diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap index c6fe16bf9ff..dd458dba50f 100755 --- a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap +++ b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap @@ -2598,14 +2598,12 @@ Total 24 packages affected by 185 known vulnerabilities (19 Critical, 76 High, 5 --- -[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_nothing - 1] +[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_default - 1] --- -[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_nothing - 2] -Incorrect Usage: flag needs an argument: --experimental-plugins= - -flag needs an argument: --experimental-plugins= +[TestCommand_ExplicitExtractors_WithDefaults/empty_plugins_flag_does_default - 2] +No package sources found, --help for usage information. --- @@ -2758,9 +2756,7 @@ could not determine extractor, requested package-lock.json --- [TestCommand_ExplicitExtractors_WithoutDefaults/empty_plugins_flag_does_nothing - 2] -Incorrect Usage: flag needs an argument: --experimental-plugins= - -flag needs an argument: --experimental-plugins= +at least one extractor must be enabled --- @@ -5639,15 +5635,13 @@ No package sources found, --help for usage information. [TestCommand_Transitive/pom.xml_multiple_registries - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Total 2 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -8 vulnerabilities can be fixed. +Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +6 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | https://osv.dev/GHSA-cm6r-892j-jv2g | 6.1 | Maven | com.google.android.gms:play-services-basement | 10.0.0 | 18.0.2 | testdata/maven-transitive/registry.xml | -| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | -| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/registry.xml | @@ -5708,14 +5702,12 @@ No issues found Scanning dir ./testdata/maven-transitive/pom.xml Scanned /testdata/maven-transitive/pom.xml file and found 1 package -Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -7 vulnerabilities can be fixed. +Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +5 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ -| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml | -| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/pom.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/pom.xml | @@ -5732,14 +5724,12 @@ Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Mediu [TestCommand_Transitive/pom.xml_transitive_explicit_lockfile - 1] Scanned /testdata/maven-transitive/abc.xml file and found 1 package -Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -7 vulnerabilities can be fixed. +Total 1 package affected by 5 known vulnerabilities (2 Critical, 1 High, 2 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +5 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-------------------------------------+---------+---------------+-----------------------------------+ -| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/abc.xml | -| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/abc.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/abc.xml | @@ -5756,15 +5746,13 @@ Total 1 package affected by 7 known vulnerabilities (2 Critical, 1 High, 4 Mediu [TestCommand_Transitive/pom.xml_transitive_native_source - 1] Scanned /testdata/maven-transitive/registry.xml file and found 2 packages -Total 2 packages affected by 8 known vulnerabilities (2 Critical, 1 High, 5 Medium, 0 Low, 0 Unknown) from 1 ecosystem. -8 vulnerabilities can be fixed. +Total 2 packages affected by 6 known vulnerabilities (2 Critical, 1 High, 3 Medium, 0 Low, 0 Unknown) from 1 ecosystem. +6 vulnerabilities can be fixed. +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | +-------------------------------------+------+-----------+-----------------------------------------------+---------+---------------+----------------------------------------+ | https://osv.dev/GHSA-cm6r-892j-jv2g | 6.1 | Maven | com.google.android.gms:play-services-basement | 10.0.0 | 18.0.2 | testdata/maven-transitive/registry.xml | -| https://osv.dev/GHSA-3pxv-7cmr-fjr4 | 6.9 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | -| https://osv.dev/GHSA-6hg6-v5c8-fphq | 6.3 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.25.4 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-7rjr-3q55-vv33 | 9.