build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3 in /tools (#1453

) Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.2 to 1.1.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/vuln/releases">golang.org/x/vuln's releases</a>.</em></p> <blockquote> <h2>v1.1.3</h2> <p>This release brings a few bug fixes (<a href="https://redirect.github.com/golang/go/issues/68034">#68034</a>, <a href="https://redirect.github.com/golang/go/issues/68256">#68256</a>, and <a href="https://redirect.github.com/golang/go/issues/68338">#68338</a>) and an increased support for analyzing Go binaries. Binaries built with Go versions prior to go1.18 are now checked, but only for standard library vulnerabilities.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/vuln/commit/4ea4418106cea3bb2c9aa098527c924e9e1fbbb4"><code>4ea4418</code></a> internal/openvex: update handler test</li> <li><a href="https://github.com/golang/vuln/commit/de0a0adbc1d357501a7f291978a9f8b87d15eb5a"><code>de0a0ad</code></a> LICENSE: update per Google Legal</li> <li><a href="https://github.com/golang/vuln/commit/1884dfae5d94f200377663e5be082dbe1d96b979"><code>1884dfa</code></a> internal/vulncheck: add warning message for ancient binaries</li> <li><a href="https://github.com/golang/vuln/commit/d9ad5223849a23e412d4a6ac1f61ecfc94cab0d8"><code>d9ad522</code></a> all: remove build restrictions requiring go1.18</li> <li><a href="https://github.com/golang/vuln/commit/44e45eaefb4e945ace34bc19e9a29cdb1b143966"><code>44e45ea</code></a> cmd/govulncheck: clarify unsafe/reflection limitations</li> <li><a href="https://github.com/golang/vuln/commit/601dd9b53b1c3d43f3065ea3b24d6a5fca69b1e1"><code>601dd9b</code></a> cmd/govulncheck: update docs for old Go binaries</li> <li><a href="https://github.com/golang/vuln/commit/0f7005f3db72ac2c67d870609932dd49954db764"><code>0f7005f</code></a> internal/openvex: omit vulns with no findings</li> <li><a href="https://github.com/golang/vuln/commit/f94421b20479af8851aa9ecc80a1142ad6f63c93"><code>f94421b</code></a> cmd/govulncheck/integration: adjust k8s expectations</li> <li><a href="https://github.com/golang/vuln/commit/684f5c9fa70708a9f79c33c09e16ce0bd25446d5"><code>684f5c9</code></a> all: remove skipIfShort</li> <li><a href="https://github.com/golang/vuln/commit/d52dedc621a782b20cbbf420a6e0358e80322300"><code>d52dedc</code></a> all: remove unnecessary test lines for staticcheck</li> <li>Additional commits viewable in <a href="https://github.com/golang/vuln/compare/v1.1.2...v1.1.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/vuln&package-manager=go_modules&previous-version=1.1.2&new-version=1.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sung Yoon Whang <sungyoon@uber.com>
uber-go · Jul 25, 2024 · f95879b · f95879b
1 parent f9b9f66
commit f95879b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 13 deletions.
diff --git a/tools/go.mod b/tools/go.mod
@@ -1,13 +1,15 @@
 module go.uber.org/zap/tools
 
-require golang.org/x/vuln v1.1.2
+require golang.org/x/vuln v1.1.3
 
 require (
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 )
 
-go 1.20
+go 1.21
+
+toolchain go1.22.2
diff --git a/tools/go.sum b/tools/go.sum
@@ -1,15 +1,18 @@
 github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
+github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786/go.mod h1:apVn/GCasLZUVpAJ6oWAuyP7Ne7CEsQbTnc0plM3m+o=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
-golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk=
-golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw=
+golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY=