Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build(deps): bump golang.org/x/vuln from 1.1.1 to 1.1.2 in /tools (#1445
) Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.1 to 1.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/vuln/releases">golang.org/x/vuln's releases</a>.</em></p> <blockquote> <h2>v1.1.2</h2> <p>This release brings the support for the VEX output format.</p> <h2>Integration</h2> <p>Govulncheck now supports <a href="https://github.com/openvex">OpenVex</a> output format via <code>-format openvex</code> flag option. Please see <a href="https://pkg.go.dev/golang.org/x/vuln@v1.1.2/internal/openvex">here</a> for more details on the actual encoding.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/vuln/commit/3740f5cb12a3f93b18dbe200c4bcb6256f8586e2"><code>3740f5c</code></a> internal/osv: add review status</li> <li><a href="https://github.com/golang/vuln/commit/29462d73a2bf15636e29dc1e570ea0caa38dd5d5"><code>29462d7</code></a> vulncheck: update documentation for vex</li> <li><a href="https://github.com/golang/vuln/commit/2736e1dc19ec039536007b7b7ab2cf1bd93052f6"><code>2736e1d</code></a> cmd/govulncheck/integration/stackrox-scanner: update expectations</li> <li><a href="https://github.com/golang/vuln/commit/65c6e2bf78af59b4e3eeb15616d10d2d93976c30"><code>65c6e2b</code></a> cmd/govulncheck/integration/k8s: update expectations</li> <li><a href="https://github.com/golang/vuln/commit/03e66a609a8e11ea10203ac2bb74977292163cf5"><code>03e66a6</code></a> internal/govulncheck: add more comments for emitted OSVs</li> <li><a href="https://github.com/golang/vuln/commit/f30059cfb245502cc453bb54905db2f0b77492ef"><code>f30059c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/vuln/commit/84735a3ac315d2ef79d1f31d1298d6b8dc9a9a8d"><code>84735a3</code></a> internal/scan: increase telemetry counter for show flag</li> <li><a href="https://github.com/golang/vuln/commit/fb2a687c05601167d07f68c59e685fc7371bc176"><code>fb2a687</code></a> internal/scan: add format and scan level telemetry</li> <li><a href="https://github.com/golang/vuln/commit/f5e77b81ae7d803dfe37b80b919ebe9269cc0141"><code>f5e77b8</code></a> internal/cmd/govulncheck: remove unnecessary binary dependency</li> <li><a href="https://github.com/golang/vuln/commit/1201340bf0daba4b0f59a0118ecd04144ad1ffa6"><code>1201340</code></a> cmd/govulncheck/integration: update go in integration tests</li> <li>Additional commits viewable in <a href="https://github.com/golang/vuln/compare/v1.1.1...v1.1.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/vuln&package-manager=go_modules&previous-version=1.1.1&new-version=1.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information