{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":565629124,"defaultBranch":"main","name":"osv-scanner","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-11-14T01:05:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718164162.0","currentOid":""},"activityList":{"items":[{"before":"134ba91d1941c3e8ddb248bdf4877f0948f9b8da","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-e7f036ca2a","pushedAt":"2024-06-12T03:49:22.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"2e72de2d7278cddbec0b02f917ddb3e4fa623d78","ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-a2778e6648","pushedAt":"2024-06-12T03:49:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the npm_and_yarn group across 1 directory with 35 updates\n\nBumps the npm_and_yarn group with 30 updates in the /internal/remediation/fixtures/santatracker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |\n| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |\n| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |\n| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |\n| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |\n| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.7` |\n| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.4.2` | `1.10.9` |\n| [@google-cloud/cloudbuild](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-devtools-cloudbuild) | `2.6.0` | `4.5.0` |\n| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |\n| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |\n| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |\n| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.11.3` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |\n| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |\n| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |\n| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |\n| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |\n| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.4.0` |\n| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |\n| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |\n| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |\n| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |\n\n\n\nUpdates `dat.gui` from 0.7.3 to 0.7.8\n- [Release notes](https://github.com/dataarts/dat.gui/releases)\n- [Commits](https://github.com/dataarts/dat.gui/compare/v0.7.3...v0.7.8)\n\nUpdates `google-closure-library` from v20190909.0.0 to 20200315.0.0\n- [Release notes](https://github.com/google/closure-library/releases)\n- [Commits](https://github.com/google/closure-library/compare/v20190909...v20200315)\n\nUpdates `jsdom` from 12.2.0 to 16.5.0\n- [Release notes](https://github.com/jsdom/jsdom/releases)\n- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)\n- [Commits](https://github.com/jsdom/jsdom/compare/12.2.0...16.5.0)\n\nUpdates `json5` from 2.1.0 to 2.2.2\n- [Release notes](https://github.com/json5/json5/releases)\n- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/json5/json5/compare/v2.1.0...v2.2.2)\n\nUpdates `terser` from 3.10.11 to 4.8.1\n- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/terser/terser/compare/3.10.11...v4.8.1)\n\nUpdates `semver` from 5.5.1 to 5.7.2\n- [Release notes](https://github.com/npm/node-semver/releases)\n- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)\n- [Commits](https://github.com/npm/node-semver/compare/v5.5.1...v5.7.2)\n\nUpdates `@babel/traverse` from 7.6.0 to 7.24.7\n- [Release notes](https://github.com/babel/babel/releases)\n- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse)\n\nUpdates `@grpc/grpc-js` from 1.4.2 to 1.10.9\n- [Release notes](https://github.com/grpc/grpc-node/releases)\n- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.4.2...@grpc/grpc-js@1.10.9)\n\nUpdates `@google-cloud/cloudbuild` from 2.6.0 to 4.5.0\n- [Release notes](https://github.com/googleapis/google-cloud-node/releases)\n- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-devtools-cloudbuild/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-cloud-node/commits/data-v4.5.0/packages/google-devtools-cloudbuild)\n\nUpdates `y18n` from 4.0.0 to 4.0.3\n- [Release notes](https://github.com/yargs/y18n/releases)\n- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)\n- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)\n\nUpdates `yargs-parser` from 10.1.0 to 21.1.1\n- [Release notes](https://github.com/yargs/yargs-parser/releases)\n- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs-parser/compare/v10.1.0...yargs-parser-v21.1.1)\n\nUpdates `yargs` from 12.0.2 to 17.7.2\n- [Release notes](https://github.com/yargs/yargs/releases)\n- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs/compare/v12.0.2...v17.7.2)\n\nUpdates `acorn` from 5.7.3 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 7.1.0 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 6.0.2 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `ajv` from 5.5.2 to 6.12.6\n- [Release notes](https://github.com/ajv-validator/ajv/releases)\n- [Commits](https://github.com/ajv-validator/ajv/compare/v5.5.2...v6.12.6)\n\nUpdates `browserslist` from 4.3.2 to 4.7.0\n- [Release notes](https://github.com/browserslist/browserslist/releases)\n- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/browserslist/browserslist/compare/4.3.2...4.7.0)\n\nUpdates `braces` from 3.0.2 to 3.0.3\n- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)\n\nUpdates `node-fetch` from 2.6.6 to 2.6.7\n- [Release notes](https://github.com/node-fetch/node-fetch/releases)\n- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)\n\nUpdates `firebase` from 8.10.0 to 8.10.1\n- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)\n- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)\n\nUpdates `get-func-name` from 2.0.0 to 2.0.2\n- [Release notes](https://github.com/chaijs/get-func-name/releases)\n- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)\n\nUpdates `glob-parent` from 5.0.0 to 5.1.2\n- [Release notes](https://github.com/gulpjs/glob-parent/releases)\n- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2)\n\nUpdates `tough-cookie` from 2.4.3 to 2.5.0\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.4.3...v2.5.0)\n\nUpdates `ws` from 6.2.1 to 6.2.2\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/6.2.1...6.2.2)\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n- [Commits](https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0)\n\nUpdates `jsprim` from 1.4.1 to 