From 0ba70eecd694a4193bbc55c805812a666e75b065 Mon Sep 17 00:00:00 2001 From: "renovate-sh-app[bot]" <219655108+renovate-sh-app[bot]@users.noreply.github.com> Date: Thu, 18 Dec 2025 14:25:33 +0000 Subject: [PATCH 1/3] fix(deps): update go dependencies | datasource | package | from | to | | -------------- | -------------------------------- | -------- | -------- | | go | github.com/google/osv-scanner/v2 | v2.2.4 | v2.3.0 | | go | github.com/hashicorp/go-version | v1.7.0 | v1.8.0 | | golang-version | go | 1.25.4 | 1.25.5 | | go | golang.org/x/mod | v0.29.0 | v0.30.0 | | go | google.golang.org/api | v0.255.0 | v0.257.0 | Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com> --- go.mod | 54 +++++++++++++------------- go.sum | 118 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 86 insertions(+), 86 deletions(-) diff --git a/go.mod b/go.mod index 9f2d3544..253aa4f6 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module github.com/grafana/plugin-validator -go 1.24.6 +go 1.25.4 -toolchain go1.25.4 +toolchain go1.25.5 require ( github.com/bmatcuk/doublestar/v4 v4.9.1 @@ -10,11 +10,11 @@ require ( github.com/fatih/color v1.18.0 github.com/go-enry/go-license-detector/v4 v4.3.1 github.com/google/generative-ai-go v0.20.1 - github.com/google/osv-scanner/v2 v2.2.4 - github.com/hashicorp/go-version v1.7.0 + github.com/google/osv-scanner/v2 v2.3.0 + github.com/hashicorp/go-version v1.8.0 github.com/jarcoal/httpmock v1.4.1 github.com/magefile/mage v1.15.0 - github.com/ossf/osv-schema/bindings/go v0.0.0-20251012234424-434020c6442f + github.com/ossf/osv-schema/bindings/go v0.0.0-20251112210320-9fb6c8870ac1 github.com/r3labs/diff/v3 v3.0.2 github.com/smartystreets/goconvey v1.8.1 github.com/sourcegraph/go-diff-patch v0.0.0-20240223163233-798fd1e94a8e @@ -22,8 +22,8 @@ require ( github.com/tailscale/hujson v0.0.0-20250605163823-992244df8c5a github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/crypto v0.45.0 - golang.org/x/mod v0.29.0 - google.golang.org/api v0.255.0 + golang.org/x/mod v0.30.0 + google.golang.org/api v0.257.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -34,8 +34,8 @@ require ( github.com/anchore/go-struct-converter v0.0.0-20250211213226-cce56d595160 // indirect github.com/cyphar/filepath-securejoin v0.6.0 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect - github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5 // indirect - github.com/jedib0t/go-pretty/v6 v6.6.8 // indirect + github.com/ianlancetaylor/demangle v0.0.0-20251114061303-68c556c8ce09 // indirect + github.com/jedib0t/go-pretty/v6 v6.7.2 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect github.com/package-url/packageurl-go v0.1.3 // indirect github.com/rivo/uniseg v0.4.7 // indirect @@ -56,12 +56,12 @@ require ( cloud.google.com/go/compute/metadata v0.9.0 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect cyphar.com/go-pathrs v0.2.1 // indirect - deps.dev/api/v3 v3.0.0-20250917073939-6ff3dd7d2eea // indirect - deps.dev/api/v3alpha v0.0.0-20250903005441-604c45d5b44b // indirect - deps.dev/util/maven v0.0.0-20250917073939-6ff3dd7d2eea // indirect + deps.dev/api/v3 v3.0.0-20251104021112-20ad94767ddf // indirect + deps.dev/api/v3alpha v0.0.0-20251104021112-20ad94767ddf // indirect + deps.dev/util/maven v0.0.0-20251104021112-20ad94767ddf // indirect deps.dev/util/pypi v0.0.0-20250903005441-604c45d5b44b // indirect - deps.dev/util/resolve