{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":565629124,"defaultBranch":"main","name":"osv-scanner","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-11-14T01:05:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717033353.0","currentOid":""},"activityList":{"items":[{"before":"b60b59412668e05a39606b3979c369ecf6965fa3","after":"f2a30a849a355eaaa9f3492da64afbf31ae222b2","ref":"refs/heads/main","pushedAt":"2024-05-31T07:55:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Transitive dependency support for Maven pom.xml (#1002)\n\nIssue https://github.com/google/osv-scanner/issues/35\r\n\r\nIn this PR, the new Maven extractor invokes Maven resolver to compute\r\nthe transitive dependencies of a Maven pom.xml.\r\n\r\nSince managed dependencies are not actually being depended on, they are\r\nnot in the resolved dependency graph, and thus they are not included in\r\nthe scan results.","shortMessageHtmlLink":"Transitive dependency support for Maven pom.xml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322483569\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1002\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1002/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1002\">#1002</a>)"}},{"before":"854cb01164a268fdff27e5358ef946c15c51ab37","after":"b60b59412668e05a39606b3979c369ecf6965fa3","ref":"refs/heads/main","pushedAt":"2024-05-31T01:56:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Select a version that actually exists (#1012)\n\nThe version of zlib (in the purl) seems to be randomly selected for\r\ntesting purposes (1.2.10-r2), as it doesn't match the rest of the SBOM.\r\nThe problem is that a particular version never existed, and only showed\r\nup because it was incorrectly enumerated in osv.dev.\r\n\r\nNow that the version enumeration has been fixed it causes different\r\nresults to show up in the testing snapshot.\r\n\r\nThis PR makes all the version numbers for zlib in the SBOM consistent,\r\nand sets it to `1.2.10-r0` which actually exists. (And the snapshot will\r\nnot change when the fixed alpine enumeration moves to production.)","shortMessageHtmlLink":"Select a version that actually exists (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2326796358\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1012\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1012/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1012\">#1012</a>)"}},{"before":"e94c6b58f423c6dc1933e1aa2ece515505ca16d7","after":"854cb01164a268fdff27e5358ef946c15c51ab37","ref":"refs/heads/main","pushedAt":"2024-05-30T04:16:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Maven standard dependencies should take precedence over managed dependencies (#1000)\n\nManaged dependencies are not real dependencies so they should not take\r\nprecedence over standard dependencies.\r\n\r\nDependency management is used to control the versions of artifacts used\r\nin transitive dependencies.\r\nhttps://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management\r\n\r\nAlso, version requirements in managed dependencies are only referred\r\nwhen the requirement is not defined for that dependency in standard\r\ndependencies section.","shortMessageHtmlLink":"Maven standard dependencies should take precedence over managed depen…"}},{"before":"d4657bf46aea52834c5148b25fb6cab132c69af5","after":"e94c6b58f423c6dc1933e1aa2ece515505ca16d7","ref":"refs/heads/main","pushedAt":"2024-05-30T03:54:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Do not record Maven `compile` scope in dependency groups (#1003)\n\nWe should only record non-default dependency groups. \r\n\r\nFor Maven, `compile` is the default scope so it should not be recorded.\r\n\r\nhttps://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope","shortMessageHtmlLink":"Do not record Maven <code>compile</code> scope in dependency groups (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322513500\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1003\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1003/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1003\">#1003</a>)"}},{"before":"86144006b05f09c1f0aa986d9c4c219f5d97c965","after":"d4657bf46aea52834c5148b25fb6cab132c69af5","ref":"refs/heads/main","pushedAt":"2024-05-30T01:31:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Remove feature from changelog as it's still blocked on #769 (#1006)\n\nRemove feature from changelog as it's still blocked on #769","shortMessageHtmlLink":"Remove feature from changelog as it's still blocked on <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2099993503\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/769\" data-hovercard-type=\"issue\" data-hovercard-url=\"/google/osv-scanner/issues/769/hovercard\" href=\"https://github.com/google/osv-scanner/issues/769\">#769</a> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324485415\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1006\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1006/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1006\">#1006</a>)"}},{"before":"18e4585751db9e31e403a800a5a0fd8f359f5dea","after":"86144006b05f09c1f0aa986d9c4c219f5d97c965","ref":"refs/heads/main","pushedAt":"2024-05-30T00:34:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"V1.7.4 changelog (#1001)\n\nPre Release edits for v1.7.4","shortMessageHtmlLink":"V1.7.4 changelog (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322400145\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1001\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1001/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1001\">#1001</a>)"}},{"before":"caea5c733154add2b3e83876f04ac455326855ad","after":null,"ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:36:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"}},{"before":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","after":"18e4585751db9e31e403a800a5a0fd8f359f5dea","ref":"refs/heads/main","pushedAt":"2024-05-28T04:36:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md (#998)","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2320096056\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/998\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/998/hovercard\" href=\"https://github.com/google/osv-scanner/pull/998\">#998</a>)"}},{"before":null,"after":"caea5c733154add2b3e83876f04ac455326855ad","ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:27:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md"}},{"before":"588dda2df762bcb5e1309af71968f6a96f70e7e9","after":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","ref":"refs/heads/main","pushedAt":"2024-05-28T04:24:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: support comparing Alpine versions locally (#980)\n\nThis introduces support for comparing Alpine versions locally using the\r\nsame logic as the `apk` package manager, along with a generator for\r\ngenerating fixtures.\r\n\r\nThere is a bit of fuzziness in the behaviour across different versions\r\nof `apk` - the `alpine:3.x` docker images all use `apk` v2.x, which is\r\nwhat the fixture generator uses too and at least `apk` v2.14 (which is\r\nused by `alpine:3.19`) and v2.10 pass; however the current latest\r\nupcoming version of `apk` technically fails on approximately 30 fixtures\r\nwhich I think is because it has fixed\r\nhttps://gitlab.alpinelinux.org/alpine/abuild/-/issues/10088.\r\n\r\nBeyond that I was able to find a handful of other edge cases where the\r\ncomparison results between these versions was different, but they all\r\nseemed to be primarily around the handling of invalid versions which are\r\nnot expected to be present in OSV data anyway and they look to be the\r\nresult of bugfixes meaning we'd need special \"anti\" handling to support\r\nin a way that ensures valid versions are still compared correctly, so I\r\nthink it's good enough to ship.\r\n\r\nResolves #952","shortMessageHtmlLink":"feat: support comparing Alpine versions locally (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2296435444\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/980\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/980/hovercard\" href=\"https://github.com/google/osv-scanner/pull/980\">#980</a>)"}},{"before":"804589a5899ebd226e640f31a630b2508b90c9ad","after":"588dda2df762bcb5e1309af71968f6a96f70e7e9","ref":"refs/heads/main","pushedAt":"2024-05-28T03:23:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Now that we have updated to go1.21.10, we can remove the ignore line from osv-scanner.toml (#996)\n\nNow that we have updated to go1.21.10, we can remove the ignore line\r\nfrom osv-scanner.toml which was ignoring a vulnerability in go1.21.8","shortMessageHtmlLink":"Now that we have updated to go1.21.10, we can remove the ignore line …"}},{"before":"10c35fdd46012cb957bab469cdded2e58292b198","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-d7e292bcf6","pushedAt":"2024-05-27T02:30:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"b178a885a11dc9eefd8cc8adb2ce253e22dfd3d9","after":"804589a5899ebd226e640f31a630b2508b90c9ad","ref":"refs/heads/main","pushedAt":"2024-05-27T02:29:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (major) (#897)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n|\r\n[golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action)\r\n| action | major | `v5.3.0` -> `v6.0.1` |\r\n|\r\n[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)\r\n| action | major | `v1.10.0` -> `v2.0.0` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>golangci/golangci-lint-action\r\n(golangci/golangci-lint-action)</summary>\r\n\r\n###\r\n[`v6.0.1`](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1)\r\n\r\n###\r\n[`v6.0.0`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v6.0.