Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): lock file maintenance vulnfeeds #2998

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate-bot
Copy link
Collaborator

@renovate-bot renovate-bot commented Dec 17, 2024

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
lockFileMaintenance All locks refreshed
pylint (changelog) dev-dependencies patch 3.3.2 -> 3.3.3 age adoption passing confidence
github.com/google/osv-scanner require patch v1.9.1 -> v1.9.2 age adoption passing confidence
golang.org/x/exp require digest 1829a12 -> b2144cd age adoption passing confidence

🔧 This Pull Request updates lock files to use the latest dependency versions.


Release Notes

pylint-dev/pylint (pylint)

v3.3.3

Compare Source

What's new in Pylint 3.3.3?

Release date: 2024-12-23

False Positives Fixed

  • Fix false positives for undefined-variable for classes using Python 3.12
    generic type syntax.

    Closes #​9335

  • Fix a false positive for use-implicit-booleaness-not-len. No lint should be emitted for
    generators (len is not defined for generators).

    Refs #​10100

Other Bug Fixes

  • Fix Unable to import 'collections.abc' (import-error) on Python 3.13.1.

    Closes #​10112

google/osv-scanner (github.com/google/osv-scanner)

v1.9.2

Compare Source

Changelog

Fixes:
  • Bug #​1327 Parsing crash on malformed pnpm lockfile.
  • Bug #​1377 Warn if a vulnerability is ignored multiple times in the same config.
  • Bug #​1394 Guided remediation: handle extraneous/missing packages in package-lock.json more leniently.
  • Bug #​1443 Go call analysis now works with Go version up to v1.23.4.
  • Bug #​1436 Only fetch Maven snapshots and releases when enabled.
  • Bug #​1456 Remove redundant calls from PreFetch.

New Contributors

Full Changelog: google/osv-scanner@v1.9.1...v1.9.2


Configuration

📅 Schedule: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Dec 17, 2024
@renovate-bot renovate-bot force-pushed the renovate/vulnfeeds branch 3 times, most recently from cece5bd to b404d59 Compare December 19, 2024 04:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants