Skip to content

fix(deps): update osv-scanner minor#2166

Merged
cuixq merged 1 commit into
google:mainfrom
renovate-bot:renovate/osv-scanner-minor
Aug 27, 2025
Merged

fix(deps): update osv-scanner minor#2166
cuixq merged 1 commit into
google:mainfrom
renovate-bot:renovate/osv-scanner-minor

Conversation

@renovate-bot
Copy link
Copy Markdown
Collaborator

@renovate-bot renovate-bot commented Aug 10, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
github.com/urfave/cli/v3 v3.3.8 -> v3.4.1 age confidence require minor
golang.org/x/net v0.42.0 -> v0.43.0 age confidence require minor
golang.org/x/term v0.33.0 -> v0.34.0 age confidence require minor
google.golang.org/grpc v1.74.2 -> v1.75.0 age confidence require minor
google.golang.org/protobuf v1.36.6 -> v1.36.8 age confidence require patch
osv.dev/bindings/go 0ecbb9e -> 8e55c55 age confidence require digest

Release Notes

urfave/cli (github.com/urfave/cli/v3)

v3.4.1

Compare Source

What's Changed

Full Changelog: urfave/cli@v3.4.0...v3.4.1

v3.4.0

Compare Source

What's Changed

New Contributors

Full Changelog: urfave/cli@v3.3.9...v3.4.0

v3.3.9

Compare Source

What's Changed

New Contributors

Full Changelog: urfave/cli@v3.3.8...v3.3.9

grpc/grpc-go (google.golang.org/grpc)

v1.75.0: Release 1.75.0

Compare Source

Behavior Changes

  • xds: Remove support for GRPC_EXPERIMENTAL_XDS_FALLBACK environment variable. Fallback support can no longer be disabled. (#​8482)
  • stats: Introduce DelayedPickComplete event, a type alias of PickerUpdated. (#​8465)
    • This (combined) event will now be emitted only once per call, when a transport is successfully selected for the attempt.
    • OpenTelemetry metrics will no longer have multiple "Delayed LB pick complete" events in Go, matching other gRPC languages.
    • A future release will delete the PickerUpdated symbol.
  • credentials: Properly apply grpc.WithAuthority as the highest-priority option for setting authority, above the setting in the credentials themselves. (#​8488)
    • Now that this WithAuthority is available, the credentials should not be used to override the authority.
  • round_robin: Randomize the order in which addresses are connected to in order to spread out initial RPC load between clients. (#​8438)
  • server: Return status code INTERNAL when a client sends more than one request in unary and server streaming RPC. (#​8385)
    • This is a behavior change but also a bug fix to bring gRPC-Go in line with the gRPC spec.

New Features

  • dns: Add an environment variable (GRPC_ENABLE_TXT_SERVICE_CONFIG) to provide a way to disable TXT lookups in the DNS resolver (by setting it to false). By default, TXT lookups are enabled, as they were previously. (#​8377)

Bug Fixes

  • xds: Fix regression preventing empty node IDs in xDS bootstrap configuration. (#​8476)
  • xds: Fix possible panic when certain invalid resources are encountered. (#​8412)
  • xdsclient: Fix a rare panic caused by processing a response from a closed server. (#​8389)
  • stats: Fix metric unit formatting by enclosing non-standard units like call and endpoint in curly braces to comply with UCUM and gRPC OpenTelemetry guidelines. (#​8481)
  • xds: Fix possible panic when clusters are removed from the xds configuration. (#​8428)
  • xdsclient: Fix a race causing "resource doesn not exist" when rapidly subscribing and unsubscribing to the same resource. (#​8369)
  • client: When determining the authority, properly percent-encode (if needed, which is unlikely) when the target string omits the hostname and only specifies a port (grpc.NewClient(":<port-number-or-name>")). (#​8488)
protocolbuffers/protobuf-go (google.golang.org/protobuf)

v1.36.8

Compare Source

Maintenance:

CL/696316: all: set Go language version to Go 1.23
CL/696315: types: regenerate using latest protobuf v32 release

v1.36.7

Compare Source

Maintenance / optimizations:

CL/683955: encoding/protowire: micro-optimize SizeVarint (-20% on Intel)
CL/674055: internal/impl: remove unnecessary atomic access for non-lazy lists
CL/674015: impl: remove unnecessary nil check from presence.Present
CL/673495: types/descriptorpb: regenerate using latest protobuf v31 release
CL/670516: cmd/protoc-gen-go: centralize presence and lazy logic into filedesc
CL/670515: internal: move usePresenceForField to internal/filedesc
CL/670275: internal/impl: clean up usePresenceForField() (no-op)

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate Bot added the dependencies Pull requests that update a dependency file label Aug 10, 2025
@forking-renovate
Copy link
Copy Markdown

forking-renovate Bot commented Aug 10, 2025

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 3 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.40.0 -> v0.41.0
golang.org/x/sys v0.34.0 -> v0.35.0
golang.org/x/text v0.27.0 -> v0.28.0

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 3 times, most recently from 2c09721 to 6fef7c9 Compare August 12, 2025 03:54
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Aug 12, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.59%. Comparing base (62551cd) to head (8db2e53).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2166      +/-   ##
==========================================
- Coverage   67.62%   67.59%   -0.03%     
==========================================
  Files         170      170              
  Lines       16326    16333       +7     
==========================================
  Hits        11041    11041              
- Misses       4605     4612       +7     
  Partials      680      680

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 11 times, most recently from 9d83a44 to 9191b78 Compare August 20, 2025 03:26
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch 5 times, most recently from 3cfb3a4 to f8b0606 Compare August 27, 2025 02:54
@renovate-bot renovate-bot force-pushed the renovate/osv-scanner-minor branch from f8b0606 to 8db2e53 Compare August 27, 2025 04:55
@cuixq cuixq merged commit fda9839 into google:main Aug 27, 2025
16 checks passed
@renovate-bot renovate-bot deleted the renovate/osv-scanner-minor branch August 27, 2025 05:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cuixq cuixq cuixq approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @codecov-commenter @cuixq