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0)\r\n\r\n<!-- Release notes generated using configuration in .github/release.yml\r\nat v6.0.0 -->\r\n\r\n#### What's Changed\r\n\r\nThis version removes `annotations` option (because it was useless), and\r\nremoves the default output format (`github-actions`).\r\nThe annotations are still produced but with another approach.\r\n\r\n##### Changes\r\n\r\n- feat: rewrite format handling by\r\n[@&#8203;ldez](https://togithub.com/ldez) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1038](https://togithub.com/golangci/golangci-lint-action/pull/1038)\r\n\r\n##### Dependencies\r\n\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/eslint-plugin)\r\nfrom 7.7.1 to 7.8.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1034](https://togithub.com/golangci/golangci-lint-action/pull/1034)\r\n- build(deps): bump\r\n[@&#8203;types/node](https://togithub.com/types/node) from 20.12.7 to\r\n20.12.8 by [@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1036](https://togithub.com/golangci/golangci-lint-action/pull/1036)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.7.1 to 7.8.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/golangci/golangci-lint-action/pull/1035](https://togithub.com/golangci/golangci-lint-action/pull/1035)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>slsa-framework/slsa-github-generator\r\n(slsa-framework/slsa-github-generator)</summary>\r\n\r\n###\r\n[`v2.0.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v200)\r\n\r\n[Compare\r\nSource](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0)\r\n\r\n##### v2.0.0: Breaking Change: upload-artifact and download-artifact\r\n\r\n- Our workflows now use the new `@v4`s of `actions/upload-artifact` and\r\n`actions/download-artifact`, which are incompatiblle with the prior\r\n`@v3`. See Our docs on the [generic\r\ngenerator](./internal/builders/generic/README.md#compatibility-with-actionsdownload-artifact)\r\nfor more information and how to upgrade.\r\n\r\n##### v2.0.0: Breaking Change: attestation-name Workflow Input and\r\nOutput\r\n\r\n- `attestation-name` as a workflow input to\r\n`.github/workflows/generator_generic_slsa3.yml` is now removed. Use\r\n`provenance-name` instead.\r\n\r\n##### v2.0.0: DSSE Rekor Type\r\n\r\n- When uploading signed provenance to the log, the entry created in the\r\nlog is now\r\na DSSE Rekor type. This fixes a bug where the current intoto type does\r\nnot\r\npersist provenance signatures. The attestation will no longer be\r\npersisted\r\nin Rekor\r\n([#&#8203;3299](https://togithub.com/slsa-framework/slsa-github-generator/issues/3299))\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM0MC4xMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->","shortMessageHtmlLink":"chore(deps): update workflows (major) (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2217072799\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/897\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/897/hovercard\" href=\"https://github.com/google/osv-scanner/pull/897\">#897</a>)"}},{"before":null,"after":"10c35fdd46012cb957bab469cdded2e58292b198","ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-d7e292bcf6","pushedAt":"2024-05-27T02:29:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the npm_and_yarn group across 1 directory with 31 updates\n\nBumps the npm_and_yarn group with 27 updates in the /internal/remediation/fixtures/santatracker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |\n| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |\n| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |\n| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |\n| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |\n| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.6` |\n| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |\n| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |\n| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |\n| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.11.3` |\n| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.11.3` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |\n| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |\n| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |\n| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |\n| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.2` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |\n| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.4.0` |\n| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |\n| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |\n| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |\n| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |\n\n\n\nUpdates `dat.gui` from 0.7.3 to 0.7.8\n- [Release notes](https://github.com/dataarts/dat.gui/releases)\n- [Commits](https://github.com/dataarts/dat.gui/compare/v0.7.3...v0.7.8)\n\nUpdates `google-closure-library` from v20190909.0.0 to 20200315.0.0\n- [Release notes](https://github.com/google/closure-library/releases)\n- [Commits](https://github.com/google/closure-library/compare/v20190909...v20200315)\n\nUpdates `jsdom` from 12.2.0 to 16.5.0\n- [Release notes](https://github.com/jsdom/jsdom/releases)\n- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)\n- [Commits](https://github.com/jsdom/jsdom/compare/12.2.0...16.5.0)\n\nUpdates `json5` from 2.1.0 to 2.2.2\n- [Release notes](https://github.com/json5/json5/releases)\n- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/json5/json5/compare/v2.1.0...v2.2.2)\n\nUpdates `terser` from 3.10.11 to 4.8.1\n- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/terser/terser/compare/3.10.11...v4.8.1)\n\nUpdates `semver` from 5.5.1 to 5.7.2\n- [Release notes](https://github.com/npm/node-semver/releases)\n- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)\n- [Commits](https://github.com/npm/node-semver/compare/v5.5.1...v5.7.2)\n\nUpdates `@babel/traverse` from 7.6.0 to 7.24.6\n- [Release notes](https://github.com/babel/babel/releases)\n- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/babel/babel/commits/v7.24.6/packages/babel-traverse)\n\nUpdates `y18n` from 4.0.0 to 4.0.3\n- [Release notes](https://github.com/yargs/y18n/releases)\n- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)\n- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)\n\nUpdates `yargs-parser` from 10.1.0 to 21.1.1\n- [Release notes](https://github.com/yargs/yargs-parser/releases)\n- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs-parser/compare/v10.1.0...yargs-parser-v21.1.1)\n\nUpdates `yargs` from 12.0.2 to 17.7.2\n- [Release notes](https://github.com/yargs/yargs/releases)\n- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs/compare/v12.0.2...v17.7.2)\n\nUpdates `acorn` from 5.7.3 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 7.1.0 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `acorn` from 6.0.2 to 8.11.3\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.11.3)\n\nUpdates `ajv` from 5.5.2 to 6.12.6\n- [Release notes](https://github.com/ajv-validator/ajv/releases)\n- [Commits](https://github.com/ajv-validator/ajv/compare/v5.5.2...v6.12.6)\n\nUpdates `browserslist` from 4.3.2 to 4.7.0\n- [Release notes](https://github.com/browserslist/browserslist/releases)\n- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/browserslist/browserslist/compare/4.3.2...4.7.0)\n\nUpdates `node-fetch` from 2.6.6 to 2.6.7\n- [Release notes](https://github.com/node-fetch/node-fetch/releases)\n- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)\n\nUpdates `firebase` from 8.10.0 to 8.10.1\n- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)\n- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)\n\nUpdates `get-func-name` from 2.0.0 to 2.0.2\n- [Release notes](https://github.com/chaijs/get-func-name/releases)\n- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)\n\nUpdates `glob-parent` from 5.0.0 to 5.1.2\n- [Release notes](https://github.com/gulpjs/glob-parent/releases)\n- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2)\n\nUpdates `tough-cookie` from 2.4.3 to 2.5.0\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.4.3...v2.5.0)\n\nUpdates `ws` from 6.2.1 to 6.2.2\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/6.2.1...6.2.2)\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n- [Commits](https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0)\n\nUpdates `jsprim` from 1.4.1 to 1.4.2\n- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)\n- [Commits](https://github.com/joyent/node-jsprim/compare/v1.4.1...v1.4.2)\n\nUpdates `lodash` from 4.17.20 to 4.17.21\n- [Release notes](https://github.com/lodash/lodash/releases)\n- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)\n- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)\n\nUpdates `mocha` from 5.2.0 to 10.4.0\n- [Release notes](https://github.com/mochajs/mocha/releases)\n- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v10.4.0)\n\nUpdates `mocha-headless-server` from 0.1.2 to 0.1.4\n- [Commits](https://github.com/samthor/mocha-headless-server/commits)\n\nUpdates `node-forge` from 0.10.0 to 1.3.1\n- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/digitalbazaar/forge/compare/0.10.0...v1.3.1)\n\nUpdates `google-p12-pem` from 3.1.2 to 3.1.4\n- [Release notes](https://github.com/googleapis/google-p12-pem/releases)\n- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-p12-pem/compare/v3.1.2...v3.1.4)\n\nUpdates `path-parse` from 1.0.6 to 1.0.7\n- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)\n\nUpdates `pathval` from 1.1.0 to 1.1.1\n- [Release notes](https://github.com/chaijs/pathval/releases)\n- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1)\n\nUpdates `qs` from 6.5.2 to 6.5.3\n- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)\n\nUpdates `request` from 2.88.0 to 2.88.2\n- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/request/request/commits)\n\n---\nupdated-dependencies:\n- dependency-name: dat.gui\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: google-closure-library\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: jsdom\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: json5\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: terser\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: semver\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@babel/traverse\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: y18n\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs-parser\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ajv\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: browserslist\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: node-fetch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: firebase\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: get-func-name\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: glob-parent\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: tough-cookie\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ws\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: json-schema\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: jsprim\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: lodash\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: minimatch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: mocha\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: mocha-headless-server\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: node-forge\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: google-p12-pem\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: path-parse\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: pathval\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: qs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: request\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the npm_and_yarn group across 1 directory with 31 u…"}},{"before":"8fd05b44adfc20f7419882d82491228a73b2bb09","after":"b178a885a11dc9eefd8cc8adb2ce253e22dfd3d9","ref":"refs/heads/main","pushedAt":"2024-05-27T02:24:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#994)\n\nRenovate + Also Remove/updates some deprecated function calls\r\n\r\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence | Type |\r\nUpdate |\r\n|---|---|---|---|---|---|---|---|\r\n| [github.com/BurntSushi/toml](https://togithub.com/BurntSushi/toml) |\r\n`v1.3.2` -> `v1.4.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fBurntSushi%2ftoml/v1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fBurntSushi%2ftoml/v1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fBurntSushi%2ftoml/v1.3.2/v1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fBurntSushi%2ftoml/v1.3.2/v1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n|\r\n[github.com/charmbracelet/bubbletea](https://togithub.com/charmbracelet/bubbletea)\r\n| `v0.26.2` -> `v0.26.3` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.2/v0.26.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.2/v0.26.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | patch |\r\n|\r\n[github.com/charmbracelet/lipgloss](https://togithub.com/charmbracelet/lipgloss)\r\n| `v0.10.0` -> `v0.11.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2flipgloss/v0.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2flipgloss/v0.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2flipgloss/v0.10.0/v0.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2flipgloss/v0.10.0/v0.11.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| golang.org/x/exp | `9bf2ced` -> `4c93da0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/v0.0.0-20240525044651-4c93da0ed11d?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/v0.0.0-20240525044651-4c93da0ed11d?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20240506185415-9bf2ced13842/v0.0.0-20240525044651-4c93da0ed11d?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20240506185415-9bf2ced13842/v0.0.0-20240525044651-4c93da0ed11d?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | digest |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>BurntSushi/toml (github.com/BurntSushi/toml)</summary>\r\n\r\n### [`v1.4.0`](https://togithub.com/BurntSushi/toml/releases/tag/v1.4.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/BurntSushi/toml/compare/v1.3.2...v1.4.0)\r\n\r\nThis version requires Go 1.18\r\n\r\n- Add toml.Marshal()\r\n([#&#8203;405](https://togithub.com/BurntSushi/toml/issues/405))\r\n\r\n- Require 2-digit hour\r\n([#&#8203;320](https://togithub.com/BurntSushi/toml/issues/320))\r\n\r\n- Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError\r\nfor position information\r\n([#&#8203;398](https://togithub.com/BurntSushi/toml/issues/398))\r\n\r\n- Fix inline tables with dotted keys inside inline arrays (e.g.\r\n`k=[{a.b=1}]`)\r\n([#&#8203;400](https://togithub.com/BurntSushi/toml/issues/400))\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>charmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)</summary>\r\n\r\n###\r\n[`v0.26.3`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3)\r\n\r\nThis is a patch release that prevents `tea.WindowSizeMsg`s from being\r\nfired during altscreen changes on Windows. This was due to the fact that\r\nWindows emits a `window-size-event` on altscreen changes even if the\r\nsize hand’t changed. Now, we cache the window-size and compare before\r\nsending the message to the `Model`.\r\n\r\n#### What's Changed\r\n\r\n- Prevent multiple window-size-events from firing on Windows by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1021](https://togithub.com/charmbracelet/bubbletea/pull/1021)\r\n- refactor: use x/term and x/ansi for renderer sequences by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/962](https://togithub.com/charmbracelet/bubbletea/pull/962)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/bubbletea/compare/v0.26.2...v0.26.3\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.social/@&#8203;charmcli), or\r\n[Discord](https://charm.sh/chat).\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>charmbracelet/lipgloss\r\n(github.com/charmbracelet/lipgloss)</summary>\r\n\r\n###\r\n[`v0.11.0`](https://togithub.com/charmbracelet/lipgloss/releases/tag/v0.11.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0)\r\n\r\n### Immutable Styles and Raw Speed, Baby\r\n\r\nSo! The big news in this release is:\r\n\r\n-   `Style` methods will now *always* return new styles\r\n-   `Style` and ANSI operations under the hood are faster\r\n\r\nThere are also a handful of great lil' bug fixes. Read on for more.\r\n\r\n#### Immutable Styles\r\n\r\nEvery `Style` method now returns a completely new style with its own\r\nunderlying data structure no matter what. This means working with Styles\r\nis a lot easier. No more need for `Copy()`!\r\n\r\n```go\r\n// Before\r\ns := lipgloss.NewStyle().Bold(true)\r\nnewStyle := s.Copy()\r\n\r\n// After\r\ns := lipgloss.NewStyle().Bold(true)\r\nnewStyle := s // this is a true copy\r\n```\r\n\r\nOkay, but why are styles easier to work with now? Consider this:\r\n\r\n```go\r\n// Before\r\nbaseStyle := lipgloss.NewStyle().Background(lipgloss.Color(\"59\"))\r\nstyleAtRuntime := baseStyle.Copy().Width(m.Width)\r\n\r\n// After\r\nbaseStyle := lipgloss.NewStyle().Padding(1, 2)\r\nstyleAtRuntime := baseStyle.Width(m.Width)\r\n```\r\n\r\nIt might seem small, but eliminating the risk of mutations in persistent\r\nstyles in an enormous usability improvement.\r\n\r\n##### How to upgrade\r\n\r\nThere's nothing to do, however `Style.Copy()` is now deprecated and only\r\nreturns itself, so you can just remove `Style.Copy()` calls. If you need\r\nto *just* copy a style without any changes to it you can simply `b :=\r\na`.\r\n\r\n#### Faster ANSI\r\n\r\nSometimes watch companies brag about their \"in-house\" watch movement.\r\nWell, now we're bragging about our in-house-amazing\r\n[`x/ansi`](https://togithub.com/charmbracelet/x/tree/main/ansi) library\r\nby our own [@&#8203;aymanbagabas](https://togithub.com/aymanbagabas).\r\nIt's a fine-tuned, low-level way to manage ANSI sequencing and, because\r\nwe're pretty nerdy, we’re *super* excited about it.\r\n\r\n***\r\n\r\n#### What's Changed\r\n\r\n##### New!\r\n\r\n- always return copies of styles by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/lipgloss/pull/276](https://togithub.com/charmbracelet/lipgloss/pull/276)\r\n\r\n##### Changed\r\n\r\n- switch to term/ansi for text manipulation by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/lipgloss/pull/268](https://togithub.com/charmbracelet/lipgloss/pull/268)\r\n- replace stripansi with ansi.Strip in table by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/lipgloss/pull/271](https://togithub.com/charmbracelet/lipgloss/pull/271)\r\n- test for different GOOS & GOARCH by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/lipgloss/pull/292](https://togithub.com/charmbracelet/lipgloss/pull/292)\r\n\r\n##### Fixed\r\n\r\n- fix combining both conditional and unconditional wrapping by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/lipgloss/pull/275](https://togithub.com/charmbracelet/lipgloss/pull/275)\r\n- fix UnderlineSpaces and StrikethroughSpaces by\r\n[@&#8203;Taz03](https://togithub.com/Taz03) in\r\n[https://github.com/charmbracelet/lipgloss/pull/299](https://togithub.com/charmbracelet/lipgloss/pull/299)\r\n- always render horizontal border edges when enabled by\r\n[@&#8203;UnseenBook](https://togithub.com/UnseenBook) in\r\n[https://github.com/charmbracelet/lipgloss/pull/211](https://togithub.com/charmbracelet/lipgloss/pull/211)\r\n- fix possible nil panic by\r\n[@&#8203;maaslalani](https://togithub.com/maaslalani) in\r\n[https://github.com/charmbracelet/lipgloss/pull/245](https://togithub.com/charmbracelet/lipgloss/pull/245)\r\n- fix transform operating on ANSI sequences by\r\n[@&#8203;meowgorithm](https://togithub.com/meowgorithm) in\r\n[https://github.com/charmbracelet/lipgloss/pull/274](https://togithub.com/charmbracelet/lipgloss/pull/274)\r\n- change propkeys from int to int64 by\r\n[@&#8203;hugoleodev](https://togithub.com/hugoleodev) in\r\n[https://github.com/charmbracelet/lipgloss/pull/291](https://togithub.com/charmbracelet/lipgloss/pull/291)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;benwaffle](https://togithub.com/benwaffle) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/lipgloss/pull/247](https://togithub.com/charmbracelet/lipgloss/pull/247)\r\n- [@&#8203;UnseenBook](https://togithub.com/UnseenBook) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/lipgloss/pull/211](https://togithub.com/charmbracelet/lipgloss/pull/211)\r\n- [@&#8203;hugoleodev](https://togithub.com/hugoleodev) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/lipgloss/pull/291](https://togithub.com/charmbracelet/lipgloss/pull/291)\r\n- [@&#8203;Taz03](https://togithub.com/Taz03) made their first\r\ncontribution in\r\n[https://github.com/charmbracelet/lipgloss/pull/299](https://togithub.com/charmbracelet/lipgloss/pull/299)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/lipgloss/compare/v0.10.0...v0.11.0\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.technology/@&#8203;charm), or\r\n[Discord](https://charm.sh/discord).\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->\r\n\r\n---------\r\n\r\nCo-authored-by: Rex P <rexpan@google.com>","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2317765040\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/994\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/994/hovercard\" href=\"https://github.com/google/osv-scanner/pull/994\">#994</a>)"}},{"before":"fc58bedd5edd088006b2fba369c46d2108f5f8dd","after":"8fd05b44adfc20f7419882d82491228a73b2bb09","ref":"refs/heads/main","pushedAt":"2024-05-27T02:09:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update alpine docker tag to v3.20 (#993)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| alpine | final | minor | `3.19` -> `3.20` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNjguMTAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->","shortMessageHtmlLink":"chore(deps): update alpine docker tag to v3.20 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2317764766\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/993\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/993/hovercard\" href=\"https://github.com/google/osv-scanner/pull/993\">#993</a>)"}},{"before":"33e7f93fe099c3fbac4fd116e32f26298726a8f2","after":"fc58bedd5edd088006b2fba369c46d2108f5f8dd","ref":"refs/heads/main","pushedAt":"2024-05-27T00:54:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update test snapshots (#992)\n\nUpdate test snapshots after merging #937 . Also seems to cleanup old\r\nremediation in_place_test snapshots","shortMessageHtmlLink":"Update test snapshots (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2314417143\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/992\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/992/hovercard\" href=\"https://github.com/google/osv-scanner/pull/992\">#992</a>)"}},{"before":"c4caa03c5ab9f82d0e71b51da48b9c2e6b25653b","after":"33e7f93fe099c3fbac4fd116e32f26298726a8f2","ref":"refs/heads/main","pushedAt":"2024-05-24T05:20:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"test: add cases for output functions (#937)\n\nThis introduces a set of crafted scanner results that each supported\r\n`output` format is run through to showcase how they look across all the\r\ndifferent results possible from a scanner run - it originally started\r\nlife as the tests for #889 but I realised they could base used more\r\ngenerally for testing and reviewing all the outputters, so here we are.\r\n\r\n~It looks like this has also revealed the SARIF output is unstable in\r\nits ordering, which I'll aim to address in a dedicated PR~","shortMessageHtmlLink":"test: add cases for output functions (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2257893177\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/937\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/937/hovercard\" href=\"https://github.com/google/osv-scanner/pull/937\">#937</a>)"}},{"before":"d72f3d932d1e251800c148a0f58f58d78dc1d9d2","after":"c4caa03c5ab9f82d0e71b51da48b9c2e6b25653b","ref":"refs/heads/main","pushedAt":"2024-05-24T03:52:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#978)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|\r\n[github.com/charmbracelet/bubbletea](https://togithub.com/charmbracelet/bubbletea)\r\n| `v0.26.1` -> `v0.26.2` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.1/v0.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.1/v0.26.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[github.com/package-url/packageurl-go](https://togithub.com/package-url/packageurl-go)\r\n| `v0.1.2` -> `v0.1.3` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpackage-url%2fpackageurl-go/v0.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fpackage-url%2fpackageurl-go/v0.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fpackage-url%2fpackageurl-go/v0.1.2/v0.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpackage-url%2fpackageurl-go/v0.1.2/v0.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| golang.org/x/exp | `v0.0.0-20240416160154-fe59bbe5cc7f` ->\r\n`v0.0.0-20240506185415-9bf2ced13842` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/v0.0.0-20240506185415-9bf2ced13842?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/v0.0.0-20240506185415-9bf2ced13842?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20240416160154-fe59bbe5cc7f/v0.0.0-20240506185415-9bf2ced13842?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20240416160154-fe59bbe5cc7f/v0.0.0-20240506185415-9bf2ced13842?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [google.golang.org/grpc](https://togithub.com/grpc/grpc-go) |\r\n`v1.63.2` -> `v1.64.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.63.2/v1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.63.2/v1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n|\r\n[google.golang.org/protobuf](https://togithub.com/protocolbuffers/protobuf-go)\r\n| `v1.34.0` -> `v1.34.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fprotobuf/v1.34.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fprotobuf/v1.34.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fprotobuf/v1.34.0/v1.34.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fprotobuf/v1.34.0/v1.34.