`v0.18.0` -> `v0.21.0`
`golang.org/x/net`	`v0.26.0` -> `v0.29.0`
`golang.org/x/oauth2`	`v0.20.0` -> `v0.22.0`
`golang.org/x/sync`	`v0.7.0` -> `v0.8.0`
`golang.org/x/sys`	`v0.21.0` -> `v0.25.0`
`golang.org/x/text`	`v0.16.0` -> `v0.18.0`
`golang.org/x/time`	`v0.5.0` -> `v0.6.0`
`golang.org/x/tools`	`v0.22.0` -> `v0.25.0`
`google.golang.org/api`	`v0.180.0` -> `v0.193.0`
`google.golang.org/genproto`	`v0.0.0-20240401170217-c3f982113cda` -> `v0.0.0-20240814211410-ddb44dafa142`
`google.golang.org/genproto/googleapis/api`	`v0.0.0-20240513163218-0867130af1f8` -> `v0.0.0-20240814211410-ddb44dafa142`
`google.golang.org/genproto/googleapis/rpc`	`v0.0.0-20240513163218-0867130af1f8` -> `v0.0.0-20240814211410-ddb44dafa142`
`google.golang.org/grpc`	`v1.64.1` -> `v1.65.0`
`google.golang.org/protobuf`	`v1.34.1` -> `v1.34.2`

forking-renovate bot added the dependencies Pull requests that update a dependency file label Sep 3, 2024

renovate-bot force-pushed the renovate/vulnfeeds branch 16 times, most recently from 4c0884b to 5c2accc Compare September 9, 2024 05:06

chore(deps): lock file maintenance vulnfeeds

0015619

renovate-bot force-pushed the renovate/vulnfeeds branch from 5c2accc to 0015619 Compare September 9, 2024 20:16

hogo6002 approved these changes Sep 10, 2024

View reviewed changes

hogo6002 merged commit 697bf72 into google:master Sep 10, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): lock file maintenance vulnfeeds#2562

chore(deps): lock file maintenance vulnfeeds#2562
hogo6002 merged 1 commit intogoogle:masterfrom
renovate-bot:renovate/vulnfeeds

renovate-bot commented Sep 3, 2024 •

edited

Loading

Uh oh!

forking-renovate bot commented Sep 3, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

renovate-bot commented Sep 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Features:

Fixes:

Misc:

Features:

Fixes:

Misc:

Features:

Fixes:

Features:

Features:

What's Changed

What's Changed

What's Changed

New Contributors

v0.12.1: Fix wrong version

v2.2.1: Pandas 2.2.1

v2.1.4: Pandas 2.1.4

What's new in Pylint 3.2.7?

False Positives Fixed

Other Bug Fixes

What's new in Pylint 3.2.6?

False Positives Fixed

Other Bug Fixes

Version 2.9.0.post0 (2024-03-01)

Bugfixes

Version 2.9.0 (2024-02-29)

Data updates

Features

Bugfixes

Documentation changes

Configuration

Uh oh!

forking-renovate bot commented Sep 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

ℹ Artifact update notice

File name: vulnfeeds/go.mod

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renovate-bot commented Sep 3, 2024 •

edited

Loading

`v0.12.1`: Fix wrong version

`v2.2.1`: Pandas 2.2.1

`v2.1.4`: Pandas 2.1.4

forking-renovate bot commented Sep 3, 2024 •

edited

Loading