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.16.0 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-8489-44mv-ggj8 | 6.6 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.17.1 | testdata/maven-transitive/registry.xml | | https://osv.dev/GHSA-jfh8-c2jp-5v3q | 10.0 | Maven | org.apache.logging.log4j:log4j-core | 2.14.1 | 2.15.0 | testdata/maven-transitive/registry.xml | @@ -5792,8 +5780,8 @@ No package sources found, --help for usage information. Scanning dir ./testdata/locks-requirements/requirements.txt Scanned /testdata/locks-requirements/requirements.txt file and found 3 packages -Total 3 packages affected by 13 known vulnerabilities (1 Critical, 4 High, 7 Medium, 1 Low, 0 Unknown) from 1 ecosystem. -13 vulnerabilities can be fixed. +Total 3 packages affected by 12 known vulnerabilities (1 Critical, 4 High, 6 Medium, 1 Low, 0 Unknown) from 1 ecosystem. +12 vulnerabilities can be fixed. +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ | OSV URL | CVSS | ECOSYSTEM | PACKAGE | VERSION | FIXED VERSION | SOURCE | @@ -5813,7 +5801,6 @@ Total 3 packages affected by 13 known vulnerabilities (1 Critical, 4 High, 7 Med | https://osv.dev/GHSA-j8r2-6x86-q33q | | | | | | | | https://osv.dev/GHSA-9hjg-9r4m-mvj7 | 5.3 | PyPI | requests | 2.20.0 | 2.32.4 | testdata/locks-requirements/requirements.txt | | https://osv.dev/GHSA-9wx4-h78v-vm56 | 5.6 | PyPI | requests | 2.20.0 | 2.32.0 | testdata/locks-requirements/requirements.txt | -| https://osv.dev/GHSA-gc5v-m9x4-r6x2 | 4.4 | PyPI | requests | 2.20.0 | 2.33.0 | testdata/locks-requirements/requirements.txt | +-------------------------------------+------+-----------+----------+---------+---------------+----------------------------------------------+ --- diff --git a/cmd/osv-scanner/scan/source/command_test.go b/cmd/osv-scanner/scan/source/command_test.go index f5fae2b96cc..a87a79eeb0c 100644 --- a/cmd/osv-scanner/scan/source/command_test.go +++ b/cmd/osv-scanner/scan/source/command_test.go @@ -489,9 +489,9 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) { tests := []testcmd.Case{ { - Name: "empty_plugins_flag_does_nothing", + Name: "empty_plugins_flag_does_default", Args: []string{"", "source", "--experimental-plugins="}, - Exit: 127, + Exit: 128, }, { Name: "extractors_cancelled_out_specified_individually", diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml index 88a88c2ac72..7bf8da35738 100644 --- a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml +++ b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_Transitive.yaml @@ -436,7 +436,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 768 + content_length: 628 body: | { "results": [ @@ -506,14 +506,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-3pxv-7cmr-fjr4", - "modified": "2026-04-16T11:29:10.536806Z" - }, - { - "id": "GHSA-6hg6-v5c8-fphq", - "modified": "2026-04-17T12:29:10.521430Z" - }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -541,7 +533,7 @@ interactions: } headers: Content-Length: - - "768" + - "628" Content-Type: - application/json status: 200 OK @@ -635,7 +627,7 @@ interactions: "vulns": [ { "id": "GHSA-269g-pwp5-87pp", - "modified": "2026-04-10T15:29:15.593707Z" + "modified": "2026-03-13T22:15:22.410895Z" } ] }, @@ -693,21 +685,13 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 521 + content_length: 381 body: | { "results": [ {}, { "vulns": [ - { - "id": "GHSA-3pxv-7cmr-fjr4", - "modified": "2026-04-16T11:29:10.536806Z" - }, - { - "id": "GHSA-6hg6-v5c8-fphq", - "modified": "2026-04-17T12:29:10.521430Z" - }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -735,7 +719,7 @@ interactions: } headers: Content-Length: - - "521" + - "381" Content-Type: - application/json status: 200 OK @@ -784,21 +768,13 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 521 + content_length: 381 body: | { "results": [ {}, { "vulns": [ - { - "id": "GHSA-3pxv-7cmr-fjr4", - "modified": "2026-04-16T11:29:10.536806Z" - }, - { - "id": "GHSA-6hg6-v5c8-fphq", - "modified": "2026-04-17T12:29:10.521430Z" - }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -826,7 +802,7 @@ interactions: } headers: Content-Length: - - "521" + - "381" Content-Type: - application/json status: 200 OK @@ -1267,7 +1243,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 768 + content_length: 628 body: | { "results": [ @@ -1337,14 +1313,6 @@ interactions: {}, { "vulns": [ - { - "id": "GHSA-3pxv-7cmr-fjr4", - "modified": "2026-04-16T11:29:10.536806Z" - }, - { - "id": "GHSA-6hg6-v5c8-fphq", - "modified": "2026-04-17T12:29:10.521430Z" - }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "2025-10-22T19:37:53.742023Z" @@ -1372,7 +1340,7 @@ interactions: } headers: Content-Length: - - "768" + - "628" Content-Type: - application/json status: 200 OK @@ -1421,7 +1389,7 @@ interactions: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 1151 + content_length: 1081 body: | { "results": [ @@ -1433,7 +1401,7 @@ interactions: }, { "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-04-21T08:11:06.082206Z" + "modified": "2026-02-04T04:00:06.061990Z" }, { "id": "GHSA-7xr5-9hcq-chf9", @@ -1445,11 +1413,11 @@ interactions: }, { "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2026-04-21T08:11:22.119438Z" + "modified": "2025-11-27T09:10:30.649595Z" }, { "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-04-21T08:11:06.009868Z" + "modified": "2026-02-04T04:08:30.303132Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", @@ -1487,10 +1455,6 @@ interactions: "id": "GHSA-9wx4-h78v-vm56", "modified": "2026-02-04T02:43:42.271895Z" }, - { - "id": "GHSA-gc5v-m9x4-r6x2", - "modified": "2026-03-27T22:17:33.595885Z" - }, { "id": "GHSA-j8r2-6x86-q33q", "modified": "2026-02-04T03:34:13.807518Z" @@ -1505,7 +1469,7 @@ interactions: } headers: Content-Length: - - "1151" + - "1081" Content-Type: - application/json status: 200 OK @@ -1525,7 +1489,7 @@ interactions: "ecosystem": "PyPI", "name": "click" }, - "version": "8.3.3" + "version": "8.3.2" }, { "package": { @@ -1672,7 +1636,7 @@ interactions: proto: HTTP/1.1 proto_major: 1 proto_minor: 1 - content_length: 1610 + content_length: 997 host: api.osv.dev body: | { @@ -1680,86 +1644,208 @@ interactions: { "package": { "ecosystem": "PyPI", - "name": "certifi" + "name": "click" }, - "version": "2026.4.22" + "version": "8.3.1" }, { "package": { "ecosystem": "PyPI", - "name": "chardet" + "name": "flask" }, - "version": "3.0.4" + "version": "1.0.0" }, { "package": { "ecosystem": "PyPI", - "name": "click" + "name": "flask-cors" }, - "version": "8.3.3" + "version": "1.0.0" }, { "package": { "ecosystem": "PyPI", - "name": "django" + "name": "itsdangerous" }, - "version": "1.11.29" + "version": "2.2.0" }, { "package": { "ecosystem": "PyPI", - "name": "flask" + "name": "jinja2" }, - "version": "1.0.0" + "version": "3.1.6" }, { "package": { "ecosystem": "PyPI", - "name": "idna" + "name": "markupsafe" }, - "version": "2.7.0" + "version": "3.0.3" }, { "package": { "ecosystem": "PyPI", - "name": "itsdangerous" + "name": "pandas" }, - "version": "2.2.0" + "version": "0.23.4" }, { "package": { "ecosystem": "PyPI", - "name": "jinja2" + "name": "werkzeug" }, - "version": "3.1.6" + "version": "3.1.7" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_resolution_fallback + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 880 + body: | + { + "results": [ + {}, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" + }, + { + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" + }, + { + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" + }, + { + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 997 + host: api.osv.dev + body: | + { + "queries": [ { "package": { "ecosystem": "PyPI", - "name": "markupsafe" + "name": "click" }, - "version": "3.0.3" + "version": "8.3.3" }, { "package": { "ecosystem": "PyPI", - "name": "pytz" + "name": "flask" }, - "version": "2026.1.0.post1" + "version": "1.0.0" }, { "package": { "ecosystem": "PyPI", - "name": "requests" + "name": "flask-cors" }, - "version": "2.20.0" + "version": "1.0.0" }, { "package": { "ecosystem": "PyPI", - "name": "urllib3" + "name": "itsdangerous" }, - "version": "1.24.3" + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pandas" + }, + "version": "0.23.4" }, { "package": { @@ -1774,45 +1860,1329 @@ interactions: Content-Type: - application/json X-Test-Name: - - TestCommand_Transitive/requirements.txt_transitive_default + - TestCommand_Transitive/requirements.txt_resolution_fallback url: https://api.osv.dev/v1/querybatch method: POST response: proto: HTTP/2.0 proto_major: 2 proto_minor: 0 - content_length: 2153 + content_length: 880 body: | { "results": [ - {}, - {}, {}, { "vulns": [ { - "id": "GHSA-68w8-qjq3-2gfm", - "modified": "2024-09-20T15:46:52.557962Z" + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" }, { - "id": "GHSA-6w2r-r2m5-xq5w", - "modified": "2026-04-21T08:11:06.082206Z" + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" }, { - "id": "GHSA-7xr5-9hcq-chf9", - "modified": "2026-02-04T03:48:05.224740Z" + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-43qf-4rqw-9q2g", + "modified": "2026-02-04T02:30:19.251090Z" }, { - "id": "GHSA-8x94-hmjh-97hq", - "modified": "2026-02-04T02:45:55.690257Z" + "id": "GHSA-7rxf-gvfg-47g4", + "modified": "2026-02-04T04:27:15.173118Z" }, { - "id": "GHSA-frmv-pr5f-9mcr", - "modified": "2026-04-21T08:11:22.119438Z" + "id": "GHSA-84pr-m4jr-85g5", + "modified": "2026-02-04T02:57:32.875272Z" }, { - "id": "GHSA-qw25-v68c-qjf3", - "modified": "2026-04-21T08:11:06.009868Z" + "id": "GHSA-8vgw-p6qm-5gr7", + "modified": "2026-02-04T02:42:09.564281Z" + }, + { + "id": "GHSA-hxwh-jpp2-84pm", + "modified": "2026-02-04T02:15:39.891834Z" + }, + { + "id": "GHSA-xc3p-ff3m-f46v", + "modified": "2024-09-20T20:01:25.449661Z" + }, + { + "id": "PYSEC-2020-43", + "modified": "2025-10-09T07:22:50.566622Z" + }, + { + "id": "PYSEC-2024-71", + "modified": "2025-10-09T08:27:44.186589Z" + } + ] + }, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "PYSEC-2020-73", + "modified": "2023-11-08T04:02:12.263851Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "880" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.0.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.7" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.0.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.8" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2153 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2153" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1610 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.4.22" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.0.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.8" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_default + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2153 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-04-21T08:11:06.082206Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2026-04-21T08:11:22.119438Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-04-21T08:11:06.009868Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-gc5v-m9x4-r6x2", + "modified": "2026-03-27T22:17:33.595885Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2153" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1604 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.7" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2083 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" + }, + { + "id": "GHSA-rrqc-c2jx-6jgv", + "modified": "2024-10-30T19:23:59.139649Z" + }, + { + "id": "PYSEC-2021-98", + "modified": "2023-12-06T01:01:16.755410Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "2026-02-23T23:43:45.778179Z" + }, + { + "id": "GHSA-m2qf-hxjv-5gpq", + "modified": "2025-02-21T05:42:17.337040Z" + }, + { + "id": "PYSEC-2023-62", + "modified": "2023-11-08T04:12:28.231927Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-jjg7-2v4v-x38h", + "modified": "2026-02-04T03:49:45.087439Z" + }, + { + "id": "PYSEC-2024-60", + "modified": "2024-07-11T17:42:33.704488Z" + } + ] + }, + {}, + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-9hjg-9r4m-mvj7", + "modified": "2026-02-04T03:44:00.676479Z" + }, + { + "id": "GHSA-9wx4-h78v-vm56", + "modified": "2026-02-04T02:43:42.271895Z" + }, + { + "id": "GHSA-j8r2-6x86-q33q", + "modified": "2026-02-04T03:34:13.807518Z" + }, + { + "id": "PYSEC-2023-74", + "modified": "2023-11-08T04:12:35.436175Z" + } + ] + }, + { + "vulns": [ + { + "id": "GHSA-2xpw-w6gg-jr37", + "modified": "2026-02-04T02:36:12.983430Z" + }, + { + "id": "GHSA-34jh-p97f-mpxf", + "modified": "2026-02-04T03:37:44.850742Z" + }, + { + "id": "GHSA-38jv-5279-wg99", + "modified": "2026-02-04T03:51:36.162029Z" + }, + { + "id": "GHSA-g4mx-q9vg-27p4", + "modified": "2026-02-04T03:30:16.767903Z" + }, + { + "id": "GHSA-gm62-xv2j-4w53", + "modified": "2026-02-04T03:37:15.919661Z" + }, + { + "id": "GHSA-pq67-6m6q-mj2v", + "modified": "2026-02-04T04:38:01.163387Z" + }, + { + "id": "GHSA-v845-jxx5-vc9f", + "modified": "2026-02-04T02:58:30.152562Z" + }, + { + "id": "GHSA-wqvq-5m8c-6g24", + "modified": "2024-11-18T22:47:07.792720Z" + }, + { + "id": "PYSEC-2020-148", + "modified": "2023-11-08T04:03:14.251187Z" + }, + { + "id": "PYSEC-2021-108", + "modified": "2023-11-08T04:06:04.829992Z" + }, + { + "id": "PYSEC-2023-192", + "modified": "2023-11-08T04:13:33.452167Z" + }, + { + "id": "PYSEC-2023-212", + "modified": "2023-11-08T04:13:39.165450Z" + } + ] + }, + {} + ] + } + headers: + Content-Length: + - "2083" + Content-Type: + - application/json + status: 200 OK + code: 200 + duration: 0s + - request: + proto: HTTP/1.1 + proto_major: 1 + proto_minor: 1 + content_length: 1604 + host: api.osv.dev + body: | + { + "queries": [ + { + "package": { + "ecosystem": "PyPI", + "name": "certifi" + }, + "version": "2026.2.25" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "chardet" + }, + "version": "3.0.4" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "click" + }, + "version": "8.3.2" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "django" + }, + "version": "1.11.29" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "flask" + }, + "version": "1.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "idna" + }, + "version": "2.7" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "itsdangerous" + }, + "version": "2.2.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "jinja2" + }, + "version": "3.1.6" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "markupsafe" + }, + "version": "3.0.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "pytz" + }, + "version": "2026.1.post1" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "requests" + }, + "version": "2.20.0" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "urllib3" + }, + "version": "1.24.3" + }, + { + "package": { + "ecosystem": "PyPI", + "name": "werkzeug" + }, + "version": "3.1.8" + } + ] + } + headers: + Content-Type: + - application/json + X-Test-Name: + - TestCommand_Transitive/requirements.txt_transitive_native_source + url: https://api.osv.dev/v1/querybatch + method: POST + response: + proto: HTTP/2.0 + proto_major: 2 + proto_minor: 0 + content_length: 2153 + body: | + { + "results": [ + {}, + {}, + {}, + { + "vulns": [ + { + "id": "GHSA-68w8-qjq3-2gfm", + "modified": "2024-09-20T15:46:52.557962Z" + }, + { + "id": "GHSA-6w2r-r2m5-xq5w", + "modified": "2026-02-04T04:00:06.061990Z" + }, + { + "id": "GHSA-7xr5-9hcq-chf9", + "modified": "2026-02-04T03:48:05.224740Z" + }, + { + "id": "GHSA-8x94-hmjh-97hq", + "modified": "2026-02-04T02:45:55.690257Z" + }, + { + "id": "GHSA-frmv-pr5f-9mcr", + "modified": "2025-11-27T09:10:30.649595Z" + }, + { + "id": "GHSA-qw25-v68c-qjf3", + "modified": "2026-02-04T04:08:30.303132Z" }, { "id": "GHSA-rrqc-c2jx-6jgv", diff --git a/go.mod b/go.mod index 0f90f6bfec8..5d76705b9cc 100644 --- a/go.mod +++ b/go.mod @@ -4,19 +4,19 @@ go 1.26.2 require ( charm.land/glamour/v2 v2.0.0 - charm.land/lipgloss/v2 v2.0.1 + charm.land/lipgloss/v2 v2.0.3 deps.dev/api/v3 v3.0.0-20260225225317-765e10b45d5b deps.dev/api/v3alpha v0.0.0-20260225225317-765e10b45d5b github.com/BurntSushi/toml v1.6.0 github.com/CycloneDX/cyclonedx-go