fix(deps): update osv-scanner minor (major)

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/charmbracelet/lipgloss	v1.1.1-0.20250404203927-76690c660834 -> v2.0.0-beta.1
github.com/owenrumney/go-sarif/v2	v2.3.3 -> v3.1.4

---

Release Notes

charmbracelet/lipgloss (github.com/charmbracelet/lipgloss)

v2.0.0-beta.1

Compare Source

Who said a beta release can’t be exciting?

We're thrilled to announce the first beta release of Lip Gloss v2! This release builds on top of the last alpha 2 release. Very little has changed since the last alpha, which means we’re getting closer to a proper v2.0.0.

The only change here is that you can no longer use hexadecimal and integer format when defining colors. We found there were just to many gotchas and this way the API remains backwards compatible.

// Before in alpha 2
// This is a bug! It's not intuitive to use integers here.
// Should this be a hex color or ANSI(204)?
a := lipgloss.Color(0x0000cc) // 0xcc is 204, which was interpreted as an ANSI color, not #​0000cc

// After
a := lipgloss.Color("#​0000cc") // This is a hex color
b := lipgloss.Color("204")     // This is an ANSI color
c := lipgloss.ANSIColor(204)   // Equivalent to b

🌈 More on Lip Gloss v2

Just getting into Lip Gloss v2? Check out the full v2 release notes and upgrade guide.

💝 How’s it going?

Feel free to reach out, ask questions, give feedback, and let us know how it's going. We’d love to know what you think.

• Discord
• Matrix
• Email

---

Part of Charm.

Charm热爱开源 • Charm loves open source • نحنُ نحب المصادر المفتوحة

v2.0.0-alpha.2

Compare Source

Do you think you can handle Lip Gloss v2?

We’re really excited for you to try Lip Gloss v2! Keep in mind that this is an early alpha release and things may change.

[!NOTE]
We take API changes seriously and strive to make the upgrade process as simple as possible. We believe the changes bring necessary improvements as well as pave the way for the future. If something feels way off, let us know.

The big changes are that Styles are now deterministic (λipgloss!) and you can be much more intentional with your inputs and outputs. Why does this matter?

Playing nicely with others

v2 gives you precise control over I/O. One of the issues we saw with the Lip Gloss and Bubble Tea v1s is that they could fight over the same inputs and outputs, producing lock-ups. The v2s now operate in lockstep.

Querying the right inputs and outputs

In v1, Lip Gloss defaulted to looking at stdin and stdout when downsampling colors and querying for the background color. This was not always necessarily what you wanted. For example, if your application was writing to stderr while redirecting stdout to a file, the program would erroneously think output was not a TTY and strip colors. Lip Gloss v2 gives you control and intentionality over this.

Going beyond localhost

Did you know TUIs and CLIs can be served over the network? For example, Wish allows you to serve Bubble Tea and Lip Gloss over SSH. In these cases, you need to work with the input and output of the connected clients as opposed to stdin and stdout, which belong to the server. Lip Gloss v2 gives you flexibility around this in a more natural way.

🧋 Using Lip Gloss with Bubble Tea?

Make sure you get all the latest v2s as they’ve been designed to work together.

go get github.com/charmbracelet/bubbletea/v2@​v2.0.0-alpha.2
go get github.com/charmbracelet/bubbles/v2@​v2.0.0-alpha.2
go get github.com/charmbracelet/lipgloss/v2@​v2.0.0-alpha.2

🐇 Quick upgrade

If you don't have time for changes and just want to upgrade to Lip Gloss v2 as fast as possible, do the following:

Use the compat package

The compat package provides adaptive colors, complete colors, and complete adaptive colors:

import "github.com/charmbracelet/lipgloss/v2/compat"

// Before
color := lipgloss.AdaptiveColor{Light: "#f1f1f1", Dark: "#cccccc"}

// After
color := compat.AdaptiveColor{Light: "#f1f1f1", Dark: "#cccccc"}

compat works by looking at stdin and stdout on a global basis. Want to change the inputs and outputs? Knock yourself out:

import (
	"github.com/charmbracelet/lipgloss/v2/compat"
	"github.com/charmbracelet/colorprofile"
)

func init() {
	// Let’s use stderr instead of stdout.
	compat.HasDarkBackground = lipgloss.HasDarkBackground(os.Stdin, os.Stderr)
	compat.Profile = colorprofile.Detect(os.Stderr, os.Environ())
}

Use the new Lip Gloss writer

If you’re using Bubble Tea with Lip Gloss you can skip this step. If you're using Lip Gloss in a standalone fashion, use lipgloss.Println (and lipgloss.Printf and so on) when printing your output:

s := someStyle.Render("Fancy Lip Gloss Output")

// Before
fmt.Println(s)

// After
lipgloss.Println(s)

That’s it!

