Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.8.1
->v1.10.0
v1.11.4
->v1.13.1
v0.14.1
->v0.16.0
v5.11.0
->v5.12.0
v1.4.3
->v1.7.4
9d8429e
->9bdd569
6522937
->fc45aab
🔧 This Pull Request updates lock files to use the latest dependency versions.
Release Notes
atombender/go-jsonschema (github.com/atombender/go-jsonschema)
v0.16.0
Compare Source
This release introduces several new improvements:
required
propertiesWhat's Changed
required
properties by @Henkoglobin in https://github.com/omissis/go-jsonschema/pull/2151b97071
by @renovate in https://github.com/omissis/go-jsonschema/pull/1902c58cdc
by @renovate in https://github.com/omissis/go-jsonschema/pull/193ec58324
by @renovate in https://github.com/omissis/go-jsonschema/pull/199814bf88
by @renovate in https://github.com/omissis/go-jsonschema/pull/201c7f7c64
by @renovate in https://github.com/omissis/go-jsonschema/pull/206a85f2c6
by @renovate in https://github.com/omissis/go-jsonschema/pull/207a685a6e
by @renovate in https://github.com/omissis/go-jsonschema/pull/210c0f41cb
by @renovate in https://github.com/omissis/go-jsonschema/pull/21393d18d7
by @renovate in https://github.com/omissis/go-jsonschema/pull/214fe59bbe
by @renovate in https://github.com/omissis/go-jsonschema/pull/216New Contributors
Full Changelog: omissis/go-jsonschema@v0.15.0...v0.16.0
v0.15.0
Compare Source
This release introduces one new feature and a fix:
file://
schema in referencesWhat's Changed
2478ac8
by @renovate in https://github.com/omissis/go-jsonschema/pull/1669a3e603
by @renovate in https://github.com/omissis/go-jsonschema/pull/1686522937
by @renovate in https://github.com/omissis/go-jsonschema/pull/172f3f8817
by @renovate in https://github.com/omissis/go-jsonschema/pull/176aacd6d4
by @renovate in https://github.com/omissis/go-jsonschema/pull/178dc181d7
by @renovate in https://github.com/omissis/go-jsonschema/pull/18002704c9
by @renovate in https://github.com/omissis/go-jsonschema/pull/181be819d1
by @renovate in https://github.com/omissis/go-jsonschema/pull/1820dcbfd6
by @renovate in https://github.com/omissis/go-jsonschema/pull/185db7319d
by @renovate in https://github.com/omissis/go-jsonschema/pull/186New Contributors
Full Changelog: omissis/go-jsonschema@v0.14.1...v0.15.0
go-git/go-git (github.com/go-git/go-git/v5)
v5.12.0
Compare Source
What's Changed
FastForwardMerge
support by @pjbgf in https://github.com/go-git/go-git/pull/1044New Contributors
Full Changelog: go-git/go-git@v5.11.0...v5.12.0
google/osv-scanner (github.com/google/osv-scanner)
v1.7.4
Compare Source
Features:
Misc:
v1.7.3
Compare Source
Features:
Fixes:
v1.7.2
Compare Source
Fixes:
v1.7.1
Compare Source
(There is no Github release for this version)
Fixes
Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors.
API Features
add
MakeVersionRequestsWithContext()
API and networking related errors now has their own error and exit code (Exit Code 129)
v1.7.0
Compare Source
Features
Feature #352 Guided Remediation
Introducing our new experimental guided remediation feature on
osv-scanner fix
subcommand.See our docs for detailed usage instructions.
Feature #805
Include CVSS MaxSeverity in JSON output.
Fixes
Bug #818
Align GoVulncheck Go version with go.mod.
Bug #797
Don't traverse gitignored dirs for gitignore files.
Miscellaneous
Remove version number from the release binary name.
v1.6.2
Compare Source
Features
Feature #694
Add subcommands! OSV-Scanner now has subcommands! The base command has been moved to
scan
(currently the only commands isscan
).By default if you do not pass in a command,
scan
will be used, so CLI remains backwards compatible.This is a building block to adding the guided remediation feature. See issue #352
for more details!
Feature #776
Add pdm lockfile support.
API Features
Add dependency groups to flattened vulnerabilities output.
v1.6.1
Compare Source
v1.6.0/v1.6.1:
Features
Feature #694 Add support for NuGet lock files version 2.
Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
Feature #702 Created an option to skip/disable upload to code scanning.
Feature #732 Add option to not fail on vulnerability being found for GitHub Actions.
Feature #729 Verify the spdx licenses passed in to the license allowlist.
Fixes
Bug #736 Show ecosystem and version even if git is shown if the info exists.
Bug #703 Return an error if both license scanning and local/offline scanning is enabled simultaneously.
Bug #718 Fixed parsing of SBOMs generated by the latest CycloneDX.
Bug #704 Get go stdlib version from go.mod.
API Features
Reporter
methods to add verbosity levels and to deprecate functions.New Contributors
Full Changelog: google/osv-scanner@v1.5.0...v1.6.0-alpha3
v1.6.0
Compare Source
Features
Feature #694
Add support for NuGet lock files version 2.
Feature #655
Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
Feature #702
Created an option to skip/disable upload to code scanning.
Feature #732
Add option to not fail on vulnerability being found for GitHub Actions.
Feature #729
Verify the spdx licenses passed in to the license allowlist.
Fixes
Bug #736
Show ecosystem and version even if git is shown if the info exists.
Bug #703
Return an error if both license scanning and local/offline scanning is enabled simultaneously.
Bug #718
Fixed parsing of SBOMs generated by the latest CycloneDX.
Bug #704
Get go stdlib version from go.mod.
API Features
Changes to
Reporter
methods to add verbosity levels and to deprecate functions.v1.5.0
Compare Source
Features
Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
Support scanning
renv
files for the R language ecosystem.Stabilize call analysis for Go! The experimental
--experimental-call-analysis
flag has now been updated to:--call-analysis=<language/all>
--no-call-analysis=<language/all>
with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!
Simplify return codes:
CVSS v4.0 support.
Pre-commit hook support.
Fixes
We now filter local packages from scans, and report the filtering of those packages.
Properly handle file/url paths on Windows.
Remove noise from failed lockfile parsing.
No longer include vendored libraries in C/C++ package analysis.
Fix filtering of aliases to also include non OSV aliases
Miscellaneous
Configuration
📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.