v0.0.0-20250917073939-6ff3dd7d2eea // indirect - deps.dev/util/semver v0.0.0-20250917073939-6ff3dd7d2eea // indirect + deps.dev/util/resolve v0.0.0-20251104021112-20ad94767ddf // indirect + deps.dev/util/semver v0.0.0-20251104021112-20ad94767ddf // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa // indirect github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect @@ -119,10 +119,10 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-containerregistry v0.20.6 // indirect - github.com/google/osv-scalibr v0.3.7-0.20251023161426-90e9ac9cc1b3 // indirect + github.com/google/osv-scalibr v0.3.7-0.20251118161533-ed0917ecede1 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/gopherjs/gopherjs v1.17.2 // indirect github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b // indirect @@ -152,7 +152,7 @@ require ( github.com/opencontainers/image-spec v1.1.1 // indirect github.com/opencontainers/runtime-spec v1.2.1 // indirect github.com/opencontainers/selinux v1.13.0 // indirect - github.com/owenrumney/go-sarif/v3 v3.2.3 // indirect + github.com/owenrumney/go-sarif/v3 v3.3.0 // indirect github.com/pandatix/go-cvss v0.6.2 // indirect github.com/pierrec/lz4/v4 v4.1.17 // indirect github.com/pjbgf/sha1cd v0.4.0 // indirect @@ -191,19 +191,19 @@ require ( github.com/yusufpapurcu/wmi v1.2.4 // indirect go.etcd.io/bbolt v1.4.2 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect - go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect + go.opentelemetry.io/otel v1.38.0 // indirect + go.opentelemetry.io/otel/metric v1.38.0 // indirect + go.opentelemetry.io/otel/trace v1.38.0 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.17.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/net v0.47.0 // indirect - golang.org/x/oauth2 v0.32.0 // indirect + golang.org/x/oauth2 v0.33.0 // indirect golang.org/x/sys v0.38.0 // indirect golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8 // indirect golang.org/x/text v0.31.0 // indirect @@ -212,9 +212,9 @@ require ( golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect gonum.org/v1/gonum v0.16.0 // indirect google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda // indirect - google.golang.org/grpc v1.76.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect + google.golang.org/grpc v1.77.0 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/neurosnap/sentences.v1 v1.0.7 // indirect @@ -223,8 +223,8 @@ require ( modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect modernc.org/sqlite v1.38.0 // indirect - osv.dev/bindings/go v0.0.0-20251013010847-b847e93bd9b0 // indirect - sigs.k8s.io/yaml v1.5.0 // indirect + osv.dev/bindings/go v0.0.0-20251114023950-43ef4fb673ff // indirect + sigs.k8s.io/yaml v1.6.0 // indirect www.velocidex.com/golang/go-ntfs v0.2.0 // indirect www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7 // indirect ) diff --git a/go.sum b/go.sum index fc24f440..3f6e73bd 100644 --- a/go.sum +++ b/go.sum @@ -17,18 +17,18 @@ cyphar.com/go-pathrs v0.2.1 h1:9nx1vOgwVvX1mNBWDu93+vaceedpbsDqo+XuBGL40b8= cyphar.com/go-pathrs v0.2.1/go.mod h1:y8f1EMG7r+hCuFf/rXsKqMJrJAUoADZGNh5/vZPKcGc= dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8= dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA= -deps.dev/api/v3 v3.0.0-20250917073939-6ff3dd7d2eea h1:kyKkITzeRX659i4FwCAJrqreUxKap7jbR9CS8ViwBeA= -deps.dev/api/v3 v3.0.0-20250917073939-6ff3dd7d2eea/go.mod h1:MntdDuD/RI8T19XT1AG/4ymbtIbjWJDQdqc+oT0Wmp4= -deps.dev/api/v3alpha v0.0.0-20250903005441-604c45d5b44b h1:iXre7CzhkmdmzAdiOi+u/Yk1iDMI9SYlFEnXgJd5Rnk= -deps.dev/api/v3alpha v0.0.0-20250903005441-604c45d5b44b/go.mod h1:CJqVceLEA55Tu9QwNoaUX4HhvzRQnYjCL1jUdw/rhPQ= -deps.dev/util/maven v0.0.0-20250917073939-6ff3dd7d2eea h1:z7rc677/VSowKnxEBvj1S4XXihsB7VbHP2+Gw0vuSCM= -deps.dev/util/maven v0.0.0-20250917073939-6ff3dd7d2eea/go.mod h1:eGrXziwI7scSGrwIj+5EBHtTeSxAZD/yi8Hb3nFXesA= +deps.dev/api/v3 v3.0.0-20251104021112-20ad94767ddf h1:nkUb2gSz1MewB2a3AWNDUHTkGMzZr2rf+cBcxb0i27E= +deps.dev/api/v3 v3.0.0-20251104021112-20ad94767ddf/go.mod h1:MntdDuD/RI8T19XT1AG/4ymbtIbjWJDQdqc+oT0Wmp4= +deps.dev/api/v3alpha v0.0.0-20251104021112-20ad94767ddf h1:gJT/Wg5tCnSdoUb1nKHRu9aRbCOkdVZiYAzR0J+tcH0= +deps.dev/api/v3alpha v0.0.0-20251104021112-20ad94767ddf/go.mod h1:0yskUBLVTOXiUGJeGMm/fu91hEIwlPjtkGmT/aGpvUA= +deps.dev/util/maven v0.0.0-20251104021112-20ad94767ddf h1:wfFm9buQJGKco1/uIlFpq9QKMhN5f8PA0f5vOK1u54M= +deps.dev/util/maven v0.0.0-20251104021112-20ad94767ddf/go.mod h1:eGrXziwI7scSGrwIj+5EBHtTeSxAZD/yi8Hb3nFXesA= deps.dev/util/pypi v0.0.0-20250903005441-604c45d5b44b h1:67FfxwUt82PEMle2FKlW4DZvzcfSODDoTnSGOT1bYtY= deps.dev/util/pypi v0.0.0-20250903005441-604c45d5b44b/go.mod h1:qmA0z/Lsfa1FMtuLd9JmVZLMHR3GBX/EmbM6z1X3EDU= -deps.dev/util/resolve v0.0.0-20250917073939-6ff3dd7d2eea h1:G1Z4ENGQYpmXQWZ5lZhRuy6mWb44pcp30JytYqzvrFk= -deps.dev/util/resolve v0.0.0-20250917073939-6ff3dd7d2eea/go.mod h1:KTvVyZikz2Vcjl5qOblwBvuAXCkeQKjpO7y754qeyNc= -deps.dev/util/semver v0.0.0-20250917073939-6ff3dd7d2eea h1:auC4QuBVwiKKgHuyV5OJe7iRA9Bq5qF7Xi5wxs7PdZE= -deps.dev/util/semver v0.0.0-20250917073939-6ff3dd7d2eea/go.mod h1:jjJweVqtuMQ7Q4zlTQ/kCHpboojkRvpMYlhy/c93DVU= +deps.dev/util/resolve v0.0.0-20251104021112-20ad94767ddf h1:8Tr+SWj9HUtf2f1xN+1J2OxQ9qM+FZRPm6hNF0dkkFI= +deps.dev/util/resolve v0.0.0-20251104021112-20ad94767ddf/go.mod h1:KTvVyZikz2Vcjl5qOblwBvuAXCkeQKjpO7y754qeyNc= +deps.dev/util/semver v0.0.0-20251104021112-20ad94767ddf h1:c3j3OQCIj7E4IgO4jqVj7f81zKfVbjuvkAmENXo8gGs= +deps.dev/util/semver v0.0.0-20251104021112-20ad94767ddf/go.mod h1:jjJweVqtuMQ7Q4zlTQ/kCHpboojkRvpMYlhy/c93DVU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa h1:x6kFzdPgBoLbyoNkA/jny0ENpoEz4wqY8lPTQL2DPkg= @@ -77,8 +77,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls= -github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0= +github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4= github.com/compose-spec/compose-go/v2 v2.8.1 h1:27O4dzyhiS/UEUKp1zHOHCBWD1WbxGsYGMNNaSejTk4= github.com/compose-spec/compose-go/v2 v2.8.1/go.mod h1:veko/VB7URrg/tKz3vmIAQDaz+CGiXH8vZsW79NmAww= github.com/containerd/cgroups/v3 v3.0.5 h1:44na7Ud+VwyE7LIoJ8JTNQOa549a8543BmzaJHo6Bzo= @@ -165,9 +165,9 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.13.4 h1:zEqyPVyku6IvWCFwux4x9RxkLOMUL+1vC9xUFv5l2/M= -github.com/envoyproxy/go-control-plane/envoy v1.32.4 h1:jb83lalDRZSpPWW2Z7Mck/8kXZ5CQAFYVjQcdVIr83A= -github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw= +github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329 h1:K+fnvUM0VZ7ZFJf0n4L/BRlnsb9pL/GuDG6FqaH+PwM= +github.com/envoyproxy/go-control-plane/envoy v1.35.0 h1:ixjkELDE+ru6idPxcHLj8LBVc2bFP7iBytj353BoHUo= +github.com/envoyproxy/go-control-plane/envoy v1.35.0/go.mod h1:09qwbGVuSWWAyN5t/b3iyVfz5+z8QWGrzkoqm/8SbEs= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8= github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU= @@ -254,10 +254,10 @@ github.com/google/go-containerregistry v0.20.6 h1:cvWX87UxxLgaH76b4hIvya6Dzz9qHB github.com/google/go-containerregistry v0.20.6/go.mod h1:T0x8MuoAoKX/873bkeSfLD2FAkwCDf9/HZgsFJ02E2Y= github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932 h1:5/4TSDzpDnHQ8rKEEQBjRlYx77mHOvXu08oGchxej7o= github.com/google/go-cpy v0.0.0-20211218193943-a9c933c06932/go.mod h1:cC6EdPbj/17GFCPDK39NRarlMI+kt+O60S12cNB5J9Y= -github.com/google/osv-scalibr v0.3.7-0.20251023161426-90e9ac9cc1b3 h1:JNLsaIi+lHdzsKoxcDmMBZCbE/qKi/mt9N3eQRxrThc= -github.com/google/osv-scalibr v0.3.7-0.20251023161426-90e9ac9cc1b3/go.mod h1:XN3PWSKiShu3MXb+9nGtwLGHWXarZ/0lfbovOhPKTRc= -github.com/google/osv-scanner/v2 v2.2.4 h1:VMaaQ+ZlMPxeIVNa9+Gnabac89+QvUsDWCMv4jfNhDY= -github.com/google/osv-scanner/v2 v2.2.4/go.mod h1:283VGGCrxkTa54P0FArsparfNzHdllI5UH4DwlLhobs= +github.com/google/osv-scalibr v0.3.7-0.20251118161533-ed0917ecede1 h1:ORtXAjEo6xCsJnH5G+YxK61B5+KCwxEc45we2upW55Q= +github.com/google/osv-scalibr v0.3.7-0.20251118161533-ed0917ecede1/go.mod h1:9Ze2W6nQmu1WX2s95ezOAVZhPDbcA6ZGuEHgFT/sQEU= +github.com/google/osv-scanner/v2 v2.3.0 h1:7TD7a+LcBvtKKuTG4yY4t+BVgF0H7wQwAHwJ46BIMT0= +github.com/google/osv-scanner/v2 v2.3.0/go.mod h1:5Ug5U9D7h2hkd7GzqBK5xmmESah2uEKvmfv2wa5FD1U= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6 h1:BHT72Gu3keYf3ZEu2J0b1vyeLSOYI8bm5wbJM/8yDe8= github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= @@ -265,28 +265,28 @@ github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= -github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= +github.com/googleapis/enterprise-certificate-proxy v0.3.7 h1:zrn2Ee/nWmHulBx5sAVrGgAa0f2/R35S4DJwfFaUPFQ= +github.com/googleapis/enterprise-certificate-proxy v0.3.7/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g= github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k= github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 h1:e9Rjr40Z98/clHv5Yg79Is0NtosR5LXRvdr7o/6NwbA= github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1/go.mod h1:tIxuGz/9mpox++sgp9fJjHO0+q1X9/UOWd798aAm22M= -github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= -github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.8.0 h1:KAkNb1HAiZd1ukkxDFGmokVZe1Xy9HG6NUp+bPle2i4= +github.com/hashicorp/go-version v1.8.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b h1:Jdu2tbAxkRouSILp2EbposIb8h4gO+2QuZEn3d9sKAc= github.com/hhatto/gorst v0.0.0-20181029133204-ca9f730cac5b/go.mod h1:HmaZGXHdSwQh1jnUlBGN2BeEYOHACLVGzYOXCbsLvxY= -github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5 h1:QCtizt3VTaANvnsd8TtD/eonx7JLIVdEKW1//ZNPZ9A= -github.com/ianlancetaylor/demangle v0.0.0-20250628045327-2d64ad6b7ec5/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= +github.com/ianlancetaylor/demangle v0.0.0-20251114061303-68c556c8ce09 h1:FWaBv/PULhTydARCwlBkktgP6wlUMMpdk4Q+8WjpMDM= +github.com/ianlancetaylor/demangle v0.0.0-20251114061303-68c556c8ce09/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2A= github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jdkato/prose v1.2.1 h1:Fp3UnJmLVISmlc57BgKUzdjr0lOtjqTZicL3PaYy6cU= github.com/jdkato/prose v1.2.1/go.mod h1:AiRHgVagnEx2JbQRQowVBKjG0bcs/vtkGCH1dYAL1rA= -github.com/jedib0t/go-pretty/v6 v6.6.8 h1:JnnzQeRz2bACBobIaa/r+nqjvws4yEhcmaZ4n1QzsEc= -github.com/jedib0t/go-pretty/v6 v6.6.