{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":565629124,"defaultBranch":"main","name":"osv-scanner","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-11-14T01:05:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1719430855.0","currentOid":""},"activityList":{"items":[{"before":"b3315a33f5803a93d6bc34300354f20ab2a9fab6","after":"3ea2155fcf790a1c4425129025f88d674e768337","ref":"refs/heads/main","pushedAt":"2024-06-28T05:52:15.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix: use errgroup to avoid hydration deadlock scenario (#1078)\n\nThe existing code tried to do what `errgroup` does, limit concurrency\r\nand return the first error if present, but had a deadlock scenario.\r\n\r\nFixes #1077\r\n\r\n---------\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>","shortMessageHtmlLink":"fix: use errgroup to avoid hydration deadlock scenario (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2378988834\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1078\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1078/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1078\">#1078</a>)"}},{"before":"07533376abacbe420dc0bd1185ddbbc9d88364a1","after":"b3315a33f5803a93d6bc34300354f20ab2a9fab6","ref":"refs/heads/main","pushedAt":"2024-06-28T05:29:47.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: setup workflow to run `semantic` tests weekly (#958)\n\nCherry-pick of https://github.com/G-Rath/osv-detector/pull/182\r\n\r\n---\r\n\r\nThis setups up a dedicated workflow for running the `semantic` test\r\nsuite using the latest generated fixtures:\r\n  - every sunday\r\n  - whenever a generator or the workflow is changed\r\n  - via a `workflow_dispatch`\r\n\r\nThis helps ensure high confidence in `semantic` across ecosystems; the\r\nworkflow also exports the generated files as an artifact which makes it\r\neasy to update the committed version of each fixture without requiring\r\nthe native ecosystem components (i.e. Ruby, Java, R, etc) to be\r\ninstalled.\r\n\r\nNote currently this is using v3 of the artifact actions - I'll upgrade\r\nto v4 in a follow-up PR, since it will require further work due to them\r\nswitching to using immutable artifacts.\r\n\r\nAt some point I'm also keen to explore this for the API side since the\r\nlogic should be pretty much the same","shortMessageHtmlLink":"ci: setup workflow to run <code>semantic</code> tests weekly (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2274093962\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/958\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/958/hovercard\" href=\"https://github.com/google/osv-scanner/pull/958\">#958</a>)"}},{"before":"4fa2fa471b6988600b7e0f6611241c0ff4c97109","after":"07533376abacbe420dc0bd1185ddbbc9d88364a1","ref":"refs/heads/main","pushedAt":"2024-06-28T01:07:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"test: update snapshots (#1079)\n\nAnother day, another vulnerability","shortMessageHtmlLink":"test: update snapshots (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2379303231\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1079\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1079/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1079\">#1079</a>)"}},{"before":"e619fcc3574c74ffa583b38f815591efdb19cf0c","after":"4fa2fa471b6988600b7e0f6611241c0ff4c97109","ref":"refs/heads/main","pushedAt":"2024-06-27T01:25:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"filter out unimportant vulnerabilities from vuln group (#1072)\n\nhttps://github.com/google/osv-scanner/pull/968 only filters out\r\nunimportant vulnerabilities from `pkgVulns.Vulnerabilities` but not from\r\n`pkgVulns.Groups`. This causes some unimportant vulnerabilities to still\r\nappear in the scanner output.\r\nFixing this issue by ignoring all unimportant vulnerability groups.","shortMessageHtmlLink":"filter out unimportant vulnerabilities from vuln group (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2374675795\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1072\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1072/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1072\">#1072</a>)"}},{"before":null,"after":"c42a060ca4e670c5f6eead047788d3ba66a624f6","ref":"refs/heads/dependabot/go_modules/cmd/osv-scanner/fixtures/call-analysis-go-project/go_modules-504fc33e44","pushedAt":"2024-06-26T19:40:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the go_modules group across 2 directories with 1 update\n\nBumps the go_modules group with 1 update in the /cmd/osv-scanner/fixtures/call-analysis-go-project directory: [golang.org/x/image](https://github.com/golang/image).\nBumps the go_modules group with 1 update in the /internal/sourceanalysis/integration/fixtures-go/test-project directory: [golang.org/x/image](https://github.com/golang/image).\n\n\nUpdates `golang.org/x/image` from 0.4.0 to 0.18.0\n- [Commits](https://github.com/golang/image/compare/v0.4.0...v0.18.0)\n\nUpdates `golang.org/x/image` from 0.4.0 to 0.18.0\n- [Commits](https://github.com/golang/image/compare/v0.4.0...v0.18.0)\n\n---\nupdated-dependencies:\n- dependency-name: golang.org/x/image\n  dependency-type: indirect\n  dependency-group: go_modules\n- dependency-name: golang.org/x/image\n  dependency-type: indirect\n  dependency-group: go_modules\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the go_modules group across 2 directories with 1 up…"}},{"before":"fdca369a4e91f68d488805b973aa9faceaf91735","after":"e619fcc3574c74ffa583b38f815591efdb19cf0c","ref":"refs/heads/main","pushedAt":"2024-06-26T01:44:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Fix test (#1071)\n\nNew vuln, new breakage","shortMessageHtmlLink":"Fix test (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2373989993\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1071\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1071/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1071\">#1071</a>)"}},{"before":"30165312de801e22db722999e2e31b1c0ab872e4","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-b26f017751","pushedAt":"2024-06-25T04:30:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":"8497af4d008464d8449c4117789f79deccf9c2e1","after":"fdca369a4e91f68d488805b973aa9faceaf91735","ref":"refs/heads/main","pushedAt":"2024-06-25T03:47:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix: ensure that `package` exists in `affected` property (#1055)\n\nThis has always been allowed by the spec but now there's at least one\r\nreal-world advisory in the Debian database like this which causes it to\r\nerror.","shortMessageHtmlLink":"fix: ensure that <code>package</code> exists in <code>affected</code> property (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2365457210\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1055\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1055/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1055\">#1055</a>)"}},{"before":"cdd2bca1ecfee12a36024b3a8bfb61ec59fb0c8e","after":"8497af4d008464d8449c4117789f79deccf9c2e1","ref":"refs/heads/main","pushedAt":"2024-06-25T03:15:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Cherry-pick unmerged change from docs branch (#1069)\n\nI think this is the only commit that hasn't already been merged into\r\nmain","shortMessageHtmlLink":"Cherry-pick unmerged change from docs branch (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2371540173\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1069\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1069/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1069\">#1069</a>)"}},{"before":"9bcc0965ddfb735baeb1ec7831d557e7c802ae69","after":"cdd2bca1ecfee12a36024b3a8bfb61ec59fb0c8e","ref":"refs/heads/main","pushedAt":"2024-06-25T00:00:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"chore(deps): update alpine:3.20 docker digest to b89d9c9 (#1062)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| alpine | final | digest | `77726ef` -> `b89d9c9` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"chore(deps): update alpine:3.20 docker digest to b89d9c9 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2368739537\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1062\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1062/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1062\">#1062</a>)"}},{"before":"8d317c321f6b3d0c85f7805ec3f6a360349787f4","after":"9bcc0965ddfb735baeb1ec7831d557e7c802ae69","ref":"refs/heads/main","pushedAt":"2024-06-24T23:59:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"chore(deps): update golang:1.22.4-alpine3.19 docker digest to c46c460 (#1063)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | digest | `d9b1f00` -> `c46c460` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"chore(deps): update golang:1.22.4-alpine3.19 docker digest