chore(deps): update workflows #4534
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
forking-renovate
bot
added
the
dependencies
renovate-bot
force-pushed
the
renovate/workflows
branch
from
368c583 to
a4aec3c
Compare
jess-lowe
approved these changes
Jan 7, 2026
kizuna-lek
added a commit
to apecloud/osv.dev
that referenced
this pull request
Jan 8, 2026
* docs: Update REST API docs to clarify HEAD request (#4565) * feat: migrate sitemap generation (#4487) Migrated sitemap generation to Go & away from Bug entities. Had to use the entire vulnerability records from GCS in order to chunk them by ecosystem, which is going to make it quite a bit slower from having to download the entirety of all the files (it only runs once per day anyway so it's probably no big deal). I *could* make it faster by using the `Vulnerability` entities from datastore, but those don't have the ecosystems attached to them. The `ListedVulnerability` does have the ecosystems, but not the modified dates :upside_down_face: (and don't have the withdrawn vulnerabilities). Some improvements: the sitemap now splits large ecosystems into multiple pages (instead of truncating the vulnerabilities), and withdrawn vulnerabilities are now included in the sitemap (since they do actually have pages you can visit on osv.dev) * chore(deps): update alpine:3.23 docker digest to 865b95f (#4526) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine | final | digest | `51183f2` → `865b95f` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update gcp/api/googleapis digest to d4a34bf (#4527) This PR contains the following updates: | Package | Update | Change | |---|---|---| | gcp/api/googleapis | digest | `1496716` → `d4a34bf` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update github.com/ossf/osv-schema/bindings/go digest to 88c4875 (#4531) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update google.golang.org/genproto/googleapis/api digest to 0a764e5 (#4532) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/api](https://redirect.github.com/googleapis/go-genproto) | require | digest | `97cd9d5` → `0a764e5` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update golang:1.25.5-alpine docker digest to ac09a5f (#4528) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang | stage | digest | `2611181` → `ac09a5f` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): update indexer (#4535) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/storage](https://redirect.github.com/googleapis/google-cloud-go) | `v1.57.2` → `v1.58.0` |  |  | | [golang.org/x/sync](https://pkg.go.dev/golang.org/x/sync) | [`v0.18.0` → `v0.19.0`](https://cs.opensource.google/go/x/sync/+/refs/tags/v0.18.0...refs/tags/v0.19.0) |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.257.0` → `v0.259.0` |  |  | --- ### Release Notes <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) ##### ⚠ BREAKING CHANGES - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ##### Features - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) ##### Bug Fixes - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) ##### Miscellaneous Chores - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) ### [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix: introduced '>' operator not being parsed (#4573) While a "> 1.x", '>' is technically not correct, as it would say that the value given is the version before the vuln is introduced, it is still a better range to accept than resorting to introduced = 0. This should handle this case: https://github.com/google/osv.dev/issues/4569 * chore(deps): update workflows (#4534) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.5.0` → `v5.6.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.31.6` → `v3.31.9` | | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | patch | `v7.0.9` → `v7.0.11` | --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5.6.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.6.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.5.0...v5.6.0) ##### What's Changed - Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​689](https://redirect.github.com/actions/setup-go/pull/689) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.6.0> </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.31.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.8...v3.31.9) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.31.9 - 16 Dec 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.9/CHANGELOG.md) for more information. ### [`v3.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.7...v3.31.8) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.31.8 - 11 Dec 2025 - Update default CodeQL bundle version to 2.23.8. [#​3354](https://redirect.github.com/github/codeql-action/pull/3354) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.8/CHANGELOG.md) for more information. ### [`v3.31.