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= +github.com/jedib0t/go-pretty/v6 v6.7.2 h1:EYWgQNIH/+JsyHki7ns9OHyBKuHPkzrBo02uYjran7w= +github.com/jedib0t/go-pretty/v6 v6.7.2/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -366,10 +366,10 @@ github.com/opencontainers/runtime-spec v1.2.1 h1:S4k4ryNgEpxW1dzyqffOmhI1BHYcjzU github.com/opencontainers/runtime-spec v1.2.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84= github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s= -github.com/ossf/osv-schema/bindings/go v0.0.0-20251012234424-434020c6442f h1:0AlxQEA7JATli/nATcQ66fAASlokay8Qpcdjhqxd1gU= -github.com/ossf/osv-schema/bindings/go v0.0.0-20251012234424-434020c6442f/go.mod h1:/ypmJBpoMvgNp4g93snzyYoyIPmZfLdSiGn/Vq07Dfo= -github.com/owenrumney/go-sarif/v3 v3.2.3 h1:n6mdX5ugKwCrZInvBsf6WumXmpAe3mbmQXgkXlIq34U= -github.com/owenrumney/go-sarif/v3 v3.2.3/go.mod h1:1bV7t8SZg7pX41spaDkEUs8/yEjzk9JapztMoX1XNjg= +github.com/ossf/osv-schema/bindings/go v0.0.0-20251112210320-9fb6c8870ac1 h1:fF/6qqzxrH95PZ2essZJOSFX40EMFhrMlN7Tm92ithY= +github.com/ossf/osv-schema/bindings/go v0.0.0-20251112210320-9fb6c8870ac1/go.mod h1:Eo7R19vlnflsCRdHW1ynyNUyoRwxdaTmTWD9MtKnJTc= +github.com/owenrumney/go-sarif/v3 v3.3.0 h1:p5oSxEV0uPWBRpAspTmwWr4t1YZyKUpdoFzSB7WE90A= +github.com/owenrumney/go-sarif/v3 v3.3.0/go.mod h1:72MaugkExDexbSauRuPq6BvUAAqAX0TwoNYMIQyZCMw= github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoXLtmE3I0PLs= github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0= github.com/pandatix/go-cvss v0.6.2 h1:TFiHlzUkT67s6UkelHmK6s1INKVUG7nlKYiWWDTITGI= @@ -504,26 +504,26 @@ go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I= go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0 h1:Hf9xI/XLML9ElpiHVDNwvqI0hIFlzV8dgIr35kV1kRU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0/go.mod h1:NfchwuyNoMcZ5MLHwPrODwUF1HWCXWrL31s8gSAdIKY= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8= +go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA= +go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI= +go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E= +go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg= +go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM= +go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA= +go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE= +go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= @@ -553,8 +553,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -572,8 +572,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= -golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo= +golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -642,8 +642,8 @@ golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhS golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/api v0.255.0 h1:OaF+IbRwOottVCYV2wZan7KUq7UeNUQn1BcPc4K7lE4= -google.golang.org/api v0.255.0/go.mod h1:d1/EtvCLdtiWEV4rAEHDHGh2bCnqsWhw+M8y2ECN4a8= +google.golang.org/api v0.257.0 h1:8Y0lzvHlZps53PEaw+G29SsQIkuKrumGWs9puiexNAA= +google.golang.org/api v0.257.0/go.mod h1:4eJrr+vbVaZSqs7vovFd1Jb/A6ml6iw2e6FBYf3GAO4= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -651,17 +651,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 h1:FGOcxvKlJgRBVbXeugjljCfCgfKWhC42FBoYmTCWVBs= google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:249YoW4b1INqFTEop2T4aJgiO7UBYJrpejsaLvjWfI8= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= -google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda h1:i/Q+bfisr7gq6feoJnS/DlpdwEL4ihp41fvRiM3Ork0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20251029180050-ab9386a59fda/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba h1:B14OtaXuMaCQsl2deSvNkyPKIzq3BjfxQp8d00QyWx4= +google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:G5IanEx8/PgI9w6CFcYQf7jMtHQhZruvfM1i3qOqk5U= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 h1:Wgl1rcDNThT+Zn47YyCXOXyX/COgMTIdhJ717F0l4xk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= -google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= +google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM= +google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -722,11 +722,11 @@ modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= -osv.dev/bindings/go v0.0.0-20251013010847-b847e93bd9b0 h1:Ifkkko1GPrSnkoexWdoJXpQDta+JCq/KLfyHpTHEmcE= -osv.dev/bindings/go v0.0.0-20251013010847-b847e93bd9b0/go.mod h1:rdPwQuPQTR0mCfqasd9g0UYFuHWD/iXmj1E+YXuGYeg= +osv.dev/bindings/go v0.0.0-20251114023950-43ef4fb673ff h1:rBk7aciamrO4wjk3xuuUfLNF3h3TuKo6eVeSRzU95gk= +osv.dev/bindings/go v0.0.0-20251114023950-43ef4fb673ff/go.mod h1:NSdi/R28AELq9e2S7aOP4wV3bwxWaFvjL0cxbeDtrls= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -sigs.k8s.io/yaml v1.5.0 h1:M10b2U7aEUY6hRtU870n2VTPgR5RZiL/I6Lcc2F4NUQ= -sigs.k8s.io/yaml v1.5.0/go.mod h1:wZs27Rbxoai4C0f8/9urLZtZtF3avA3gKvGyPdDqTO4= +sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= +sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= www.velocidex.com/golang/go-ntfs v0.2.0 h1:JLS4hOQLupiVzo+1z4Xb8AZyIaXHDmiGnKyoM/bRYq0= www.velocidex.com/golang/go-ntfs v0.2.0/go.mod h1:itvbHQcnLdTVIDY6fI3lR0zeBwXwBYBdUFtswE0x1vc= www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7 h1:BMX/37sYwX+8JhHt+YNbPfbx7dXG1w1L1mXonNBtjt0= From 6b90174e9abe016ae57a4d6c1d84b691e5ea6195 Mon Sep 17 00:00:00 2001 From: Esteban Beltran Date: Fri, 19 Dec 2025 13:24:01 +0100 Subject: [PATCH 2/3] fix dep type change --- pkg/analysis/passes/osvscanner/osvscanner.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/analysis/passes/osvscanner/osvscanner.go b/pkg/analysis/passes/osvscanner/osvscanner.go index 11595cd1..6d0e7809 100644 --- a/pkg/analysis/passes/osvscanner/osvscanner.go +++ b/pkg/analysis/passes/osvscanner/osvscanner.go @@ -129,8 +129,12 @@ func run(pass *analysis.Pass) (interface{}, error) { aliases := strings.Join(aVulnerability.Aliases, " ") // make sure this key exists severity := "n/a" - if val, ok := aVulnerability.DatabaseSpecific["severity"]; ok { - severity = val.(string) + if aVulnerability.DatabaseSpecific != nil { + if fields := aVulnerability.DatabaseSpecific.GetFields(); fields != nil { + if val, ok := fields["severity"]; ok { + severity = val.GetStringValue() + } + } } message := fmt.Sprintf("SEVERITY: %s in package %s, vulnerable to %s", severity, aPackage.Package.Name, aliases) // prevent duplicate messages From dc1e0960d09a71ba80f39f768ad3ea0c00d58d89 Mon Sep 17 00:00:00 2001 From: Esteban Beltran Date: Fri, 19 Dec 2025 14:36:19 +0100 Subject: [PATCH 3/3] fix tests for deps updates --- .../passes/osvscanner/osvscanner_test.go | 88 +++++++++++-------- 1 file changed, 52 insertions(+), 36 deletions(-) diff --git a/pkg/analysis/passes/osvscanner/osvscanner_test.go b/pkg/analysis/passes/osvscanner/osvscanner_test.go