to c46c460 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2368739606\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1063\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1063/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1063\">…</a>"}},{"before":null,"after":"30165312de801e22db722999e2e31b1c0ab872e4","ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-b26f017751","pushedAt":"2024-06-24T23:58:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): Bump the npm_and_yarn group across 1 directory with 35 updates\n\nBumps the npm_and_yarn group with 30 updates in the /internal/remediation/fixtures/santatracker directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [dat.gui](https://github.com/dataarts/dat.gui) | `0.7.3` | `0.7.8` |\n| [google-closure-library](https://github.com/google/closure-library) | `v20190909.0.0` | `20200315.0.0` |\n| [jsdom](https://github.com/jsdom/jsdom) | `12.2.0` | `16.5.0` |\n| [json5](https://github.com/json5/json5) | `2.1.0` | `2.2.2` |\n| [terser](https://github.com/terser/terser) | `3.10.11` | `4.8.1` |\n| [semver](https://github.com/npm/node-semver) | `5.5.1` | `5.7.2` |\n| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.6.0` | `7.24.7` |\n| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.4.2` | `1.10.10` |\n| [@google-cloud/cloudbuild](https://github.com/googleapis/google-cloud-node/tree/HEAD/packages/google-devtools-cloudbuild) | `2.6.0` | `4.5.0` |\n| [y18n](https://github.com/yargs/y18n) | `4.0.0` | `4.0.3` |\n| [yargs-parser](https://github.com/yargs/yargs-parser) | `10.1.0` | `21.1.1` |\n| [yargs](https://github.com/yargs/yargs) | `12.0.2` | `17.7.2` |\n| [acorn](https://github.com/acornjs/acorn) | `5.7.3` | `8.12.0` |\n| [acorn](https://github.com/acornjs/acorn) | `7.1.0` | `8.12.0` |\n| [acorn](https://github.com/acornjs/acorn) | `6.0.2` | `8.12.0` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [node-fetch](https://github.com/node-fetch/node-fetch) | `2.6.6` | `2.6.7` |\n| [firebase](https://github.com/firebase/firebase-js-sdk) | `8.10.0` | `8.10.1` |\n| [get-func-name](https://github.com/chaijs/get-func-name) | `2.0.0` | `2.0.2` |\n| [glob-parent](https://github.com/gulpjs/glob-parent) | `5.0.0` | `5.1.2` |\n| [ws](https://github.com/websockets/ws) | `6.2.1` | `6.2.3` |\n| [json-schema](https://github.com/kriszyp/json-schema) | `0.2.3` | `0.4.0` |\n| [jsprim](https://github.com/joyent/node-jsprim) | `1.4.1` | `1.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.20` | `4.17.21` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |\n| [mocha](https://github.com/mochajs/mocha) | `5.2.0` | `10.5.0` |\n| [mocha-headless-server](https://github.com/samthor/mocha-headless-server) | `0.1.2` | `0.1.4` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `0.10.0` | `1.3.1` |\n| [google-p12-pem](https://github.com/googleapis/google-p12-pem) | `3.1.2` | `3.1.4` |\n| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |\n| [pathval](https://github.com/chaijs/pathval) | `1.1.0` | `1.1.1` |\n| [qs](https://github.com/ljharb/qs) | `6.5.2` | `6.5.3` |\n\n\n\nUpdates `dat.gui` from 0.7.3 to 0.7.8\n- [Release notes](https://github.com/dataarts/dat.gui/releases)\n- [Commits](https://github.com/dataarts/dat.gui/compare/v0.7.3...v0.7.8)\n\nUpdates `google-closure-library` from v20190909.0.0 to 20200315.0.0\n- [Release notes](https://github.com/google/closure-library/releases)\n- [Commits](https://github.com/google/closure-library/compare/v20190909...v20200315)\n\nUpdates `jsdom` from 12.2.0 to 16.5.0\n- [Release notes](https://github.com/jsdom/jsdom/releases)\n- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)\n- [Commits](https://github.com/jsdom/jsdom/compare/12.2.0...16.5.0)\n\nUpdates `json5` from 2.1.0 to 2.2.2\n- [Release notes](https://github.com/json5/json5/releases)\n- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/json5/json5/compare/v2.1.0...v2.2.2)\n\nUpdates `terser` from 3.10.11 to 4.8.1\n- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/terser/terser/compare/3.10.11...v4.8.1)\n\nUpdates `semver` from 5.5.1 to 5.7.2\n- [Release notes](https://github.com/npm/node-semver/releases)\n- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)\n- [Commits](https://github.com/npm/node-semver/compare/v5.5.1...v5.7.2)\n\nUpdates `@babel/traverse` from 7.6.0 to 7.24.7\n- [Release notes](https://github.com/babel/babel/releases)\n- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/babel/babel/commits/v7.24.7/packages/babel-traverse)\n\nUpdates `@grpc/grpc-js` from 1.4.2 to 1.10.10\n- [Release notes](https://github.com/grpc/grpc-node/releases)\n- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.4.2...