From e869bd799ee6e1e5683cfa6f67b1e7bd7903a13e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 6 Oct 2022 03:43:47 +0200 Subject: [PATCH] Update tools (#763) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/CycloneDX/cyclonedx-go](https://togithub.com/CycloneDX/cyclonedx-go) | require | minor | `v0.6.0` -> `v0.7.0` | | [github.com/jedib0t/go-pretty/v6](https://togithub.com/jedib0t/go-pretty) | require | minor | `v6.3.9` -> `v6.4.0` | | [github.com/urfave/cli/v2](https://togithub.com/urfave/cli) | require | minor | `v2.16.3` -> `v2.17.1` | | [golang.org/x/crypto](https://togithub.com/golang/crypto) | require | digest | `eccd636` -> `4161e89` | | [golang.org/x/exp](https://togithub.com/golang/exp) | require | digest | `439092d` -> `b9f4876` | | [golang.org/x/term](https://togithub.com/golang/term) | require | digest | `7de9c90` -> `7a66f97` | --- ### Release Notes
CycloneDX/cyclonedx-go ### [`v0.7.0`](https://togithub.com/CycloneDX/cyclonedx-go/releases/tag/v0.7.0) [Compare Source](https://togithub.com/CycloneDX/cyclonedx-go/compare/v0.6.0...v0.7.0) #### Changelog ##### Features - [`acb9322`](https://togithub.com/CycloneDX/cyclonedx-go/commit/acb932270c1594cb44c052ebeacfe4400c25e30b): feat: add enum for official media types ([@​nscuro](https://togithub.com/nscuro)) - [`2826fe2`](https://togithub.com/CycloneDX/cyclonedx-go/commit/2826fe20711931e40df00c2d9058232b6c4ec8af): feat: add support for encoding to older spec versions ([#​51](https://togithub.com/CycloneDX/cyclonedx-go/issues/51)) ([@​nscuro](https://togithub.com/nscuro)) - [`7a2113a`](https://togithub.com/CycloneDX/cyclonedx-go/commit/7a2113a1d5cdbc27b170ce7a487cc13a108950f5): feat: raise baseline go version to 1.17 ([#​53](https://togithub.com/CycloneDX/cyclonedx-go/issues/53)) ([@​nscuro](https://togithub.com/nscuro)) - [`7415143`](https://togithub.com/CycloneDX/cyclonedx-go/commit/7415143fe9af48fafb4bd823cfd1dc1aaea9084e): feat: return error when parsing unknown spec versions ([@​nscuro](https://togithub.com/nscuro)) - [`1655b7d`](https://togithub.com/CycloneDX/cyclonedx-go/commit/1655b7dad8bb4e1cc7c402fac75dddf998dc5621): feat: set `SpecVersion` when decoding from xml ([@​nscuro](https://togithub.com/nscuro)) - [`f97e04a`](https://togithub.com/CycloneDX/cyclonedx-go/commit/f97e04a588544317e666deae16fbff4b4b1a89c5): feat: update gitpod dockerfile ([@​nscuro](https://togithub.com/nscuro)) ##### Fixes - [`ea0d5b7`](https://togithub.com/CycloneDX/cyclonedx-go/commit/ea0d5b79fe245884a46d7537271d0d951d46ad1a): fix: prevent nesting of `Dependency` ([@​nscuro](https://togithub.com/nscuro)) ##### Building and Packaging - [`f43660c`](https://togithub.com/CycloneDX/cyclonedx-go/commit/f43660c92e8aa58b574b90395330c2d423d87e54): build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`2458312`](https://togithub.com/CycloneDX/cyclonedx-go/commit/245831215bceb60ad7c0b237819dadf6fb185a4e): build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`760fae3`](https://togithub.com/CycloneDX/cyclonedx-go/commit/760fae3319dd04b9f95659eca5cada2dcedb885e): build(deps): bump actions/setup-go from 3.2.1 to 3.3.0 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`4dddf51`](https://togithub.com/CycloneDX/cyclonedx-go/commit/4dddf51ddd4be68d6c0f35adef628acd36eae0ab): build(deps): bump apache/skywalking-eyes from 0.3.0 to 0.4.0 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`6eb6521`](https://togithub.com/CycloneDX/cyclonedx-go/commit/6eb6521f71afc72eef65bf97033e1197a778ddab): build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.7.0 to 2.8.0 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`bff00ef`](https://togithub.com/CycloneDX/cyclonedx-go/commit/bff00ef23cf6cdcd520c179f995aabc83cc955b9): build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`fc11b56`](https://togithub.com/CycloneDX/cyclonedx-go/commit/fc11b56380ce3c547d34194a39c3ef736e6c8397): build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`f521d75`](https://togithub.com/CycloneDX/cyclonedx-go/commit/f521d75e187d6f2ca3ce289cfa4afbd961b04402): build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`d5d1ab6`](https://togithub.com/CycloneDX/cyclonedx-go/commit/d5d1ab6ca40e8ef882d6e51e1ebcb4ce72fcb805): build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 ([@​dependabot](https://togithub.com/dependabot)\[bot]) - [`b83bbe8`](https://togithub.com/CycloneDX/cyclonedx-go/commit/b83bbe808f6545654d4e0deecc7e7806a2e49c4e): build(deps): bump goreleaser/goreleaser-action from 2 to 3 ([@​dependabot](https://togithub.com/dependabot)\[bot]) ##### Documentation - [`8f8fadf`](https://togithub.com/CycloneDX/cyclonedx-go/commit/8f8fadfe296ad32dd78f513cd7475e81ed85e200): docs: fix cyclonedx-go version in compatibility matrix ([@​nscuro](https://togithub.com/nscuro)) - [`124f2be`](https://togithub.com/CycloneDX/cyclonedx-go/commit/124f2be91434d720dd5d3149d7ab04461405c207): docs: fix typos ([@​nscuro](https://togithub.com/nscuro)) ##### Others - [`5f10aea`](https://togithub.com/CycloneDX/cyclonedx-go/commit/5f10aea00cf46bbe3a4ce66ce2b85bd17576a35c): refactor: refine spec version conversion to cover more cases ([@​nscuro](https://togithub.com/nscuro)) - [`0c2ebff`](https://togithub.com/CycloneDX/cyclonedx-go/commit/0c2ebff85af58497076969010e3bb29f62f19f16): refactor: separate custom marshalling logic from model ([@​nscuro](https://togithub.com/nscuro))
jedib0t/go-pretty ### [`v6.4.0`](https://togithub.com/jedib0t/go-pretty/releases/tag/v6.4.0) [Compare Source](https://togithub.com/jedib0t/go-pretty/compare/v6.3.9...v6.4.0) ### Features - **progress** - option to set Pinned Message(s) above active Trackers (thanks to [@​iyear](https://togithub.com/iyear))
urfave/cli ### [`v2.17.1`](https://togithub.com/urfave/cli/releases/tag/v2.17.1) [Compare Source](https://togithub.com/urfave/cli/compare/v2.17.0...v2.17.1) #### What's Changed - Fix help results inconsistency by [@​dearchap](https://togithub.com/dearchap) in [https://github.com/urfave/cli/pull/1499](https://togithub.com/urfave/cli/pull/1499) **Full Changelog**: https://github.com/urfave/cli/compare/v2.17.0...v2.17.1 ### [`v2.17.0`](https://togithub.com/urfave/cli/releases/tag/v2.17.0) [Compare Source](https://togithub.com/urfave/cli/compare/v2.16.6...v2.17.0) #### What's Changed - Flag-level Action by [@​xwjdsh](https://togithub.com/xwjdsh) in [https://github.com/urfave/cli/pull/1337](https://togithub.com/urfave/cli/pull/1337) #### New Contributors - [@​xwjdsh](https://togithub.com/xwjdsh) made their first contribution in [https://github.com/urfave/cli/pull/1337](https://togithub.com/urfave/cli/pull/1337) **Full Changelog**: https://github.com/urfave/cli/compare/v2.16.6...v2.17.0 ### [`v2.16.6`](https://togithub.com/urfave/cli/releases/tag/v2.16.6) [Compare Source](https://togithub.com/urfave/cli/compare/v2.16.5...v2.16.6) #### What's Changed - fix: Context.Set no such flag by [@​Torwang1](https://togithub.com/Torwang1) in [https://github.com/urfave/cli/pull/1497](https://togithub.com/urfave/cli/pull/1497) #### New Contributors - [@​Torwang1](https://togithub.com/Torwang1) made their first contribution in [https://github.com/urfave/cli/pull/1497](https://togithub.com/urfave/cli/pull/1497) **Full Changelog**: https://github.com/urfave/cli/compare/v2.16.5...v2.16.6 ### [`v2.16.5`](https://togithub.com/urfave/cli/releases/tag/v2.16.5) [Compare Source](https://togithub.com/urfave/cli/compare/v2.16.4...v2.16.5) #### What's Changed - Fix:(issue\_1197) Set destination field from altsrc for slice flags by [@​dearchap](https://togithub.com/dearchap) in [https://github.com/urfave/cli/pull/1495](https://togithub.com/urfave/cli/pull/1495) **Full Changelog**: https://github.com/urfave/cli/compare/v2.16.4...v2.16.5 ### [`v2.16.4`](https://togithub.com/urfave/cli/releases/tag/v2.16.4) [Compare Source](https://togithub.com/urfave/cli/compare/v2.16.3...v2.16.4) #### What's Changed - Accept the `MKDOCS_REMOTE_GITHUB_TOKEN` var as intended by [@​meatballhat](https://togithub.com/meatballhat) in [https://github.com/urfave/cli/pull/1493](https://togithub.com/urfave/cli/pull/1493) **Full Changelog**: https://github.com/urfave/cli/compare/v2.16.3...v2.16.4
