Skip to content

Commit 5d6a50b

Browse files
herdiyana256herdiyana256
committed
chore: bump osv-scalibr after swift/packageresolved fix (#2034)
1 parent f60451d commit 5d6a50b

2 files changed

Lines changed: 275 additions & 229 deletions

File tree

go.mod

Lines changed: 71 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -1,55 +1,56 @@
11
module github.com/google/osv-scanner/v2
22

3-
go 1.26.2
3+
go 1.26.3
44

55
require (
66
charm.land/glamour/v2 v2.0.0
77
charm.land/lipgloss/v2 v2.0.3
8-
deps.dev/api/v3 v3.0.0-20260225225317-765e10b45d5b
9-
deps.dev/api/v3alpha v0.0.0-20260225225317-765e10b45d5b
8+
deps.dev/api/v3 v3.0.0-20260422013440-90c27f84dd6f
9+
deps.dev/api/v3alpha v0.0.0-20260422013440-90c27f84dd6f
1010
github.com/BurntSushi/toml v1.6.0
1111
github.com/CycloneDX/cyclonedx-go v0.10.0
1212
github.com/gkampitakis/go-snaps v0.5.21
13-
github.com/go-git/go-git/v5 v5.18.0
13+
github.com/go-git/go-git/v5 v5.19.0
1414
github.com/gobwas/glob v0.2.3
1515
github.com/google/go-cmp v0.7.0
16-
github.com/google/osv-scalibr v0.4.6-0.20260512154636-025a69d53ec5
17-
github.com/ianlancetaylor/demangle v0.0.0-20251118225945-96ee0021ea0f
16+
github.com/google/osv-scalibr v0.4.6-0.20260514035136-d13148df68e0
17+
github.com/ianlancetaylor/demangle v0.0.0-20260505044615-1ff4bf46051f
1818
github.com/jedib0t/go-pretty/v6 v6.7.9
1919
github.com/modelcontextprotocol/go-sdk v1.5.0
2020
github.com/opencontainers/go-digest v1.0.0
21-
github.com/ossf/osv-schema/bindings/go v0.0.0-20260304051245-ec3272c283e4
21+
github.com/ossf/osv-schema/bindings/go v0.0.0-20260424063704-83285ce2a866
2222
github.com/owenrumney/go-sarif/v3 v3.3.0
2323
github.com/package-url/packageurl-go v0.1.5
2424
github.com/pandatix/go-cvss v0.6.2
25-
github.com/tidwall/gjson v1.18.0
25+
github.com/tidwall/gjson v1.19.0
2626
github.com/tidwall/pretty v1.2.1
2727
github.com/tidwall/sjson v1.2.5
2828
github.com/urfave/cli/v3 v3.8.0
2929
go.yaml.in/yaml/v4 v4.0.0-rc.4
3030
golang.org/x/sync v0.20.0
31-
golang.org/x/term v0.42.0
32-
golang.org/x/vuln v1.1.4
33-
google.golang.org/grpc v1.80.0
31+
golang.org/x/term v0.43.0
32+
golang.org/x/vuln v1.3.0
33+
google.golang.org/grpc v1.81.0
3434
google.golang.org/protobuf v1.36.11
3535
gopkg.in/dnaeon/go-vcr.v4 v4.0.6
36-
osv.dev/bindings/go v0.0.0-20260306051416-1f963c5a9f4f
36+
osv.dev/bindings/go v0.0.0-20260512064147-daa692bbd4ed
3737
)
3838

