Skip to content

fix(deps): update go dependencies#476

Merged
academo merged 3 commits intomainfrom
renovate/go-dependencies
Jan 5, 2026
Merged

fix(deps): update go dependencies#476
academo merged 3 commits intomainfrom
renovate/go-dependencies

Conversation

@renovate-sh-app
Copy link
Copy Markdown
Contributor

@renovate-sh-app renovate-sh-app Bot commented Dec 11, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update Pending
github.com/google/osv-scanner/v2 v2.2.4 -> v2.3.0 age confidence require minor v2.3.1
github.com/hashicorp/go-version v1.7.0 -> v1.8.0 age confidence require minor
go (source) 1.25.4 -> 1.25.5 age confidence toolchain patch
golang.org/x/mod v0.29.0 -> v0.30.0 age confidence require minor v0.31.0
google.golang.org/api v0.255.0 -> v0.257.0 age confidence require minor v0.258.0

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

Release Notes

google/osv-scanner (github.com/google/osv-scanner/v2)

v2.3.0

Compare Source

This release migrates to the new osv.dev and osv-schema proto bindings for its internal data models (#​2328). This is primarily an internal change and should not impact users.

Features:
Fixes:
hashicorp/go-version (github.com/hashicorp/go-version)

v1.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: hashicorp/go-version@v1.7.0...v1.8.0

golang/go (go)

v1.25.5

googleapis/google-api-go-client (google.golang.org/api)

v0.257.0

Compare Source

Features

v0.256.0

Compare Source

Features

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

Need help?

You can ask for more help in the following Slack channel: #proj-renovate-self-hosted. In that channel you can also find ADR and FAQ docs in the Resources section.

@renovate-sh-app renovate-sh-app Bot requested review from a team as code owners December 11, 2025 17:53
@renovate-sh-app renovate-sh-app Bot requested a review from Ukochka December 11, 2025 17:53
@grafana-plugins-platform-bot grafana-plugins-platform-bot Bot moved this from 📬 Triage to 🔬 In review in Grafana Catalog Team Dec 11, 2025
@renovate-sh-app renovate-sh-app Bot force-pushed the renovate/go-dependencies branch from 9a76e46 to 2f9bdc1 Compare December 16, 2025 02:23
@renovate-sh-app
Copy link
Copy Markdown
Contributor Author

renovate-sh-app Bot commented Dec 16, 2025
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 21 additional dependencies were updated

Details:

Package Change
github.com/ossf/osv-schema/bindings/go v0.0.0-20251012234424-434020c6442f -> v0.0.0-20251112210320-9fb6c8870ac1
github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5 -> v0.0.0-20251114061303-68c556c8ce09
github.com/jedib0t/go-pretty/v6 v6.6.8 -> v6.7.2
deps.dev/api/v3 v3.0.0-20250917073939-6ff3dd7d2eea -> v3.0.0-20251104021112-20ad94767ddf
deps.dev/api/v3alpha v0.0.0-20250903005441-604c45d5b44b -> v0.0.0-20251104021112-20ad94767ddf
deps.dev/util/maven v0.0.0-20250917073939-6ff3dd7d2eea -> v0.0.0-20251104021112-20ad94767ddf
deps.dev/util/resolve v0.0.0-20250917073939-6ff3dd7d2eea -> v0.0.0-20251104021112-20ad94767ddf
deps.dev/util/semver v0.0.0-20250917073939-6ff3dd7d2eea -> v0.0.0-20251104021112-20ad94767ddf
github.com/google/osv-scalibr v0.3.7-0.20251023161426-90e9ac9cc1b3 -> v0.3.7-0.20251118161533-ed0917ecede1
github.com/googleapis/enterprise-certificate-proxy v0.3.6 -> v0.3.7
github.com/owenrumney/go-sarif/v3 v3.2.3 -> v3.3.0
go.opentelemetry.io/auto/sdk v1.1.0 -> v1.2.1
go.opentelemetry.io/otel v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/metric v1.37.0 -> v1.38.0
go.opentelemetry.io/otel/trace v1.37.0 -> v1.38.0
golang.org/x/oauth2 v0.32.0 -> v0.33.0
google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b -> v0.0.0-20251111163417-95abcf5c77ba
google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda -> v0.0.0-20251124214823-79d6a2a48846
google.golang.org/grpc v1.76.0 -> v1.77.0
osv.dev/bindings/go v0.0.0-20251013010847-b847e93bd9b0 -> v0.0.0-20251114023950-43ef4fb673ff
sigs.k8s.io/yaml v1.5.0 -> v1.6.0

@renovate-sh-app renovate-sh-app Bot force-pushed the renovate/go-dependencies branch from 2f9bdc1 to 8722d2d Compare December 16, 2025 23:32
@renovate-sh-app
fix(deps): update go dependencies
0ba70ee 
| datasource     | package                          | from     | to       |
| -------------- | -------------------------------- | -------- | -------- |
| go             | github.com/google/osv-scanner/v2 | v2.2.4   | v2.3.0   |
| go             | github.com/hashicorp/go-version  | v1.7.0   | v1.8.0   |
| golang-version | go                               | 1.25.4   | 1.25.5   |
| go             | golang.org/x/mod                 | v0.29.0  | v0.30.0  |
| go             | google.golang.org/api            | v0.255.0 | v0.257.0 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
@renovate-sh-app renovate-sh-app Bot force-pushed the renovate/go-dependencies branch from 8722d2d to 0ba70ee Compare December 18, 2025 14:25
@renovate-sh-app
Copy link
Copy Markdown
Contributor Author

renovate-sh-app Bot commented Dec 19, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@academo academo force-pushed the renovate/go-dependencies branch from 903fe2e to dc1e096 Compare January 5, 2026 09:38
academo
academo reviewed Jan 5, 2026
View reviewed changes
Comment thread pkg/analysis/passes/osvscanner/osvscanner.go
severity := "n/a"
if val, ok := aVulnerability.DatabaseSpecific["severity"]; ok {
severity = val.(string)
if aVulnerability.DatabaseSpecific != nil {
Copy link
Copy Markdown
Collaborator

@academo academo Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

osv scanner changed some types signatures and required some adjustments

@academo academo merged commit cbcb1e5 into main Jan 5, 2026
10 checks passed
@academo academo deleted the renovate/go-dependencies branch January 5, 2026 10:15
@github-project-automation github-project-automation Bot moved this from 🔬 In review to 🚀 Shipped in Grafana Catalog Team Jan 5, 2026
@grafana-plugins-platform-bot grafana-plugins-platform-bot Bot mentioned this pull request May 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@academo academo academo approved these changes

@Ukochka Ukochka Awaiting requested review from Ukochka Ukochka was automatically assigned from grafana/plugins-platform-frontend

@wbrowne wbrowne Awaiting requested review from wbrowne wbrowne was automatically assigned from grafana/plugins-platform-backend

@oshirohugo oshirohugo Awaiting requested review from oshirohugo oshirohugo was automatically assigned from grafana/plugins-platform-backend

@xnyo xnyo Awaiting requested review from xnyo xnyo was automatically assigned from grafana/plugins-platform-backend

Assignees

No one assigned

Labels

update-minor update-patch

Projects

Grafana Catalog Team
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@academo