chore(deps): update dependency golangci-lint to v1.56.1 #197
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #197 +/- ##
=======================================
Coverage 76.58% 76.58%
=======================================
Files 24 24
Lines 1892 1892
=======================================
Hits 1449 1449
Misses 354 354
Partials 89 89 ☔ View full report in Codecov by Sentry. |
andrewpollock
pushed a commit
to google/osv.dev
that referenced
this pull request
Jun 12, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | | | [cloud.google.com/go/logging](https://togithub.com/googleapis/google-cloud-go) | require | minor | `v1.8.1` -> `v1.10.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [cloud.google.com/go/secretmanager](https://togithub.com/googleapis/google-cloud-go) | require | minor | `v1.11.4` -> `v1.13.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/atombender/go-jsonschema](https://togithub.com/atombender/go-jsonschema) | require | minor | `v0.14.1` -> `v0.16.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | require | minor | `v5.11.0` -> `v5.12.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/google/osv-scanner](https://togithub.com/google/osv-scanner) | require | minor | `v1.4.3` -> `v1.7.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang | stage | digest | `9d8429e` -> `9bdd569` | | | | | | golang.org/x/exp | require | digest | `6522937` -> `fc45aab` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>atombender/go-jsonschema (github.com/atombender/go-jsonschema)</summary> ### [`v0.16.0`](https://togithub.com/omissis/go-jsonschema/releases/tag/v0.16.0) [Compare Source](https://togithub.com/atombender/go-jsonschema/compare/v0.15.0...v0.16.0) This release introduces several new improvements: - Improve support for non-case-sensitive languages - Make generated go more stable, and solve annoying big diffs - Fix generated code for non-nullable types with two options - Removes nil check for `required` properties - Add support for additionalProperties when other fields exist #### What's Changed - Enhance splitIdentifierByCaseAndSeparators to support non-case-sensitive languages by [@​zrma](https://togithub.com/zrma) in [omissis/go-jsonschema#170 - Stable output: Add some more names to anonymous Method classes by [@​RobQuistNL](https://togithub.com/RobQuistNL) in [omissis/go-jsonschema#169 - Fix non-nullable type with two options by [@​jagregory](https://togithub.com/jagregory) in [omissis/go-jsonschema#205 - Removes nil check for `required` properties by [@​Henkoglobin](https://togithub.com/Henkoglobin) in [omissis/go-jsonschema#215 - Add support for additionalProperties when other fields exist by [@​codeboten](https://togithub.com/codeboten) and [@​omissis](https://togithub.com/omissis) in [omissis/go-jsonschema#218 - Update go and all deps by [@​omissis](https://togithub.com/omissis) in [omissis/go-jsonschema#217 - Several [@​renovate](https://togithub.com/renovate) PRs - fix(deps): update golang.org/x/exp digest to [`1b97071`](https://togithub.com/atombender/go-jsonschema/commit/1b97071) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#190 - fix(deps): update module github.com/goccy/go-yaml to v1.11.3 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#191 - fix(deps): update golang.org/x/exp digest to [`2c58cdc`](https://togithub.com/atombender/go-jsonschema/commit/2c58cdc) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#193 - chore(deps): update golang docker tag to v1.22.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#195 - chore(deps): update dependency golangci-lint to v1.56.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#196 - chore(deps): update dependency golangci-lint to v1.56.1 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#197 - chore(deps): update dependency shfmt to v3.8.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#198 - fix(deps): update golang.org/x/exp digest to [`ec58324`](https://togithub.com/atombender/go-jsonschema/commit/ec58324) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#199 - chore(deps): update dependency golangci-lint to v1.56.2 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#200 - fix(deps): update golang.org/x/exp digest to [`814bf88`](https://togithub.com/atombender/go-jsonschema/commit/814bf88) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#201 - chore(deps): update golang docker tag to v1.22.1 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#202 - chore(deps): update dependency shellcheck to v0.10.