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.6...v3.31.7) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.31.7 - 05 Dec 2025 - Update default CodeQL bundle version to 2.23.7. [#​3343](https://redirect.github.com/github/codeql-action/pull/3343) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.7/CHANGELOG.md) for more information. </details> <details> <summary>peter-evans/create-pull-request (peter-evans/create-pull-request)</summary> ### [`v7.0.11`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.11): Create Pull Request v7.0.11 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11) ##### What's Changed - fix: restrict remote prune to self-hosted runners by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4250](https://redirect.github.com/peter-evans/create-pull-request/pull/4250) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11> ### [`v7.0.10`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.10): Create Pull Request v7.0.10 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10) ⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent. ##### What's Changed - build(deps): bump the github-actions group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4235](https://redirect.github.com/peter-evans/create-pull-request/pull/4235) - build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4240](https://redirect.github.com/peter-evans/create-pull-request/pull/4240) - fix: provider list pulls fallback for multi fork same owner by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4245](https://redirect.github.com/peter-evans/create-pull-request/pull/4245) ##### New Contributors - [@​obnyis](https://redirect.github.com/obnyis) made their first contribution in [#​4064](https://redirect.github.com/peter-evans/create-pull-request/pull/4064) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4536) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance workers (#4537) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `==1.19.0` → `==1.19.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>libgit2/pygit2 (pygit2)</summary> ### [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): lock file maintenance osv-lib (#4538) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `1.19.0` → `1.19.1` |  |  | | [vcrpy](https://redirect.github.com/kevin1024/vcrpy) | dev | patch | `8.1.0` → `8.1.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>libgit2/pygit2 (pygit2)</summary> ### [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> <details> <summary>kevin1024/vcrpy (vcrpy)</summary> ### [`v8.1.1`](https://redirect.github.com/kevin1024/vcrpy/releases/tag/v8.1.1) [Compare Source](https://redirect.github.com/kevin1024/vcrpy/compare/v8.1.0...v8.1.1) #### What's Changed - Fix sync requests in async contexts for HTTPX ([#​965](https://redirect.github.com/kevin1024/vcrpy/issues/965)) - thanks [@​seowalex](https://redirect.github.com/seowalex) - CI: bump peter-evans/create-pull-request from 7 to 8 ([#​969](https://redirect.github.com/kevin1024/vcrpy/issues/969)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4539) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance functions (#4541) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-cloud-secret-manager](https://redirect.github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-secret-manager) ([source](https://redirect.github.com/googleapis/google-cloud-python)) | project.dependencies | minor | `==2.25.0` → `==2.26.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>googleapis/google-cloud-python (google-cloud-secret-manager)</summary> ### [`v2.26.0`](https://redirect.github.com/googleapis/google-cloud-python/releases/tag/google-cloud-secret-manager-v2.26.0): google-cloud-secret-manager 2.26.0 [Compare Source](https://redirect.github.com/googleapis/google-cloud-python/compare/google-cloud-secret-manager-v2.25.0...google-cloud-secret-manager-v2.26.0) ##### Features - check Python and dependency versions in generated GAPICs (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) - auto-enable mTLS when supported certificates are detected (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): lock file maintenance vulnfeeds (#4545) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` |  |  | | golang | stage | digest | `2611181` → `ac09a5f` | | | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> ### [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) #### What's Changed - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) ##### ⚠ BREAKING CHANGES - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ##### Features - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) ##### Bug Fixes - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) ##### Miscellaneous Chores - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) ### [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-backend (#4542) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-auth](https://redirect.github.com/googleapis/google-auth-library-python) | project.dependencies | minor | `==2.45.0` → `==2.47.0` |  |  | | [google-cloud-storage](https://redirect.github.com/googleapis/python-storage) | project.dependencies | minor | `==2.18.2` → `==2.19.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>googleapis/google-auth-library-python (google-auth)</summary> ### [`v2.47.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2470-2026-01-06) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.46.0...v2.47.0) ##### Features - drop `cachetools` dependency in favor of simple local implementation ([#​1590](https://redirect.github.com/googleapis/google-auth-library-python/issues/1590)) ([5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4](https://redirect.github.com/googleapis/google-auth-library-python/commit/5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)) ##### Bug Fixes - Python 3.8 support ([#​1918](https://redirect.github.com/googleapis/google-auth-library-python/issues/1918)) ([60dc20014a35ec4ba71e8065b9a33ecbdbeca97a](https://redirect.github.com/googleapis/google-auth-library-python/commit/60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)) ### [`v2.46.