v0.10.0 - github.com/gkampitakis/go-snaps v0.5.20 + github.com/gkampitakis/go-snaps v0.5.21 github.com/go-git/go-git/v5 v5.18.0 github.com/gobwas/glob v0.2.3 github.com/google/go-cmp v0.7.0 github.com/google/osv-scalibr v0.4.6-0.20260318175007-ec4239d68fb9 github.com/ianlancetaylor/demangle v0.0.0-20251118225945-96ee0021ea0f - github.com/jedib0t/go-pretty/v6 v6.7.8 - github.com/modelcontextprotocol/go-sdk v1.4.1 + github.com/jedib0t/go-pretty/v6 v6.7.9 + github.com/modelcontextprotocol/go-sdk v1.5.0 github.com/opencontainers/go-digest v1.0.0 github.com/ossf/osv-schema/bindings/go v0.0.0-20260304051245-ec3272c283e4 github.com/owenrumney/go-sarif/v3 v3.3.0 @@ -25,12 +25,12 @@ require ( github.com/tidwall/gjson v1.18.0 github.com/tidwall/pretty v1.2.1 github.com/tidwall/sjson v1.2.5 - github.com/urfave/cli/v3 v3.7.0 + github.com/urfave/cli/v3 v3.8.0 go.yaml.in/yaml/v4 v4.0.0-rc.4 golang.org/x/sync v0.20.0 - golang.org/x/term v0.40.0 + golang.org/x/term v0.42.0 golang.org/x/vuln v1.1.4 - google.golang.org/grpc v1.79.3 + google.golang.org/grpc v1.80.0 google.golang.org/protobuf v1.36.11 gopkg.in/dnaeon/go-vcr.v4 v4.0.6 osv.dev/bindings/go v0.0.0-20260306051416-1f963c5a9f4f @@ -63,10 +63,10 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/charmbracelet/bubbles v0.21.0 // indirect github.com/charmbracelet/bubbletea v1.3.5 // indirect - github.com/charmbracelet/colorprofile v0.4.2 // indirect + github.com/charmbracelet/colorprofile v0.4.3 // indirect github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 // indirect github.com/charmbracelet/ultraviolet v0.0.0-20260205113103-524a6607adb8 // indirect - github.com/charmbracelet/x/ansi v0.11.6 // indirect + github.com/charmbracelet/x/ansi v0.11.7 // indirect github.com/charmbracelet/x/cellbuf v0.0.15 // indirect github.com/charmbracelet/x/exp/slice v0.0.0-20250711012602-b1f986320f7e // indirect github.com/charmbracelet/x/term v0.2.2 // indirect @@ -133,13 +133,13 @@ require ( github.com/klauspost/compress v1.18.4 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/kr/text v0.2.0 // indirect - github.com/lucasb-eyer/go-colorful v1.3.0 // indirect + github.com/lucasb-eyer/go-colorful v1.4.0 // indirect github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 // indirect github.com/maruel/natural v1.1.1 // indirect github.com/masahiro331/go-ext4-filesystem v0.0.0-20240620024024-ca14e6327bbd // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-localereader v0.0.1 // indirect - github.com/mattn/go-runewidth v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.23 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect github.com/michaelkedar/xml v0.0.0-20250501021638-021a7b1a061e // indirect github.com/microcosm-cc/bluemonday v1.0.27 // indirect @@ -217,11 +217,11 @@ require ( golang.org/x/exp v0.0.0-20250911091902-df9299821621 // indirect golang.org/x/mod v0.33.0 // indirect golang.org/x/net v0.51.0 // indirect - golang.org/x/oauth2 v0.34.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2 // indirect + golang.org/x/oauth2 v0.35.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 // indirect golang.org/x/text v0.34.0 // indirect - golang.org/x/tools v0.41.0 // indirect + golang.org/x/tools v0.42.0 // indirect golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect google.golang.org/genproto v0.0.0-20250707201910-8d1bb00bc6a7 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect @@ -240,4 +240,5 @@ require ( // github.com/containerd/containerd v1.7.x is incompatible with runtime-spec v1.3.0. // https://github.com/google/osv-scanner/pull/2705#issuecomment-4212012410 +// So this needs to be kept at v1.2.1 replace github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v1.2.1 diff --git a/go.sum b/go.sum index 02240ee5406..1b9fe32219f 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ bitbucket.org/creachadair/stringset v0.0.14 h1:t1ejQyf8utS4GZV/4fM+1gvYucggZkfhb bitbucket.org/creachadair/stringset v0.0.14/go.mod h1:Ej8fsr6rQvmeMDf6CCWMWGb14H9mz8kmDgPPTdiVT0w= charm.land/glamour/v2 v2.0.0 h1:IDBoqLEy7Hdpb9VOXN+khLP/XSxtJy1VsHuW/yF87+U= charm.land/glamour/v2 