Skip to content

fix(deps): update dependencies (minor)#101

Merged
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-updates
Jun 24, 2026
Merged

fix(deps): update dependencies (minor)#101
renovate[bot] merged 1 commit into
mainfrom
renovate/all-minor-updates

Conversation

@renovate

@renovate renovate Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
ginkgo v2.30.0v2.31.0 age confidence
github.com/onsi/ginkgo/v2 v2.30.0v2.31.0 age confidence
github.com/onsi/gomega v1.41.0v1.42.0 age confidence
osv-scanner v2.3.8v2.4.0 age confidence

Release Notes

onsi/ginkgo (ginkgo)

v2.31.0

Compare Source

2.31.0

Add a bunch of Claude Skills via the marketplace:

/plugin marketplace add onsi/ginkgo
/plugin install ginkgo@ginkgo
onsi/gomega (github.com/onsi/gomega)

v1.42.0

Compare Source

1.42.0

Add a set of Claude skill as a marketplace plugin

google/osv-scanner (osv-scanner)

v2.4.0

Compare Source

Features:
  • Feature #​2815 Add support for the CycloneDX 1.7 specification (bumps cyclonedx-go to v0.11.0).
  • Feature #​2799 Enable .csproj and Central Package Management (nugetcpm) source scanning plugins by default.
  • Feature #​2871 Extract and parse Alpine OS distro version (e.g. Alpine:v3.17, Alpine:edge) from PURL distro qualifiers to scan packages under their respective Alpine ecosystems.
  • Feature #​2801 Enable the swift/packageresolved plugin by default to support SwiftURL vulnerability scans.
  • Feature #​2666 Add a Docker-based variant of the pre-commit hook in .pre-commit-hooks.yaml to avoid local compilation.
  • Feature #​2637 Add a new configuration setting ScanGoModVersion (disabled by default) to avoid parsing toolchain version directives directly from go.mod, preventing misleading warnings.
  • Feature #​2772 Scan container images built with Canonical Chisel by enabling the os/chisel extractor plugin.
Fixes:
  • Bug #​2807 Sanitize package name, source, and version fields in the vertical output format to prevent GitHub Actions workflow command injection vulnerabilities from crafted lock files.
  • Bug #​2876 Improve HTML scan report usability by supporting standard click modifiers (Ctrl/Cmd/middle click) to open vulnerabilities in new tabs, and preserving scroll position when switching tabs.
  • Bug #​2783 Keep transitive dependency scanning enabled when specifying the --offline-vulnerabilities flag.
  • Bug #​2808 Deduplicate equivalent OSV matcher requests before executing bulk queries to reduce API overhead.
  • Bug #​2837 Prevent panics during offline matcher scans (e.g. on unsupported GitHub Actions ecosystem) by avoiding parsing errors when checking version ranges.
  • Bug #​2836 Ensure the scanner returns an exit code of 0 when --help or -h is explicitly requested.
Misc:
  • Update Go version to 1.26.4.
  • Update osv-scalibr to v0.4.6-0.20260612031204-164402d9140e.
  • Tag built Docker and GitHub Action images with the major version (e.g. :v2) to allow users to pin to a major version (#​2857).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "before 5am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added ok-to-helm PR is allowed to build an publish helm chart ok-to-image PR is allowed to run container build labels Jun 22, 2026
@renovate renovate Bot enabled auto-merge June 22, 2026 02:15
@renovate renovate Bot added the ok-to-image PR is allowed to run container build label Jun 22, 2026
@coveralls

coveralls commented Jun 22, 2026

Copy link
Copy Markdown

Coverage Report for CI Build 28084153505

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage remained the same at 27.101%

Details

  • Coverage remained the same as the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.


Coverage Stats

Coverage Status
Relevant Lines: 476
Covered Lines: 129
Line Coverage: 27.1%
Coverage Strength: 0.72 hits per line

💛 - Coveralls

@renovate renovate Bot force-pushed the renovate/all-minor-updates branch from 2d07c0f to 20d37e3 Compare June 24, 2026 08:00

@trevex trevex left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@renovate renovate Bot merged commit 91a7065 into main Jun 24, 2026
8 checks passed
@renovate renovate Bot deleted the renovate/all-minor-updates branch June 24, 2026 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-helm PR is allowed to build an publish helm chart ok-to-image PR is allowed to run container build

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants