fix(deps): update osv-scanner minor

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change
github.com/BurntSushi/toml	require	minor	v1.2.1 -> v1.3.0
github.com/go-git/go-git/v5	require	minor	v5.6.1 -> v5.7.0
github.com/spdx/tools-golang	require	patch	v0.5.0 -> v0.5.1
github.com/urfave/cli/v2	require	patch	v2.25.3 -> v2.25.5
golang.org/x/exp	require	digest	dd950f8 -> 2e198f4
golang.org/x/tools	require	patch	v0.9.1 -> v0.9.3

---

Release Notes

BurntSushi/toml

v1.3.0

Compare Source

New features:

• Support upcoming TOML 1.1

  While it looks like TOML 1.1 is mostly stable and I don't expect any further major changes, there are NO compatibility guarantees as it is NOT yet released and anything can still change.

  To use it, set the BURNTSUSHI_TOML_110 environment variable to any value, which can be done either with os.SetEnv() or by the user running a program.

  A full list is changes is available in the TOML ChangeLog; the two most notable ones are that newlines and trailing commas are now allowed in inline tables, and Unicode in bare keys can now be used – this is now a valid document:

  lëttërs = {
    ä = "a with diaeresis",
    è = "e with accent grave",
  }
  

• Allow MarshalTOML and MarshalText to be used on the document type itself, instead of only fields (#​383).

Bufixes:

• \ escapes at the end of line weren't processed correctly in multiline strings (#​372).

• Read over UTF-8 BOM (#​381).

• omitempty struct tag did not work for pointer values (#​371).

• Fix encoding anonymous structs on 32bit systems (#​374).

go-git/go-git

v5.7.0

Compare Source

What's Changed

• *: Add support for initializing SHA256 repositories by @​pjbgf in https://github.com/go-git/go-git/pull/707
• git: add mirror clone option by @​aymanbagabas in https://github.com/go-git/go-git/pull/735
• git: Add support to ls-remote with peeled references. Fixes #​749 by @​pjbgf in https://github.com/go-git/go-git/pull/750
• git: fix cloning with branch name by @​AriehSchneier in https://github.com/go-git/go-git/pull/755
• git: Worktree, add check to see if file already checked in. Fixes #​718 by @​cbbm142 in https://github.com/go-git/go-git/pull/719
• git: Worktree, git grep bare repositories by @​aymanbagabas in https://github.com/go-git/go-git/pull/728
• git: Add Depth to SubmoduleUpdateOptions by @​matejrisek in https://github.com/go-git/go-git/pull/754
• git: Testing, Fix tests not cleaning temp folders by @​AriehSchneier in https://github.com/go-git/go-git/pull/769
• git: remote, add support for a configurable timeout. by @​andrewpollock in https://github.com/go-git/go-git/pull/753
• git: Allow Initial Branch to be configurable by @​techknowlogick in https://github.com/go-git/go-git/pull/764
• storage: filesystem/dotgit, Improve load packed-refs by @​fcharlie in https://github.com/go-git/go-git/pull/743
• storage: filesystem, Populate index before use. Fixes #​148 by @​AriehSchneier in https://github.com/go-git/go-git/pull/722
• plumbing: resolve non-external delta references by @​ZauberNerd in https://github.com/go-git/go-git/pull/485
• plumbing/transport: fix regression in scp-like match by @​jotadrilo in https://github.com/go-git/go-git/pull/715
• plumbing/transport: Add support for custom proxy settings by @​aryan9600 in https://github.com/go-git/go-git/pull/744
• *: small fixes across the codebase by @​pjbgf in https://github.com/go-git/go-git/pull/770
• *: bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @​dependabot in https://github.com/go-git/go-git/pull/776
• *: bump dependencies by @​pjbgf in https://github.com/go-git/go-git/pull/748
• *: bump Go version to 1.18 on go.mod by @​pjbgf in https://github.com/go-git/go-git/pull/774
• *: add Codeql workflow and bump dependencies by @​pjbgf in https://github.com/go-git/go-git/pull/775
• ci: fix upstream git build for master branch by @​pjbgf in https://github.com/go-git/go-git/pull/739

New Contributors

• @​ZauberNerd made their first contribution in https://github.com/go-git/go-git/pull/485
• @​jotadrilo made their first contribution in https://github.com/go-git/go-git/pull/715
• @​fcharlie made their first contribution in https://github.com/go-git/go-git/pull/743
• @​AriehSchneier made their first contribution in https://github.com/go-git/go-git/pull/755
• @​cbbm142 made their first contribution in https://github.com/go-git/go-git/pull/719
• @​aryan9600 made their first contribution in https://github.com/go-git/go-git/pull/744
• @​matejrisek made their first contribution in https://github.com/go-git/go-git/pull/754
• @​andrewpollock made their first contribution in https://github.com/go-git/go-git/pull/753
• @​techknowlogick made their first contribution in https://github.com/go-git/go-git/pull/764

Full Changelog: go-git/go-git@v5.6.1...v5.7.0

spdx/tools-golang

v0.5.1

Compare Source

What's Changed

• Add ability to specify JSON output options by @​DmitriyLewen in https://github.com/spdx/tools-golang/pull/213
• Fix some optional params: copyrightText, licenseListVersion, packageVerificationCode by @​lumjjb in https://github.com/spdx/tools-golang/pull/215
• Properly output and read the filesAnalyzed field in JSON/YAML by @​kzantow in https://github.com/spdx/tools-golang/pull/210
• Ensure no duplicates in relationships when shortcut fields are used. by @​lumjjb in https://github.com/spdx/tools-golang/pull/218

New Contributors

• @​testwill made their first contribution in https://github.com/spdx/tools-golang/pull/212
• @​DmitriyLewen made their first contribution in https://github.com/spdx/tools-golang/pull/213

Full Changelog: spdx/tools-golang@v0.5.0...v0.5.1

urfave/cli

v2.25.5

Compare Source

What's Changed

• Fix:(issue_1737) Set bool count by taking care of num of aliases by @​dearchap in https://github.com/urfave/cli/pull/1740

Full Changelog: urfave/cli@v2.25.4...v2.25.5

v2.25.4

Compare Source

What's Changed

• Bug/fix issue 1703 by @​jojje in https://github.com/urfave/cli/pull/1728
• Fix:(issue_1734) Show categories for subcommands by @​dearchap in https://github.com/urfave/cli/pull/1735
• Fix:(issue_1610). Keep RunAsSubcommand behaviour as before by @​dearchap in https://github.com/urfave/cli/pull/1736
• Fix:(issue_1731) Add fix for checking if aliases are set by @​dearchap in https://github.com/urfave/cli/pull/1732
• Fix func name referenced in doc comment by @​meatballhat in https://github.com/urfave/cli/pull/1738

New Contributors

• @​jojje made their first contribution in https://github.com/urfave/cli/pull/1728

Full Changelog: urfave/cli@v2.25.3...v2.25.4

---

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.