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>charmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)</summary>\r\n\r\n###\r\n[`v0.26.2`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.1...v0.26.2)\r\n\r\nThis fixes a small regression that was introduced in v0.26.0 related to\r\nthe first line on the first render not being displayed correctly. Thank\r\nyou [@&#8203;mistakenelf](https://togithub.com/mistakenelf) for pointing\r\nthis out in\r\n[https://github.com/charmbracelet/bubbletea/issues/1000](https://togithub.com/charmbracelet/bubbletea/issues/1000)!\r\n\r\n#### What's Changed\r\n\r\n- fix: stop and drain timers by\r\n[@&#8203;caarlos0](https://togithub.com/caarlos0) in\r\n[https://github.com/charmbracelet/bubbletea/pull/993](https://togithub.com/charmbracelet/bubbletea/pull/993)\r\n- chore(lint): minor lint-related improvements by\r\n[@&#8203;meowgorithm](https://togithub.com/meowgorithm) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1007](https://togithub.com/charmbracelet/bubbletea/pull/1007)\r\n- fix: renderer: reset the cursor on the first line by\r\n[@&#8203;aymanbagabas](https://togithub.com/aymanbagabas) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1008](https://togithub.com/charmbracelet/bubbletea/pull/1008)\r\n- chore(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1003](https://togithub.com/charmbracelet/bubbletea/pull/1003)\r\n- chore(deps): bump golangci/golangci-lint-action from 5 to 6 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1005](https://togithub.com/charmbracelet/bubbletea/pull/1005)\r\n- chore(deps): bump golang.org/x/term from 0.19.0 to 0.20.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/charmbracelet/bubbletea/pull/1002](https://togithub.com/charmbracelet/bubbletea/pull/1002)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/charmbracelet/bubbletea/compare/v0.26.1...v0.26.2\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.social/@&#8203;charmcli), or\r\n[Discord](https://charm.sh/chat).\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>package-url/packageurl-go\r\n(github.com/package-url/packageurl-go)</summary>\r\n\r\n###\r\n[`v0.1.3`](https://togithub.com/package-url/packageurl-go/releases/tag/v0.1.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/package-url/packageurl-go/compare/v0.1.2...v0.1.3)\r\n\r\n#### What's Changed\r\n\r\n- go.mod: Bump required Go version to 1.18 by\r\n[@&#8203;magnusbaeck](https://togithub.com/magnusbaeck) in\r\n[https://github.com/package-url/packageurl-go/pull/66](https://togithub.com/package-url/packageurl-go/pull/66)\r\n- Fix Github Actions by [@&#8203;shibumi](https://togithub.com/shibumi)\r\nin\r\n[https://github.com/package-url/packageurl-go/pull/69](https://togithub.com/package-url/packageurl-go/pull/69)\r\n- Adds `./` and `../` as valid subpath prefix by\r\n[@&#8203;ridhoq](https://togithub.com/ridhoq) in\r\n[https://github.com/package-url/packageurl-go/pull/68](https://togithub.com/package-url/packageurl-go/pull/68)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;magnusbaeck](https://togithub.com/magnusbaeck) made their\r\nfirst contribution in\r\n[https://github.com/package-url/packageurl-go/pull/66](https://togithub.com/package-url/packageurl-go/pull/66)\r\n- [@&#8203;ridhoq](https://togithub.com/ridhoq) made their first\r\ncontribution in\r\n[https://github.com/package-url/packageurl-go/pull/68](https://togithub.com/package-url/packageurl-go/pull/68)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/package-url/packageurl-go/compare/v0.1.2...v0.1.3\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>grpc/grpc-go (google.golang.org/grpc)</summary>\r\n\r\n### [`v1.64.0`](https://togithub.com/grpc/grpc-go/releases/tag/v1.64.0):\r\nRelease 1.64.0\r\n\r\n[Compare\r\nSource](https://togithub.com/grpc/grpc-go/compare/v1.63.2...v1.64.0)\r\n\r\n### API Changes\r\n\r\n- stats: Deprecate `InPayload.Data` and `OutPayload.Data`; they were\r\nexperimental and will be deleted in the next release\r\n([#&#8203;7121](https://togithub.com/grpc/grpc-go/issues/7121))\r\n\r\n### Behavior Changes\r\n\r\n- codec: Remove handling of environment variable\r\n`GRPC_GO_ADVERTISE_COMPRESSORS` to suppress setting supported\r\ncompressors in `grpc-accept-encoding` header. Compressors will always be\r\nadvertised, as they have been by default for some time\r\n([#&#8203;7203](https://togithub.com/grpc/grpc-go/issues/7203))\r\n\r\n### New Features\r\n\r\n- resolver/dns: Add `SetMinResolutionInterval` to set the minimum\r\ninterval at which DNS re-resolutions may occur\r\n([#&#8203;6962](https://togithub.com/grpc/grpc-go/issues/6962))\r\n- Special Thanks:\r\n[@&#8203;HomayoonAlimohammadi](https://togithub.com/HomayoonAlimohammadi)\r\n- peer/peer: Implement the `fmt.Stringer` interface for pretty printing\r\n`Peer`, and\r\n- metadata/metadata: Implement the `fmt.Stringer` interface for pretty\r\nprinting `MD`\r\n([#&#8203;7137](https://togithub.com/grpc/grpc-go/issues/7137))\r\n- Special Thanks: [@&#8203;AnomalRoil](https://togithub.com/AnomalRoil)\r\n\r\n### Performance Improvements\r\n\r\n- client: Improve RPC performance by reducing work while holding a lock\r\n([#&#8203;7132](https://togithub.com/grpc/grpc-go/issues/7132))\r\n\r\n### Bug Fixes\r\n\r\n- transport/server: Display the proper timeout value when keepalive\r\npings are not ack'd in time\r\n([#&#8203;7038](https://togithub.com/grpc/grpc-go/issues/7038))\r\n- Special Thanks: [@&#8203;BatmanAoD](https://togithub.com/BatmanAoD)\r\n- channelz: Fix bug that was causing the subchannel's target to be unset\r\n([#&#8203;7189](https://togithub.com/grpc/grpc-go/issues/7189))\r\n- stats: Fix bug where peer was not set in context when calling stats\r\nhandler for `OutPayload`, `InPayload`, and `End`\r\n([#&#8203;7096](https://togithub.com/grpc/grpc-go/issues/7096))\r\n\r\n### Dependencies\r\n\r\n- deps: Remove dependency on deprecated `github.com/golang/protobuf`\r\nmodule ([#&#8203;7122](https://togithub.com/grpc/grpc-go/issues/7122))\r\n\r\n### Documentation\r\n\r\n- grpc: Deprecate `WithBlock`, `WithReturnConnectionError`,\r\n`FailOnNonTempDialError` which are ignored by `NewClient`\r\n([#&#8203;7097](https://togithub.com/grpc/grpc-go/issues/7097))\r\n- Special Thanks: [@&#8203;pellared](https://togithub.com/pellared)\r\n- grpc: Deprecate `Dial` and `DialContext`. These will continue to be\r\nsupported throughout 1.x, but are deprecated to direct users to\r\n`NewClient` (See\r\n[#&#8203;7090](https://togithub.com/grpc/grpc-go/issues/7090) for more\r\ninformation)\r\n- examples: Add custom lb example\r\n([#&#8203;6691](https://togithub.com/grpc/grpc-go/issues/6691))\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>protocolbuffers/protobuf-go\r\n(google.golang.org/protobuf)</summary>\r\n\r\n###\r\n[`v1.34.1`](https://togithub.com/protocolbuffers/protobuf-go/releases/tag/v1.34.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/protocolbuffers/protobuf-go/compare/v1.34.0...v1.34.1)\r\n\r\nMinor fixes for editions compliance:\r\n\r\n- [CL/582635](https://go.dev/cl/582635): all: update to protobuf\r\n27.0-rc1 and regenerate protos\r\n- [CL/582755](https://go.dev/cl/582755): encoding/proto\\[json|text]:\r\naccept lower case names for group-like fields\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->\r\n\r\n---------\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2291427655\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/978\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/978/hovercard\" href=\"https://github.com/google/osv-scanner/pull/978\">#978</a>)"}},{"before":"e6b3fd420359350f375c682621ff094bb1c74c3f","after":"d72f3d932d1e251800c148a0f58f58d78dc1d9d2","ref":"refs/heads/main","pushedAt":"2024-05-24T03:40:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Add a new Maven pom.xml extractor (#982)\n\nThe new Maven lockfile extractor aims to resolve the full Maven\r\ndependency graph to provide better transitive support\r\nhttps://github.com/google/osv-scanner/issues/35. This is an experimental\r\nfeature for now.\r\n\r\nThis PR uses deps.dev util package to parse Maven pom.xml, also calls\r\ndeps.dev API for available versions when resolving a range requirement.","shortMessageHtmlLink":"Add a new Maven pom.xml extractor (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2299114338\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/982\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/982/hovercard\" href=\"https://github.com/google/osv-scanner/pull/982\">#982</a>)"}},{"before":"ffdda1ed1a7f0cf99142f2bf995ecc8d2fca6bb9","after":"e6b3fd420359350f375c682621ff094bb1c74c3f","ref":"refs/heads/main","pushedAt":"2024-05-23T10:00:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"feat: support parsing `gradle/verification-metadata.xml` (#943)\n\nThis adds support for parsing `gradle/verification-metadata.xml` files -\r\nsince this seems to be like an actual lockfile it's very\r\nstraightforward: we just parse the file as XML and extract out the name\r\n+ version of \"component\".\r\n\r\nThe interesting part of this is that unlike other project-relative\r\nlockfiles this file currently must exist in the `gradle` directory which\r\nraises questions about how `--recursive` comes into play previously we'd\r\nnot enabled APK and DPKG checking by default but I feel that was more\r\nbecause they were absolute paths and so didn't make sense to do when\r\npeople were scanning in \"project mode\".