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2460-2026-01-05) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.45.0...v2.46.0) ##### Documentation - update urllib3 docstrings for v2 compatibility ([#​1903](https://redirect.github.com/googleapis/google-auth-library-python/issues/1903)) ([3f1aeea2d1014ea1d244a4c3470e52d74d55404b](https://redirect.github.com/googleapis/google-auth-library-python/commit/3f1aeea2d1014ea1d244a4c3470e52d74d55404b)) ##### Features - Recognize workload certificate config in has\_default\_client\_cert\_source for mTLS for Agentic Identities ([#​1907](https://redirect.github.com/googleapis/google-auth-library-python/issues/1907)) ([0b9107d573123e358c347ffa067637f992af61b4](https://redirect.github.com/googleapis/google-auth-library-python/commit/0b9107d573123e358c347ffa067637f992af61b4)) ##### Bug Fixes - add types to default and verify\_token and Request **init** based on comments in the source code. ([#​1588](https://redirect.github.com/googleapis/google-auth-library-python/issues/1588)) ([59a5f588f7793b59d923a4185c8c07738da618f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/59a5f588f7793b59d923a4185c8c07738da618f7)) - fix the document of secure\_authorized\_session ([#​1536](https://redirect.github.com/googleapis/google-auth-library-python/issues/1536)) ([5d0014707fc359782df5ccfcaa75fd372fe9dce3](https://redirect.github.com/googleapis/google-auth-library-python/commit/5d0014707fc359782df5ccfcaa75fd372fe9dce3)) - remove setup.cfg configuration for creating universal wheels ([#​1693](https://redirect.github.com/googleapis/google-auth-library-python/issues/1693)) ([c767531ce05a89002d109f595187aff1fcaacfb7](https://redirect.github.com/googleapis/google-auth-library-python/commit/c767531ce05a89002d109f595187aff1fcaacfb7)) - use .read() instead of .content.read() in aiohttp transport ([#​1899](https://redirect.github.com/googleapis/google-auth-library-python/issues/1899)) ([12f4470f808809e8abf1141f98d88ab720c3899b](https://redirect.github.com/googleapis/google-auth-library-python/commit/12f4470f808809e8abf1141f98d88ab720c3899b)) - raise RefreshError for missing token in impersonated credentials ([#​1897](https://redirect.github.com/googleapis/google-auth-library-python/issues/1897)) ([94d04e090fdfc61926dd32bc1d65f8820b9cede5](https://redirect.github.com/googleapis/google-auth-library-python/commit/94d04e090fdfc61926dd32bc1d65f8820b9cede5)) - Fix test coverage for mtls\_helper ([#​1886](https://redirect.github.com/googleapis/google-auth-library-python/issues/1886)) ([02e71631fe275d93825c2e957e830773e75133f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/02e71631fe275d93825c2e957e830773e75133f7)) </details> <details> <summary>googleapis/python-storage (google-cloud-storage)</summary> ### [`v2.19.0`](https://redirect.github.com/googleapis/python-storage/blob/HEAD/CHANGELOG.md#2190-2024-11-21) [Compare Source](https://redirect.github.com/googleapis/python-storage/compare/v2.18.2...v2.19.0) ##### Features - Add integration test for universe domain ([#​1346](https://redirect.github.com/googleapis/python-storage/issues/1346)) ([02a972d](https://redirect.github.com/googleapis/python-storage/commit/02a972d35fae6d05edfb26381f6a71e3b8f59d6d)) - Add restore\_bucket and handling for soft-deleted buckets ([#​1365](https://redirect.github.com/googleapis/python-storage/issues/1365)) ([ab94efd](https://redirect.github.com/googleapis/python-storage/commit/ab94efda83f68c974ec91d6b869b09047501031a)) - Add support for restore token ([#​1369](https://redirect.github.com/googleapis/python-storage/issues/1369)) ([06ed15b](https://redirect.github.com/googleapis/python-storage/commit/06ed15b33dc884da6dffbef5119e47f0fc4e1285)) - IAM signBlob retry and universe domain support ([#​1380](https://redirect.github.com/googleapis/python-storage/issues/1380)) ([abc8061](https://redirect.github.com/googleapis/python-storage/commit/abc80615ee00a14bc0e6b095252f6d1eb09c4b45)) ##### Bug Fixes - Allow signed post policy v4 with service account and token ([#​1356](https://redirect.github.com/googleapis/python-storage/issues/1356)) ([8ec02c0](https://redirect.github.com/googleapis/python-storage/commit/8ec02c0e656a4e6786f256798f4b93b95b50acec)) - Do not spam the log with checksum related INFO messages when downloading using transfer\_manager ([#​1357](https://redirect.github.com/googleapis/python-storage/issues/1357)) ([42392ef](https://redirect.github.com/googleapis/python-storage/commit/42392ef8e38527ce4e50454cdd357425b3f57c87)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-frontend (#4543) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [sass](https://redirect.github.com/sass/dart-sass) | devDependencies | patch | [`1.97.0` → `1.97.2`](https://renovatebot.com/diffs/npm/sass/1.97.0/1.97.2) |  |  | | [webpack](https://redirect.github.com/webpack/webpack) | devDependencies | patch | [`5.104.0` → `5.104.1`](https://renovatebot.com/diffs/npm/webpack/5.104.0/5.104.1) |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.97.2`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1972) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.1...1.97.2) - Additional fixes for implicit configuration when nested imports are involved. ### [`v1.97.1`](https://redirect.github.com/sass/dart-sass/compare/0c7083ac165fd30234c90a4342e7f7792a686c7d...62ec6627905c790405da06b5ee41955491733f52) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.0...1.97.1) </details> <details> <summary>webpack/webpack (webpack)</summary> ### [`v5.104.1`](https://redirect.github.com/webpack/webpack/blob/HEAD/CHANGELOG.md#51041) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.104.0...v5.104.1) ##### Patch Changes - [`2efd21b`](https://redirect.github.com/webpack/webpack/commit/2efd21b): Reexports runtime calculation should not accessing **WEBPACK\_IMPORT\_KEY** decl with var. - [`c510070`](https://redirect.github.com/webpack/webpack/commit/c510070): Fixed a user information bypass vulnerability in the HttpUriPlugin plugin. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): lock file maintenance tools (#4544) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Release Notes <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> ### [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) #### What's Changed - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) ##### ⚠ BREAKING CHANGES - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ##### Features - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) ##### Bug Fixes - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) ##### Miscellaneous Chores - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) ### [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): update gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine docker digest to 4bac65a (#4570) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Ple…
kizuna-lek
added a commit
to apecloud/osv.dev
that referenced
this pull request
Jan 8, 2026
* docs: Update REST API docs to clarify HEAD request (#4565) * feat: migrate sitemap generation (#4487) Migrated sitemap generation to Go & away from Bug entities. Had to use the entire vulnerability records from GCS in order to chunk them by ecosystem, which is going to make it quite a bit slower from having to download the entirety of all the files (it only runs once per day anyway so it's probably no big deal). I *could* make it faster by using the `Vulnerability` entities from datastore, but those don't have the ecosystems attached to them. The `ListedVulnerability` does have the ecosystems, but not the modified dates :upside_down_face: (and don't have the withdrawn vulnerabilities). Some improvements: the sitemap now splits large ecosystems into multiple pages (instead of truncating the vulnerabilities), and withdrawn vulnerabilities are now included in the sitemap (since they do actually have pages you can visit on osv.dev) * chore(deps): update alpine:3.23 docker digest to 865b95f (#4526) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | alpine | final | digest | `51183f2` → `865b95f` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update gcp/api/googleapis digest to d4a34bf (#4527) This PR contains the following updates: | Package | Update | Change | |---|---|---| | gcp/api/googleapis | digest | `1496716` → `d4a34bf` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update github.com/ossf/osv-schema/bindings/go digest to 88c4875 (#4531) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): update google.golang.org/genproto/googleapis/api digest to 0a764e5 (#4532) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [google.golang.org/genproto/googleapis/api](https://redirect.github.com/googleapis/go-genproto) | require | digest | `97cd9d5` → `0a764e5` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): update golang:1.25.5-alpine docker digest to ac09a5f (#4528) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang | stage | digest | `2611181` → `ac09a5f` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): update indexer (#4535) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [cloud.google.com/go/storage](https://redirect.github.com/googleapis/google-cloud-go) | `v1.57.2` → `v1.58.0` |  |  | | [golang.org/x/sync](https://pkg.go.dev/golang.org/x/sync) | [`v0.18.0` → `v0.19.0`](https://cs.opensource.google/go/x/sync/+/refs/tags/v0.18.0...refs/tags/v0.19.0) |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.257.0` → `v0.259.0` |  |  | --- <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix: introduced '>' operator not being parsed (#4573) While a "> 1.x", '>' is technically not correct, as it would say that the value given is the version before the vuln is introduced, it is still a better range to accept than resorting to introduced = 0. This should handle this case: https://github.com/google/osv.dev/issues/4569 * chore(deps): update workflows (#4534) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://redirect.github.com/actions/setup-go) | action | minor | `v5.5.0` → `v5.6.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.31.6` → `v3.31.9` | | [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) | action | patch | `v7.0.9` → `v7.0.11` | --- <details> <summary>actions/setup-go (actions/setup-go)</summary> [`v5.6.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.6.0) [Compare Source](https://redirect.github.com/actions/setup-go/compare/v5.5.0...v5.6.0) - Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [#​689](https://redirect.github.com/actions/setup-go/pull/689) **Full Changelog**: <https://github.com/actions/setup-go/compare/v5...v5.6.0> </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> [`v3.31.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.8...v3.31.9) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.9/CHANGELOG.md) for more information. [`v3.31.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.7...v3.31.8) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. - Update default CodeQL bundle version to 2.23.8. [#​3354](https://redirect.github.com/github/codeql-action/pull/3354) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.8/CHANGELOG.md) for more information. [`v3.31.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.31.