fix: osv/repos.py: Skip gitter for oss-fuzz-vulns repo #4577
+2
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Also fixed import errors for deprecated decorator in ecosystems module.
Contributor
Author
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
another-rex
reviewed
Jan 8, 2026
| # limitations under the License. | ||
| """Ecosystem helper for ecosystems using SemVer.""" | ||
| from warnings import deprecated | ||
| from typing_extensions import deprecated |
Contributor
There was a problem hiding this comment.
No need for these import changes, we have updated to the latest python version
Contributor
Author
There was a problem hiding this comment.
Understood. I have reverted the import changes to osv/ecosystems/semver_ecosystem_helper.py and osv/ecosystems/ecosystems_base.py.
another-rex
changed the title
Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Reverted unrelated import changes as requested.
Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Reverted unrelated import changes as requested.
another-rex
previously approved these changes
Jan 8, 2026
Contributor
|
/gcbrun |
michaelkedar
reviewed
Jan 8, 2026
Co-authored-by: Michael Kedar <michaelkedar@google.com>
Contributor
|
/gcbrun |
another-rex
previously approved these changes
Jan 8, 2026
michaelkedar
reviewed
Jan 8, 2026
Member
|
/gcbrun |
cuixq
approved these changes
Jan 8, 2026
kizuna-lek
added a commit
to apecloud/osv.dev
that referenced
this pull request
Jan 8, 2026
* docs: Update REST API docs to clarify HEAD request (#4565) * feat: migrate sitemap generation (#4487) Migrated sitemap generation to Go & away from Bug entities. Had to use the entire vulnerability records from GCS in order to chunk them by ecosystem, which is going to make it quite a bit slower from having to download the entirety of all the files (it only runs once per day anyway so it's probably no big deal). I *could* make it faster by using the `Vulnerability` entities from datastore, but those don't have the ecosystems attached to them. The `ListedVulnerability` does have the ecosystems, but not the modified dates :upside_down_face: (and don't have the withdrawn vulnerabilities). Some improvements: the sitemap now splits large ecosystems into multiple pages (instead of truncating the vulnerabilities), and withdrawn vulnerabilities are now included in the sitemap (since they do actually have pages you can visit on osv.dev) * chore(deps): update alpine:3.23 docker digest to 865b95f (#4526) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine | final | digest | `51183f2` → `865b95f` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update gcp/api/googleapis digest to d4a34bf (#4527) This PR contains the following updates: | Package | Update | Change | |---|---|---| | gcp/api/googleapis | digest | `1496716` → `d4a34bf` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update github.com/ossf/osv-schema/bindings/go digest to 88c4875 (#4531) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update google.golang.org/genproto/googleapis/api digest to 0a764e5 (#4532) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/api](https://redirect.github.com/googleapis/go-genproto) | require | digest | `97cd9d5` → `0a764e5` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update golang:1.25.5-alpine docker digest to ac09a5f (#4528) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang | stage | digest | `2611181` → `ac09a5f` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): update indexer (#4535) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/storage](https://redirect.github.com/googleapis/google-cloud-go) | `v1.57.2` → `v1.58.0` |  |  | | [golang.org/x/sync](https://pkg.go.dev/golang.org/x/sync) | [`v0.18.0` → `v0.19.0`](https://cs.opensource.google/go/x/sync/+/refs/tags/v0.18.0...refs/tags/v0.19.0) |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.257.0` → `v0.259.0` |  |  | --- <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix: introduced '>' operator not being parsed (#4573) While a "> 1.x", '>' is technically not correct, as it would say that the value given is the version before the vuln is introduced, it is still a better range to accept than resorting to introduced = 0. This should handle this case: https://github.com/google/osv.dev/issues/4569 * chore(deps): update workflows (#4534) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.5.0` → `v5.6.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.31.6` → `v3.31.9` | | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | patch | `v7.0.9` → `v7.0.11` | --- <details> <summary>actions/setup-go (actions/setup-go)</summary> [`v5.6.