\r\n\r\nFor now I've just taken the simple route of making the file\r\n`gradle/verification-metadata.xml` since that does just work (except for\r\nthe \"find parser\" flow which checks against `path.Base` so that has the\r\n`gradle` omitted).\r\n\r\nResolves #915","shortMessageHtmlLink":"feat: support parsing <code>gradle/verification-metadata.xml</code> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2264685029\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/943\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/943/hovercard\" href=\"https://github.com/google/osv-scanner/pull/943\">#943</a>)"}},{"before":"1fa7d7a7caae96407abe848ef324cdcba72689f2","after":"ffdda1ed1a7f0cf99142f2bf995ecc8d2fca6bb9","ref":"refs/heads/main","pushedAt":"2024-05-23T09:59:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#977)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [actions/checkout](https://togithub.com/actions/checkout) | action |\r\npatch | `v4.1.4` -> `v4.1.6` |\r\n| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)\r\n| action | minor | `v4.3.1` -> `v4.4.1` |\r\n| gaurav-nelson/github-action-markdown-link-check | action | digest |\r\n`25b2c43` -> `7d83e59` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | patch | `v3.25.3` -> `v3.25.6` |\r\n|\r\n[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)\r\n| action | minor | `v5.0.0` -> `v5.1.0` |\r\n| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |\r\naction | patch | `v2.3.1` -> `v2.3.3` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>actions/checkout (actions/checkout)</summary>\r\n\r\n###\r\n[`v4.1.6`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.5...v4.1.6)\r\n\r\n- Check platform to set archive extension appropriately by\r\n[@&#8203;cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1732](https://togithub.com/actions/checkout/pull/1732)\r\n\r\n###\r\n[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)\r\n\r\n#### What's Changed\r\n\r\n- Update NPM dependencies by\r\n[@&#8203;cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1703](https://togithub.com/actions/checkout/pull/1703)\r\n- Bump github/codeql-action from 2 to 3 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1694](https://togithub.com/actions/checkout/pull/1694)\r\n- Bump actions/setup-node from 1 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1696](https://togithub.com/actions/checkout/pull/1696)\r\n- Bump actions/upload-artifact from 2 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/actions/checkout/pull/1695](https://togithub.com/actions/checkout/pull/1695)\r\n- README: Suggest `user.email` to be\r\n`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by\r\n[@&#8203;cory-miller](https://togithub.com/cory-miller) in\r\n[https://github.com/actions/checkout/pull/1707](https://togithub.com/actions/checkout/pull/1707)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/checkout/compare/v4.1.4...v4.1.5\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>codecov/codecov-action (codecov/codecov-action)</summary>\r\n\r\n###\r\n[`v4.4.1`](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1)\r\n\r\n[Compare\r\nSource](https://togithub.com/codecov/codecov-action/compare/v4.4.0...v4.4.1)\r\n\r\n###\r\n[`v4.4.0`](https://togithub.com/codecov/codecov-action/releases/tag/v4.4.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/codecov/codecov-action/compare/v4.3.1...v4.4.0)\r\n\r\n#### What's Changed\r\n\r\n- chore: Clarify isPullRequestFromFork by\r\n[@&#8203;jsoref](https://togithub.com/jsoref) in\r\n[https://github.com/codecov/codecov-action/pull/1411](https://togithub.com/codecov/codecov-action/pull/1411)\r\n- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/codecov/codecov-action/pull/1423](https://togithub.com/codecov/codecov-action/pull/1423)\r\n- build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/codecov/codecov-action/pull/1421](https://togithub.com/codecov/codecov-action/pull/1421)\r\n- build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/codecov/codecov-action/pull/1420](https://togithub.com/codecov/codecov-action/pull/1420)\r\n- feat: remove GPG and run on spawn by\r\n[@&#8203;thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov)\r\nin\r\n[https://github.com/codecov/codecov-action/pull/1426](https://togithub.com/codecov/codecov-action/pull/1426)\r\n- build(deps-dev): bump\r\n[@&#8203;typescript-eslint/parser](https://togithub.com/typescript-eslint/parser)\r\nfrom 7.8.0 to 7.9.0 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/codecov/codecov-action/pull/1428](https://togithub.com/codecov/codecov-action/pull/1428)\r\n- chore(release): 4.4.0 by\r\n[@&#8203;thomasrockhu-codecov](https://togithub.com/thomasrockhu-codecov)\r\nin\r\n[https://github.com/codecov/codecov-action/pull/1430](https://togithub.com/codecov/codecov-action/pull/1430)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/codecov/codecov-action/compare/v4.3.1...v4.4.0\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>github/codeql-action (github/codeql-action)</summary>\r\n\r\n###\r\n[`v3.25.6`](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.5...v3.25.6)\r\n\r\n###\r\n[`v3.25.5`](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.4...v3.25.5)\r\n\r\n###\r\n[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>goreleaser/goreleaser-action\r\n(goreleaser/goreleaser-action)</summary>\r\n\r\n###\r\n[`v5.1.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.1.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0)\r\n\r\n#### Important\r\n\r\nThis version changes the default behavior of `latest` to `~> v1`.\r\n\r\nThe next major of this action (v6), will change this to `~> v2`, and\r\nwill be launched together with GoReleaser v2.\r\n\r\n#### What's Changed\r\n\r\n- docs: bump actions to latest major by\r\n[@&#8203;crazy-max](https://togithub.com/crazy-max) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/435](https://togithub.com/goreleaser/goreleaser-action/pull/435)\r\n- chore(deps): bump docker/bake-action from 3 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/436](https://togithub.com/goreleaser/goreleaser-action/pull/436)\r\n- chore(deps): bump codecov/codecov-action from 3 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/437](https://togithub.com/goreleaser/goreleaser-action/pull/437)\r\n- chore(deps): bump actions/setup-go from 4 to 5 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/443](https://togithub.com/goreleaser/goreleaser-action/pull/443)\r\n- chore(deps): bump actions/upload-artifact from 3 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/444](https://togithub.com/goreleaser/goreleaser-action/pull/444)\r\n- Delete .kodiak.toml by\r\n[@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)\r\n- chore(deps): bump codecov/codecov-action from 3 to 4 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/448](https://togithub.com/goreleaser/goreleaser-action/pull/448)\r\n- chore(deps): bump ip from 2.0.0 to 2.0.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/450](https://togithub.com/goreleaser/goreleaser-action/pull/450)\r\n- Upgrade setup-go action version in README by\r\n[@&#8203;kishaningithub](https://togithub.com/kishaningithub) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/455](https://togithub.com/goreleaser/goreleaser-action/pull/455)\r\n- chore(deps): bump tar from 6.1.14 to 6.2.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/456](https://togithub.com/goreleaser/goreleaser-action/pull/456)\r\n- chore: use corepack to install yarn by\r\n[@&#8203;crazy-max](https://togithub.com/crazy-max) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/458](https://togithub.com/goreleaser/goreleaser-action/pull/458)\r\n- feat: lock this major version of the action to use '~> v1' as 'latest'\r\nby [@&#8203;caarlos0](https://togithub.com/caarlos0) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/461](https://togithub.com/goreleaser/goreleaser-action/pull/461)\r\n- chore(deps): bump semver from 7.6.0 to 7.6.2 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/462](https://togithub.com/goreleaser/goreleaser-action/pull/462)\r\n- chore(deps): bump\r\n[@&#8203;actions/http-client](https://togithub.com/actions/http-client)\r\nfrom 2.2.0 to 2.2.1 by\r\n[@&#8203;dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/goreleaser/goreleaser-action/pull/451](https://togithub.com/goreleaser/goreleaser-action/pull/451)\r\n\r\n#### New Contributors\r\n\r\n- [@&#8203;vedantmgoyal9](https://togithub.com/vedantmgoyal9) made their\r\nfirst contribution in\r\n[https://github.com/goreleaser/goreleaser-action/pull/446](https://togithub.com/goreleaser/goreleaser-action/pull/446)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/goreleaser/goreleaser-action/compare/v5.0.0...v5.1.0\r\n\r\n</details>\r\n\r\n<details>\r\n<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>\r\n\r\n###\r\n[`v2.3.