fix(deps): update osv-scanner minor

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
github.com/CycloneDX/cyclonedx-go	v0.8.0 -> v0.9.0					require	minor
github.com/charmbracelet/bubbletea	v0.26.3 -> v0.26.4					require	patch
golang.org/x/exp	4c93da0 -> fc45aab					require	digest
golang.org/x/mod	v0.17.0 -> v0.18.0					require	minor
golang.org/x/term	v0.20.0 -> v0.21.0					require	minor

---

Release Notes

CycloneDX/cyclonedx-go (github.com/CycloneDX/cyclonedx-go)

v0.9.0

Compare Source

Changelog

Features

• 729c284: feat: Add CycloneDX 1.6 fields swhid and omniborId (@​snyk-tim)
• b5d3595: feat: add manufacturer and authors (@​snyk-tim)
• c52e698: feat: raise baseline go version to 1.20 (@​nscuro)

Fixes

• 9166e10: fix: ioutil -> io (@​nscuro)
• 349fc8c: fix: add bom-ref to OrganizationalEntity/Contact (@​snyk-tim)
• c97da90: fix: handle breaking changes in skywalking-eyes (@​nscuro)

Building and Packaging

• ec6291e: build(deps): bump actions/checkout from 4.1.1 to 4.1.5 (@​dependabot[bot])
• 899fe39: build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (@​dependabot[bot])
• 8674ed5: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (@​dependabot[bot])
• db3a114: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (@​dependabot[bot])
• a3bd055: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@​dependabot[bot])
• 1179dd9: build(deps): bump gitpod/workspace-go from 8b9a0f6 to 8d15123 (@​dependabot[bot])
• d98494e: build(deps): bump gitpod/workspace-go from 9118b93 to 8b9a0f6 (@​dependabot[bot])
• 1e2a3a0: build(deps): bump gitpod/workspace-go from 94ae638 to 9118b93 (@​dependabot[bot])
• d4d6e35: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@​dependabot[bot])
• 521d1ce: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 (@​dependabot[bot])
• f1ebafe: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (@​dependabot[bot])

Others

• 16d2143: Fix(1.6): Added missing omitempty in NistQuantumSecurityLevel (@​Petzys)
• ffec473: chore: add license header (@​mcombuechen)
• 1f8fdcc: feat(1.6): add BOM.Declarations (@​mcombuechen)
• 62b5342: feat(1.6): add BOM.Definitions (@​mcombuechen)
• c33b9cb: feat(1.6): add CBOM types (@​Petzys)
• 10e10c8: feat(1.6): add JSON schema, XML namespace (@​mcombuechen)
• 2dc599a: feat(1.6): add License.Acknowledgement (@​mcombuechen)
• 7a32fde: feat(1.6): add PostalAddress type (@​mcombuechen)
• b8e4529: feat(1.6): add SpecVersion for v1.6 (@​mcombuechen)
• c877828: feat(1.6): add environmentalConsiderations (@​mcombuechen)
• e0e9c67: feat(1.6): add schema definitions for CycloneDX 1.6 (@​mcombuechen)
• b1636c2: feat(1.6): extend EvidenceOccurrence (@​mcombuechen)
• b4b3b94: fix(1.6): convert occurrences of OrganizationalEntity (@​mcombuechen)
• 9332ca6: fix(1.6): fix json, xml labels on BOM.Definitions (@​mcombuechen)

charmbracelet/bubbletea (github.com/charmbracelet/bubbletea)

v0.26.4

Compare Source

Fix panics! Using program.SetWindowTitle and others may panic if they were called before the program starts.

Also note that program.SetWindowTitle is now deprecated. To set the window title use tea.SetWindowTitle command.

What's Changed

• chore(deps): bump github.com/charmbracelet/x/ansi from 0.1.1 to 0.1.2 by @​dependabot in https://github.com/charmbracelet/bubbletea/pull/1026
• chore(deps): bump github.com/charmbracelet/lipgloss from 0.10.0 to 0.11.0 in /examples by @​dependabot in https://github.com/charmbracelet/bubbletea/pull/1025
• fix: program renderer commands by @​aymanbagabas in https://github.com/charmbracelet/bubbletea/pull/1030

Full Changelog: charmbracelet/bubbletea@v0.26.3...v0.26.4

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or Discord.

---

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.15%. Comparing base (b1b8bfa) to head (73511f7).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1017   +/-   ##
=======================================
  Coverage   65.15%   65.15%           
=======================================
  Files         149      149           
  Lines       12338    12338           
=======================================
  Hits         8039     8039           
  Misses       3848     3848           
  Partials      451      451           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[forking-renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated

Details:

Package	Change
github.com/charmbracelet/x/ansi	v0.1.1 -> v0.1.2
golang.org/x/crypto	v0.23.0 -> v0.24.0
golang.org/x/net	v0.25.0 -> v0.26.0
golang.org/x/sys	v0.20.0 -> v0.21.0
golang.org/x/text	v0.15.0 -> v0.16.0
golang.org/x/tools	v0.21.0 -> v0.22.0