3939
require (
4040
bitbucket.org/creachadair/stringset v0.0.14 // indirect
4141
cloud.google.com/go/compute/metadata v0.9.0 // indirect
42-
cyphar.com/go-pathrs v0.2.1 // indirect
42+
cyphar.com/go-pathrs v0.2.4 // indirect
4343
dario.cat/mergo v1.0.2 // indirect
44-
deps.dev/util/maven v0.0.0-20260225225317-765e10b45d5b // indirect
45-
deps.dev/util/pypi v0.0.0-20250903005441-604c45d5b44b // indirect
46-
deps.dev/util/resolve v0.0.0-20260225225317-765e10b45d5b // indirect
47-
deps.dev/util/semver v0.0.0-20260225225317-765e10b45d5b // indirect
44+
deps.dev/util/maven v0.0.0-20260422013440-90c27f84dd6f // indirect
45+
deps.dev/util/pypi v0.0.0-20260422013440-90c27f84dd6f // indirect
46+
deps.dev/util/resolve v0.0.0-20260422013440-90c27f84dd6f // indirect
47+
deps.dev/util/semver v0.0.0-20260422013440-90c27f84dd6f // indirect
4848
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
4949
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20250520111509-a70c2aa677fa // indirect
50+
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
5051
github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 // indirect
5152
github.com/Microsoft/go-winio v0.6.2 // indirect
52-
github.com/Microsoft/hcsshim v0.14.0-rc.1 // indirect
53+
github.com/Microsoft/hcsshim v0.14.1 // indirect
5354
github.com/ProtonMail/go-crypto v1.3.0 // indirect
5455
github.com/aead/serpent v0.0.0-20160714141033-fba169763ea6 // indirect
5556
github.com/agext/levenshtein v1.2.3 // indirect
@@ -59,11 +60,12 @@ require (
5960
github.com/atotto/clipboard v0.1.4 // indirect
6061
github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
6162
github.com/aymerick/douceur v0.2.0 // indirect
62-
github.com/bazelbuild/buildtools v0.0.0-20250826111327-4006b543a694 // indirect
63+
github.com/ayoubfaouzi/pkcs7 v0.2.3 // indirect
64+
github.com/bazelbuild/buildtools v0.0.0-20260319080235-05d2ebe49b0f // indirect
6365
github.com/canonical/chisel-manifest v1.2.0 // indirect
6466
github.com/cespare/xxhash/v2 v2.3.0 // indirect
6567
github.com/charmbracelet/bubbles v0.21.0 // indirect
66-
github.com/charmbracelet/bubbletea v1.3.5 // indirect
68+
github.com/charmbracelet/bubbletea v1.3.10 // indirect
6769
github.com/charmbracelet/colorprofile v0.4.3 // indirect
6870
github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 // indirect
6971
github.com/charmbracelet/ultraviolet v0.0.0-20260205113103-524a6607adb8 // indirect
@@ -76,7 +78,7 @@ require (
7678
github.com/clipperhouse/displaywidth v0.11.0 // indirect
7779
github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
7880
github.com/cloudflare/circl v1.6.3 // indirect
79-
github.com/compose-spec/compose-go/v2 v2.8.1 // indirect
81+
github.com/compose-spec/compose-go/v2 v2.10.2 // indirect
8082
github.com/containerd/cgroups/v3 v3.1.0 // indirect
8183
github.com/containerd/containerd v1.7.29 // indirect
8284
github.com/containerd/containerd/api v1.10.0 // indirect
@@ -89,7 +91,7 @@ require (
8991
github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect
9092
github.com/containerd/ttrpc v1.2.7 // indirect
9193
github.com/containerd/typeurl/v2 v2.2.3 // indirect
92-
github.com/cyphar/filepath-securejoin v0.6.0 // indirect
94+
github.com/cyphar/filepath-securejoin v0.6.1 // indirect
9395
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
9496
github.com/deitch/magic v0.0.0-20240306090643-c67ab88f10cb // indirect
9597
github.com/diskfs/go-diskfs v1.7.0 // indirect
@@ -107,20 +109,20 @@ require (
107109
github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd // indirect
108110
github.com/dustin/go-humanize v1.0.1 // indirect
109111
github.com/edsrzf/mmap-go v1.2.0 // indirect
110-
github.com/elliotwutingfeng/asciiset v0.0.0-20230602022725-51bbb787efab // indirect
112+
github.com/elliotwutingfeng/asciiset v0.0.0-20260129054604-cfde2086bc57 // indirect
111113
github.com/emirpasic/gods v1.18.1 // indirect
112114
github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
113115
github.com/erikvarga/go-rpmdb v0.0.0-20250523120114-a15a62cd4593 // indirect
114116
github.com/felixge/httpsnoop v1.0.4 // indirect
115117
github.com/gkampitakis/ciinfo v0.3.2 // indirect
116-
github.com/go-errors/errors v1.0.2 // indirect