All this said, we encourage you to read on to get the full benefit of v2.

👀 What’s changing?

Only a couple main things that are changing in Lip Gloss v2:

• Color downsampling in non-Bubble-Tea uses cases is now a manual proccess (don't worry, it's easy)
• Background color detection and adaptive colors are manual, and intentional (but optional)

🪄 Downsampling colors with a writer

One of the best things about Lip Gloss is that it can automatically downsample colors to the best available profile, stripping colors (and ANSI) entirely when output is not a TTY.

If you're using Lip Gloss with Bubble Tea there's nothing to do here: downsampling is built into Bubble Tea v2. If you're not using Bubble Tea you now need to use a writer to downsample colors. Lip Gloss writers are a drop-in replacement for the usual functions found in the fmt package:

s := someStyle.Render("Hello!")

// Downsample and print to stdout.
lipgloss.Println(s)

// Render to a variable.
downsampled := lipgloss.Sprint(s)

// Print to stderr.
lipgloss.Fprint(os.Stderr, s)

🌛 Background color detection and adaptive colors

Rendering different colors depending on whether the terminal has a light or dark background is an awesome power. Lip Gloss v2 gives you more control over this progress. This especially matters when input and output are not stdin and stdout.

If that doesn’t matter to you and you're only working with stdout you skip this via compat above, though encourage you to explore this new functionality.

With Bubble Tea

In Bubble Tea, request the background color, listen for a BackgroundColorMsg in your update, and respond accordingly.

// Query for the background color.
func (m model) Init() (tea.Model, tea.Cmd) {
	return m, tea.RequestBackgroundColor
}

// Listen for the response and initialize your styles accordigly.
func (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
	switch msg := msg.(type) {
	case tea.BackgroundColorMsg:
		// Initialize your styles now that you know the background color.
		m.styles = newStyles(msg.IsDark())
		return m, nil
	}
}

type styles {
    myHotStyle lipgloss.Style
}

func newStyles(bgIsDark bool) (s styles) {
	lightDark := lipgloss.LightDark(bgIsDark) // just a helper function
	return styles{
		myHotStyle := lipgloss.NewStyle().Foreground(lightDark("#f1f1f1", "#​333333"))
	}
}

Standalone

If you're not using Bubble Tea you simply can perform the query manually:

// Detect the background color. Notice we're writing to stderr.
hasDarkBG, err := lipgloss.HasDarkBackground(os.Stdin, os.Stderr)
if err != nil {
    log.Fatal("Oof:", err)
}

// Create a helper for choosing the appropriate color.
lightDark := lipgloss.LightDark(hasDarkBG)

// Declare some colors.
thisColor := lightDark("#C5ADF9", "#​864EFF")
thatColor := lightDark("#​37CD96", "#​22C78A")

// Render some styles.
a := lipgloss.NewStyle().Foreground(thisColor).Render("this")
b := lipgloss.NewStyle().Foreground(thatColor).Render("that")

// Print to stderr.
lipgloss.Fprintf(os.Stderr, "my fave colors are %s and %s...for now.", a, b)

🥕 Other stuff

Colors are now color.Color

lipgloss.Color() now produces an idomatic color.Color, whereas before colors were type lipgloss.TerminalColor. Generally speaking, this is more of an implementation detail, but it’s worth noting the structural differences.

// Before
type TerminalColor interface{/* ... */}
type Color string

// After
func Color(any) color.Color
type ANSIColor uint
type RGBColor struct { R, G, B uint8 }

Quotes are now optional in colors

There are also some quality-of-life niceties around color UX:

a := lipgloss.Color("#f1f1f1") // This still works
b := lipgloss.Color(0xf1f1f1)  // But this also works

c := lipgloss.Color("212") // You can still do this
d := lipgloss.Color(212)   // But you can also do this too