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.31.6...v3.31.7) See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. - Update default CodeQL bundle version to 2.23.7. [#​3343](https://redirect.github.com/github/codeql-action/pull/3343) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.31.7/CHANGELOG.md) for more information. </details> <details> <summary>peter-evans/create-pull-request (peter-evans/create-pull-request)</summary> [`v7.0.11`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.11): Create Pull Request v7.0.11 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11) - fix: restrict remote prune to self-hosted runners by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4250](https://redirect.github.com/peter-evans/create-pull-request/pull/4250) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.10...v7.0.11> [`v7.0.10`](https://redirect.github.com/peter-evans/create-pull-request/releases/tag/v7.0.10): Create Pull Request v7.0.10 [Compare Source](https://redirect.github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10) ⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent. - build(deps): bump the github-actions group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4235](https://redirect.github.com/peter-evans/create-pull-request/pull/4235) - build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​4240](https://redirect.github.com/peter-evans/create-pull-request/pull/4240) - fix: provider list pulls fallback for multi fork same owner by [@​peter-evans](https://redirect.github.com/peter-evans) in [#​4245](https://redirect.github.com/peter-evans/create-pull-request/pull/4245) - [@​obnyis](https://redirect.github.com/obnyis) made their first contribution in [#​4064](https://redirect.github.com/peter-evans/create-pull-request/pull/4064) **Full Changelog**: <https://github.com/peter-evans/create-pull-request/compare/v7.0.9...v7.0.10> </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4536) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance workers (#4537) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `==1.19.0` → `==1.19.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>libgit2/pygit2 (pygit2)</summary> [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * chore(deps): lock file maintenance osv-lib (#4538) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [pygit2](https://redirect.github.com/libgit2/pygit2) ([changelog](https://redirect.github.com/libgit2/pygit2/blob/master/CHANGELOG.md)) | project.dependencies | patch | `1.19.0` → `1.19.1` |  |  | | [vcrpy](https://redirect.github.com/kevin1024/vcrpy) | dev | patch | `8.1.0` → `8.1.1` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>libgit2/pygit2 (pygit2)</summary> [`v1.19.1`](https://redirect.github.com/libgit2/pygit2/blob/HEAD/CHANGELOG.md#1191-2025-12-29) [Compare Source](https://redirect.github.com/libgit2/pygit2/compare/v1.19.0...v1.19.1) - Update wheels to libgit2 1.9.2 and OpenSSL 3.5 - Fix: now diff's getitem/iter returns `None` for unchanged or binary files [#​1412](https://redirect.github.com/libgit2/pygit2/pull/1412) - CI (macOS): arm, intel and pypy wheels (instead of universal) [#​1441](https://redirect.github.com/libgit2/pygit2/pull/1441) - CI (pypy): fix tests [#​1437](https://redirect.github.com/libgit2/pygit2/pull/1437) </details> <details> <summary>kevin1024/vcrpy (vcrpy)</summary> [`v8.1.1`](https://redirect.github.com/kevin1024/vcrpy/releases/tag/v8.1.1) [Compare Source](https://redirect.github.com/kevin1024/vcrpy/compare/v8.1.0...v8.1.1) - Fix sync requests in async contexts for HTTPX ([#​965](https://redirect.github.com/kevin1024/vcrpy/issues/965)) - thanks [@​seowalex](https://redirect.github.com/seowalex) - CI: bump peter-evans/create-pull-request from 7 to 8 ([#​969](https://redirect.github.com/kevin1024/vcrpy/issues/969)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance (#4539) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance functions (#4541) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-cloud-secret-manager](https://redirect.github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-secret-manager) ([source](https://redirect.github.com/googleapis/google-cloud-python)) | project.dependencies | minor | `==2.25.0` → `==2.26.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>googleapis/google-cloud-python (google-cloud-secret-manager)</summary> [`v2.26.0`](https://redirect.github.com/googleapis/google-cloud-python/releases/tag/google-cloud-secret-manager-v2.26.0): google-cloud-secret-manager 2.26.0 [Compare Source](https://redirect.github.com/googleapis/google-cloud-python/compare/google-cloud-secret-manager-v2.25.0...google-cloud-secret-manager-v2.26.0) - check Python and dependency versions in generated GAPICs (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) - auto-enable mTLS when supported certificates are detected (PiperOrigin-RevId: [`8454486`](https://redirect.github.com/googleapis/google-cloud-python/commit/845448683)) ([d2b35b25](https://redirect.github.com/googleapis/google-cloud-python/commit/d2b35b25)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjYuMTQiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> * fix(deps): lock file maintenance vulnfeeds (#4545) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [github.com/ossf/osv-schema/bindings/go](https://redirect.github.com/ossf/osv-schema) | require | digest | `c18cb69` → `88c4875` |  |  | | golang | stage | digest | `2611181` → `ac09a5f` | | | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-backend (#4542) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [google-auth](https://redirect.github.com/googleapis/google-auth-library-python) | project.dependencies | minor | `==2.45.0` → `==2.47.0` |  |  | | [google-cloud-storage](https://redirect.github.com/googleapis/python-storage) | project.dependencies | minor | `==2.18.2` → `==2.19.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>googleapis/google-auth-library-python (google-auth)</summary> [`v2.47.