@grpc/grpc-js@1.10.10)\n\nUpdates `@google-cloud/cloudbuild` from 2.6.0 to 4.5.0\n- [Release notes](https://github.com/googleapis/google-cloud-node/releases)\n- [Changelog](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-devtools-cloudbuild/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-cloud-node/commits/kms-v4.5.0/packages/google-devtools-cloudbuild)\n\nUpdates `y18n` from 4.0.0 to 4.0.3\n- [Release notes](https://github.com/yargs/y18n/releases)\n- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)\n- [Commits](https://github.com/yargs/y18n/compare/v4.0.0...y18n-v4.0.3)\n\nUpdates `yargs-parser` from 10.1.0 to 21.1.1\n- [Release notes](https://github.com/yargs/yargs-parser/releases)\n- [Changelog](https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs-parser/compare/v10.1.0...yargs-parser-v21.1.1)\n\nUpdates `yargs` from 12.0.2 to 17.7.2\n- [Release notes](https://github.com/yargs/yargs/releases)\n- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/yargs/yargs/compare/v12.0.2...v17.7.2)\n\nUpdates `acorn` from 5.7.3 to 8.12.0\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.12.0)\n\nUpdates `acorn` from 7.1.0 to 8.12.0\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.12.0)\n\nUpdates `acorn` from 6.0.2 to 8.12.0\n- [Commits](https://github.com/acornjs/acorn/compare/5.7.3...8.12.0)\n\nUpdates `ajv` from 5.5.2 to 6.12.6\n- [Release notes](https://github.com/ajv-validator/ajv/releases)\n- [Commits](https://github.com/ajv-validator/ajv/compare/v5.5.2...v6.12.6)\n\nUpdates `browserslist` from 4.3.2 to 4.7.0\n- [Release notes](https://github.com/browserslist/browserslist/releases)\n- [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/browserslist/browserslist/compare/4.3.2...4.7.0)\n\nUpdates `braces` from 3.0.2 to 3.0.3\n- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)\n\nUpdates `node-fetch` from 2.6.6 to 2.6.7\n- [Release notes](https://github.com/node-fetch/node-fetch/releases)\n- [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.6...v2.6.7)\n\nUpdates `firebase` from 8.10.0 to 8.10.1\n- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)\n- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@8.10.0...firebase@8.10.1)\n\nUpdates `get-func-name` from 2.0.0 to 2.0.2\n- [Release notes](https://github.com/chaijs/get-func-name/releases)\n- [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2)\n\nUpdates `glob-parent` from 5.0.0 to 5.1.2\n- [Release notes](https://github.com/gulpjs/glob-parent/releases)\n- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.0.0...v5.1.2)\n\nUpdates `tough-cookie` from 2.4.3 to 2.5.0\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.4.3...v2.5.0)\n\nUpdates `ws` from 6.2.1 to 6.2.3\n- [Release notes](https://github.com/websockets/ws/releases)\n- [Commits](https://github.com/websockets/ws/compare/6.2.1...6.2.3)\n\nUpdates `json-schema` from 0.2.3 to 0.4.0\n- [Commits](https://github.com/kriszyp/json-schema/compare/v0.2.3...v0.4.0)\n\nUpdates `jsprim` from 1.4.1 to 1.4.2\n- [Changelog](https://github.com/TritonDataCenter/node-jsprim/blob/v1.4.2/CHANGES.md)\n- [Commits](https://github.com/joyent/node-jsprim/compare/v1.4.1...v1.4.2)\n\nUpdates `lodash` from 4.17.20 to 4.17.21\n- [Release notes](https://github.com/lodash/lodash/releases)\n- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)\n\nUpdates `minimatch` from 3.0.4 to 3.1.2\n- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)\n- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)\n\nUpdates `mocha` from 5.2.0 to 10.5.0\n- [Release notes](https://github.com/mochajs/mocha/releases)\n- [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v10.5.0)\n\nUpdates `mocha-headless-server` from 0.1.2 to 0.1.4\n- [Commits](https://github.com/samthor/mocha-headless-server/commits)\n\nUpdates `node-forge` from 0.10.0 to 1.3.1\n- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/digitalbazaar/forge/compare/0.10.0...v1.3.1)\n\nUpdates `google-p12-pem` from 3.1.2 to 3.1.4\n- [Release notes](https://github.com/googleapis/google-p12-pem/releases)\n- [Changelog](https://github.com/googleapis/google-p12-pem/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/googleapis/google-p12-pem/compare/v3.1.2...v3.1.4)\n\nUpdates `path-parse` from 1.0.6 to 1.0.7\n- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)\n\nUpdates `pathval` from 1.1.0 to 1.1.1\n- [Release notes](https://github.com/chaijs/pathval/releases)\n- [Changelog](https://github.com/chaijs/pathval/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/chaijs/pathval/compare/v1.1.0...v1.1.1)\n\nUpdates `protobufjs` from 6.11.2 to 6.11.4\n- [Release notes](https://github.com/protobufjs/protobuf.js/releases)\n- [Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/protobufjs/protobuf.js/commits)\n\nUpdates `qs` from 6.5.2 to 6.5.3\n- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)\n\nUpdates `request` from 2.88.0 to 2.88.2\n- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/request/request/commits)\n\n---\nupdated-dependencies:\n- dependency-name: dat.gui\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: google-closure-library\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: jsdom\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: json5\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: terser\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: semver\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@babel/traverse\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@grpc/grpc-js\"\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: \"@google-cloud/cloudbuild\"\n  dependency-type: direct:development\n  dependency-group: npm_and_yarn\n- dependency-name: y18n\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs-parser\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: yargs\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: acorn\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ajv\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: browserslist\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: braces\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: node-fetch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: firebase\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: get-func-name\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: glob-parent\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: tough-cookie\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: ws\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: json-schema\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: jsprim\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: lodash\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: minimatch\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: mocha\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: mocha-headless-server\n  dependency-type: direct:production\n  dependency-group: npm_and_yarn\n- dependency-name: node-forge\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: google-p12-pem\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: path-parse\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: pathval\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: protobufjs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: qs\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n- dependency-name: request\n  dependency-type: indirect\n  dependency-group: npm_and_yarn\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"chore(deps): Bump the npm_and_yarn group across 1 directory with 35 u…"}},{"before":"8b7dfd2c6520f71f8c2a678c7a1377c61c9876d0","after":"8d317c321f6b3d0c85f7805ec3f6a360349787f4","ref":"refs/heads/main","pushedAt":"2024-06-24T23:53:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#1064)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence |\r\n|---|---|---|---|---|---|\r\n|\r\n[github.com/charmbracelet/bubbletea](https://togithub.com/charmbracelet/bubbletea)\r\n| `v0.26.4` -> `v0.26.6` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.4/v0.26.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v0.26.4/v0.26.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>charmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)</summary>\r\n\r\n###\r\n[`v0.26.6`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.6)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.5...v0.26.6)\r\n\r\n#### Changelog\r\n\r\n##### Bug fixes\r\n\r\n-\r\n[`60a57ea`](https://togithub.com/charmbracelet/bubbletea/commit/60a57eaf1f7f71e6678af1607581fad369cd6e88):\r\nfix: nil deref on release terminal\r\n([@&#8203;aymanbagabas](https://togithub.com/aymanbagabas))\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.technology/@&#8203;charm), or on\r\n[Discord](https://charm.sh/chat).