118+
github.com/go-errors/errors v1.5.1 // indirect
117119
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
118-
github.com/go-git/go-billy/v5 v5.8.0 // indirect
120+
github.com/go-git/go-billy/v5 v5.9.0 // indirect
119121
github.com/go-logr/logr v1.4.3 // indirect
120122
github.com/go-logr/stdr v1.2.2 // indirect
121-
github.com/go-ole/go-ole v1.2.6 // indirect
123+
github.com/go-ole/go-ole v1.3.0 // indirect
122124
github.com/go-restruct/restruct v1.2.0-alpha // indirect
123-
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
125+
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
124126
github.com/goccy/go-yaml v1.19.2 // indirect
125127
github.com/gogo/protobuf v1.3.2 // indirect
126128
github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
@@ -131,20 +133,21 @@ require (
131133
github.com/icholy/digest v1.1.0 // indirect
132134
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
133135
github.com/kevinburke/ssh_config v1.2.0 // indirect
134-
github.com/klauspost/compress v1.18.4 // indirect
136+
github.com/klauspost/compress v1.18.6 // indirect
137+
github.com/klauspost/cpuid/v2 v2.3.0 // indirect
135138
github.com/kr/pretty v0.3.1 // indirect
136139
github.com/kr/text v0.2.0 // indirect
137140
github.com/lucasb-eyer/go-colorful v1.4.0 // indirect
138-
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect
141+
github.com/lunixbochs/struc v0.0.0-20241101090106-8d528fa2c543 // indirect
139142
github.com/maruel/natural v1.1.1 // indirect
140-
github.com/masahiro331/go-ext4-filesystem v0.0.0-20240620024024-ca14e6327bbd // indirect
141-
github.com/mattn/go-isatty v0.0.20 // indirect
143+
github.com/masahiro331/go-ext4-filesystem v0.0.0-20260423010602-fe51f5b5e52b // indirect
144+
github.com/mattn/go-isatty v0.0.22 // indirect
142145
github.com/mattn/go-localereader v0.0.1 // indirect
143146
github.com/mattn/go-runewidth v0.0.23 // indirect
144-
github.com/mattn/go-shellwords v1.0.12 // indirect
145-
github.com/michaelkedar/xml v0.0.0-20250501021638-021a7b1a061e // indirect
147+
github.com/mattn/go-shellwords v1.0.13 // indirect
148+
github.com/michaelkedar/xml v0.0.0-20250626233154-4ec9e090d1cd // indirect
146149
github.com/microcosm-cc/bluemonday v1.0.27 // indirect
147-
github.com/micromdm/plist v0.2.1 // indirect
150+
github.com/micromdm/plist v0.2.2 // indirect
148151
github.com/mitchellh/go-homedir v1.1.0 // indirect
149152
github.com/moby/buildkit v0.26.3 // indirect
150153
github.com/moby/docker-image-spec v1.3.1 // indirect
@@ -158,23 +161,22 @@ require (
158161
github.com/muesli/cancelreader v0.2.2 // indirect
159162
github.com/muesli/reflow v0.3.0 // indirect
160163
github.com/muesli/termenv v0.16.0 // indirect
161-
github.com/ncruces/go-strftime v0.1.9 // indirect
164+
github.com/ncruces/go-strftime v1.0.0 // indirect
162165
github.com/opencontainers/image-spec v1.1.1 // indirect
163166
github.com/opencontainers/runtime-spec v1.2.1 // indirect
164-
github.com/opencontainers/selinux v1.13.1 // indirect
165-
github.com/pierrec/lz4/v4 v4.1.17 // indirect
166-
github.com/pjbgf/sha1cd v0.4.0 // indirect
167+
github.com/opencontainers/selinux v1.14.1 // indirect
168+
github.com/pierrec/lz4/v4 v4.1.26 // indirect
169+
github.com/pjbgf/sha1cd v0.6.0 // indirect
167170
github.com/pkg/errors v0.9.1 // indirect
168-
github.com/pkg/xattr v0.4.9 // indirect
171+
github.com/pkg/xattr v0.4.12 // indirect
169172
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
170173
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
171174
github.com/rivo/uniseg v0.4.7 // indirect
172175
github.com/rogpeppe/go-internal v1.14.1 // indirect
173176
github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c // indirect
174-
github.com/saferwall/pe v1.5.7 // indirect
175-
github.com/sahilm/fuzzy v0.1.1 // indirect
176-
github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 // indirect
177-
github.com/secDre4mer/pkcs7 v0.0.0-20240322103146-665324a4461d // indirect
177+
github.com/saferwall/pe v1.6.4 // indirect
178+
github.com/sahilm/fuzzy v0.1.2 // indirect
179+
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 // indirect
178180
github.com/segmentio/asm v1.1.3 // indirect
179181
github.com/segmentio/encoding v0.5.4 // indirect