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2470-2026-01-06) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.46.0...v2.47.0) - drop `cachetools` dependency in favor of simple local implementation ([#​1590](https://redirect.github.com/googleapis/google-auth-library-python/issues/1590)) ([5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4](https://redirect.github.com/googleapis/google-auth-library-python/commit/5c07e1c4f52bc77a1b16fa3b7b3c5269c242f6f4)) - Python 3.8 support ([#​1918](https://redirect.github.com/googleapis/google-auth-library-python/issues/1918)) ([60dc20014a35ec4ba71e8065b9a33ecbdbeca97a](https://redirect.github.com/googleapis/google-auth-library-python/commit/60dc20014a35ec4ba71e8065b9a33ecbdbeca97a)) [`v2.46.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2460-2026-01-05) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.45.0...v2.46.0) - update urllib3 docstrings for v2 compatibility ([#​1903](https://redirect.github.com/googleapis/google-auth-library-python/issues/1903)) ([3f1aeea2d1014ea1d244a4c3470e52d74d55404b](https://redirect.github.com/googleapis/google-auth-library-python/commit/3f1aeea2d1014ea1d244a4c3470e52d74d55404b)) - Recognize workload certificate config in has\_default\_client\_cert\_source for mTLS for Agentic Identities ([#​1907](https://redirect.github.com/googleapis/google-auth-library-python/issues/1907)) ([0b9107d573123e358c347ffa067637f992af61b4](https://redirect.github.com/googleapis/google-auth-library-python/commit/0b9107d573123e358c347ffa067637f992af61b4)) - add types to default and verify\_token and Request **init** based on comments in the source code. ([#​1588](https://redirect.github.com/googleapis/google-auth-library-python/issues/1588)) ([59a5f588f7793b59d923a4185c8c07738da618f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/59a5f588f7793b59d923a4185c8c07738da618f7)) - fix the document of secure\_authorized\_session ([#​1536](https://redirect.github.com/googleapis/google-auth-library-python/issues/1536)) ([5d0014707fc359782df5ccfcaa75fd372fe9dce3](https://redirect.github.com/googleapis/google-auth-library-python/commit/5d0014707fc359782df5ccfcaa75fd372fe9dce3)) - remove setup.cfg configuration for creating universal wheels ([#​1693](https://redirect.github.com/googleapis/google-auth-library-python/issues/1693)) ([c767531ce05a89002d109f595187aff1fcaacfb7](https://redirect.github.com/googleapis/google-auth-library-python/commit/c767531ce05a89002d109f595187aff1fcaacfb7)) - use .read() instead of .content.read() in aiohttp transport ([#​1899](https://redirect.github.com/googleapis/google-auth-library-python/issues/1899)) ([12f4470f808809e8abf1141f98d88ab720c3899b](https://redirect.github.com/googleapis/google-auth-library-python/commit/12f4470f808809e8abf1141f98d88ab720c3899b)) - raise RefreshError for missing token in impersonated credentials ([#​1897](https://redirect.github.com/googleapis/google-auth-library-python/issues/1897)) ([94d04e090fdfc61926dd32bc1d65f8820b9cede5](https://redirect.github.com/googleapis/google-auth-library-python/commit/94d04e090fdfc61926dd32bc1d65f8820b9cede5)) - Fix test coverage for mtls\_helper ([#​1886](https://redirect.github.com/googleapis/google-auth-library-python/issues/1886)) ([02e71631fe275d93825c2e957e830773e75133f7](https://redirect.github.com/googleapis/google-auth-library-python/commit/02e71631fe275d93825c2e957e830773e75133f7)) </details> <details> <summary>googleapis/python-storage (google-cloud-storage)</summary> [`v2.19.0`](https://redirect.github.com/googleapis/python-storage/blob/HEAD/CHANGELOG.md#2190-2024-11-21) [Compare Source](https://redirect.github.com/googleapis/python-storage/compare/v2.18.2...v2.19.0) - Add integration test for universe domain ([#​1346](https://redirect.github.com/googleapis/python-storage/issues/1346)) ([02a972d](https://redirect.github.com/googleapis/python-storage/commit/02a972d35fae6d05edfb26381f6a71e3b8f59d6d)) - Add restore\_bucket and handling for soft-deleted buckets ([#​1365](https://redirect.github.com/googleapis/python-storage/issues/1365)) ([ab94efd](https://redirect.github.com/googleapis/python-storage/commit/ab94efda83f68c974ec91d6b869b09047501031a)) - Add support for restore token ([#​1369](https://redirect.github.com/googleapis/python-storage/issues/1369)) ([06ed15b](https://redirect.github.com/googleapis/python-storage/commit/06ed15b33dc884da6dffbef5119e47f0fc4e1285)) - IAM signBlob retry and universe domain support ([#​1380](https://redirect.github.com/googleapis/python-storage/issues/1380)) ([abc8061](https://redirect.github.com/googleapis/python-storage/commit/abc80615ee00a14bc0e6b095252f6d1eb09c4b45)) - Allow signed post policy v4 with service account and token ([#​1356](https://redirect.github.com/googleapis/python-storage/issues/1356)) ([8ec02c0](https://redirect.github.com/googleapis/python-storage/commit/8ec02c0e656a4e6786f256798f4b93b95b50acec)) - Do not spam the log with checksum related INFO messages when downloading using transfer\_manager ([#​1357](https://redirect.github.com/googleapis/python-storage/issues/1357)) ([42392ef](https://redirect.github.com/googleapis/python-storage/commit/42392ef8e38527ce4e50454cdd357425b3f57c87)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): lock file maintenance website-frontend (#4543) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [sass](https://redirect.github.com/sass/dart-sass) | devDependencies | patch | [`1.97.0` → `1.97.2`](https://renovatebot.com/diffs/npm/sass/1.97.0/1.97.2) |  |  | | [webpack](https://redirect.github.com/webpack/webpack) | devDependencies | patch | [`5.104.0` → `5.104.1`](https://renovatebot.com/diffs/npm/webpack/5.104.0/5.104.1) |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>sass/dart-sass (sass)</summary> [`v1.97.2`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1972) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.1...1.97.2) - Additional fixes for implicit configuration when nested imports are involved. [`v1.97.1`](https://redirect.github.com/sass/dart-sass/compare/0c7083ac165fd30234c90a4342e7f7792a686c7d...62ec6627905c790405da06b5ee41955491733f52) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.97.0...1.97.1) </details> <details> <summary>webpack/webpack (webpack)</summary> [`v5.104.1`](https://redirect.github.com/webpack/webpack/blob/HEAD/CHANGELOG.md#51041) [Compare Source](https://redirect.github.com/webpack/webpack/compare/v5.104.0...v5.104.1) - [`2efd21b`](https://redirect.github.com/webpack/webpack/commit/2efd21b): Reexports runtime calculation should not accessing **WEBPACK\_IMPORT\_KEY** decl with var. - [`c510070`](https://redirect.github.com/webpack/webpack/commit/c510070): Fixed a user information bypass vulnerability in the HttpUriPlugin plugin. </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(deps): lock file maintenance tools (#4544) This PR contains the following updates: | Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | | | lockFileMaintenance | All locks refreshed | | | | [github.com/gkampitakis/go-snaps](https://redirect.github.com/gkampitakis/go-snaps) | require | patch | `v0.5.18` → `v0.5.19` |  |  | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | require | minor | `v0.257.0` → `v0.259.0` |  |  | 🔧 This Pull Request updates lock files to use the latest dependency versions. --- <details> <summary>gkampitakis/go-snaps (github.com/gkampitakis/go-snaps)</summary> [`v0.5.19`](https://redirect.github.com/gkampitakis/go-snaps/releases/tag/v0.5.19) [Compare Source](https://redirect.github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19) - fix: use backticks for inline snaps when appropriate by [@​gkampitakis](https://redirect.github.com/gkampitakis) in [#​149](https://redirect.github.com/gkampitakis/go-snaps/pull/149) **Full Changelog**: <https://github.com/gkampitakis/go-snaps/compare/0.5.18...v0.5.19> </details> <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> [`v0.259.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.259.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.258.0...v0.259.0) - remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) - **all:** Auto-regenerate discovery clients ([#​3412](https://redirect.github.com/googleapis/google-api-go-client/issues/3412)) ([c7d21a4](https://redirect.github.com/googleapis/google-api-go-client/commit/c7d21a4d7b388f98004cdef7eb1da28afda20e3c)) - **all:** Auto-regenerate discovery clients ([#​3415](https://redirect.github.com/googleapis/google-api-go-client/issues/3415)) ([6860a5e](https://redirect.github.com/googleapis/google-api-go-client/commit/6860a5e602d186c2b09c124bf66eed5ff9a4417c)) - **all:** Auto-regenerate discovery clients ([#​3417](https://redirect.github.com/googleapis/google-api-go-client/issues/3417)) ([0a99634](https://redirect.github.com/googleapis/google-api-go-client/commit/0a99634bc071a7c86eef4397bc7f236f7e691453)) - **all:** Auto-regenerate discovery clients ([#​3419](https://redirect.github.com/googleapis/google-api-go-client/issues/3419)) ([03d987b](https://redirect.github.com/googleapis/google-api-go-client/commit/03d987b2b4bed89a1d97eae8fd1c1390b03aa5ed)) - **all:** Auto-regenerate discovery clients ([#​3421](https://redirect.github.com/googleapis/google-api-go-client/issues/3421)) ([632ee92](https://redirect.github.com/googleapis/google-api-go-client/commit/632ee92f17be886948004adc2096825fb259d5e3)) - **all:** Auto-regenerate discovery clients ([#​3425](https://redirect.github.com/googleapis/google-api-go-client/issues/3425)) ([b599823](https://redirect.github.com/googleapis/google-api-go-client/commit/b5998236840eb877911befa581668ad47ea5dc02)) - Support write checksums in json resumable uploads ([#​3405](https://redirect.github.com/googleapis/google-api-go-client/issues/3405)) ([6e57e38](https://redirect.github.com/googleapis/google-api-go-client/commit/6e57e384f3af2773be6ec086c7cca6a500a9c9f5)) - **option:** Remove option.WithAuthCredentials from validation ([#​3420](https://redirect.github.com/googleapis/google-api-go-client/issues/3420)) ([2c33732](https://redirect.github.com/googleapis/google-api-go-client/commit/2c337321d374c3e9f02c09c75cb94b73eaf23fd2)) - Remove firebaseremoteconfig from package list ([#​3422](https://redirect.github.com/googleapis/google-api-go-client/issues/3422)) ([fd0ce7c](https://redirect.github.com/googleapis/google-api-go-client/commit/fd0ce7cd83e33d83e3040e4cc3c8f39fc4aed6dd)) - **transport:** Remove singleton and restore normal usage of otelgrpc.clientHandler ([#​3424](https://redirect.github.com/googleapis/google-api-go-client/issues/3424)) ([24fbfcb](https://redirect.github.com/googleapis/google-api-go-client/commit/24fbfcbae5daea4fd67445129091522c6fad5200)), refs [#​2321](https://redirect.github.com/googleapis/google-api-go-client/issues/2321) [#​2329](https://redirect.github.com/googleapis/google-api-go-client/issues/2329) - Correct release version ([#​3426](https://redirect.github.com/googleapis/google-api-go-client/issues/3426)) ([a783dbb](https://redirect.github.com/googleapis/google-api-go-client/commit/a783dbb2bb83627f299916fb808756cc64038fdd)) [`v0.258.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.258.