fix(deps): update osv-scanner minor

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update	Pending
charm.land/glamour/v2	v2.0.0 → v2.0.1			require	patch
charm.land/lipgloss/v2	v2.0.3 → v2.0.4			require	patch
deps.dev/api/v3	v3.0.0-20260422013440-90c27f84dd6f → v3.0.0-20260617025149-7d3577045631			require	patch
deps.dev/api/v3alpha	90c27f8 → 7d35770			require	digest
github.com/jedib0t/go-pretty/v6	v6.7.10 → v6.8.1			require	minor
github.com/urfave/cli/v3	v3.9.0 → v3.10.0			require	minor	v3.10.1
go.yaml.in/yaml/v4	v4.0.0-rc.4 → v4.0.0-rc.6			require	patch
golang.org/x/sync	v0.20.0 → v0.21.0			require	minor
golang.org/x/term	v0.43.0 → v0.44.0			require	minor

---

Release Notes

charmbracelet/glamour (charm.land/glamour/v2)

v2.0.1

Compare Source

Changelog

Bug fixes

• 975a0f3: fix: close wrap writer before its downstream chain (#​575) (@​taciturnaxolotl)

Other work

• c293649: chore: fix pre-existing lint failures (#​575) (@​taciturnaxolotl)
• 95c93db: chore: bump lipgloss to v2.0.4 (@​taciturnaxolotl)
• 600b93a: chore: remove CODEOWNERS (@​aymanbagabas)
• 253da61: fix(ci): use local golangci config (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

charmbracelet/lipgloss (charm.land/lipgloss/v2)

v2.0.4

Compare Source

Mini Crash Patch

Hi! This is a small patch to fix a writer-related panic. Thanks for using Lip Gloss!

Changelog

Fixed

• fefa41d: fix: prevent crash when writing to a closed wrap writer (#​699) (@​taciturnaxolotl)

Docs

• 40ec0e6: docs: fix typo in table comment (#​641) (@​aymanbagabas)
• a4d0b40: docs: restore missing diaereses (#​664) (@​meowgorithm)

Chore

• aa91b99: chore: remove CODEOWNERS (@​aymanbagabas)
• 9cbfe8b: chore(lint): exclude revive naming linter (@​aymanbagabas)

---

Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)

v6.8.1

Compare Source

What's Changed

A hardening pass across the table, list, progress, and text packages,
fixing security issues, crash/race bugs, and performance problems in the
render hot paths, with benchmarks added to back the optimizations.

Security

• table/list (HTML): escape the title, caption, and CSS class names in
  RenderHTML() to prevent HTML/attribute injection.
• table (CSV): make RenderCSV() output RFC 4180 compliant, and add an
  opt-in Style().CSV.FieldProtection option that neutralizes spreadsheet
  formula-injection fields (=, +, -, @, tab, CR).
• text: sanitize hyperlink URLs and bound the escape-sequence parser
  buffer so adversarial input can't grow it without limit.

Correctness

• progress: fix a render panic on tiny tracker lengths, data races on
  tracker/indicator state, and a leaked time.Ticker in the terminal-size
  watcher.
• table: guard auto-index rendering against empty maxColumnLengths.
• text: prevent a panic in VAlign.Apply on negative maxLines.

Performance

• table: compile regex filters once per render; pre-size render builders.
• list: hoist repeated width math out of the render loops.
• text: speed up Align.Apply and StringWidthWithoutEscSequences.
• progress: build PacManChomp frames with a strings.Builder.

Tooling

• Moved root-level benchmarks into their packages and wired up make bench;
  added benchmarks for the table/text/list/progress render hot paths and tests
  covering the retained-done-tracker render paths.

Full Changelog: jedib0t/go-pretty@v6.8.0...v6.8.1

v6.8.0

Compare Source

What's Changed

• progress: fix speed decay on done trackers and log overwrite; fixes #​405 by @​jedib0t in #​406
• fix: wrap wide runes when wrapLen is odd in WrapHard by @​koriyoshi2041 in #​408

New Contributors

• @​koriyoshi2041 made their first contribution in #​408

Full Changelog: jedib0t/go-pretty@v6.7.10...v6.8.0

urfave/cli (github.com/urfave/cli/v3)

v3.10.0

Compare Source

What's Changed

• feat: add Flag.SchemaType() and Flag.SchemaItemsType() for JSON Schema introspection by @​dearchap in #​2368
• feat: add Command.Walk() and Command.Path() convenience methods by @​dearchap in #​2353
• fix: let --help flag take precedence over parse errors by @​dearchap in #​2360
• fix: resolve remaining help invocation inconsistencies by @​dearchap in #​2361
• fix: skip After hook when help is displayed on subcommand by @​dearchap in #​2363
• fix: show GLOBAL OPTIONS in SubcommandHelpTemplate by @​dearchap in #​2359
• fix: resolve broken links in CHANGELOG.md by @​dearchap in #​2357
• docs: document what happened to build tags in v3 migration guide by @​dearchap in #​2358
• Various docs updates and dependency bumps

Full Changelog: urfave/cli@v3.9.1...v3.10.0

v3.9.1

Compare Source

What's Changed

• fix: inherit Reader/Writer/ErrWriter from parent on subcommand setup by @​c-tonneslan in #​2329
• fix: correct greedy colon parsing in bash completion script by @​TimSoethout in #​2336
• fix: Honor env sources on duplicated flags by @​ibobgunardi in #​2355
• fix: Remove incorrect flag check by @​MohitPanchariya in #​2280
• fix: let completion command use normal flag parsing pipeline by @​suzuki-shunsuke in #​2279
• fix: bash completion spacing by @​cyphercodes in #​2337
• fix: fish custom completion arguments by @​puneetdixit200 in #​2338
• fix: empty positional arg after a flag regression test by @​c-tonneslan in #​2328
• docs: document build tags in v3 migration guide by @​dearchap in #​2358
• chore(deps): bump mkdocs-git-revision-date-localized-plugin by @​dependabot in #​2347
• Fix typos by @​myfloss in #​2339

Full Changelog: urfave/cli@v3.9.0...v3.9.1

yaml/go-yaml (go.yaml.in/yaml/v4)

v4.0.0-rc.6

Compare Source

v4.0.0-rc.5

Compare Source

---

Configuration

📅 Schedule: (in timezone Australia/Sydney)

• Branch creation
  • "before 6am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[forking-renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sys	v0.45.0 -> v0.46.0

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.26%. Comparing base (bee2bd0) to head (8c692c9).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2868   +/-   ##
=======================================
  Coverage   79.26%   79.26%           
=======================================
  Files         122      122           
  Lines        8279     8279           
=======================================
  Hits         6562     6562           
  Misses       1335     1335           
  Partials      382      382           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.