\r\n\r\n###\r\n[`v0.26.5`](https://togithub.com/charmbracelet/bubbletea/releases/tag/v0.26.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/charmbracelet/bubbletea/compare/v0.26.4...v0.26.5)\r\n\r\nFix special keys input handling on Windows using the latest Windows\r\nConsole Input driver.\r\n\r\n#### Changelog\r\n\r\n##### New Features\r\n\r\n-\r\n[`42a7dd8`](https://togithub.com/charmbracelet/bubbletea/commit/42a7dd8f898f2e9cd180c8475ca6cb6ab21943f4):\r\nfeat(ci): use goreleaser for releases\r\n([#&#8203;1023](https://togithub.com/charmbracelet/bubbletea/issues/1023))\r\n([@&#8203;aymanbagabas](https://togithub.com/aymanbagabas))\r\n\r\n##### Bug fixes\r\n\r\n-\r\n[`a08802e`](https://togithub.com/charmbracelet/bubbletea/commit/a08802ea9f91d1ec1bbd2cd8c8caf7335ad50dce):\r\nfix(windows): coninput not handling control sequences\r\n([#&#8203;1041](https://togithub.com/charmbracelet/bubbletea/issues/1041))\r\n([@&#8203;Sculas](https://togithub.com/Sculas))\r\n\r\n##### Other work\r\n\r\n-\r\n[`2d65ed6`](https://togithub.com/charmbracelet/bubbletea/commit/2d65ed65a3e5c524f1061b876b56de9d05ae76ee):\r\nchore(examples): removed use of deprecated Copy\r\n([@&#8203;arianizadi](https://togithub.com/arianizadi))\r\n\r\n***\r\n\r\n<a href=\"https://charm.sh/\"><img alt=\"The Charm logo\"\r\nsrc=\"https://stuff.charm.sh/charm-badge.jpg\" width=\"400\"></a>\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.technology/@&#8203;charm), or on\r\n[Discord](https://charm.sh/chat).\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQxMy4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->","shortMessageHtmlLink":"fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 ("}},{"before":"8934cdeecdeccfc09f9d70a28f18e060258f95a2","after":"8b7dfd2c6520f71f8c2a678c7a1377c61c9876d0","ref":"refs/heads/main","pushedAt":"2024-06-24T06:57:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"hogo6002","name":"Holly Gong","path":"/hogo6002","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/39108850?s=80&v=4"},"commit":{"message":"Combine Debian unimportant count logs (#1067)\n\nRemove redundant log messages and fix style.","shortMessageHtmlLink":"Combine Debian unimportant count logs (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2369366952\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1067\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1067/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1067\">#1067</a>)"}},{"before":"f40457e6c0e8360b0e1d260b8fd8e57e26d4689a","after":"8934cdeecdeccfc09f9d70a28f18e060258f95a2","ref":"refs/heads/main","pushedAt":"2024-06-24T06:29:15.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update tests to support go version changes (#1065)\n\nUsing a different Go version changes where the affected line is in the\r\nstdlib, so let's just set it to -1 to make it easier for local\r\ndevelopment with newer go versions","shortMessageHtmlLink":"Update tests to support go version changes (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2369276779\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1065\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1065/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1065\">#1065</a>)"}},{"before":"7951a7b1e97fdbfc5835401a68a4a07a218c3124","after":"f40457e6c0e8360b0e1d260b8fd8e57e26d4689a","ref":"refs/heads/main","pushedAt":"2024-06-24T02:18:56.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix: only care about ecosystem suffix if present in both ecosystems when determining equality (#1007)\n\nThis changes how we compare ecosystems so that the suffix is only\r\nconsidered when it is present for _both_ ecosystems being compared,\r\nsince we can't reliably extract that.\r\n\r\nResolves #769","shortMessageHtmlLink":"fix: only care about ecosystem suffix if present in both ecosystems w…"}},{"before":"46aee59befed6edb5fc737ef35b5febf987cffa9","after":"7951a7b1e97fdbfc5835401a68a4a07a218c3124","ref":"refs/heads/main","pushedAt":"2024-06-24T02:18:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"refactor: enable `revive/indent-error-flow` (#997)\n\nThis enables the\r\n[`indent-error-flow`](https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md#indent-error-flow)\r\nrule from `revive`, which flags redundant `else` statements.\r\n\r\n---\r\n\r\nIt turns out that by configuring `revive`, we actually inadvertently\r\ndisabled all of its rules, and there are a few we're failing on that I\r\nthink are worth re-enabling - this is one of them","shortMessageHtmlLink":"refactor: enable <code>revive/indent-error-flow</code> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2319955776\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/997\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/997/hovercard\" href=\"https://github.com/google/osv-scanner/pull/997\">#997</a>)"}},{"before":"aa7f99936ad0a0584bea06201e10517dc5aedbaa","after":"c406ca1faeeeae93402b03edd65c8323d46ac042","ref":"refs/heads/docs","pushedAt":"2024-06-21T04:46:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Update docs for 1.8.0/1.8.1 (#1058)\n\nHad to fix a bunch of merge conflicts :face_with_diagonal_mouth:\r\n\r\n---------\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nSigned-off-by: Hayley Denbraver <denbraver@google.com>\r\nSigned-off-by: Omri Bornstein <omribor@gmail.com>\r\nSigned-off-by: Tuan Anh Tran <me@tuananh.org>\r\nSigned-off-by: Rui Chen <rui@chenrui.dev>\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>\r\nCo-authored-by: Jukka Taimisto <jtaimisto@gmail.com>\r\nCo-authored-by: Mend Renovate <bot@renovateapp.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>\r\nCo-authored-by: josieang <32358891+josieang@users.noreply.github.com>\r\nCo-authored-by: Hayley Denbraver <denbraver@google.com>\r\nCo-authored-by: Giovanni Bozzano <giovanni.bozzano.1996@gmail.com>\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>\r\nCo-authored-by: Gareth Jones <Jones258@Gmail.com>\r\nCo-authored-by: Jahan Chaware <89186322+geekNero@users.noreply.github.com>\r\nCo-authored-by: Holly Gong <39108850+hogo6002@users.noreply.github.com>\r\nCo-authored-by: Billie Lynch <29699289+billielynch@users.noreply.github.com>\r\nCo-authored-by: Omri Bornstein <omribor@gmail.com>\r\nCo-authored-by: Rob Ramsay <robert.ramsay.nz@gmail.com>\r\nCo-authored-by: Dana Sherson <robot@dana.sh>\r\nCo-authored-by: Rex P <rexpan@google.com>\r\nCo-authored-by: DavidKorczynski <david@adalogics.com>\r\nCo-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>\r\nCo-authored-by: Tuan Anh Tran <me@tuananh.org>\r\nCo-authored-by: Omer Cohen <git@omer.io>\r\nCo-authored-by: Max Moroz <dor3s1@gmail.com>\r\nCo-authored-by: Pierre Pronchery <khorben@defora.org>\r\nCo-authored-by: Éric Falconnier <eric@zentral.com>\r\nCo-authored-by: Rui Chen <rui@chenrui.dev>","shortMessageHtmlLink":"Update docs for 1.8.0/1.8.1 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2365649907\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1058\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1058/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1058\">#1058</a>)"}},{"before":"1bd8400b8dfffcd894c301a32b94fa97e4d8415c","after":"46aee59befed6edb5fc737ef35b5febf987cffa9","ref":"refs/heads/main","pushedAt":"2024-06-21T02:22:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Make 1.8.1 release (#1056)\n\nThe goreleaser action was broken so I cannot release the 1.8.0 tag.\r\n\r\nI've just re-labelled 1.8.0 -> 1.8.1 in the changelog (since there's no\r\nactual difference between them), but let me know if you would prefer to\r\nhave both.\r\n\r\n---------\r\n\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>","shortMessageHtmlLink":"Make 1.8.1 release (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2365484857\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1056\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1056/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1056\">#1056</a>)"}},{"before":"0bb73a6a918c6d06e5b2a70f91b8321e008c81a8","after":"1bd8400b8dfffcd894c301a32b94fa97e4d8415c","ref":"refs/heads/main","pushedAt":"2024-06-21T02:14:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: bump goreleaser to v2 (#1054)\n\nfollowup https://github.com/google/osv-scanner/pull/1052\r\n\r\nSigned-off-by: Rui Chen <rui@chenrui.dev>","shortMessageHtmlLink":"feat: bump goreleaser to v2 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2364994680\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1054\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1054/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1054\">#1054</a>)"}},{"before":"2d1181a69fdf3263083dd8e3c7ae0feceae859fb","after":null,"ref":"refs/tags/v1.8.0","pushedAt":"2024-06-20T06:27:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"}},{"before":"b6c00baad38ff80c547805986fa472ac6a931ec7","after":null,"ref":"refs/heads/michaelkedar-patch-1","pushedAt":"2024-06-20T06:25:39.