Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): lock file maintenance vulnfeeds (#2562)
This PR contains the following updates: | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | | | [cloud.google.com/go/logging](https://redirect.github.com/googleapis/google-cloud-go) | require | minor | `v1.10.0` -> `v1.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [cloud.google.com/go/secretmanager](https://redirect.github.com/googleapis/google-cloud-go) | require | minor | `v1.13.1` -> `v1.14.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/google/osv-scanner](https://redirect.github.com/google/osv-scanner) | require | minor | `v1.7.4` -> `v1.8.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [github.com/sethvargo/go-retry](https://redirect.github.com/sethvargo/go-retry) | require | minor | `v0.2.4` -> `v0.3.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang | stage | minor | `1.22.5-alpine` -> `1.23.1-alpine` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang.org/x/exp | require | digest | `fc45aab` -> `701f63a` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [markdownify](https://redirect.github.com/matthewwithanm/python-markdownify) | dependencies | minor | `==0.11.6` -> `==0.13.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pandas](https://pandas.pydata.org) ([source](https://redirect.github.com/pandas-dev/pandas)) | dependencies | minor | `==2.1.3` -> `==2.2.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [pylint](https://redirect.github.com/pylint-dev/pylint) ([changelog](https://pylint.readthedocs.io/en/latest/whatsnew/3/)) | dev-dependencies | patch | `3.2.5` -> `3.2.7` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [python-dateutil](https://redirect.github.com/dateutil/dateutil) | dependencies | minor | `==2.8.2` -> `==2.9.0.post0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>google/osv-scanner (github.com/google/osv-scanner)</summary> ### [`v1.8.4`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v184) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.3...v1.8.4) ##### Features: - [Feature #​1177](https://redirect.github.com/google/osv-scanner/pull/1177) Adds `--upgrade-config` flag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous `--disallow-major-upgrades` and `--disallow-package-upgrades` flags. ##### Fixes: - [Bug #​1123](https://redirect.github.com/google/osv-scanner/issues/1123) Issue when running osv-scanner on project running with golang 1.22 [#​1123](https://redirect.github.com/google/osv-scanner/issues/1123) ##### Misc: - [Feature #​638](https://redirect.github.com/google/osv-scanner/issues/638) Update go policy to use stable go version for builds (updated to go 1.23) ### [`v1.8.3`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v183) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.2...v1.8.3) ##### Features: - [Feature #​889](https://redirect.github.com/google/osv-scanner/pull/889) OSV-Scanner now provides "vertical" output format! ##### Fixes: - [Bug #​1115](https://redirect.github.com/google/osv-scanner/issues/1115) Ensure that `semantic` is passed a valid `models.Ecosystem`. - [Bug #​1140](https://redirect.github.com/google/osv-scanner/pull/1140) Add Maven dependency management to override client. - [Bug #​1149](https://redirect.github.com/google/osv-scanner/pull/1149) Handle Maven parent relative path. ##### Misc: - [Feature #​1091](https://redirect.github.com/google/osv-scanner/pull/1091) Improved the runtime of DiffVulnerabilityResults. Thanks [@​neilnaveen](https://redirect.github.com/neilnaveen)! - [Feature #​1125](https://redirect.github.com/google/osv-scanner/pull/1125) Workflow for stale issue and PR management. ### [`v1.8.2`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v182) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.1...v1.8.2) ##### Features: - [Feature #​1014](https://redirect.github.com/google/osv-scanner/pull/1014) Adding CycloneDX 1.4 and 1.5 output format. Thanks [@​marcwieserdev](https://redirect.github.com/marcwieserdev)! ##### Fixes: - [Bug #​769](https://redirect.github.com/google/osv-scanner/issues/769) Fixed missing vulnerabilities for debian purls for `--experimental-local-db`. - [Bug #​1055](https://redirect.github.com/google/osv-scanner/issues/1055) Ensure that `package` exists in `affected` property. - [Bug #​1072](https://redirect.github.com/google/osv-scanner/issues/1072) Filter out unimportant vulnerabilities from vuln group. - [Bug #​1077](https://redirect.github.com/google/osv-scanner/issues/1077) Fix rate osv-scanner deadlock. - [Bug #​924](https://redirect.github.com/google/osv-scanner/issues/924) Ensure that npm dependencies retain their "production" grouping. ### [`v1.8.1`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v180v181) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.8.0...v1.8.1) ##### Features: - [Feature #​35](https://redirect.github.com/google/osv-scanner/issues/35) OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files! See [our documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#transitive-dependency-scanning) for more information. - [Feature #​944](https://redirect.github.com/google/osv-scanner/pull/944) The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections: ```toml [[PackageOverrides]] ``` ### [`v1.8.0`](https://redirect.github.com/google/osv-scanner/blob/HEAD/CHANGELOG.md#v180v181) [Compare Source](https://redirect.github.com/google/osv-scanner/compare/v1.7.4...v1.8.0) ##### Features: - [Feature #​35](https://redirect.github.com/google/osv-scanner/issues/35) OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files! See [our documentation](https://google.github.io/osv-scanner/supported-languages-and-lockfiles/#transitive-dependency-scanning) for more information. - [Feature #​944](https://redirect.github.com/google/osv-scanner/pull/944) The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections: ```toml [[PackageOverrides]] ``` </details> <details> <summary>sethvargo/go-retry (github.com/sethvargo/go-retry)</summary> ### [`v0.3.0`](https://redirect.github.com/sethvargo/go-retry/releases/tag/v0.3.0) [Compare Source](https://redirect.github.com/sethvargo/go-retry/compare/v0.2.4...v0.3.0) #### What's Changed - Add DoValue, which requires generics and bumps to Go 1.21 by [@​sethvargo](https://redirect.github.com/sethvargo) in [https://github.com/sethvargo/go-retry/pull/26](https://redirect.github.com/sethvargo/go-retry/pull/26) **Full Changelog**: sethvargo/go-retry@v0.2.4...v0.3.0 </details> <details> <summary>matthewwithanm/python-markdownify (markdownify)</summary> ### [`v0.13.1`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.13.1) [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.13.0...0.13.1) #### What's Changed - Migrated the metadata into PEP 621-compliant pyproject.toml by [@​KOLANICH](https://redirect.github.com/KOLANICH) in [https://github.com/matthewwithanm/python-markdownify/pull/138](https://redirect.github.com/matthewwithanm/python-markdownify/pull/138) **Full Changelog**: matthewwithanm/python-markdownify@0.13.0...0.13.1 ### [`v0.13.0`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.13.0) [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.12.1...0.13.0) #### What's Changed - Avoid inline styles inside `<code>` / `<pre>` conversion by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/117](https://redirect.github.com/matthewwithanm/python-markdownify/pull/117) - Escape all characters with Markdown significance by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/118](https://redirect.github.com/matthewwithanm/python-markdownify/pull/118) - Update MANIFEST.in to exclude tests during packaging by [@​samypr100](https://redirect.github.com/samypr100) in [https://github.com/matthewwithanm/python-markdownify/pull/125](https://redirect.github.com/matthewwithanm/python-markdownify/pull/125) - Special-case use of HTML tags for converting `<sub>` / `<sup>` by [@​jsm28](https://redirect.github.com/jsm28) in [https://github.com/matthewwithanm/python-markdownify/pull/119](https://redirect.github.com/matthewwithanm/python-markdownify/pull/119) - handle ol start value is not number by [@​microdnd](https://redirect.github.com/microdnd) in [https://github.com/matthewwithanm/python-markdownify/pull/127](https://redirect.github.com/matthewwithanm/python-markdownify/pull/127) #### New Contributors - [@​jsm28](https://redirect.github.com/jsm28) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/117](https://redirect.github.com/matthewwithanm/python-markdownify/pull/117) - [@​samypr100](https://redirect.github.com/samypr100) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/125](https://redirect.github.com/matthewwithanm/python-markdownify/pull/125) - [@​microdnd](https://redirect.github.com/microdnd) made their first contribution in [https://github.com/matthewwithanm/python-markdownify/pull/127](https://redirect.github.com/matthewwithanm/python-markdownify/pull/127) **Full Changelog**: matthewwithanm/python-markdownify@0.12.1...0.13.0 ### [`v0.12.1`](https://redirect.github.com/matthewwithanm/python-markdownify/releases/tag/0.12.1): Fix wrong version [Compare Source](https://redirect.github.com/matthewwithanm/python-markdownify/compare/0.11.6...0.12.1) </details> <details> <summary>pandas-dev/pandas (pandas)</summary> ### [`v2.2.2`](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.1...v2.2.2) [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.1...v2.2.2) ### [`v2.2.1`](https://redirect.github.com/pandas-dev/pandas/releases/tag/v2.2.1): Pandas 2.2.1 [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.2.0...v2.2.1) We are pleased to announce the release of pandas 2.2.1. This release includes some new features, bug fixes, and performance improvements. We recommend that all users upgrade to this version. See the [full whatsnew](https://pandas.pydata.org/pandas-docs/version/2.2.1/whatsnew/v2.2.1.html) for a list of all the changes. Pandas 2.2.1 supports Python 3.9 and higher. The release will be available on the defaults and conda-forge channels: conda install pandas Or via PyPI: python3 -m pip install --upgrade pandas Please report any issues with the release on the [pandas issue tracker](https://redirect.github.com/pandas-dev/pandas/issues). Thanks to all the contributors who made this release possible. ### [`v2.2.0`](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0) [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.4...v2.2.0) ### [`v2.1.4`](https://redirect.github.com/pandas-dev/pandas/releases/tag/v2.1.4): Pandas 2.1.4 [Compare Source](https://redirect.github.com/pandas-dev/pandas/compare/v2.1.3...v2.1.4) This is a patch release in the 2.1.x series and includes some regression and bug fixes, and a security fix. We recommend that all users upgrade to this version. See the [full whatsnew](https://pandas.pydata.org/pandas-docs/version/2.1.4/whatsnew/v2.1.4.html) for a list of all the changes. The release will be available on the defaults and conda-forge channels: conda install pandas Or via PyPI: python3 -m pip install --upgrade pandas Please report any issues with the release on the [pandas issue tracker](https://redirect.github.com/pandas-dev/pandas/issues). Thanks to all the contributors who made this release possible. </details> <details> <summary>pylint-dev/pylint (pylint)</summary> ### [`v3.2.7`](https://redirect.github.com/pylint-dev/pylint/releases/tag/v3.2.7) [Compare Source](https://redirect.github.com/pylint-dev/pylint/compare/v3.2.6...v3.2.7) ## What's new in Pylint 3.2.7? Release date: 2024-08-31 ## False Positives Fixed - Fixed a false positive `unreachable` for `NoReturn` coroutine functions. Closes [#​9840](https://redirect.github.com/pylint-dev/pylint/issues/9840) ## Other Bug Fixes - Fix crash in refactoring checker when calling a lambda bound as a method. Closes [#​9865](https://redirect.github.com/pylint-dev/pylint/issues/9865) - Fix a crash in `undefined-loop-variable` when providing the `iterable` argument to `enumerate()`. Closes [#​9875](https://redirect.github.com/pylint-dev/pylint/issues/9875) - Fix to address indeterminacy of error message in case a module name is same as another in a separate namespace. Refs [#​9883](https://redirect.github.com/pylint-dev/pylint/issues/9883) ### [`v3.2.6`](https://redirect.github.com/pylint-dev/pylint/releases/tag/v3.2.6) [Compare Source](https://redirect.github.com/pylint-dev/pylint/compare/v3.2.5...v3.2.6) ## What's new in Pylint 3.2.6? Release date: 2024-07-21 ## False Positives Fixed - Quiet false positives for `unexpected-keyword-arg` when pylint cannot determine which of two or more dynamically defined classes is being instantiated. Closes [#​9672](https://redirect.github.com/pylint-dev/pylint/issues/9672) - Fix a false positive for `missing-param-doc` where a method which is decorated with `typing.overload` was expected to have a docstring specifying its parameters. Closes [#​9739](https://redirect.github.com/pylint-dev/pylint/issues/9739) - Fix a regression that raised `invalid-name` on class attributes merely overriding invalid names from an ancestor. Closes [#​9765](https://redirect.github.com/pylint-dev/pylint/issues/9765) - Treat `assert_never()` the same way when imported from `typing_extensions`. Closes [#​9780](https://redirect.github.com/pylint-dev/pylint/issues/9780) - Fix a false positive for `consider-using-min-max-builtin` when the assignment target is an attribute. Refs [#​9800](https://redirect.github.com/pylint-dev/pylint/issues/9800) ## Other Bug Fixes - Fix an `AssertionError` arising from properties that return partial functions. Closes [#​9214](https://redirect.github.com/pylint-dev/pylint/issues/9214) - Fix a crash when a subclass extends `__slots__`. Closes [#​9814](https://redirect.github.com/pylint-dev/pylint/issues/9814) </details> <details> <summary>dateutil/dateutil (python-dateutil)</summary> ### [`v2.9.0.post0`](https://redirect.github.com/dateutil/dateutil/releases/tag/2.9.0.post0) [Compare Source](https://redirect.github.com/dateutil/dateutil/compare/2.9.0...2.9.0.post0) ### Version 2.9.0.post0 (2024-03-01) #### Bugfixes - Pinned `setuptools_scm` to `<8`, which should make the generated `_version.py` file compatible with all supported versions of Python. ### [`v2.9.0`](https://redirect.github.com/dateutil/dateutil/releases/tag/2.9.0) [Compare Source](https://redirect.github.com/dateutil/dateutil/compare/2.8.2...2.9.0) ### Version 2.9.0 (2024-02-29) #### Data updates - Updated tzdata version to 2024a. (gh pr [#​1342](https://redirect.github.com/dateutil/dateutil/issues/1342)) #### Features - Made all `dateutil` submodules lazily imported using [PEP 562](https://www.python.org/dev/peps/pep-0562/). On Python 3.7+, things like `import dateutil; dateutil.tz.gettz("America/New_York")` will now work without explicitly importing `dateutil.tz`, with the import occurring behind the scenes on first use. The old behavior remains on Python 3.6 and earlier. Fixed by Orson Adams. (gh issue [#​771](https://redirect.github.com/dateutil/dateutil/issues/771), gh pr [#​1007](https://redirect.github.com/dateutil/dateutil/issues/1007)) #### Bugfixes - Removed a call to `datetime.utcfromtimestamp`, which is deprecated as of Python 3.12. Reported by Hugo van Kemenade (gh pr [#​1284](https://redirect.github.com/dateutil/dateutil/issues/1284)), fixed by Thomas Grainger (gh pr [#​1285](https://redirect.github.com/dateutil/dateutil/issues/1285)). #### Documentation changes - Added note into docs and tests where relativedelta would return last day of the month only if the same day on a different month resolves to a date that doesn't exist. Reported by [@​hawkEye-01](https://redirect.github.com/hawkEye-01) (gh issue [#​1167](https://redirect.github.com/dateutil/dateutil/issues/1167)). Fixed by [@​Mifrill](https://redirect.github.com/Mifrill) (gh pr [#​1168](https://redirect.github.com/dateutil/dateutil/issues/1168)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
- Loading branch information
1 parent
fc9855c
commit 697bf72