180182
github.com/sergi/go-diff v1.4.0 // indirect
@@ -184,14 +186,14 @@ require (
184186
github.com/spdx/gordf v0.0.0-20250128162952-000978ccd6fb // indirect
185187
github.com/spdx/tools-golang v0.5.7 // indirect
186188
github.com/thoas/go-funk v0.9.3 // indirect
187-
github.com/tidwall/jsonc v0.3.2 // indirect
188-
github.com/tidwall/match v1.1.1 // indirect
189-
github.com/tink-crypto/tink-go/v2 v2.4.0 // indirect
190-
github.com/tklauser/go-sysconf v0.3.15 // indirect
191-
github.com/tklauser/numcpus v0.10.0 // indirect
189+
github.com/tidwall/jsonc v0.3.3 // indirect
190+
github.com/tidwall/match v1.2.0 // indirect
191+
github.com/tink-crypto/tink-go/v2 v2.6.0 // indirect
192+
github.com/tklauser/go-sysconf v0.3.16 // indirect
193+
github.com/tklauser/numcpus v0.11.0 // indirect
192194
github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 // indirect
193195
github.com/ulikunitz/xz v0.5.15 // indirect
194-
github.com/vbatts/tar-split v0.12.2 // indirect
196+
github.com/vbatts/tar-split v0.12.3 // indirect
195197
github.com/xanzy/ssh-agent v0.3.3 // indirect
196198
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
197199
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -205,35 +207,32 @@ require (
205207
go.etcd.io/bbolt v1.4.3 // indirect
206208
go.opencensus.io v0.24.0 // indirect
207209
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
208-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
209-
go.opentelemetry.io/otel v1.39.0 // indirect
210-
go.opentelemetry.io/otel/metric v1.39.0 // indirect
211-
go.opentelemetry.io/otel/trace v1.39.0 // indirect
212-
go.uber.org/atomic v1.7.0 // indirect
210+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.68.0 // indirect
211+
go.opentelemetry.io/otel v1.43.0 // indirect
212+
go.opentelemetry.io/otel/metric v1.43.0 // indirect
213+
go.opentelemetry.io/otel/trace v1.43.0 // indirect
213214
go.uber.org/multierr v1.11.0 // indirect
214-
go.uber.org/zap v1.17.0 // indirect
215-
go.yaml.in/yaml/v2 v2.4.3 // indirect
216-
go.yaml.in/yaml/v3 v3.0.4 // indirect
217-
golang.org/x/crypto v0.48.0 // indirect
218-
golang.org/x/exp v0.0.0-20250911091902-df9299821621 // indirect
219-
golang.org/x/mod v0.33.0 // indirect
220-
golang.org/x/net v0.51.0 // indirect
221-
golang.org/x/oauth2 v0.35.0 // indirect
222-
golang.org/x/sys v0.43.0 // indirect
223-
golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 // indirect
224-
golang.org/x/text v0.34.0 // indirect
225-
golang.org/x/tools v0.42.0 // indirect
215+
go.uber.org/zap v1.28.0 // indirect
216+
go.yaml.in/yaml/v2 v2.4.4 // indirect
217+
golang.org/x/crypto v0.51.0 // indirect
218+
golang.org/x/mod v0.36.0 // indirect
219+
golang.org/x/net v0.54.0 // indirect
220+
golang.org/x/oauth2 v0.36.0 // indirect
221+
golang.org/x/sys v0.44.0 // indirect
222+
golang.org/x/telemetry v0.0.0-20260508192327-42602be52be6 // indirect
223+
golang.org/x/text v0.37.0 // indirect
224+
golang.org/x/tools v0.45.0 // indirect
226225
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
227-
google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
228-
google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect
229-
google.golang.org/genproto/googleapis/rpc v0.0.0-20260217215200-42d3e9bedb6d // indirect
230-
gopkg.in/ini.v1 v1.67.1 // indirect
226+
google.golang.org/genproto v0.0.0-20260511170946-3700d4141b60 // indirect
227+
google.golang.org/genproto/googleapis/api v0.0.0-20260511170946-3700d4141b60 // indirect
228+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260511170946-3700d4141b60 // indirect
229+
gopkg.in/ini.v1 v1.67.2 // indirect
231230
gopkg.in/warnings.v0 v0.1.2 // indirect
232231
gopkg.in/yaml.v3 v3.0.1 // indirect
233-
modernc.org/libc v1.66.3 // indirect
232+
modernc.org/libc v1.72.3 // indirect
234233
modernc.org/mathutil v1.7.1 // indirect
235234
modernc.org/memory v1.11.0 // indirect
236-
modernc.org/sqlite v1.38.0 // indirect
235+
modernc.org/sqlite v1.50.1 // indirect
237236
sigs.k8s.io/yaml v1.6.0 // indirect
238237
www.velocidex.com/golang/go-ntfs v0.2.0 // indirect
239238
www.velocidex.com/golang/regparser v0.0.0-20250203141505-31e704a67ef7 // indirect

0 commit comments

Comments
 (0)