compile
scope in dependency groups (#1003)"}},{"before":"86144006b05f09c1f0aa986d9c4c219f5d97c965","after":"d4657bf46aea52834c5148b25fb6cab132c69af5","ref":"refs/heads/main","pushedAt":"2024-05-30T01:31:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Remove feature from changelog as it's still blocked on #769 (#1006)\n\nRemove feature from changelog as it's still blocked on #769","shortMessageHtmlLink":"Remove feature from changelog as it's still blocked on #769 (#1006)"}},{"before":"18e4585751db9e31e403a800a5a0fd8f359f5dea","after":"86144006b05f09c1f0aa986d9c4c219f5d97c965","ref":"refs/heads/main","pushedAt":"2024-05-30T00:34:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"V1.7.4 changelog (#1001)\n\nPre Release edits for v1.7.4","shortMessageHtmlLink":"V1.7.4 changelog (#1001)"}},{"before":"caea5c733154add2b3e83876f04ac455326855ad","after":null,"ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:36:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"}},{"before":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","after":"18e4585751db9e31e403a800a5a0fd8f359f5dea","ref":"refs/heads/main","pushedAt":"2024-05-28T04:36:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md (#998)","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md (#998)"}},{"before":null,"after":"caea5c733154add2b3e83876f04ac455326855ad","ref":"refs/heads/another-rex-patch-1","pushedAt":"2024-05-28T04:27:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update typo in supported_languages_and_lockfiles.md","shortMessageHtmlLink":"Update typo in supported_languages_and_lockfiles.md"}},{"before":"588dda2df762bcb5e1309af71968f6a96f70e7e9","after":"055091604aee6cafe8344fcb4c3e1641ef2f5b03","ref":"refs/heads/main","pushedAt":"2024-05-28T04:24:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: support comparing Alpine versions locally (#980)\n\nThis introduces support for comparing Alpine versions locally using the\r\nsame logic as the `apk` package manager, along with a generator for\r\ngenerating fixtures.\r\n\r\nThere is a bit of fuzziness in the behaviour across different versions\r\nof `apk` - the `alpine:3.x` docker images all use `apk` v2.x, which is\r\nwhat the fixture generator uses too and at least `apk` v2.14 (which is\r\nused by `alpine:3.19`) and v2.10 pass; however the current latest\r\nupcoming version of `apk` technically fails on approximately 30 fixtures\r\nwhich I think is because it has fixed\r\nhttps://gitlab.alpinelinux.org/alpine/abuild/-/issues/10088.\r\n\r\nBeyond that I was able to find a handful of other edge cases where the\r\ncomparison results between these versions was different, but they all\r\nseemed to be primarily around the handling of invalid versions which are\r\nnot expected to be present in OSV data anyway and they look to be the\r\nresult of bugfixes meaning we'd need special \"anti\" handling to support\r\nin a way that ensures valid versions are still compared correctly, so I\r\nthink it's good enough to ship.\r\n\r\nResolves #952","shortMessageHtmlLink":"feat: support comparing Alpine versions locally (#980)"}},{"before":"804589a5899ebd226e640f31a630b2508b90c9ad","after":"588dda2df762bcb5e1309af71968f6a96f70e7e9","ref":"refs/heads/main","pushedAt":"2024-05-28T03:23:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Now that we have updated to go1.21.10, we can remove the ignore line from osv-scanner.toml (#996)\n\nNow that we have updated to go1.21.10, we can remove the ignore line\r\nfrom osv-scanner.toml which was ignoring a vulnerability in go1.21.8","shortMessageHtmlLink":"Now that we have updated to go1.21.10, we can remove the ignore line …"}},{"before":"10c35fdd46012cb957bab469cdded2e58292b198","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-d7e292bcf6","pushedAt":"2024-05-27T02:30:33.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"b178a885a11dc9eefd8cc8adb2ce253e22dfd3d9","after":"804589a5899ebd226e640f31a630b2508b90c9ad","ref":"refs/heads/main","pushedAt":"2024-05-27T02:29:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (major) (#897)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n|\r\n[golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action)\r\n| action | major | `v5.3.0` -> `v6.0.1` |\r\n|\r\n[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)\r\n| action | major | `v1.10.0` -> `v2.0.0` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\ngradle/verification-metadata.xml
(#943)"}},{"before":"1fa7d7a7caae96407abe848ef324cdcba72689f2","after":"ffdda1ed1a7f0cf99142f2bf995ecc8d2fca6bb9","ref":"refs/heads/main","pushedAt":"2024-05-23T09:59:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#977)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [actions/checkout](https://togithub.com/actions/checkout) | action |\r\npatch | `v4.1.4` -> `v4.1.6` |\r\n| [codecov/codecov-action](https://togithub.com/codecov/codecov-action)\r\n| action | minor | `v4.3.1` -> `v4.4.1` |\r\n| gaurav-nelson/github-action-markdown-link-check | action | digest |\r\n`25b2c43` -> `7d83e59` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | patch | `v3.25.3` -> `v3.25.6` |\r\n|\r\n[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)\r\n| action | minor | `v5.0.0` -> `v5.1.0` |\r\n| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |\r\naction | patch | `v2.3.1` -> `v2.3.3` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\nSourced from nokogiri's\r\nreleases.
\r\n\r\n\r\nv1.16.5 / 2024-05-13
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)
\r\nsha256 checksums:
\r\n\r\n\r\naf0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874\r\nnokogiri-1.16.5-aarch64-linux.gem\r\n23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec\r\nnokogiri-1.16.5-arm-linux.gem\r\n950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214\r\nnokogiri-1.16.5-arm64-darwin.gem\r\nb7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989\r\nnokogiri-1.16.5-java.gem\r\nec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e\r\nnokogiri-1.16.5-x64-mingw-ucrt.gem\r\n6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107\r\nnokogiri-1.16.5-x64-mingw32.gem\r\nabdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4\r\nnokogiri-1.16.5-x86-linux.gem\r\n63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4\r\nnokogiri-1.16.5-x86-mingw32.gem\r\n71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279\r\nnokogiri-1.16.5-x86_64-darwin.gem\r\n0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97\r\nnokogiri-1.16.5-x86_64-linux.gem\r\nec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2\r\nnokogiri-1.16.5.gem\r\n
Sourced from nokogiri's\r\nchangelog.
\r\n\r\n\r\nv1.16.5
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)
Sourced from rexml's\r\nreleases.
\r\n\r\n\r\nREXML 3.2.8 - 2024-05-16
\r\nFixes
\r\n\r\n
\r\n- Suppressed a warning
\r\nREXML 3.2.7 - 2024-05-16
\r\nImprovements
\r\n\r\n
\r\n- \r\n
\r\nImprove parse performance by using
\r\n\r\nStringScanner
.- \r\n
\r\nImproved parse performance when an attribute has many\r\n
\r\n<
s.\r\n
\r\n- GH-124
\r\nFixes
\r\n\r\n
\r\n\r\n- \r\n
\r\nXPath: Fixed a bug of
\r\n\r\nnormalize_space(array)
.- \r\n
\r\nXPath: Fixed a bug that wrong position is used with nested path.
\r\n\r\n- \r\n
\r\nFixed a bug that an exception message can't be generated for\r\ninvalid encoding XML.
\r\n
... (truncated)
\r\nSourced from rexml's\r\nchangelog.
\r\n\r\n\r\n3.2.8 - 2024-05-16 {#version-3-2-8}
\r\nFixes
\r\n\r\n
\r\n- Suppressed a warning
\r\n3.2.7 - 2024-05-16 {#version-3-2-7}
\r\nImprovements
\r\n\r\n
\r\n- \r\n
\r\nImprove parse performance by using
\r\n\r\nStringScanner
.- \r\n
\r\nImproved parse performance when an attribute has many\r\n
\r\n<
s.\r\n
\r\n- GH-124
\r\nFixes
\r\n\r\n
\r\n\r\n- \r\n
\r\nXPath: Fixed a bug of
\r\n\r\nnormalize_space(array)
.- \r\n
\r\nXPath: Fixed a bug that wrong position is used with nested path.
\r\n\r\n- \r\n
\r\nFixed a bug that an exception message can't be generated for
\r\n
... (truncated)
\r\n1cf37ba
\r\nAdd 3.2.8 entryb67081c
\r\nRemove an unused variable (#128)94e180e
\r\nSuppress a warningd574ba5
\r\nci: install only gems required for running tests (#129)4670f8f
\r\nAdd missing Thanks section9ba35f9
\r\nBump version085def0
\r\nAdd 3.2.7 entry4325835
\r\nRead quoted attributes in chunks (#126)e77365e
\r\nExclude older than 2.6 on macos-14bf2c8ed
\r\nMove development dependencies to Gemfile (#124)