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3)\r\n\r\n> \\[!NOTE]\\\r\n> There is no v2.3.2 release as a step was skipped in the release\r\nprocess. This was fixed and re-released under the v2.3.3 tag\r\n\r\n#### What's Changed\r\n\r\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by\r\n[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1366](https://togithub.com/ossf/scorecard-action/pull/1366)\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by\r\n[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1374](https://togithub.com/ossf/scorecard-action/pull/1374)\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by\r\n[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1377](https://togithub.com/ossf/scorecard-action/pull/1377)\r\n\r\nFor a full changelist of what these include, see the\r\n[v5.0.0-rc1](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc1)\r\nand\r\n[v5.0.0-rc2](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0-rc2)\r\nrelease notes.\r\n\r\n##### Documentation\r\n\r\n- :book: Move token discussion out of main README. by\r\n[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1279](https://togithub.com/ossf/scorecard-action/pull/1279)\r\n- :book: link to `ossf/scorecard` workflow instead of maintaining an\r\nexample by [@&#8203;spencerschrock](https://togithub.com/spencerschrock)\r\nin\r\n[https://github.com/ossf/scorecard-action/pull/1352](https://togithub.com/ossf/scorecard-action/pull/1352)\r\n- :book: update api links to new scorecard.dev site by\r\n[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1376](https://togithub.com/ossf/scorecard-action/pull/1376)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3\r\n\r\n###\r\n[`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update workflows (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2291427469\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/977\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/977/hovercard\" href=\"https://github.com/google/osv-scanner/pull/977\">#977</a>)"}},{"before":"e26774dbac9a2717c847d25f3f9b62d0575bc506","after":"1fa7d7a7caae96407abe848ef324cdcba72689f2","ref":"refs/heads/main","pushedAt":"2024-05-23T04:05:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update golang:1.21-alpine3.19 docker digest to 1c2e474 (#985)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | digest | `b3aea8d` -> `1c2e474` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjMuNSIsInVwZGF0ZWRJblZlciI6IjM3LjM2My41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update golang:1.21-alpine3.19 docker digest to 1c2e474 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2304724720\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/985\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/985/hovercard\" href=\"https://github.com/google/osv-scanner/pull/985\">#…</a>"}},{"before":"7f59b2e565a976f52d2da4a66dc7fb618455ee4c","after":null,"ref":"refs/heads/dependabot/bundler/docs/bundler-e3e5eef785","pushedAt":"2024-05-23T03:56:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"}},{"before":"e2816e38889606674469702b9d42bc71f4e65bec","after":"e26774dbac9a2717c847d25f3f9b62d0575bc506","ref":"refs/heads/main","pushedAt":"2024-05-23T03:56:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps-dev): Bump the bundler group across 1 directory with 2 updates (#983)\n\nBumps the bundler group with 2 updates in the /docs directory:\r\n[nokogiri](https://github.com/sparklemotion/nokogiri) and\r\n[rexml](https://github.com/ruby/rexml).\r\n\r\nUpdates `nokogiri` from 1.16.4 to 1.16.5\r\n<details>\r\n<summary>Release notes</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/sparklemotion/nokogiri/releases\">nokogiri's\r\nreleases</a>.</em></p>\r\n<blockquote>\r\n<h2>v1.16.5 / 2024-05-13</h2>\r\n<h3>Security</h3>\r\n<ul>\r\n<li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\n<a\r\nhref=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7\">GHSA-r95h-9x8f-r3f7</a>\r\nfor more information.</li>\r\n</ul>\r\n<h3>Dependencies</h3>\r\n<ul>\r\n<li>[CRuby] Vendored libxml2 is updated to <a\r\nhref=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7\">v2.12.7</a>\r\nfrom v2.12.6. (<a\r\nhref=\"https://github.com/flavorjones\"><code>@​flavorjones</code></a>)</li>\r\n</ul>\r\n<hr />\r\n<p>sha256 checksums:</p>\r\n\r\n<pre><code>af0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874\r\nnokogiri-1.16.5-aarch64-linux.gem\r\n23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec\r\nnokogiri-1.16.5-arm-linux.gem\r\n950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214\r\nnokogiri-1.16.5-arm64-darwin.gem\r\nb7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989\r\nnokogiri-1.16.5-java.gem\r\nec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e\r\nnokogiri-1.16.5-x64-mingw-ucrt.gem\r\n6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107\r\nnokogiri-1.16.5-x64-mingw32.gem\r\nabdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4\r\nnokogiri-1.16.5-x86-linux.gem\r\n63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4\r\nnokogiri-1.16.5-x86-mingw32.gem\r\n71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279\r\nnokogiri-1.16.5-x86_64-darwin.gem\r\n0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97\r\nnokogiri-1.16.5-x86_64-linux.gem\r\nec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2\r\nnokogiri-1.16.5.gem\r\n</code></pre>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Changelog</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md\">nokogiri's\r\nchangelog</a>.</em></p>\r\n<blockquote>\r\n<h2>v1.16.5</h2>\r\n<h3>Security</h3>\r\n<ul>\r\n<li>[CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\n<a\r\nhref=\"https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-r95h-9x8f-r3f7\">GHSA-r95h-9x8f-r3f7</a>\r\nfor more information.</li>\r\n</ul>\r\n<h3>Dependencies</h3>\r\n<ul>\r\n<li>[CRuby] Vendored libxml2 is updated to <a\r\nhref=\"https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7\">v2.12.7</a>\r\nfrom v2.12.6. (<a\r\nhref=\"https://github.com/flavorjones\"><code>@​flavorjones</code></a>)</li>\r\n</ul>\r\n</blockquote>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/sparklemotion/nokogiri/commit/cd70bd3dc9e0dc15b04b42d67b639eb5804e77d5\"><code>cd70bd3</code></a>\r\nversion bump to v1.16.5</li>\r\n<li><a\r\nhref=\"https://github.com/sparklemotion/nokogiri/commit/afc36de553085b6b397b23a0c09a2449655a3a47\"><code>afc36de</code></a>\r\ndep: update vendored libxml2 to v2.12.7 (<a\r\nhref=\"https://redirect.github.com/sparklemotion/nokogiri/issues/3191\">#3191</a>)</li>\r\n<li><a\r\nhref=\"https://github.com/sparklemotion/nokogiri/commit/41b4f0846d2c264b48ef93ecd034dd230ab8125a\"><code>41b4f08</code></a>\r\nci: add arm64-darwin coverage using macos-14</li>\r\n<li><a\r\nhref=\"https://github.com/sparklemotion/nokogiri/commit/67b9e863a67164ae6ffbe5ed4cc482267db7c436\"><code>67b9e86</code></a>\r\ndep: update libxml2 to v2.12.7</li>\r\n<li>See full diff in <a\r\nhref=\"https://github.com/sparklemotion/nokogiri/compare/v1.16.4...v1.16.5\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\nUpdates `rexml` from 3.2.6 to 3.2.8\r\n<details>\r\n<summary>Release notes</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/ruby/rexml/releases\">rexml's\r\nreleases</a>.</em></p>\r\n<blockquote>\r\n<h2>REXML 3.2.8 - 2024-05-16</h2>\r\n<h3>Fixes</h3>\r\n<ul>\r\n<li>Suppressed a warning</li>\r\n</ul>\r\n<h2>REXML 3.2.7 - 2024-05-16</h2>\r\n<h3>Improvements</h3>\r\n<ul>\r\n<li>\r\n<p>Improve parse performance by using <code>StringScanner</code>.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/106\">GH-106</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/107\">GH-107</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/108\">GH-108</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/109\">GH-109</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/112\">GH-112</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/113\">GH-113</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/114\">GH-114</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/115\">GH-115</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/116\">GH-116</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/117\">GH-117</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/118\">GH-118</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/119\">GH-119</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/121\">GH-121</a></p>\r\n</li>\r\n<li>\r\n<p>Patch by NAITOH Jun.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>Improved parse performance when an attribute has many\r\n<code>&lt;</code>s.</p>\r\n<ul>\r\n<li><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/124\">GH-124</a></li>\r\n</ul>\r\n</li>\r\n</ul>\r\n<h3>Fixes</h3>\r\n<ul>\r\n<li>\r\n<p>XPath: Fixed a bug of <code>normalize_space(array)</code>.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/110\">GH-110</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/111\">GH-111</a></p>\r\n</li>\r\n<li>\r\n<p>Patch by flatisland.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>XPath: Fixed a bug that wrong position is used with nested path.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/110\">GH-110</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/122\">GH-122</a></p>\r\n</li>\r\n<li>\r\n<p>Reported by jcavalieri.