Changelog

• (v2) adaptive colors + writers by @​meowgorithm in https://github.com/charmbracelet/lipgloss/pull/397
• (v2) feat: add adaptive color package by @​aymanbagabas in https://github.com/charmbracelet/lipgloss/pull/359
• chore: rename LightDark to Adapt per @​bashbunni's acute suggestion by @​meowgorithm in https://github.com/charmbracelet/lipgloss/pull/392
• refactor: unexport isDarkColor helper by @​bashbunni in https://github.com/charmbracelet/lipgloss/pull/410
• (v2) fix: query both stdin and stdout for background color on non-Windows … by @​aymanbagabas in https://github.com/charmbracelet/lipgloss/pull/416
• Sync golangci-lint config by @​github-actions in https://github.com/charmbracelet/lipgloss/pull/421
• Sync golangci-lint config by @​github-actions in https://github.com/charmbracelet/lipgloss/pull/422
• chore(lint): update soft lint directives; fix soft lint issues by @​meowgorithm in https://github.com/charmbracelet/lipgloss/pull/423
• V2 examples by @​meowgorithm in https://github.com/charmbracelet/lipgloss/pull/426
• fix: manually query terminal for background color by @​aymanbagabas in https://github.com/charmbracelet/lipgloss/pull/429
• (v2) feat: complete color support by @​aymanbagabas in https://github.com/charmbracelet/lipgloss/pull/420
• (v2) feat: add compat package by @​aymanbagabas in https://github.com/charmbracelet/lipgloss/pull/419

Full Changelog: charmbracelet/lipgloss@v1.0.0...v2.0.0-alpha.2

🌈 Feedback

That's a wrap! Feel free to reach out, ask questions, and let us know how it's going. We'd love to know what you think.

• Discord
• Matrix
• Email

---

Part of Charm.

Charm热爱开源 • Charm loves open source • نحنُ نحب المصادر المفتوحة

owenrumney/go-sarif (github.com/owenrumney/go-sarif/v2)

v3.1.4

Compare Source

What's Changed

• Fix nested properties in PropertyBag marshaling by @​cppvik in https://github.com/owenrumney/go-sarif/pull/99

Full Changelog: owenrumney/go-sarif@v3.1.3...v3.1.4

v3.1.3

Compare Source

What's Changed

• fix: don't omit zero ruleIndex by @​cppvik in https://github.com/owenrumney/go-sarif/pull/97
• chore: tidy up numeric defaults by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/98

Full Changelog: owenrumney/go-sarif@v3.1.2...v3.1.3

v3.1.2

Compare Source

What's Changed

• fix: incorrect capitalization by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/96

Full Changelog: owenrumney/go-sarif@v3.1.1...v3.1.2

v3.1.1

Compare Source

What's Changed

• fix: Align SARIF field names with official schema formatting (URI-fields) by @​cppvik in https://github.com/owenrumney/go-sarif/pull/95

New Contributors

• @​cppvik made their first contribution in https://github.com/owenrumney/go-sarif/pull/95

Full Changelog: owenrumney/go-sarif@v3.1.0...v3.1.1

v3.1.0

Compare Source

What's Changed

• fix(sarif): Update SARIF Bool Field Types, Display Exit Code 0. by @​houdini91 in https://github.com/owenrumney/go-sarif/pull/93
• fix: correct the bad types in the generator by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/94

New Contributors

• @​houdini91 made their first contribution in https://github.com/owenrumney/go-sarif/pull/93

Full Changelog: owenrumney/go-sarif@v3.0.2...v3.1.0

v3.0.2

Compare Source

What's Changed

• Update README.md by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/91
• chore: omit empty attributes and tidy tests by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/92

Full Changelog: owenrumney/go-sarif@v3.0.1...v3.0.2

v3.0.1

Compare Source

What's Changed

• chore: Update the readme and simplify the validation by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/90

Full Changelog: owenrumney/go-sarif@v3.0.0...v3.0.1

v3.0.0

Compare Source

What's Changed

• feat: support 2.2 SARIF format by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/88
• chore: update workflows and action versions by @​owenrumney in https://github.com/owenrumney/go-sarif/pull/89

Full Changelog: owenrumney/go-sarif@v2.3.3...v3.0.0

---

Configuration

📅 Schedule: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/charmbracelet/colorprofile	v0.2.3-0.20250311203215-f60798e515dc -> v0.3.0

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.41%. Comparing base (4a063f0) to head (dbe60c1).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1732      +/-   ##
==========================================
+ Coverage   65.39%   65.41%   +0.01%     
==========================================
  Files         167      167              
  Lines       16060    16060              
==========================================
+ Hits        10503    10506       +3     
+ Misses       4886     4884       -2     
+ Partials      671      670       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.