Skip to content

Commit

Permalink
build(deps): bump golang.org/x/vuln from 1.1.1 to 1.1.2 in /tools (#1445
Browse files Browse the repository at this point in the history
)

Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.1 to
1.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/vuln/releases">golang.org/x/vuln's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.2</h2>
<p>This release brings the support for the VEX output format.</p>
<h2>Integration</h2>
<p>Govulncheck now supports <a
href="https://github.com/openvex">OpenVex</a> output format via
<code>-format openvex</code> flag option. Please see <a
href="https://pkg.go.dev/golang.org/x/vuln@v1.1.2/internal/openvex">here</a>
for more details on the actual encoding.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/vuln/commit/3740f5cb12a3f93b18dbe200c4bcb6256f8586e2"><code>3740f5c</code></a>
internal/osv: add review status</li>
<li><a
href="https://github.com/golang/vuln/commit/29462d73a2bf15636e29dc1e570ea0caa38dd5d5"><code>29462d7</code></a>
vulncheck: update documentation for vex</li>
<li><a
href="https://github.com/golang/vuln/commit/2736e1dc19ec039536007b7b7ab2cf1bd93052f6"><code>2736e1d</code></a>
cmd/govulncheck/integration/stackrox-scanner: update expectations</li>
<li><a
href="https://github.com/golang/vuln/commit/65c6e2bf78af59b4e3eeb15616d10d2d93976c30"><code>65c6e2b</code></a>
cmd/govulncheck/integration/k8s: update expectations</li>
<li><a
href="https://github.com/golang/vuln/commit/03e66a609a8e11ea10203ac2bb74977292163cf5"><code>03e66a6</code></a>
internal/govulncheck: add more comments for emitted OSVs</li>
<li><a
href="https://github.com/golang/vuln/commit/f30059cfb245502cc453bb54905db2f0b77492ef"><code>f30059c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/vuln/commit/84735a3ac315d2ef79d1f31d1298d6b8dc9a9a8d"><code>84735a3</code></a>
internal/scan: increase telemetry counter for show flag</li>
<li><a
href="https://github.com/golang/vuln/commit/fb2a687c05601167d07f68c59e685fc7371bc176"><code>fb2a687</code></a>
internal/scan: add format and scan level telemetry</li>
<li><a
href="https://github.com/golang/vuln/commit/f5e77b81ae7d803dfe37b80b919ebe9269cc0141"><code>f5e77b8</code></a>
internal/cmd/govulncheck: remove unnecessary binary dependency</li>
<li><a
href="https://github.com/golang/vuln/commit/1201340bf0daba4b0f59a0118ecd04144ad1ffa6"><code>1201340</code></a>
cmd/govulncheck/integration: update go in integration tests</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/vuln/compare/v1.1.1...v1.1.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/vuln&package-manager=go_modules&previous-version=1.1.1&new-version=1.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
dependabot[bot] authored Jun 10, 2024
1 parent d53ffd2 commit 88bc39c
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 9 deletions.
8 changes: 5 additions & 3 deletions tools/go.mod
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
module go.uber.org/zap/tools

require golang.org/x/vuln v1.1.1
require golang.org/x/vuln v1.1.2

require (
golang.org/x/mod v0.17.0 // indirect
golang.org/x/mod v0.18.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
golang.org/x/tools v0.22.0 // indirect
)

go 1.20
16 changes: 10 additions & 6 deletions tools/go.sum
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7 h1:DnP3aRQn/r68glNGB8/7+3iE77jA+YZZCxpfIXx2MdA=
golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/vuln v1.1.1 h1:4nYQg4OSr7uYQMtjuuYqLAEVuTjY4k/CPMYqvv5OPcI=
golang.org/x/vuln v1.1.1/go.mod h1:hNgE+SKMSp2wHVUpW0Ow2ejgKpNJePdML+4YjxrVxik=
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk=
golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24=

0 comments on commit 88bc39c

Please sign in to comment.