</p>\r\n</li>\r\n<li>\r\n<p>Patch by NAITOH Jun.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>Fixed a bug that an exception message can't be generated for\r\ninvalid encoding XML.</p>\r\n</li>\r\n</ul>\r\n<!-- raw HTML omitted -->\r\n</blockquote>\r\n<p>... (truncated)</p>\r\n</details>\r\n<details>\r\n<summary>Changelog</summary>\r\n<p><em>Sourced from <a\r\nhref=\"https://github.com/ruby/rexml/blob/master/NEWS.md\">rexml's\r\nchangelog</a>.</em></p>\r\n<blockquote>\r\n<h2>3.2.8 - 2024-05-16 {#version-3-2-8}</h2>\r\n<h3>Fixes</h3>\r\n<ul>\r\n<li>Suppressed a warning</li>\r\n</ul>\r\n<h2>3.2.7 - 2024-05-16 {#version-3-2-7}</h2>\r\n<h3>Improvements</h3>\r\n<ul>\r\n<li>\r\n<p>Improve parse performance by using <code>StringScanner</code>.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/106\">GH-106</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/107\">GH-107</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/108\">GH-108</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/109\">GH-109</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/112\">GH-112</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/113\">GH-113</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/114\">GH-114</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/115\">GH-115</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/116\">GH-116</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/117\">GH-117</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/118\">GH-118</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/119\">GH-119</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/121\">GH-121</a></p>\r\n</li>\r\n<li>\r\n<p>Patch by NAITOH Jun.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>Improved parse performance when an attribute has many\r\n<code>&lt;</code>s.</p>\r\n<ul>\r\n<li><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/124\">GH-124</a></li>\r\n</ul>\r\n</li>\r\n</ul>\r\n<h3>Fixes</h3>\r\n<ul>\r\n<li>\r\n<p>XPath: Fixed a bug of <code>normalize_space(array)</code>.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/110\">GH-110</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/111\">GH-111</a></p>\r\n</li>\r\n<li>\r\n<p>Patch by flatisland.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>XPath: Fixed a bug that wrong position is used with nested path.</p>\r\n<ul>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/110\">GH-110</a></p>\r\n</li>\r\n<li>\r\n<p><a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/122\">GH-122</a></p>\r\n</li>\r\n<li>\r\n<p>Reported by jcavalieri.</p>\r\n</li>\r\n<li>\r\n<p>Patch by NAITOH Jun.</p>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>\r\n<p>Fixed a bug that an exception message can't be generated for</p>\r\n</li>\r\n</ul>\r\n<!-- raw HTML omitted -->\r\n</blockquote>\r\n<p>... (truncated)</p>\r\n</details>\r\n<details>\r\n<summary>Commits</summary>\r\n<ul>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/1cf37bab79d61d6183bbda8bf525ed587012b718\"><code>1cf37ba</code></a>\r\nAdd 3.2.8 entry</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/b67081caa807fad48d31983137b7ed8711e7f0df\"><code>b67081c</code></a>\r\nRemove an unused variable (<a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/128\">#128</a>)</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/94e180e939baff8f7e328a287bb96ebbd99db6eb\"><code>94e180e</code></a>\r\nSuppress a warning</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/d574ba5fe1c40adbafbf16e47533f4eb32b43e60\"><code>d574ba5</code></a>\r\nci: install only gems required for running tests (<a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/129\">#129</a>)</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/4670f8fc187c89d0504d027ea997959287143453\"><code>4670f8f</code></a>\r\nAdd missing Thanks section</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/9ba35f9f032c07c39b8c86536ac13a9cb313bef2\"><code>9ba35f9</code></a>\r\nBump version</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/085def07425561862d8329001168d8bc9c75ae8f\"><code>085def0</code></a>\r\nAdd 3.2.7 entry</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb\"><code>4325835</code></a>\r\nRead quoted attributes in chunks (<a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/126\">#126</a>)</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/e77365e2d1c9cdb822c7e09b05fc5a4903d92c23\"><code>e77365e</code></a>\r\nExclude older than 2.6 on macos-14</li>\r\n<li><a\r\nhref=\"https://github.com/ruby/rexml/commit/bf2c8edb5facb206c25a62952aa37218793283e6\"><code>bf2c8ed</code></a>\r\nMove development dependencies to Gemfile (<a\r\nhref=\"https://redirect.github.com/ruby/rexml/issues/124\">#124</a>)</li>\r\n<li>Additional commits viewable in <a\r\nhref=\"https://github.com/ruby/rexml/compare/v3.2.6...v3.2.8\">compare\r\nview</a></li>\r\n</ul>\r\n</details>\r\n<br />\r\n\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n<details>\r\n<summary>Dependabot commands and options</summary>\r\n<br />\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show <dependency name> ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore <dependency name> major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore <dependency name> minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore <dependency name>` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore <dependency name>` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore <dependency name> <ignore condition>` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/google/osv-scanner/network/alerts).\r\n\r\n</details>\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps-dev): Bump the bundler group across 1 directory with 2 upd…"}},{"before":"5eed7e8542549bde3f184676b567c9d92d086a3f","after":"e2816e38889606674469702b9d42bc71f4e65bec","ref":"refs/heads/main","pushedAt":"2024-05-23T03:55:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"make Maven parent path relative on current project (#987)\n\nPreviously, the path is always relative to the provided path to\r\n`pom.xml`, however, this path should be relative to the current parent\r\npath.\r\n\r\nAlso we observe that sometimes `pom.xml` is omitted in `</relativePath>`\r\nso when this happens, we manually append `pom.xml` to file path.","shortMessageHtmlLink":"make Maven parent path relative on current project (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2305174295\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/987\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/987/hovercard\" href=\"https://github.com/google/osv-scanner/pull/987\">#987</a>)"}},{"before":"2011e92b785eda7bc5a0b8bd94ef84867dd2d60e","after":"7f59b2e565a976f52d2da4a66dc7fb618455ee4c","ref":"refs/heads/dependabot/bundler/docs/bundler-e3e5eef785","pushedAt":"2024-05-23T03:46:29.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Merge branch 'main' into dependabot/bundler/docs/bundler-e3e5eef785","shortMessageHtmlLink":"Merge branch 'main' into dependabot/bundler/docs/bundler-e3e5eef785"}},{"before":"055ef052bde5a8a259cd563f7d51bee1d5e2f4fb","after":"5eed7e8542549bde3f184676b567c9d92d086a3f","ref":"refs/heads/main","pushedAt":"2024-05-23T03:45:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Fix snapshots and alpine version (#990)\n\nThis updates busybox to 1.36.1-r27 to resolve all current\r\nvulnerabilities, and then updates the snapshots to match.\r\n\r\nThis is a bit odd as 1.36.1-r27 doesn't actually exist on the distro\r\nthis SBOM is created for (alpine 3.17) , where the highest version is\r\n1.35.0-r30. However, as 3.17 is now out of support, no more fixes are\r\nbeing backported for 1.35.0.\r\n\r\nThe *ideal(?)* behavior would not show the 3.19/3.20 vulnerabilities on\r\n1.36.1 when scanning Alpine 3.17, but because of distro in purls still\r\nbeing undefined, all alpine advisories are returned. When this is\r\neventually implemented, we should revert this PR.","shortMessageHtmlLink":"Fix snapshots and alpine version (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2311780722\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/990\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/990/hovercard\" href=\"https://github.com/google/osv-scanner/pull/990\">#990</a>)"}},{"before":"e1b120b6794659bdc9b07fb5ffd1b327dd0e21fa","after":"055ef052bde5a8a259cd563f7d51bee1d5e2f4fb","ref":"refs/heads/main","pushedAt":"2024-05-17T01:25:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Update deps.dev dependencies (#984)","shortMessageHtmlLink":"Update deps.dev dependencies (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2301617788\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/984\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/984/hovercard\" href=\"https://github.com/google/osv-scanner/pull/984\">#984</a>)"}},{"before":"4793a46e88f1bbce733c30de062dac6c6a733e41","after":null,"ref":"refs/heads/dependabot/bundler/docs/bundler-1bdea36e40","pushedAt":"2024-05-16T21:36:40.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEWMT6RAA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv-scanner"}