1.4.2\n- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)\n- [Commits](https://github.com/joyent/node-jsprim/compare/v1.4.1...v1.4.2)\n\nUpdates `lodash` from 4.17.20 to 4.17.21\n- [Release notes](https://github.com/lodash/lodash/releases)\n- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)\n- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)\n\nUpdates `mocha` from 5.2.0 to 10.4.0\n- [Release notes](https://github.com/mochajs/mocha/releases)\n- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v10.4.0)\n\nUpdates `mocha-headless-server` from 0.1.2 to 0.1.4\n- [Commits](https://github.com/samthor/mocha-headless-server/commits)\n\nUpdates `node-forge` from 0.10.0 to 1.3.1\n- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/digitalbazaar/forge/compare/0.10.0...v1.3.1)\n\nUpdates `google-p12-pem` from 3.1.2 to 3.1.4\n- [Release notes](https://github.com/googleapis/google-p12-pem/releases)\n- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-p12-pem/compare/v3.1.2...v3.1.4)\n\nUpdates `path-parse` from 1.0.6 to 1.0.7\n- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)\n\nUpdates `pathval` from 1.1.0 to 1.1.1\n- [Release notes](https://github.com/chaijs/pathval/releases)\n- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1)\n\nUpdates `protobufjs` from 6.11.2 to 6.11.4\n- [Release notes](https://github.com/protobufjs/protobuf.js/releases)\n- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/protobufjs/protobuf.js/commits)\n\nUpdates `qs` from 6.5.2 to 6.5.3\n- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)\n\nUpdates `request` from 2.88.0 to 2.88.2\n- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/request/request/commits)\n\n---\nupdated-dependencies:\n- dependency-name: dat.gui\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: google-closure-library\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: jsdom\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: json5\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: terser\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: semver\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@babel/traverse\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@grpc/grpc-js\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@google-cloud/cloudbuild\"\n  dependency-type: direct:development\n  dependency-group: npm_and_yarn\n- dependency-name: y18n\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs-parser\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ajv\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: browserslist\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: braces\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: node-fetch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: firebase\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: get-func-name\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: glob-parent\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: tough-cookie\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ws\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: json-schema\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: jsprim\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: lodash\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: minimatch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: mocha\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: mocha-headless-server\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: node-forge\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: google-p12-pem\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: path-parse\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: pathval\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: protobufjs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: qs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: request\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the npm_and_yarn group across 1 directory with 35 u…"}},{"before":"0e457d53e58255aa5917624985585f2fc6745b6d","after":"170ea42e1859319398c1b86d3cec51ca1b360257","ref":"refs/heads/main","pushedAt":"2024-06-12T03:43:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Upgrade deps.dev dependencies (#1035)\n\nUpdate `deps.dev` dependencies to make sure we are using the latest\r\nversion of Maven resolver","shortMessageHtmlLink":"Upgrade deps.dev dependencies (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2345525616\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1035\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1035/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1035\">#1035</a>)"}},{"before":"0c01488ad7b4ce5e0dcfb1702b087de3ad10acce","after":"0e457d53e58255aa5917624985585f2fc6745b6d","ref":"refs/heads/main","pushedAt":"2024-06-12T03:18:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Remove busybox from alpine SBOM (#1037)\n\nRemove busybox from alpine SBOM to get a more consistent unit test.","shortMessageHtmlLink":"Remove busybox from alpine SBOM (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2347622592\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1037\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1037/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1037\">#1037</a>)"}},{"before":"d857676458e53fdcf877ade0285713dd0292ea71","after":"0c01488ad7b4ce5e0dcfb1702b087de3ad10acce","ref":"refs/heads/main","pushedAt":"2024-06-11T00:41:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Add go binary scanning (#1011)\n\nAdd go binary scanning extractor, and use it in image scanning. \r\n\r\nThis shows quite a few false positives that can be resolved with call\r\nanalysis, which will be implemented in a followup PR.","shortMessageHtmlLink":"Add go binary scanning (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2326776456\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1011\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1011/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1011\">#1011</a>)"}},{"before":null,"after":"134ba91d1941c3e8ddb248bdf4877f0948f9b8da","ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-e7f036ca2a","pushedAt":"2024-06-10T22:57:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the npm_and_yarn group across 1 directory with 34 updates\n\nBumps the npm_and_yarn group with 29 updates in the /internal/remediation/fixtures/santatracker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |\n| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |\n| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |\n| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |\n| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |\n| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.7` |\n| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.4.2` | `1.10.9` |\n| [@google-cloud/cloudbuild](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-devtools-cloudbuild) | `2.6.0` | `4.5.0` |\n| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |\n| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |\n| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |\n| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.11.3` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |\n| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |\n| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |\n| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |\n| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |\n| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.4.0` |\n| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |\n| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |\n| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |\n| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |\n\n\n\nUpdates `dat.gui` from 0.7.3 to 0.7.8\n- [Release notes](https://github.com/dataarts/dat.gui/releases)\n- [Commits](https://github.com/dataarts/dat.gui/compare/v0.7.3...v0.7.8)\n\nUpdates `google-closure-library` from v20190909.0.0 to 20200315.0.0\n- [Release notes](https://github.com/google/closure-library/releases)\n- [Commits](https://github.com/google/closure-library/compare/v20190909...v20200315)\n\nUpdates `jsdom` from 12.2.0 to 16.5.0\n- [Release notes](https://github.com/jsdom/jsdom/releases)\n- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)\n- [Commits](https://github.com/jsdom/jsdom/compare/12.2.0...16.5.0)\n\nUpdates `json5` from 2.1.0 to 2.2.2\n- [Release notes](https://github.com/json5/json5/releases)\n- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/json5/json5/compare/v2.1.0...v2.2.2)\n\nUpdates `terser` from 3.10.11 to 4.8.1\n- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/terser/terser/compare/3.10.11...v4.8.1)\n\nUpdates `semver` from 5.5.1 to 5.7.2\n- [Release notes](https://github.com/npm/node-semver/releases)\n- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)\n- [Commits](https://github.com/npm/node-semver/compare/v5.5.1...v5.7.2)\n\nUpdates `@babel/traverse` from 7.6.0 to 7.24.7\n- [Release notes](https://github.com/babel/babel/releases)\n- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse)\n\nUpdates `@grpc/grpc-js` from 1.4.2 to 1.10.9\n- [Release notes](https://github.com/grpc/grpc-node/releases)\n- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.4.2...@grpc/grpc-js@1.10.9)\n\nUpdates `@google-cloud/cloudbuild` from 2.6.0 to 4.5.0\n- [Release notes](https://github.com/googleapis/google-cloud-node/releases)\n- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-devtools-cloudbuild/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-cloud-node/commits/data-v4.5.0/packages/google-devtools-cloudbuild)\n\nUpdates `y18n` from 4.0.0 to 4.0.3\n- [Release notes](https://github.com/yargs/y18n/releases)\n- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)\n- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)\n\nUpdates `yargs-parser` from 10.1.0 to 21.1.1\n- [Release notes](https://github.com/yargs/yargs-parser/releases)\n- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs-parser/compare/v10.1.0...yargs-parser-v21.1.1)\n\nUpdates `yargs` from 12.0.2 to 17.7.2\n- [Release notes](https://github.com/yargs/yargs/releases)\n- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs/compare/v12.0.2...v17.7.2)\n\nUpdates `acorn` from 5.7.3 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 7.1.0 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 6.0.2 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `ajv` from 5.5.2 to 6.12.6\n- [Release notes](https://github.com/ajv-validator/ajv/releases)\n- [Commits](https://github.com/ajv-validator/ajv/compare/v5.5.2...v6.12.6)\n\nUpdates `browserslist` from 4.3.2 to 4.7.0\n- [Release notes](https://github.com/browserslist/browserslist/releases)\n- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/browserslist/browserslist/compare/4.3.2...4.7.0)\n\nUpdates `node-fetch` from 2.6.6 to 2.6.7\n- [Release notes](https://github.com/node-fetch/node-fetch/releases)\n- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)\n\nUpdates `firebase` from 8.10.0 to 8.10.1\n- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)\n- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)\n\nUpdates `get-func-name` from 2.0.0 to 2.0.2\n- [Release notes](https://github.com/chaijs/get-func-name/releases)\n- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)\n\nUpdates `glob-parent` from 5.0.0 to 5.1.2\n- [Release notes](https://github.com/gulpjs/glob-parent/releases)\n- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2)\n\nUpdates `tough-cookie` from 2.4.3 to 2.5.0\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.4.3...v2.5.0)\n\nUpdates `ws` from 6.2.1 to 6.2.2\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/6.2.1...6.2.2)\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n- [Commits](https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0)\n\nUpdates `jsprim` from 1.4.1 to 1.4.2\n- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)\n- [Commits](https://github.com/joyent/node-jsprim/compare/v1.4.1...v1.4.2)\n\nUpdates `lodash` from 4.17.20 to 4.17.21\n- [Release notes](https://github.com/lodash/lodash/releases)\n- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)\n- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)\n\nUpdates `mocha` from 5.2.0 to 10.4.0\n- [Release notes](https://github.com/mochajs/mocha/releases)\n- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v10.4.0)\n\nUpdates `mocha-headless-server` from 0.1.2 to 0.1.4\n- [Commits](https://github.com/samthor/mocha-headless-server/commits)\n\nUpdates `node-forge` from 0.10.0 to 1.3.1\n- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/digitalbazaar/forge/compare/0.10.0...v1.3.1)\n\nUpdates `google-p12-pem` from 3.1.2 to 3.1.4\n- [Release notes](https://github.com/googleapis/google-p12-pem/releases)\n- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-p12-pem/compare/v3.1.2...v3.1.4)\n\nUpdates `path-parse` from 1.0.6 to 1.0.7\n- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)\n\nUpdates `pathval` from 1.1.0 to 1.1.1\n- [Release notes](https://github.com/chaijs/pathval/releases)\n- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1)\n\nUpdates `protobufjs` from 6.11.2 to 6.11.4\n- [Release notes](https://github.com/protobufjs/protobuf.js/releases)\n- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/protobufjs/protobuf.js/commits)\n\nUpdates `qs` from 6.5.2 to 6.5.3\n- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)\n\nUpdates `request` from 2.88.0 to 2.88.2\n- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/request/request/commits)\n\n---\nupdated-dependencies:\n- dependency-name: dat.gui\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: google-closure-library\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: jsdom\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: json5\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: terser\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: semver\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@babel/traverse\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@grpc/grpc-js\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@google-cloud/cloudbuild\"\n  dependency-type: direct:development\n  dependency-group: npm_and_yarn\n- dependency-name: y18n\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs-parser\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ajv\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: browserslist\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: node-fetch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: firebase\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: get-func-name\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: glob-parent\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: tough-cookie\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ws\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: json-schema\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: jsprim\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: lodash\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: minimatch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: mocha\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: mocha-headless-server\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: node-forge\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: google-p12-pem\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: path-parse\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: pathval\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: protobufjs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: qs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: request\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the npm_and_yarn group across 1 directory with 34 u…"}},{"before":"0993dba9f889c343fa59a6431ab561c2154f6597","after":"d857676458e53fdcf877ade0285713dd0292ea71","ref":"refs/heads/main","pushedAt":"2024-06-07T04:24:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"Update Go patch version (#1030)\n\nUpdates/Adds Go patch version to docs","shortMessageHtmlLink":"Update Go patch version (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2339510604\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1030\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1030/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1030\">#1030</a>)"}},{"before":"7f7f468e987b617801b52ba82acd79cf985ffc4d","after":"0993dba9f889c343fa59a6431ab561c2154f6597","ref":"refs/heads/main","pushedAt":"2024-06-07T04:09:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Merge parent projects for Maven pom.xml (#1019)\n\nhttps://github.com/google/osv-scanner/issues/531\r\n\r\nThis PR merges parent pom.xml by paring locally or fetching from\r\nupstream (Maven Central for now).\r\n\r\nWhen merging a parent pom.xml, only `pom` packaging is allowed. Once we\r\nfetch a parent from upstream, parsing from local is no longer allowed.\r\n\r\nThe project is also interpolated to get rid of properties, and\r\ndependencies are also processed (dedup and import).","shortMessageHtmlLink":"Merge parent projects for Maven pom.xml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329978274\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1019\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1019/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1019\">#1019</a>)"}},{"before":"6d0e29e53f16a9def566d904ae866c232a8b899a","after":"7f7f468e987b617801b52ba82acd79cf985ffc4d","ref":"refs/heads/main","pushedAt":"2024-06-07T03:27:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"Update base docker image for golang 1.21.11 (#1029)\n\nThe base docker images are pinned to go 1.21. With 8fd553a, this breaks\r\nthe GitHub reusable workflows. This PR pins the images to [the official\r\n1.21.11\r\none](https://hub.docker.com/layers/library/golang/1.21.11-alpine3.19/images/sha256-6c5f76c897971f1b6ff0e447941440889016b18805812660a83b5275e862298d?context=explore).\r\nThis should fix the issue.","shortMessageHtmlLink":"Update base docker image for golang 1.21.11 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2337882071\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1029\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1029/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1029\">#1029</a>)"}},{"before":"02a802d1bf8752abd44a77fe42e4dd9bd6000651","after":"6d0e29e53f16a9def566d904ae866c232a8b899a","ref":"refs/heads/main","pushedAt":"2024-06-06T04:43:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"josieang","name":null,"path":"/josieang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/32358891?s=80&v=4"},"commit":{"message":"implement filtering by packages through the config (#944)\n\nI'd like feedback on the config yaml schema, the filter message and it's\r\nbehaviour if the version is empty (it filters any version of that\r\npackage).\r\n\r\nThis is in response to https://github.com/google/osv-scanner/issues/814","shortMessageHtmlLink":"implement filtering by packages through the config (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2265008175\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/944\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/944/hovercard\" href=\"https://github.com/google/osv-scanner/pull/944\">#944</a>)"}},{"before":"8fd553ab0e5931754fe86b1a540f13d9a6f361ac","after":"02a802d1bf8752abd44a77fe42e4dd9bd6000651","ref":"refs/heads/main","pushedAt":"2024-06-06T04:02:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Dependency imports should always be fetched from upstream (#1027)\n\nThere are two places that we call `mergeParents()`:\r\n - Merging data from parent pom.xml files\r\n - Importing dependency management from another project\r\n \r\nIn `mergeParents()`, we first check if `relativePath` is defined to know\r\nif we can parse parent locally.