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.257.0...v0.258.0) - **all:** Auto-regenerate discovery clients ([#​3392](https://redirect.github.com/googleapis/google-api-go-client/issues/3392)) ([db6e653](https://redirect.github.com/googleapis/google-api-go-client/commit/db6e6530eaa7bfa2bb7c5a190822422a410fdbee)) - **all:** Auto-regenerate discovery clients ([#​3394](https://redirect.github.com/googleapis/google-api-go-client/issues/3394)) ([7a9ae94](https://redirect.github.com/googleapis/google-api-go-client/commit/7a9ae9465365e4f8dafe94fe66472347089f9d2b)) - **all:** Auto-regenerate discovery clients ([#​3395](https://redirect.github.com/googleapis/google-api-go-client/issues/3395)) ([dd93f67](https://redirect.github.com/googleapis/google-api-go-client/commit/dd93f673e7e190062bd70ea6349846babd9d5a18)) - **all:** Auto-regenerate discovery clients ([#​3396](https://redirect.github.com/googleapis/google-api-go-client/issues/3396)) ([302ad5f](https://redirect.github.com/googleapis/google-api-go-client/commit/302ad5fe6f2083ecb1ae931a65ead0db05f31041)) - **all:** Auto-regenerate discovery clients ([#​3398](https://redirect.github.com/googleapis/google-api-go-client/issues/3398)) ([5dfcd09](https://redirect.github.com/googleapis/google-api-go-client/commit/5dfcd09b444ac707e0a4bf8faaa3005d7446c246)) - **all:** Auto-regenerate discovery clients ([#​3401](https://redirect.github.com/googleapis/google-api-go-client/issues/3401)) ([cd3e656](https://redirect.github.com/googleapis/google-api-go-client/commit/cd3e656aba7e5a7dfc99d26edda519bea9927294)) - **all:** Auto-regenerate discovery clients ([#​3402](https://redirect.github.com/googleapis/google-api-go-client/issues/3402)) ([9e6446a](https://redirect.github.com/googleapis/google-api-go-client/commit/9e6446a027f032b942e6cf107d85c9bafbeceed1)) - **all:** Auto-regenerate discovery clients ([#​3404](https://redirect.github.com/googleapis/google-api-go-client/issues/3404)) ([453c04a](https://redirect.github.com/googleapis/google-api-go-client/commit/453c04a2253514c5674147b8301897955da7bdee)) - **all:** Auto-regenerate discovery clients ([#​3406](https://redirect.github.com/googleapis/google-api-go-client/issues/3406)) ([af03509](https://redirect.github.com/googleapis/google-api-go-client/commit/af035092fea5561e35b88f60b53f2d13c3d31918)) - **all:** Auto-regenerate discovery clients ([#​3407](https://redirect.github.com/googleapis/google-api-go-client/issues/3407)) ([41e2f8f](https://redirect.github.com/googleapis/google-api-go-client/commit/41e2f8f21da1fe333321dae2e29d2c9b34e2c170)) - **all:** Auto-regenerate discovery clients ([#​3408](https://redirect.github.com/googleapis/google-api-go-client/issues/3408)) ([ba64741](https://redirect.github.com/googleapis/google-api-go-client/commit/ba647419702c7484983a89f4133efb00a97dfb6c)) - **all:** Auto-regenerate discovery clients ([#​3409](https://redirect.github.com/googleapis/google-api-go-client/issues/3409)) ([5d17056](https://redirect.github.com/googleapis/google-api-go-client/commit/5d17056dd3806211b5505206a08dcc204048c367)) - **all:** Auto-regenerate discovery clients ([#​3410](https://redirect.github.com/googleapis/google-api-go-client/issues/3410)) ([90b301b](https://redirect.github.com/googleapis/google-api-go-client/commit/90b301bf2f6dac8edbbf072ee06e9aa09aa0b12a)) - **option:** Deprecate unsafe credentials JSON loading options ([#​3356](https://redirect.github.com/googleapis/google-api-go-client/issues/3356)) ([a5426fa](https://redirect.github.com/googleapis/google-api-go-client/commit/a5426fa66cb1b38be2b24a3ebf8147b2f17b799f)) </details> --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * chore(deps): update gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine docker digest to 4bac65a (#4570) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | gcr.io/google.com/cloudsdktool/google-cloud-cli | final | digest | `09ca925` → `4bac65a` | --- 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42OS4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjkuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> * fix(sitemap): chunk ecosystems oldest first (#4574) It just occurred to me that by having the newest vulns in `ECOSYSTEM_1.xml` and later in `ECOSYSTEM_2.xml`, `_3`, etc., every time we get a new vulnerability, every sitemap of that ecosystem will change as the oldest one gets pushed out to the next sitemap chunk. Reversed the order, so that the oldest vulns are in the first sitemap, which should prevent churn. * fix: osv/repos.py: Skip gitter for oss-fuzz-vulns repo (#4577) Modified clone function to perform a standard git clone for ssh://github.com/google/oss-fuzz-vulns, bypassing the gitter service even if GITTER_HOST is set. Also fixed import errors for deprecated decorator in ecosystems module. --- *PR created automatically by Jules for task [90480…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v5.5.0→v5.6.0v3.31.6→v3.31.9v7.0.9→v7.0.11Release Notes
actions/setup-go (actions/setup-go)
v5.6.0Compare Source
What's Changed
Full Changelog: actions/setup-go@v5...v5.6.0
github/codeql-action (github/codeql-action)
v3.31.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.9 - 16 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.8 - 11 Dec 2025
See the full CHANGELOG.md for more information.
v3.31.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.7 - 05 Dec 2025
See the full CHANGELOG.md for more information.
peter-evans/create-pull-request (peter-evans/create-pull-request)
v7.0.11: Create Pull Request v7.0.11Compare Source
What's Changed
Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11
v7.0.10: Create Pull Request v7.0.10Compare Source
⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.
What's Changed
New Contributors
Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10
Configuration
📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.