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#203 - chore(deps): update codecov/codecov-action action to v4 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#192 - fix(deps): update golang.org/x/exp digest to [`c7f7c64`](https://togithub.com/atombender/go-jsonschema/commit/c7f7c64) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#206 - fix(deps): update golang.org/x/exp digest to [`a85f2c6`](https://togithub.com/atombender/go-jsonschema/commit/a85f2c6) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#207 - chore(deps): update dependency golangci-lint to v1.57.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#208 - chore(deps): update dependency golangci-lint to v1.57.1 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#209 - fix(deps): update golang.org/x/exp digest to [`a685a6e`](https://togithub.com/atombender/go-jsonschema/commit/a685a6e) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#210 - chore(deps): update dependency golangci-lint to v1.57.2 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#211 - chore(deps): update golang docker tag to v1.22.2 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#212 - fix(deps): update golang.org/x/exp digest to [`c0f41cb`](https://togithub.com/atombender/go-jsonschema/commit/c0f41cb) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#213 - fix(deps): update golang.org/x/exp digest to [`93d18d7`](https://togithub.com/atombender/go-jsonschema/commit/93d18d7) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#214 - fix(deps): update golang.org/x/exp digest to [`fe59bbe`](https://togithub.com/atombender/go-jsonschema/commit/fe59bbe) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#216 #### New Contributors - [@​zrma](https://togithub.com/zrma) made their first contribution in [omissis/go-jsonschema#170 - [@​RobQuistNL](https://togithub.com/RobQuistNL) made their first contribution in [omissis/go-jsonschema#169 - [@​jagregory](https://togithub.com/jagregory) made their first contribution in [omissis/go-jsonschema#205 - [@​Henkoglobin](https://togithub.com/Henkoglobin) made their first contribution in [omissis/go-jsonschema#215 - [@​codeboten](https://togithub.com/codeboten) made their first contribution in [omissis/go-jsonschema#218 (replaces [omissis/go-jsonschema#189) **Full Changelog**: omissis/go-jsonschema@v0.15.0...v0.16.0 ### [`v0.15.0`](https://togithub.com/omissis/go-jsonschema/releases/tag/v0.15.0) [Compare Source](https://togithub.com/atombender/go-jsonschema/compare/v0.14.1...v0.15.0) This release introduces one new feature and a fix: - support for `file://` schema in references - support for yaml file references #### What's Changed - feat: add support for "file://" schema in $refs by [@​omissis](https://togithub.com/omissis) in [omissis/go-jsonschema#147 - fix: support for yaml file references by [@​johanneswuerbach](https://togithub.com/johanneswuerbach) in [omissis/go-jsonschema#179 - chore: split generate.go file by [@​AlbertoBarba](https://togithub.com/AlbertoBarba) in [omissis/go-jsonschema#153 - chore(deps): update dependency golangci-lint to v1.55.2 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#162 - chore(deps): update golang docker tag to v1.21.4 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#165 - chore(deps): update golang docker tag to v1.21.5 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#174 - chore(deps): update actions/setup-go action to v5 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#175 - chore(deps): update golang docker tag to v1.21.6 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#184 - fix(deps): update module github.com/spf13/cobra to v1.8.0 by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#163 - fix(deps): update golang.org/x/exp digest to [`2478ac8`](https://togithub.com/atombender/go-jsonschema/commit/2478ac8) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#166 - fix(deps): update golang.org/x/exp digest to [`9a3e603`](https://togithub.com/atombender/go-jsonschema/commit/9a3e603) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#168 - fix(deps): update golang.org/x/exp digest to [`6522937`](https://togithub.com/atombender/go-jsonschema/commit/6522937) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#172 - fix(deps): update golang.org/x/exp digest to [`f3f8817`](https://togithub.com/atombender/go-jsonschema/commit/f3f8817) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#176 - fix(deps): update golang.org/x/exp digest to [`aacd6d4`](https://togithub.com/atombender/go-jsonschema/commit/aacd6d4) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#178 - fix(deps): update golang.org/x/exp digest to [`dc181d7`](https://togithub.com/atombender/go-jsonschema/commit/dc181d7) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#180 - fix(deps): update golang.org/x/exp digest to [`02704c9`](https://togithub.com/atombender/go-jsonschema/commit/02704c9) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#181 - fix(deps): update golang.org/x/exp digest to [`be819d1`](https://togithub.com/atombender/go-jsonschema/commit/be819d1) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#182 - fix(deps): update golang.org/x/exp digest to [`0dcbfd6`](https://togithub.com/atombender/go-jsonschema/commit/0dcbfd6) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#185 - fix(deps): update golang.org/x/exp digest to [`db7319d`](https://togithub.com/atombender/go-jsonschema/commit/db7319d) by [@​renovate](https://togithub.com/renovate) in [omissis/go-jsonschema#186 #### New Contributors - [@​johanneswuerbach](https://togithub.com/johanneswuerbach) made their first contribution in [omissis/go-jsonschema#179 **Full Changelog**: omissis/go-jsonschema@v0.14.1...v0.15.0 </details> <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.12.0`](https://togithub.com/go-git/go-git/releases/tag/v5.12.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.11.0...v5.12.0) #### What's Changed - git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by [@​moranCohen26](https://togithub.com/moranCohen26) in [go-git/go-git#994 - git: Signer: fix usage of crypto.Signer interface by [@​wlynch](https://togithub.com/wlynch) in [go-git/go-git#1029 - git: Remote, fetch, adds the prune option. by [@​juliens](https://togithub.com/juliens) in [go-git/go-git#366 - git: Add crypto.Signer option to CommitOptions. by [@​wlynch](https://togithub.com/wlynch) in [go-git/go-git#996 - git: Worktree checkout tag hash id ([#​959](https://togithub.com/go-git/go-git/issues/959)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [go-git/go-git#966 - git: Worktree, Don't panic on empty or root path when checking if it is valid by [@​tim775](https://togithub.com/tim775) in [go-git/go-git#1042 - git: Add commit validation for Reset by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#1048 - git: worktree_commit, Fix amend commit to apply changes. Fixes [#​1024](https://togithub.com/go-git/go-git/issues/1024) by [@​onee-only](https://togithub.com/onee-only) in [go-git/go-git#1045 - git: Implement Merge function with initial `FastForwardMerge` support by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#1044 - plumbing: object, Make first commit visible on logs filtered with filename. Fixes [#​191](https://togithub.com/go-git/go-git/issues/191) by [@​onee-only](https://togithub.com/onee-only) in [go-git/go-git#1036 - plumbing: no panic in printStats function. Fixes [#​177](https://togithub.com/go-git/go-git/issues/177) by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#971 - plumbing: object, Optimize logging with file. by [@​onee-only](https://togithub.com/onee-only) in [go-git/go-git#1046 - plumbing: object, check legitimacy in (\*Tree).Encode by [@​niukuo](https://togithub.com/niukuo) in [go-git/go-git#967 - plumbing: format/gitattributes, close file in ReadAttributesFile by [@​prskr](https://togithub.com/prskr) in [go-git/go-git#1018 - plumbing: check setAuth error. Fixes [#​185](https://togithub.com/go-git/go-git/issues/185) by [@​nodivbyzero](https://togithub.com/nodivbyzero) in [go-git/go-git#969 - plumbing: object, fix variable defaultUtf8CommitMessageEncoding name spell error by [@​Jerry-yz](https://togithub.com/Jerry-yz) in [go-git/go-git#987 - utils: merkletrie, calculate filesystem node's hash lazily. by [@​candid82](https://togithub.com/candid82) in [go-git/go-git#825 - utils: update comment in node.go's Hash() by [@​codablock](https://togithub.com/codablock) in [go-git/go-git#992 - \_example: fix 404 link and added ssh-agent clone link by [@​grinish21](https://togithub.com/grinish21) in [go-git/go-git#1022 - \_example: checkout-branch example by [@​dlambda](https://togithub.com/dlambda) in [go-git/go-git#446 - \_example: example for git clone using ssh-agent by [@​pjbgf](https://togithub.com/pjbgf) in [go-git/go-git#998 #### New Contributors - [@​candid82](https://togithub.com/candid82) made their first contribution in [go-git/go-git#825 - [@​codablock](https://togithub.com/codablock) made their first contribution in [go-git/go-git#992 - [@​Jerry-yz](https://togithub.com/Jerry-yz) made their first contribution in [go-git/go-git#987 - [@​wlynch](https://togithub.com/wlynch) made their first contribution in [go-git/go-git#996 - [@​moranCohen26](https://togithub.com/moranCohen26) made their first contribution in [go-git/go-git#994 - [@​grinish21](https://togithub.com/grinish21) made their first contribution in [go-git/go-git#1022 - [@​prskr](https://togithub.com/prskr) made their first contribution in [go-git/go-git#1018 - [@​dlambda](https://togithub.com/dlambda) made their first contribution in [go-git/go-git#446 - [@​juliens](https://togithub.com/juliens) made their first contribution in [go-git/go-git#366 - [@​onee-only](https://togithub.com/onee-only) made their first contribution in [go-git/go-git#1036 - [@​tim775](https://togithub.com/tim775) made their first contribution in [go-git/go-git#1042 - [@​niukuo](https://togithub.com/niukuo) made their first contribution in [go-git/go-git#967 - [@​avoidalone](https://togithub.com/avoidalone) made their first contribution in [go-git/go-git#1047 **Full Changelog**: go-git/go-git@v5.11.0...v5.12.0 </details> <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.7.4`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v174) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.3...v1.7.4) ##### Features: - [Feature #​943](https://togithub.com/google/osv-scanner/pull/943) Support scanning gradle/verification-metadata.xml files. ##### Misc: - [Bug #​968](https://togithub.com/google/osv-scanner/issues/968) Hide unimportant Debian vulnerabilities to reduce noise. ### [`v1.7.3`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v173) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.2...v1.7.3) ##### Features: - [Feature #​934](https://togithub.com/google/osv-scanner/pull/934) add support for PNPM v9 lockfiles. ##### Fixes: - [Bug #​938](https://togithub.com/google/osv-scanner/issues/938) Ensure the sarif output has a stable order. - [Bug #​922](https://togithub.com/google/osv-scanner/issues/922) Support filtering on alias IDs in Guided Remediation. ### [`v1.7.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v172) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.1...v1.7.2) ##### Fixes: - [Bug #​899](https://togithub.com/google/osv-scanner/issues/899) Guided Remediation: Parse paths in npmrc auth fields correctly. - [Bug #​908](https://togithub.com/google/osv-scanner/issues/908) Fix rust call analysis by explicitly disabling stripping of debug info. - [Bug #​914](https://togithub.com/google/osv-scanner/issues/914) Fix regression for go call analysis introduced in 1.7.0. ### [`v1.7.1`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v171) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.7.0...v1.7.1) (There is no Github release for this version) ##### Fixes - [Bug #​856](https://togithub.com/google/osv-scanner/issues/856) Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors. ##### API Features - [Feature #​781](https://togithub.com/google/osv-scanner/pull/781) add `MakeVersionRequestsWithContext()` - [Feature #​857](https://togithub.com/google/osv-scanner/pull/857) API and networking related errors now has their own error and exit code (Exit Code 129) ### [`v1.7.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v170) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.2...v1.7.0) ##### Features - [Feature #​352](https://togithub.com/google/osv-scanner/issues/352) Guided Remediation Introducing our new experimental guided remediation feature on `osv-scanner fix` subcommand. See our [docs](https://google.github.io/osv-scanner/experimental/guided-remediation/) for detailed usage instructions. - [Feature #​805](https://togithub.com/google/osv-scanner/pull/805) Include CVSS MaxSeverity in JSON output. ##### Fixes - [Bug #​818](https://togithub.com/google/osv-scanner/pull/818) Align GoVulncheck Go version with go.mod. - [Bug #​797](https://togithub.com/google/osv-scanner/pull/797) Don't traverse gitignored dirs for gitignore files. ##### Miscellaneous - [#​831](https://togithub.com/google/osv-scanner/pull/831) Remove version number from the release binary name. ### [`v1.6.2`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v162) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.1...v1.6.2) ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add subcommands! OSV-Scanner now has subcommands! The base command has been moved to `scan` (currently the only commands is `scan`). By default if you do not pass in a command, `scan` will be used, so CLI remains backwards compatible. This is a building block to adding the guided remediation feature. See [issue #​352](https://togithub.com/google/osv-scanner/issues/352) for more details! - [Feature #​776](https://togithub.com/google/osv-scanner/pull/776) Add pdm lockfile support. ##### API Features - [Feature #​754](https://togithub.com/google/osv-scanner/pull/754) Add dependency groups to flattened vulnerabilities output. ### [`v1.6.1`](https://togithub.com/google/osv-scanner/releases/tag/v1.6.1) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.6.0...v1.6.1) ### v1.6.0/v1.6.1: ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add support for NuGet lock files version 2. - [Feature #​655](https://togithub.com/google/osv-scanner/pull/655) Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. - [Feature #​702](https://togithub.com/google/osv-scanner/pull/702) Created an option to skip/disable upload to code scanning. - [Feature #​732](https://togithub.com/google/osv-scanner/pull/732) Add option to not fail on vulnerability being found for GitHub Actions. - [Feature #​729](https://togithub.com/google/osv-scanner/pull/729) Verify the spdx licenses passed in to the license allowlist. ##### Fixes - [Bug #​736](https://togithub.com/google/osv-scanner/pull/736) Show ecosystem and version even if git is shown if the info exists. - [Bug #​703](https://togithub.com/google/osv-scanner/pull/703) Return an error if both license scanning and local/offline scanning is enabled simultaneously. - [Bug #​718](https://togithub.com/google/osv-scanner/pull/718) Fixed parsing of SBOMs generated by the latest CycloneDX. - [Bug #​704](https://togithub.com/google/osv-scanner/pull/704) Get go stdlib version from go.mod. ##### API Features - [Feature #​727](https://togithub.com/google/osv-scanner/pull/727) Changes to `Reporter` methods to add verbosity levels and to deprecate functions. #### New Contributors - [@​geekNero](https://togithub.com/geekNero) made their first contribution in [google/osv-scanner#718 **Full Changelog**: google/osv-scanner@v1.5.0...v1.6.0-alpha3 ### [`v1.6.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v160) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.5.0...v1.6.0) ##### Features - [Feature #​694](https://togithub.com/google/osv-scanner/pull/694) Add support for NuGet lock files version 2. - [Feature #​655](https://togithub.com/google/osv-scanner/pull/655) Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities. - [Feature #​702](https://togithub.com/google/osv-scanner/pull/702) Created an option to skip/disable upload to code scanning. - [Feature #​732](https://togithub.com/google/osv-scanner/pull/732) Add option to not fail on vulnerability being found for GitHub Actions. - [Feature #​729](https://togithub.com/google/osv-scanner/pull/729) Verify the spdx licenses passed in to the license allowlist. ##### Fixes - [Bug #​736](https://togithub.com/google/osv-scanner/pull/736) Show ecosystem and version even if git is shown if the info exists. - [Bug #​703](https://togithub.com/google/osv-scanner/pull/703) Return an error if both license scanning and local/offline scanning is enabled simultaneously. - [Bug #​718](https://togithub.com/google/osv-scanner/pull/718) Fixed parsing of SBOMs generated by the latest CycloneDX. - [Bug #​704](https://togithub.com/google/osv-scanner/pull/704) Get go stdlib version from go.mod. ##### API Features - [Feature #​727](https://togithub.com/google/osv-scanner/pull/727) Changes to `Reporter` methods to add verbosity levels and to deprecate functions. ### [`v1.5.0`](https://togithub.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v150) [Compare Source](https://togithub.com/google/osv-scanner/compare/v1.4.3...v1.5.0) ##### Features - [Feature #​501](https://togithub.com/google/osv-scanner/pull/501) Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information! - [Feature #​642](https://togithub.com/google/osv-scanner/pull/642) Support scanning `renv` files for the R language ecosystem. - [Feature #​513](https://togithub.com/google/osv-scanner/pull/513) Stabilize call analysis for Go! The experimental `--experimental-call-analysis` flag has now been updated to: --call-analysis=<language/all> --no-call-analysis=<language/all> with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation! - [Feature #​676](https://togithub.com/google/osv-scanner/pull/676) Simplify return codes: - Return 0 if there are no findings or errors. - Return 1 if there are any findings (license violations or vulnerabilities). - Return 128 if no packages are found. - [Feature #​651](https://togithub.com/google/osv-scanner/pull/651) CVSS v4.0 support. - [Feature #​60](https://togithub.com/google/osv-scanner/pull/60) [Pre-commit hook](https://pre-commit.com/) support. ##### Fixes - [Bug #​639](https://togithub.com/google/osv-scanner/issues/639) We now filter local packages from scans, and report the filtering of those packages. - [Bug #​645](https://togithub.com/google/osv-scanner/issues/645) Properly handle file/url paths on Windows. - [Bug #​660](https://togithub.com/google/osv-scanner/issues/660) Remove noise from failed lockfile parsing. - [Bug #​649](https://togithub.com/google/osv-scanner/issues/649) No longer include vendored libraries in C/C++ package analysis. - [Bug #​634](https://togithub.com/google/osv-scanner/issues/634) Fix filtering of aliases to also include non OSV aliases ##### Miscellaneous - The minimum go version has been updated to go1.21 from go1.18. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM5My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.56.0->1.56.1Release Notes
golangci/golangci-lint (golangci-lint)
v1.56.1Compare Source
errcheck: from 1.6.3 to 1.7.0govet: disableloopclosurewith go1.22revive: from 1.3.6 to 1.3.7testifylint: from 1.1.0 to 1.1.1Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.