index 63da4446..4dcacdfc 100644 --- a/pkg/analysis/passes/osvscanner/osvscanner_test.go +++ b/pkg/analysis/passes/osvscanner/osvscanner_test.go @@ -8,6 +8,7 @@ import ( "github.com/google/osv-scanner/v2/pkg/models" "github.com/ossf/osv-schema/bindings/go/osvschema" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/structpb" "github.com/grafana/plugin-validator/pkg/analysis" "github.com/grafana/plugin-validator/pkg/analysis/passes/archive" @@ -27,54 +28,66 @@ var mockedDoScanInternal = func(lockPath string) (models.VulnerabilityResults, e pkg := models.PackageVulns{ Package: models.PackageInfo{Name: "fake-package"}, Groups: []models.GroupInfo{group}, - Vulnerabilities: []osvschema.Vulnerability{ + Vulnerabilities: []*osvschema.Vulnerability{ { - ID: "CVE-2020-1234", - Severity: []osvschema.Severity{ + Id: "CVE-2020-1234", + Severity: []*osvschema.Severity{ { - Type: osvschema.SeverityType("critical"), - Score: "1", + Type: osvschema.Severity_CVSS_V3, + Score: "9.0", }, }, - DatabaseSpecific: map[string]interface{}{ - "severity": SeverityCritical, - }, + DatabaseSpecific: func() *structpb.Struct { + s, _ := structpb.NewStruct(map[string]interface{}{ + "severity": SeverityCritical, + }) + return s + }(), }, { - ID: "CVE-2021-1234", - Severity: []osvschema.Severity{ + Id: "CVE-2021-1234", + Severity: []*osvschema.Severity{ { - Type: osvschema.SeverityType("high"), - Score: "1", + Type: osvschema.Severity_CVSS_V3, + Score: "7.5", }, }, - DatabaseSpecific: map[string]interface{}{ - "severity": SeverityHigh, - }, + DatabaseSpecific: func() *structpb.Struct { + s, _ := structpb.NewStruct(map[string]interface{}{ + "severity": SeverityHigh, + }) + return s + }(), }, { - ID: "CVE-2022-1234", - Severity: []osvschema.Severity{ + Id: "CVE-2022-1234", + Severity: []*osvschema.Severity{ { - Type: osvschema.SeverityType("moderate"), - Score: "1", + Type: osvschema.Severity_CVSS_V3, + Score: "5.0", }, }, - DatabaseSpecific: map[string]interface{}{ - "severity": SeverityModerate, - }, + DatabaseSpecific: func() *structpb.Struct { + s, _ := structpb.NewStruct(map[string]interface{}{ + "severity": SeverityModerate, + }) + return s + }(), }, { - ID: "CVE-2023-1234", - Severity: []osvschema.Severity{ + Id: "CVE-2023-1234", + Severity: []*osvschema.Severity{ { - Type: osvschema.SeverityType("low"), - Score: "1", + Type: osvschema.Severity_CVSS_V3, + Score: "3.0", }, }, - DatabaseSpecific: map[string]interface{}{ - "severity": SeverityLow, - }, + DatabaseSpecific: func() *structpb.Struct { + s, _ := structpb.NewStruct(map[string]interface{}{ + "severity": SeverityLow, + }) + return s + }(), }, }, } @@ -210,18 +223,21 @@ func TestOSVScannerWhitelistedPackage(t *testing.T) { pkg := models.PackageVulns{ Package: models.PackageInfo{Name: "playwright", Version: "1.55.0"}, Groups: []models.GroupInfo{group}, - Vulnerabilities: []osvschema.Vulnerability{ + Vulnerabilities: []*osvschema.Vulnerability{ { - ID: "CVE-2024-PLAYWRIGHT-001", - Severity: []osvschema.Severity{ + Id: "CVE-2024-PLAYWRIGHT-001", + Severity: []*osvschema.Severity{ { - Type: osvschema.SeverityType("high"), + Type: osvschema.Severity_CVSS_V3, Score: "7.5", }, }, - DatabaseSpecific: map[string]interface{}{ - "severity": SeverityHigh, - }, + DatabaseSpecific: func() *structpb.Struct { + s, _ := structpb.NewStruct(map[string]interface{}{ + "severity": SeverityHigh, + }) + return s + }(), }, }, }