\r\nHowever, this only applies for the first case but not for importing\r\ndependency management.\r\nAlso, once we start fetching parent pom.xml from upstream, we should no\r\nlonger parse locally.\r\n\r\nThis PR adds `allowLocal` to `mergeParents()` to specify if we allow\r\nparsing local parent pom.xml, and once a parent is fetched from\r\nupstream, `allowLocal` is set to false.\r\n\r\n---------\r\n\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>","shortMessageHtmlLink":"Dependency imports should always be fetched from upstream (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2335210729\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1027\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1027/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1027\">#1027</a>)"}},{"before":"4e5c43afa463d9a2d8560db7cf7790bc6888a32e","after":"8fd553ab0e5931754fe86b1a540f13d9a6f361ac","ref":"refs/heads/main","pushedAt":"2024-06-05T04:50:52.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"Upgrade go version (#1024)","shortMessageHtmlLink":"Upgrade go version (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2334875455\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1024\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1024/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1024\">#1024</a>)"}},{"before":"21cdb2964f2436ca46bfc1518e0d3d8df0709bb2","after":"4e5c43afa463d9a2d8560db7cf7790bc6888a32e","ref":"refs/heads/main","pushedAt":"2024-06-05T03:26:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Fix broken TUI styling (#1023)\n\nlipgloss v0.11.0 made it so that all the `Style` methods no longer\r\nmutate the style, which I was relying on.","shortMessageHtmlLink":"Fix broken TUI styling (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2334802873\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1023\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1023/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1023\">#1023</a>)"}},{"before":"a579fdfd6c1edc3cc4ad4a97375ce0167abd5532","after":"21cdb2964f2436ca46bfc1518e0d3d8df0709bb2","ref":"refs/heads/main","pushedAt":"2024-06-05T03:05:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"Update test snapshots (#1022)","shortMessageHtmlLink":"Update test snapshots (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2334792416\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1022\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1022/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1022\">#1022</a>)"}},{"before":"8c75812b51aa57bf70d92bd775c695bad2113fa7","after":"a579fdfd6c1edc3cc4ad4a97375ce0167abd5532","ref":"refs/heads/main","pushedAt":"2024-06-05T01:59:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance (#1018)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Update | Change |\r\n|---|---|\r\n| lockFileMaintenance | All locks refreshed |\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"chore(deps): lock file maintenance (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329707741\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1018\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1018/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1018\">#1018</a>)"}},{"before":"69e9088211f73eb9cd0c6a2eb40f4d9f820a8417","after":"8c75812b51aa57bf70d92bd775c695bad2113fa7","ref":"refs/heads/main","pushedAt":"2024-06-05T01:58:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#1017)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence | Type |\r\nUpdate |\r\n|---|---|---|---|---|---|---|---|\r\n|\r\n[github.com/CycloneDX/cyclonedx-go](https://togithub.com/CycloneDX/cyclonedx-go)\r\n| `v0.8.0` -> `v0.9.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.8.0/v0.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.8.0/v0.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n|\r\n[github.com/charmbracelet/bubbletea](https://togithub.com/charmbracelet/bubbletea)\r\n| `v0.26.3` -> `v0.26.4` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.3/v0.26.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.3/v0.26.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | patch |\r\n| golang.org/x/exp | `4c93da0` -> `fc45aab` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/v0.0.0-20240604190554-fc45aab8b7f8?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/v0.0.0-20240604190554-fc45aab8b7f8?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20240525044651-4c93da0ed11d/v0.0.0-20240604190554-fc45aab8b7f8?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20240525044651-4c93da0ed11d/v0.0.0-20240604190554-fc45aab8b7f8?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | digest |\r\n| golang.org/x/mod | `v0.17.0` -> `v0.18.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fmod/v0.18.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fmod/v0.18.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fmod/v0.17.0/v0.18.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fmod/v0.17.0/v0.18.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| golang.org/x/term | `v0.20.0` -> `v0.21.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fterm/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fterm/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fterm/v0.20.0/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fterm/v0.20.0/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>CycloneDX/cyclonedx-go\r\n(github.com/CycloneDX/cyclonedx-go)</summary>\r\n\r\n###\r\n[`v0.9.0`](https://togithub.com/CycloneDX/cyclonedx-go/releases/tag/v0.9.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/CycloneDX/cyclonedx-go/compare/v0.8.0...v0.9.0)\r\n\r\n#### Changelog\r\n\r\n##### Features\r\n\r\n-\r\n[`729c284`](https://togithub.com/CycloneDX/cyclonedx-go/commit/729c284798ebe341ced210b661362f77d68cd655):\r\nfeat: Add CycloneDX 1.6 fields swhid and omniborId\r\n([@&#8203;snyk-tim](https://togithub.com/snyk-tim))\r\n-\r\n[`b5d3595`](https://togithub.com/CycloneDX/cyclonedx-go/commit/b5d35959767efce95f50e96bf752c47fbe374496):\r\nfeat: add manufacturer and authors\r\n([@&#8203;snyk-tim](https://togithub.com/snyk-tim))\r\n-\r\n[`c52e698`](https://togithub.com/CycloneDX/cyclonedx-go/commit/c52e698d2fe3fbd60df6ff397f44e7b0ea15a4bc):\r\nfeat: raise baseline go version to 1.20\r\n([@&#8203;nscuro](https://togithub.com/nscuro))\r\n\r\n##### Fixes\r\n\r\n-\r\n[`9166e10`](https://togithub.com/CycloneDX/cyclonedx-go/commit/9166e10fdecaadd8a97ceed9636261d351d90a65):\r\nfix: `ioutil` -> `io` ([@&#8203;nscuro](https://togithub.com/nscuro))\r\n-\r\n[`349fc8c`](https://togithub.com/CycloneDX/cyclonedx-go/commit/349fc8cd072e90d81c0328f1d9dab16aa30fcf60):\r\nfix: add bom-ref to OrganizationalEntity/Contact\r\n([@&#8203;snyk-tim](https://togithub.com/snyk-tim))\r\n-\r\n[`c97da90`](https://togithub.com/CycloneDX/cyclonedx-go/commit/c97da90e259e0051e02e07300c75ad5e37a0311b):\r\nfix: handle breaking changes in skywalking-eyes\r\n([@&#8203;nscuro](https://togithub.com/nscuro))\r\n\r\n##### Building and Packaging\r\n\r\n-\r\n[`ec6291e`](https://togithub.com/CycloneDX/cyclonedx-go/commit/ec6291e9ce9efbbb5d0010de4d8668fcbd05d148):\r\nbuild(deps): bump actions/checkout from 4.1.1 to 4.1.5\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`899fe39`](https://togithub.com/CycloneDX/cyclonedx-go/commit/899fe391ca4d756f1d5ba84478d3bc8795003cba):\r\nbuild(deps): bump actions/checkout from 4.1.5 to 4.1.6\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`8674ed5`](https://togithub.com/CycloneDX/cyclonedx-go/commit/8674ed5ecc38b65e03908b5a74308c95039068a9):\r\nbuild(deps): bump actions/setup-go from 5.0.0 to 5.0.1\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`db3a114`](https://togithub.com/CycloneDX/cyclonedx-go/commit/db3a1144a2ce30b85e5985d2755fa3e4a81c5ca8):\r\nbuild(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`a3bd055`](https://togithub.com/CycloneDX/cyclonedx-go/commit/a3bd05518575f14d917685a02c689f81eedaad5c):\r\nbuild(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`1179dd9`](https://togithub.com/CycloneDX/cyclonedx-go/commit/1179dd9051112c3b44a6cc577964c7d501a7258b):\r\nbuild(deps): bump gitpod/workspace-go from `8b9a0f6` to `8d15123`\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`d98494e`](https://togithub.com/CycloneDX/cyclonedx-go/commit/d98494ea11dbb6550705d46d2473aa2a4a18e642):\r\nbuild(deps): bump gitpod/workspace-go from `9118b93` to `8b9a0f6`\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`1e2a3a0`](https://togithub.com/CycloneDX/cyclonedx-go/commit/1e2a3a09e86d720729a3ab7ec55ed3ffa75164a5):\r\nbuild(deps): bump gitpod/workspace-go from `94ae638` to `9118b93`\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`d4d6e35`](https://togithub.com/CycloneDX/cyclonedx-go/commit/d4d6e35fcfb08d14589b4a693aac3f28978b640b):\r\nbuild(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`521d1ce`](https://togithub.com/CycloneDX/cyclonedx-go/commit/521d1ce7b555013f2b78d8c4a21954815863ab44):\r\nbuild(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n-\r\n[`f1ebafe`](https://togithub.com/CycloneDX/cyclonedx-go/commit/f1ebafe5e2d2af3a3d551eb23c583a93b7ebccbf):\r\nbuild(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0\r\n([@&#8203;dependabot](https://togithub.com/dependabot)\\[bot])\r\n\r\n##### Others\r\n\r\n-\r\n[`16d2143`](https://togithub.com/CycloneDX/cyclonedx-go/commit/16d2143b3d74b77af8a309b331e1bc46a445f495):\r\nFix(1.6): Added missing omitempty in NistQuantumSecurityLevel\r\n([@&#8203;Petzys](https://togithub.com/Petzys))\r\n-\r\n[`ffec473`](https://togithub.com/CycloneDX/cyclonedx-go/commit/ffec473428073e1266169e97c1c64de95e89981b):\r\nchore: add license header\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`1f8fdcc`](https://togithub.com/CycloneDX/cyclonedx-go/commit/1f8fdcc0047611a8baacfcd214c5ba3821fefd51):\r\nfeat(1.6): add BOM.Declarations\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`62b5342`](https://togithub.com/CycloneDX/cyclonedx-go/commit/62b53429289d6cc6884b111256588150e3fed308):\r\nfeat(1.6): add BOM.Definitions\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`c33b9cb`](https://togithub.com/CycloneDX/cyclonedx-go/commit/c33b9cb58eaa14e89740182fbde2a0cc888bc457):\r\nfeat(1.6): add CBOM types\r\n([@&#8203;Petzys](https://togithub.com/Petzys))\r\n-\r\n[`10e10c8`](https://togithub.com/CycloneDX/cyclonedx-go/commit/10e10c8bc8fcac6f90c914828786f11e404919b8):\r\nfeat(1.6): add JSON schema, XML namespace\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`2dc599a`](https://togithub.com/CycloneDX/cyclonedx-go/commit/2dc599a8ad0f2be20e9bfc55ba75764758e6c7b8):\r\nfeat(1.6): add License.Acknowledgement\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`7a32fde`](https://togithub.com/CycloneDX/cyclonedx-go/commit/7a32fde7e9e9e5fb44f8f8aafadd83a21ff82aaf):\r\nfeat(1.6): add PostalAddress type\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`b8e4529`](https://togithub.com/CycloneDX/cyclonedx-go/commit/b8e4529773c3d12b172729567574ea6201231682):\r\nfeat(1.6): add SpecVersion for v1.6\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`c877828`](https://togithub.com/CycloneDX/cyclonedx-go/commit/c8778287f29dd21bff18a4f27f71f495de7b4991):\r\nfeat(1.6): add environmentalConsiderations\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`e0e9c67`](https://togithub.com/CycloneDX/cyclonedx-go/commit/e0e9c670e1617adbdd147cff7cc0747769a4e723):\r\nfeat(1.6): add schema definitions for CycloneDX 1.6\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`b1636c2`](https://togithub.com/CycloneDX/cyclonedx-go/commit/b1636c2d6bb8aca4161402958a8d894aab7d66b5):\r\nfeat(1.6): extend EvidenceOccurrence\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`b4b3b94`](https://togithub.com/CycloneDX/cyclonedx-go/commit/b4b3b94a60b1665c1d0492744032a9375ef751b1):\r\nfix(1.6): convert occurrences of OrganizationalEntity\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n-\r\n[`9332ca6`](https://togithub.com/CycloneDX/cyclonedx-go/commit/9332ca660b772bc538b3c274ceb3d9f81caa0eb8):\r\nfix(1.6): fix json, xml labels on BOM.Definitions\r\n([@&#8203;mcombuechen](https://togithub.com/mcombuechen))\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>charmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)</summary>\r\n\r\n###\r\n[`v0.26.4`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4)\r\n\r\nFix panics! Using `program.SetWindowTitle` and others *may* panic if\r\nthey were called before the program starts.\r\n\r\nAlso note that `program.SetWindowTitle` is now deprecated. To set the\r\nwindow title use\r\n[`tea.SetWindowTitle`](https://pkg.go.dev/github.com/charmbracelet/bubbletea@v0.26.4#SetWindowTitle)\r\ncommand.\r\n\r\n#### What's Changed\r\n\r\n- chore(deps): bump github.com/charmbracelet/x/ansi from 0.1.1 to 0.1.2\r\nby [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1026](https://togithub.com/charmbracelet/bubbletea/pull/1026)\r\n- chore(deps): bump github.com/charmbracelet/lipgloss from 0.10.0 to\r\n0.11.0 in /examples by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1025](https://togithub.com/charmbracelet/bubbletea/pull/1025)\r\n- fix: program renderer commands by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1030](https://togithub.com/charmbracelet/bubbletea/pull/1030)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/bubbletea/compare/v0.26.3...v0.26.4\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.social/@&#8203;charmcli), or\r\n[Discord](https://charm.sh/chat).\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329678978\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1017\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1017/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1017\">#1017</a>)"}},{"before":"8afe1574d97cad642597fb1cb7e08a07c67df0f3","after":"69e9088211f73eb9cd0c6a2eb40f4d9f820a8417","ref":"refs/heads/main","pushedAt":"2024-06-05T01:58:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#1016)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [docker/login-action](https://togithub.com/docker/login-action) |\r\naction | digest | `e92390c` -> `0d4c9c5` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | patch | `v3.25.6` -> `v3.25.8` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>github/codeql-action (github/codeql-action)</summary>\r\n\r\n###\r\n[`v3.25.8`](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.7...v3.25.8)\r\n\r\n###\r\n[`v3.25.7`](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.6...v3.25.7)\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM4OC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"chore(deps): update workflows (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2329678740\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1016\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1016/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1016\">#1016</a>)"}},{"before":"b1b8bfa6ec51de5f8258d4b5a47946a8c85b8e5e","after":"8afe1574d97cad642597fb1cb7e08a07c67df0f3","ref":"refs/heads/main","pushedAt":"2024-06-04T23:47:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: don't try to upload code coverage on macOS (#1020)\n\nThis keeps failing on macOS, so let's skip it for now","shortMessageHtmlLink":"ci: don't try to upload code coverage on macOS (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2332528954\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1020\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1020/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1020\">#1020</a>)"}},{"before":"f2a30a849a355eaaa9f3492da64afbf31ae222b2","after":"b1b8bfa6ec51de5f8258d4b5a47946a8c85b8e5e","ref":"refs/heads/main","pushedAt":"2024-06-04T05:26:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Fix some Maven manifest & resolver issues (#1008)\n\nSome fixes for a few Maven resolver issues I've come across:\r\n1. Requirement origins weren't being tracked correctly if a package key\r\nwas set by a property. Fixed by checking dependency keys before and\r\nafter interpolation, and updating the map if they changed. (I've\r\nmodified one of the tests to check for this case)\r\n2. To work around the resolver not resolving test or optional\r\ndependencies, made it so the pom.xml parser removes the test scope and\r\noptional flags.\r\n3. `resolve.PackageKey` was not sufficient to uniquely key the\r\nrequirements for the `Groups` map in the `Manifest`. Made a new\r\n`RequirementKey` type with ecosystem-specific information for both npm\r\nand maven to solve this.","shortMessageHtmlLink":"Fix some Maven manifest &amp; resolver issues (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324850622\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1008\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1008/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1008\">#1008</a>)"}},{"before":"b60b59412668e05a39606b3979c369ecf6965fa3","after":"f2a30a849a355eaaa9f3492da64afbf31ae222b2","ref":"refs/heads/main","pushedAt":"2024-05-31T07:55:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Transitive dependency support for Maven pom.xml (#1002)\n\nIssue https://github.com/google/osv-scanner/issues/35\r\n\r\nIn this PR, the new Maven extractor invokes Maven resolver to compute\r\nthe transitive dependencies of a Maven pom.xml.\r\n\r\nSince managed dependencies are not actually being depended on, they are\r\nnot in the resolved dependency graph, and thus they are not included in\r\nthe scan results.","shortMessageHtmlLink":"Transitive dependency support for Maven pom.xml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322483569\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1002\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1002/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1002\">#1002</a>)"}},{"before":"854cb01164a268fdff27e5358ef946c15c51ab37","after":"b60b59412668e05a39606b3979c369ecf6965fa3","ref":"refs/heads/main","pushedAt":"2024-05-31T01:56:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Select a version that actually exists (#1012)\n\nThe version of zlib (in the purl) seems to be randomly selected for\r\ntesting purposes (1.2.10-r2), as it doesn't match the rest of the SBOM.\r\nThe problem is that a particular version never existed, and only showed\r\nup because it was incorrectly enumerated in osv.dev.\r\n\r\nNow that the version enumeration has been fixed it causes different\r\nresults to show up in the testing snapshot.\r\n\r\nThis PR makes all the version numbers for zlib in the SBOM consistent,\r\nand sets it to `1.2.10-r0` which actually exists. (And the snapshot will\r\nnot change when the fixed alpine enumeration moves to production.)","shortMessageHtmlLink":"Select a version that actually exists (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2326796358\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1012\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1012/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1012\">#1012</a>)"}},{"before":"e94c6b58f423c6dc1933e1aa2ece515505ca16d7","after":"854cb01164a268fdff27e5358ef946c15c51ab37","ref":"refs/heads/main","pushedAt":"2024-05-30T04:16:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Maven standard dependencies should take precedence over managed dependencies (#1000)\n\nManaged dependencies are not real dependencies so they should not take\r\nprecedence over standard dependencies.