v2.0.0/go.mod h1:kjq9WB0s8vuUYZNYey2jp4Lgd9f4cKdzAw88FZtpj/w= -charm.land/lipgloss/v2 v2.0.1 h1:6Xzrn49+Py1Um5q/wZG1gWgER2+7dUyZ9XMEufqPSys= -charm.land/lipgloss/v2 v2.0.1/go.mod h1:KjPle2Qd3YmvP1KL5OMHiHysGcNwq6u83MUjYkFvEkM= +charm.land/lipgloss/v2 v2.0.3 h1:yM2zJ4Cf5Y51b7RHIwioil4ApI/aypFXXVHSwlM6RzU= +charm.land/lipgloss/v2 v2.0.3/go.mod h1:7myLU9iG/3xluAWzpY/fSxYYHCgoKTie7laxk6ATwXA= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= @@ -86,14 +86,14 @@ github.com/charmbracelet/bubbles v0.21.0 h1:9TdC97SdRVg/1aaXNVWfFH3nnLAwOXr8Fn6u github.com/charmbracelet/bubbles v0.21.0/go.mod h1:HF+v6QUR4HkEpz62dx7ym2xc71/KBHg+zKwJtMw+qtg= github.com/charmbracelet/bubbletea v1.3.5 h1:JAMNLTbqMOhSwoELIr0qyP4VidFq72/6E9j7HHmRKQc= github.com/charmbracelet/bubbletea v1.3.5/go.mod h1:TkCnmH+aBd4LrXhXcqrKiYwRs7qyQx5rBgH5fVY3v54= -github.com/charmbracelet/colorprofile v0.4.2 h1:BdSNuMjRbotnxHSfxy+PCSa4xAmz7szw70ktAtWRYrY= -github.com/charmbracelet/colorprofile v0.4.2/go.mod h1:0rTi81QpwDElInthtrQ6Ni7cG0sDtwAd4C4le060fT8= +github.com/charmbracelet/colorprofile v0.4.3 h1:QPa1IWkYI+AOB+fE+mg/5/4HRMZcaXex9t5KX76i20Q= +github.com/charmbracelet/colorprofile v0.4.3/go.mod h1:/zT4BhpD5aGFpqQQqw7a+VtHCzu+zrQtt1zhMt9mR4Q= github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 h1:ZR7e0ro+SZZiIZD7msJyA+NjkCNNavuiPBLgerbOziE= github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834/go.mod h1:aKC/t2arECF6rNOnaKaVU6y4t4ZeHQzqfxedE/VkVhA= github.com/charmbracelet/ultraviolet v0.0.0-20260205113103-524a6607adb8 h1:eyFRbAmexyt43hVfeyBofiGSEmJ7krjLOYt/9CF5NKA= github.com/charmbracelet/ultraviolet v0.0.0-20260205113103-524a6607adb8/go.mod h1:SQpCTRNBtzJkwku5ye4S3HEuthAlGy2n9VXZnWkEW98= -github.com/charmbracelet/x/ansi v0.11.6 h1:GhV21SiDz/45W9AnV2R61xZMRri5NlLnl6CVF7ihZW8= -github.com/charmbracelet/x/ansi v0.11.6/go.mod h1:2JNYLgQUsyqaiLovhU2Rv/pb8r6ydXKS3NIttu3VGZQ= +github.com/charmbracelet/x/ansi v0.11.7 h1:kzv1kJvjg2S3r9KHo8hDdHFQLEqn4RBCb39dAYC84jI= +github.com/charmbracelet/x/ansi v0.11.7/go.mod h1:9qGpnAVYz+8ACONkZBUWPtL7lulP9No6p1epAihUZwQ= github.com/charmbracelet/x/cellbuf v0.0.15 h1:ur3pZy0o6z/R7EylET877CBxaiE1Sp1GMxoFPAIztPI= github.com/charmbracelet/x/cellbuf v0.0.15/go.mod h1:J1YVbR7MUuEGIFPCaaZ96KDl5NoS0DAWkskup+mOY+Q= github.com/charmbracelet/x/exp/golden v0.0.0-20250806222409-83e3a29d542f h1:pk6gmGpCE7F3FcjaOEKYriCvpmIN4+6OS/RD0vm4uIA= @@ -200,8 +200,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/gkampitakis/ciinfo v0.3.2 h1:JcuOPk8ZU7nZQjdUhctuhQofk7BGHuIy0c9Ez8BNhXs= github.com/gkampitakis/ciinfo v0.3.2/go.mod h1:1NIwaOcFChN4fa/B0hEBdAb6npDlFL8Bwx4dfRLRqAo= -github.com/gkampitakis/go-snaps v0.5.20 h1:FGKonEeQPJ12t7RQj6cTPa881fl5c8HYarMLv5vP7sg= -github.com/gkampitakis/go-snaps v0.5.20/go.mod h1:gC3YqxQTPyIXvQrw/Vpt3a8VqR1MO8sVpZFWN4DGwNs= +github.com/gkampitakis/go-snaps v0.5.21 h1:SvhSFeZviQXwlT+dnGyAIATVehkhqRVW6qfQZhCZH+Y= +github.com/gkampitakis/go-snaps v0.5.21/go.mod h1:gC3YqxQTPyIXvQrw/Vpt3a8VqR1MO8sVpZFWN4DGwNs= github.com/glebarez/go-sqlite v1.20.3 h1:89BkqGOXR9oRmG58ZrzgoY/Fhy5x0M+/WV48U5zVrZ4= github.com/glebarez/go-sqlite v1.20.3/go.mod h1:u3N6D/wftiAzIOJtZl6BmedqxmmkDfH3q+ihjqxC9u0= github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= @@ -239,8 +239,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/gohugoio/hashstructure v0.5.0 h1:G2fjSBU36RdwEJBWJ+919ERvOVqAg9tfcYp47K9swqg= github.com/gohugoio/hashstructure v0.5.0/go.mod h1:Ser0TniXuu/eauYmrwM4o64EBvySxNzITEOLlm4igec= -github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo= -github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= +github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY= +github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= @@ -290,8 +290,8 @@ github.com/icholy/digest v1.1.0 h1:HfGg9Irj7i+IX1o1QAmPfIBNu/Q5A5Tu3n/MED9k9H4= github.com/icholy/digest v1.1.0/go.mod h1:QNrsSGQ5v7v9cReDI0+eyjsXGUoRSUZQHeQ5C4XLa0Y= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jedib0t/go-pretty/v6 v6.7.8 h1:BVYrDy5DPBA3Qn9ICT+PokP9cvCv1KaHv2i+Hc8sr5o= -github.com/jedib0t/go-pretty/v6 v6.7.8/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= +github.com/jedib0t/go-pretty/v6 v6.7.9 h1:frarzQWmkZd97syT81+TH8INKPpzoxQnk+Mk5EIHSrM= +github.com/jedib0t/go-pretty/v6 v6.7.9/go.mod h1:YwC5CE4fJ1HFUDeivSV1r//AmANFHyqczZk+U6BDALU= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= @@ -308,8 +308,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/lucasb-eyer/go-colorful v1.3.0 h1:2/yBRLdWBZKrf7gB40FoiKfAWYQ0lqNcbuQwVHXptag= -github.com/lucasb-eyer/go-colorful v1.3.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/lucasb-eyer/go-colorful v1.4.0 h1:UtrWVfLdarDgc44HcS7pYloGHJUjHV/4FwW4TvVgFr4= +github.com/lucasb-eyer/go-colorful v1.4.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc= github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40/go.mod h1:vy1vK6wD6j7xX6O6hXe621WabdtNkou2h7uRtTfRMyg= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= @@ -321,8 +321,8 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= -github.com/mattn/go-runewidth v0.0.20 h1:WcT52H91ZUAwy8+HUkdM3THM6gXqXuLJi9O3rjcQQaQ= -github.com/mattn/go-runewidth v0.0.20/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= +github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3RybWcw= +github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs= github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/michaelkedar/xml v0.0.0-20250501021638-021a7b1a061e h1:wAq84z83n895uvsZIoSNdzw0NbhP08NiIq8/JOlrJ6Y= @@ -353,8 +353,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= -github.com/modelcontextprotocol/go-sdk v1.4.1 h1:M4x9GyIPj+HoIlHNGpK2hq5o3BFhC+78PkEaldQRphc= -github.com/modelcontextprotocol/go-sdk v1.4.1/go.mod h1:Bo/mS87hPQqHSRkMv4dQq1XCu6zv4INdXnFZabkNU6s= +github.com/modelcontextprotocol/go-sdk v1.5.0 h1:CHU0FIX9kpueNkxuYtfYQn1Z0slhFzBZuq+x6IiblIU= +github.com/modelcontextprotocol/go-sdk v1.5.0/go.mod h1:gggDIhoemhWs3BGkGwd1umzEXCEMMvAnhTrnbXJKKKA= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ= @@ -482,8 +482,8 @@ github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0 h1:2f304B10 github.com/tonistiigi/go-csvvalue v0.0.0-20240814133006-030d3b2625d0/go.mod h1:278M4p8WsNh3n4a1eqiFcV2FGk7wE5fwUpUom9mK9lE= github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY= github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= -github.com/urfave/cli/v3 v3.7.0 h1:AGSnbUyjtLiM+WJUb4dzXKldl/gL+F8OwmRDtVr6g2U= -github.com/urfave/cli/v3 v3.7.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso= +github.com/urfave/cli/v3 v3.8.0 h1:XqKPrm0q4P0q5JpoclYoCAv0/MIvH/jZ2umzuf8pNTI= +github.com/urfave/cli/v3 v3.8.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso= github.com/vbatts/tar-split v0.12.2 h1:w/Y6tjxpeiFMR47yzZPlPj/FcPLpXbTUi/9H7d3CPa4= github.com/vbatts/tar-split v0.12.2/go.mod h1:eF6B6i6ftWQcDqEn3/iGFRFRo8cBIMSJVOpnNdfTMFA= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= @@ -582,8 +582,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= -golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= +golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -611,14 +611,14 @@ golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2 h1:O1cMQHRfwNpDfDJerqRoE2oD+AFlyid87D40L/OkkJo= -golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2/go.mod h1:b7fPSJ0pKZ3ccUh8gnTONJxhn3c/PS6tyzQvyqw4iA8= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4 h1:bTLqdHv7xrGlFbvf5/TXNxy/iUwwdkjhqQTJDjW7aj0= +golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4/go.mod h1:g5NllXBEermZrmR51cJDQxmJUHUOfRAaNyWBM+R+548= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -637,8 +637,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= +golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= +golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -651,8 +651,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da h1:noIWHXmPHxILtqtCOPIhSt0ABwskkZKjD3bXGnZGpNY= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -669,8 +669,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= -google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= +google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=