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"}},{"before":"2d1181a69fdf3263083dd8e3c7ae0feceae859fb","after":"0bb73a6a918c6d06e5b2a70f91b8321e008c81a8","ref":"refs/heads/main","pushedAt":"2024-06-20T06:25:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Update goreleaser.yml (#1052)\n\n`--rm-dist` was deprecated in favor of `--clean`","shortMessageHtmlLink":"Update goreleaser.yml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2363617660\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1052\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1052/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1052\">#1052</a>)"}},{"before":"2d1181a69fdf3263083dd8e3c7ae0feceae859fb","after":null,"ref":"refs/tags/v1.8.0","pushedAt":"2024-06-20T06:25:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"}},{"before":null,"after":"b6c00baad38ff80c547805986fa472ac6a931ec7","ref":"refs/heads/michaelkedar-patch-1","pushedAt":"2024-06-20T06:21:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Update goreleaser.yml\n\n`--rm-dist` was deprecated in favor of `--clean`","shortMessageHtmlLink":"Update goreleaser.yml"}},{"before":"62fedd4ce93aecd621633d107a4c23f18efa5a44","after":"2d1181a69fdf3263083dd8e3c7ae0feceae859fb","ref":"refs/heads/main","pushedAt":"2024-06-20T05:58:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"v1.8.0 Changelog (#1050)\n\nPrepare for release","shortMessageHtmlLink":"v1.8.0 Changelog (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2363299140\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1050\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1050/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1050\">#1050</a>)"}},{"before":"b47f43befda774e7347d4cad6031ac0d1ee51ac3","after":"62fedd4ce93aecd621633d107a4c23f18efa5a44","ref":"refs/heads/main","pushedAt":"2024-06-20T05:58:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Add documentation for the configuration. (#1051)\n\nAdd documentation for the newly added config package override feature\r\n#814","shortMessageHtmlLink":"Add documentation for the configuration. (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2363320256\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1051\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1051/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1051\">#1051</a>)"}},{"before":"27db6bf0371d6adba462d8b38399031344cebcfa","after":"b47f43befda774e7347d4cad6031ac0d1ee51ac3","ref":"refs/heads/main","pushedAt":"2024-06-19T01:29:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Update documentation for transitive dependency scanning (#1040)","shortMessageHtmlLink":"Update documentation for transitive dependency scanning (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2352294405\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1040\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1040/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1040\">#1040</a>)"}},{"before":"d55ad07c5584a10eaa1b8116d0ca285d7c24d9e3","after":"27db6bf0371d6adba462d8b38399031344cebcfa","ref":"refs/heads/main","pushedAt":"2024-06-19T01:28:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"Invoke `MavenResolverExtrator` when scanning pom.xml (#1028)\n\nhttps://github.com/google/osv-scanner/issues/35\r\n\r\nIn this PR, `MavenResolverExtrator` is invoked when scanning pom.xml to\r\nreport vulnerabilities in transitive dependencies.\r\nHowever, the default Maven extractor is still being used with offline\r\nmode.","shortMessageHtmlLink":"Invoke <code>MavenResolverExtrator</code> when scanning pom.xml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2335218300\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv-scanner/issues/1028\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv-scanner/pull/1028/hovercard\" href=\"https://github.com/google/osv-scanner/pull/1028\">#1028</a>)"}},{"before":"4bfcfd8d45552a0558081ecee29cf0130030c101","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/internal/remediation/fixtures/santatracker/npm_and_yarn-125f335dd2","pushedAt":"2024-06-18T05:25:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEcYUlhgA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv-scanner"}