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.6.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.5.0...v5.6.0) - Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​689](https://redirect.github.com/actions/setup-go/pull/689) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.6.0> </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> [`v3.31.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.8...v3.31.9) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.9/CHANGELOG.md) for more information. [`v3.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.7...v3.31.8) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. - Update default CodeQL bundle version to 2.23.8. [#​3354](https://redirect.github.com/github/codeql-action/pull/3354) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.8/CHANGELOG.md) for more information. [`v3.31.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.6...v3.31.7) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. - Update default CodeQL bundle version to 2.23.7. [#​3343](https://redirect.github.com/github/codeql-action/pull/3343) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.7/CHANGELOG.md) for more information. </details> <details> <summary>peter-evans/create-pull-request (peter-evans/create-pull-request)</summary> [`v7.0.11`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.11): Create Pull Request v7.0.11 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11) - fix: restrict remote prune to self-hosted runners by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4250](https://redirect.github.com/peter-evans/create-pull-request/pull/4250) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11> [`v7.0.10`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.10): Create Pull Request v7.0.10 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10) ⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent. - build(deps): bump the github-actions group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4235](https://redirect.github.com/peter-evans/create-pull-request/pull/4235) - build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4240](https://redirect.github.com/peter-evans/create-pull-request/pull/4240) - fix: provider list pulls fallback for multi fork same owner by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4245](https://redirect.github.com/peter-evans/create-pull-request/pull/4245) - [@​obnyis](https://redirect.github.com/obnyis) made their first contribution in [#​4064](https://redirect.github.com/peter-evans/create-pull-request/pull/4064) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10> </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4536) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance workers (#4537) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `==1.19.0` → `==1.19.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>libgit2/pygit2 (pygit2)</summary> [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): lock file maintenance osv-lib (#4538) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `1.19.0` → `1.19.1` |  |  | | [vcrpy](https://redirect.github.com/kevin1024/vcrpy) | dev | patch | `8.1.0` → `8.1.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>libgit2/pygit2 (pygit2)</summary> [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> <details> <summary>kevin1024/vcrpy (vcrpy)</summary> [`v8.1.1`](https://redirect.github.com/kevin1024/vcrpy/releases/tag/v8.1.1) [Compare Source](https://redirect.github.com/kevin1024/vcrpy/compare/v8.1.0...v8.1.1) - Fix sync requests in async contexts for HTTPX ([#​965](https://redirect.github.com/kevin1024/vcrpy/issues/965)) - thanks [@​seowalex](https://redirect.github.com/seowalex) - CI: bump peter-evans/create-pull-request from 7 to 8 ([#​969](https://redirect.github.com/kevin1024/vcrpy/issues/969)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4539) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance functions (#4541) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-cloud-secret-manager](https://redirect.github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-secret-manager) ([source](https://redirect.github.com/googleapis/google-cloud-python)) | project.dependencies | minor | `==2.25.0` → `==2.26.