\r\n\r\nDependency management is used to control the versions of artifacts used\r\nin transitive dependencies.\r\nhttps://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management\r\n\r\nAlso, version requirements in managed dependencies are only referred\r\nwhen the requirement is not defined for that dependency in standard\r\ndependencies section.","shortMessageHtmlLink":"Maven standard dependencies should take precedence over managed depen…"}},{"before":"d4657bf46aea52834c5148b25fb6cab132c69af5","after":"e94c6b58f423c6dc1933e1aa2ece515505ca16d7","ref":"refs/heads/main","pushedAt":"2024-05-30T03:54:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Do not record Maven `compile` scope in dependency groups (#1003)\n\nWe should only record non-default dependency groups. \r\n\r\nFor Maven, `compile` is the default scope so it should not be recorded.\r\n\r\nhttps://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope","shortMessageHtmlLink":"Do not record Maven <code>compile</code> scope in dependency groups (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322513500\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1003\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1003/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1003\">#1003</a>)"}},{"before":"86144006b05f09c1f0aa986d9c4c219f5d97c965","after":"d4657bf46aea52834c5148b25fb6cab132c69af5","ref":"refs/heads/main","pushedAt":"2024-05-30T01:31:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Remove feature from changelog as it's still blocked on #769 (#1006)\n\nRemove feature from changelog as it's still blocked on #769","shortMessageHtmlLink":"Remove feature from changelog as it's still blocked on <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2099993503\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/769\" data-hovercard-type=\"issue\" data-hovercard-url=\"/google/osv-scanner/issues/769/hovercard\" href=\"https://github.com/google/osv-scanner/issues/769\">#769</a> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324485415\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1006\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1006/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1006\">#1006</a>)"}},{"before":"18e4585751db9e31e403a800a5a0fd8f359f5dea","after":"86144006b05f09c1f0aa986d9c4c219f5d97c965","ref":"refs/heads/main","pushedAt":"2024-05-30T00:34:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"V1.7.4 changelog (#1001)\n\nPre Release edits for v1.7.4","shortMessageHtmlLink":"V1.7.4 changelog (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322400145\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1001\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1001/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1001\">#1001</a>)"}},{"before":"caea5c733154add2b3e83876f04ac455326855ad","after":null,"ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:36:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"}},{"before":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","after":"18e4585751db9e31e403a800a5a0fd8f359f5dea","ref":"refs/heads/main","pushedAt":"2024-05-28T04:36:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md (#998)","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2320096056\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/998\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/998/hovercard\" href=\"https://github.com/google/osv-scanner/pull/998\">#998</a>)"}},{"before":null,"after":"caea5c733154add2b3e83876f04ac455326855ad","ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:27:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md"}},{"before":"588dda2df762bcb5e1309af71968f6a96f70e7e9","after":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","ref":"refs/heads/main","pushedAt":"2024-05-28T04:24:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: support comparing Alpine versions locally (#980)\n\nThis introduces support for comparing Alpine versions locally using the\r\nsame logic as the `apk` package manager, along with a generator for\r\ngenerating fixtures.\r\n\r\nThere is a bit of fuzziness in the behaviour across different versions\r\nof `apk` - the `alpine:3.x` docker images all use `apk` v2.x, which is\r\nwhat the fixture generator uses too and at least `apk` v2.14 (which is\r\nused by `alpine:3.19`) and v2.10 pass; however the current latest\r\nupcoming version of `apk` technically fails on approximately 30 fixtures\r\nwhich I think is because it has fixed\r\nhttps://gitlab.alpinelinux.org/alpine/abuild/-/issues/10088.\r\n\r\nBeyond that I was able to find a handful of other edge cases where the\r\ncomparison results between these versions was different, but they all\r\nseemed to be primarily around the handling of invalid versions which are\r\nnot expected to be present in OSV data anyway and they look to be the\r\nresult of bugfixes meaning we'd need special \"anti\" handling to support\r\nin a way that ensures valid versions are still compared correctly, so I\r\nthink it's good enough to ship.\r\n\r\nResolves #952","shortMessageHtmlLink":"feat: support comparing Alpine versions locally (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2296435444\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/980\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/980/hovercard\" href=\"https://github.com/google/osv-scanner/pull/980\">#980</a>)"}},{"before":"804589a5899ebd226e640f31a630b2508b90c9ad","after":"588dda2df762bcb5e1309af71968f6a96f70e7e9","ref":"refs/heads/main","pushedAt":"2024-05-28T03:23:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Now that we have updated to go1.21.10, we can remove the ignore line from osv-scanner.toml (#996)\n\nNow that we have updated to go1.21.10, we can remove the ignore line\r\nfrom osv-scanner.toml which was ignoring a vulnerability in go1.21.8","shortMessageHtmlLink":"Now that we have updated to go1.21.10, we can remove the ignore line …"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEYt1F2gA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv-scanner"}