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). Co-authored-by: Rex P <106129829+another-rex@users.noreply.github.com> --- tools/osv-scanner/go.mod | 12 ++++++------ tools/osv-scanner/go.sum | 11 +++++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/tools/osv-scanner/go.mod b/tools/osv-scanner/go.mod index 6f25df36faf..493243651fa 100644 --- a/tools/osv-scanner/go.mod +++ b/tools/osv-scanner/go.mod @@ -3,16 +3,16 @@ module github.com/google/osv.dev/tools/osv-scanner go 1.19 require ( - github.com/CycloneDX/cyclonedx-go v0.6.0 + github.com/CycloneDX/cyclonedx-go v0.7.0 github.com/g-rath/osv-detector v0.7.2 github.com/google/go-cmp v0.5.9 - github.com/jedib0t/go-pretty/v6 v6.3.9 + github.com/jedib0t/go-pretty/v6 v6.4.0 github.com/package-url/packageurl-go v0.1.0 github.com/spdx/tools-golang v0.3.0 - github.com/urfave/cli/v2 v2.16.3 - golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be - golang.org/x/exp v0.0.0-20220921164117-439092de6870 - golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 + github.com/urfave/cli/v2 v2.17.1 + golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b + golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 + golang.org/x/term v0.0.0-20220919170432-7a66f970e087 ) require ( diff --git a/tools/osv-scanner/go.sum b/tools/osv-scanner/go.sum index 3f3c5737e82..0514c6d1e93 100644 --- a/tools/osv-scanner/go.sum +++ b/tools/osv-scanner/go.sum @@ -2,6 +2,8 @@ github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0 github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/CycloneDX/cyclonedx-go v0.6.0 h1:SizWGbZzFTC/O/1yh072XQBMxfvsoWqd//oKCIyzFyE= github.com/CycloneDX/cyclonedx-go v0.6.0/go.mod h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg= +github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9QoSmhK/zg= +github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= github.com/bradleyjkemp/cupaloy/v2 v2.7.0 h1:AT0vOjO68RcLyenLCHOGZzSNiuto7ziqzq6Q1/3xzMQ= github.com/bradleyjkemp/cupaloy/v2 v2.7.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= @@ -19,6 +21,8 @@ github.com/jedib0t/go-pretty/v6 v6.3.8 h1:p5eZqLFMEGr7CC+9915lC4Dk7Gub6mH7NE35jD github.com/jedib0t/go-pretty/v6 v6.3.8/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= github.com/jedib0t/go-pretty/v6 v6.3.9 h1:GAK/1WJY9WVVrKd601HGB89ihLBDfJnUIJye31PY+uk= github.com/jedib0t/go-pretty/v6 v6.3.9/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= +github.com/jedib0t/go-pretty/v6 v6.4.0 h1:YlI/2zYDrweA4MThiYMKtGRfT+2qZOO65ulej8GTcVI= +github.com/jedib0t/go-pretty/v6 v6.4.0/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I= @@ -43,15 +47,20 @@ github.com/stretchr/testify v1.7.4 h1:wZRexSlwd7ZXfKINDLsO4r7WBt3gTKONc6K/VesHvH github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/urfave/cli/v2 v2.16.3 h1:gHoFIwpPjoyIMbJp/VFd+/vuD0dAgFK4B6DpEMFJfQk= github.com/urfave/cli/v2 v2.16.3/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= +github.com/urfave/cli/v2 v2.17.1 h1:UzjDEw2dJQUE3iRaiNQ1VrVFbyAtKGH3VdkMoHA58V0= +github.com/urfave/cli/v2 v2.17.1/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20220916125017-b168a2c6b86b h1:SCE/18RnFsLrjydh/R/s5EVvHoZprqEQUuoxK8q2Pc4= golang.org/x/exp v0.0.0-20220916125017-b168a2c6b86b/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/exp v0.0.0-20220921164117-439092de6870 h1:j8b6j9gzSigH28O5SjSpQSSh9lFd6f5D/q0aHjNTulc= golang.org/x/exp v0.0.0-20220921164117-439092de6870/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 h1:fGZugkZk2UgYBxtpKmvub51Yno1LJDeEsRp2xGD+0gY= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -60,6 +69,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9w golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20220919170432-7a66f970e087 h1:tPwmk4vmvVCMdr98VgL4JH+qZxPL8fqlUOHnyOM8N3w= +golang.org/x/term v0.0.0-20220919170432-7a66f970e087/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=