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>googleapis/google-cloud-python (google-cloud-secret-manager)</summary> [`v2.26.0`](https://redirect.github.com/googleapis/google-cloud-python/releases/tag/google-cloud-secret-manager-v2.26.0): google-cloud-secret-manager 2.26.0 [Compare Source](https://redirect.github.com/googleapis/google-cloud-python/compare/google-cloud-secret-manager-v2.25.0...google-cloud-secret-manager-v2.26.0) - check Python and dependency versions in generated GAPICs (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) - auto-enable mTLS when supported certificates are detected (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): lock file maintenance vulnfeeds (#4545) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` |  |  | | golang | stage | digest | `2611181` → `ac09a5f` | | | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-backend (#4542) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-auth](https://redirect.github.com/googleapis/google-auth-library-python) | project.dependencies | minor | `==2.45.0` → `==2.47.0` |  |  | | [google-cloud-storage](https://redirect.github.com/googleapis/python-storage) | project.dependencies | minor | `==2.18.2` → `==2.19.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>googleapis/google-auth-library-python (google-auth)</summary> [`v2.47.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2470-2026-01-06) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.46.0...v2.47.0) - drop `cachetools` dependency in favor of simple local implementation ([#​1590](https://redirect.github.com/googleapis/google-auth-library-python/issues/1590)) ([5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4](https://redirect.github.com/googleapis/google-auth-library-python/commit/5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)) - Python 3.8 support ([#​1918](https://redirect.github.com/googleapis/google-auth-library-python/issues/1918)) ([60dc20014a35ec4ba71e8065b9a33ecbdbeca97a](https://redirect.github.com/googleapis/google-auth-library-python/commit/60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)) [`v2.46.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2460-2026-01-05) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.45.0...v2.46.0) - update urllib3 docstrings for v2 compatibility ([#​1903](https://redirect.github.com/googleapis/google-auth-library-python/issues/1903)) ([3f1aeea2d1014ea1d244a4c3470e52d74d55404b](https://redirect.github.com/googleapis/google-auth-library-python/commit/3f1aeea2d1014ea1d244a4c3470e52d74d55404b)) - Recognize workload certificate config in has\_default\_client\_cert\_source for mTLS for Agentic Identities ([#​1907](https://redirect.github.com/googleapis/google-auth-library-python/issues/1907)) ([0b9107d573123e358c347ffa067637f992af61b4](https://redirect.github.com/googleapis/google-auth-library-python/commit/0b9107d573123e358c347ffa067637f992af61b4)) - add types to default and verify\_token and Request **init** based on comments in the source code. ([#​1588](https://redirect.github.com/googleapis/google-auth-library-python/issues/1588)) ([59a5f588f7793b59d923a4185c8c07738da618f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/59a5f588f7793b59d923a4185c8c07738da618f7)) - fix the document of secure\_authorized\_session ([#​1536](https://redirect.github.com/googleapis/google-auth-library-python/issues/1536)) ([5d0014707fc359782df5ccfcaa75fd372fe9dce3](https://redirect.github.com/googleapis/google-auth-library-python/commit/5d0014707fc359782df5ccfcaa75fd372fe9dce3)) - remove setup.cfg configuration for creating universal wheels ([#​1693](https://redirect.github.com/googleapis/google-auth-library-python/issues/1693)) ([c767531ce05a89002d109f595187aff1fcaacfb7](https://redirect.github.com/googleapis/google-auth-library-python/commit/c767531ce05a89002d109f595187aff1fcaacfb7)) - use .read() instead of .content.read() in aiohttp transport ([#​1899](https://redirect.github.com/googleapis/google-auth-library-python/issues/1899)) ([12f4470f808809e8abf1141f98d88ab720c3899b](https://redirect.github.com/googleapis/google-auth-library-python/commit/12f4470f808809e8abf1141f98d88ab720c3899b)) - raise RefreshError for missing token in impersonated credentials ([#​1897](https://redirect.github.com/googleapis/google-auth-library-python/issues/1897)) ([94d04e090fdfc61926dd32bc1d65f8820b9cede5](https://redirect.github.com/googleapis/google-auth-library-python/commit/94d04e090fdfc61926dd32bc1d65f8820b9cede5)) - Fix test coverage for mtls\_helper ([#​1886](https://redirect.github.com/googleapis/google-auth-library-python/issues/1886)) ([02e71631fe275d93825c2e957e830773e75133f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/02e71631fe275d93825c2e957e830773e75133f7)) </details> <details> <summary>googleapis/python-storage (google-cloud-storage)</summary> [`v2.19.0`](https://redirect.github.com/googleapis/python-storage/blob/HEAD/CHANGELOG.md#2190-2024-11-21) [Compare Source](https://redirect.github.com/googleapis/python-storage/compare/v2.18.2...v2.19.0) - Add integration test for universe domain ([#​1346](https://redirect.github.com/googleapis/python-storage/issues/1346)) ([02a972d](https://redirect.github.com/googleapis/python-storage/commit/02a972d35fae6d05edfb26381f6a71e3b8f59d6d)) - Add restore\_bucket and handling for soft-deleted buckets ([#​1365](https://redirect.github.com/googleapis/python-storage/issues/1365)) ([ab94efd](https://redirect.github.com/googleapis/python-storage/commit/ab94efda83f68c974ec91d6b869b09047501031a)) - Add support for restore token ([#​1369](https://redirect.github.com/googleapis/python-storage/issues/1369)) ([06ed15b](https://redirect.github.com/googleapis/python-storage/commit/06ed15b33dc884da6dffbef5119e47f0fc4e1285)) - IAM signBlob retry and universe domain support ([#​1380](https://redirect.github.com/googleapis/python-storage/issues/1380)) ([abc8061](https://redirect.github.com/googleapis/python-storage/commit/abc80615ee00a14bc0e6b095252f6d1eb09c4b45)) - Allow signed post policy v4 with service account and token ([#​1356](https://redirect.github.com/googleapis/python-storage/issues/1356)) ([8ec02c0](https://redirect.github.com/googleapis/python-storage/commit/8ec02c0e656a4e6786f256798f4b93b95b50acec)) - Do not spam the log with checksum related INFO messages when downloading using transfer\_manager ([#​1357](https://redirect.github.com/googleapis/python-storage/issues/1357)) ([42392ef](https://redirect.github.com/googleapis/python-storage/commit/42392ef8e38527ce4e50454cdd357425b3f57c87)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-frontend (#4543) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [sass](https://redirect.github.com/sass/dart-sass) | devDependencies | patch | [`1.97.0` → `1.97.2`](https://renovatebot.com/diffs/npm/sass/1.97.0/1.97.2) |  |  | | [webpack](https://redirect.github.com/webpack/webpack) | devDependencies | patch | [`5.104.0` → `5.104.1`](https://renovatebot.com/diffs/npm/webpack/5.104.0/5.104.1) |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>sass/dart-sass (sass)</summary> [`v1.97.2`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1972) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.1...1.97.2) - Additional fixes for implicit configuration when nested imports are involved. [`v1.97.1`](https://redirect.github.com/sass/dart-sass/compare/0c7083ac165fd30234c90a4342e7f7792a686c7d...62ec6627905c790405da06b5ee41955491733f52) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.0...1.97.1) </details> <details> <summary>webpack/webpack (webpack)</summary> [`v5.104.1`](https://redirect.github.com/webpack/webpack/blob/HEAD/CHANGELOG.md#51041) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.104.0...v5.104.1) - [`2efd21b`](https://redirect.github.com/webpack/webpack/commit/2efd21b): Reexports runtime calculation should not accessing **WEBPACK\_IMPORT\_KEY** decl with var. - [`c510070`](https://redirect.github.com/webpack/webpack/commit/c510070): Fixed a user information bypass vulnerability in the HttpUriPlugin plugin. </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): lock file maintenance tools (#4544) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): update gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine docker digest to 4bac65a (#4570) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(sitemap): chunk ecosystems oldest first (#4574) It just occurred to me that by having the newest vulns in `ECOSYSTEM_1.xml` and later in `ECOSYSTEM_2.xml`, `_3`, etc., every time we get a new vulnerability, every sitemap of that ecosystem will change as the oldest one gets pushed out to the next sitemap chunk. Reversed the order, so that the oldest vulns are in the first sitemap, which should prevent churn. * fix: osv/repos.py: Skip gitter for oss-fuzz-vulns repo (#4577) Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Also fixed import errors for deprecated decorator in ecosystems module. --- *PR created automatically by Jules for task [90480…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Also fixed import errors for deprecated decorator in ecosystems module.
PR created automatically by Jules for task 9048071901640765293 started by @another-rex