build(deps): bump golang.org/x/vuln from 1.1.0 to 1.1.1 in /tools (#1440

) Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.0 to 1.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/vuln/releases">golang.org/x/vuln's releases</a>.</em></p> <blockquote> <h2>v1.1.1</h2> <p>This release brings some minor improvements to govulncheck textual output and performance optimizations for <code>package</code> and <code>module</code> scan modes.</p> <p>The major change brought by this release is the support for <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif">SARIF</a> output format.</p> <h2>Integration</h2> <p>Govulncheck now supports <a href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif">Static Analysis Results Interchange Format</a> (SARIF) output format via <code>-format sarif</code> flag option. Please see <a href="https://pkg.go.dev/golang.org/x/[email protected]/internal/sarif">here</a> for more details on the actual encoding.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/vuln/commit/486fd2384a39a632a0e5b003e1840d49d1db7e86"><code>486fd23</code></a> all: remove unit tests for staticcheck, unparam, and spellcheck</li> <li><a href="https://github.com/golang/vuln/commit/6b0fd5601b4a69285e464ec05957800bf63e4d0e"><code>6b0fd56</code></a> internal/sarif,cmd/govulncheck: publicize sarif</li> <li><a href="https://github.com/golang/vuln/commit/7b455eea68df4fad0d78f08d7811f818426afc30"><code>7b455ee</code></a> internal/vulncheck: load source code for scan symbol mode only</li> <li><a href="https://github.com/golang/vuln/commit/7ed0faae83da959585ab1226aedda8b2e1eff849"><code>7ed0faa</code></a> all: update golang.org/x/tools</li> <li><a href="https://github.com/golang/vuln/commit/122c809ebf2367fd3394cfcc7d9459ce708052c9"><code>122c809</code></a> internal/vulncheck: emit progress message instead of warning</li> <li><a href="https://github.com/golang/vuln/commit/d837ff86426137299700241b0997c011091800ff"><code>d837ff8</code></a> internal/scan: improve textual output for binary traces</li> <li><a href="https://github.com/golang/vuln/commit/4a8a6ffa0362e038bb7b9d56cc2fe09d0e4fd5ff"><code>4a8a6ff</code></a> internal/buildinfo: avoid panic on nil symbol for elf</li> <li><a href="https://github.com/golang/vuln/commit/052eac784b099e7cc1a3864eb927288b196f2000"><code>052eac7</code></a> internal/sarif: improve GOMODCACHE relative paths</li> <li><a href="https://github.com/golang/vuln/commit/93d3090660cdfbfe5dfa57dfc366438d35283648"><code>93d3090</code></a> internal/sarif: add version to module info for locations</li> <li><a href="https://github.com/golang/vuln/commit/0e39fee41378bbb3678d501b1b19193c0060f540"><code>0e39fee</code></a> internal/sarif: remove originalURIBaseIds</li> <li>Additional commits viewable in <a href="https://github.com/golang/vuln/compare/v1.1.0...v1.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/vuln&package-manager=go_modules&previous-version=1.1.0&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
uber-go · Jun 6, 2024 · 2da446f · 2da446f
1 parent 8a805fa
commit 2da446f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/tools/go.mod b/tools/go.mod
@@ -1,11 +1,11 @@
 module go.uber.org/zap/tools
 
-require golang.org/x/vuln v1.1.0
+require golang.org/x/vuln v1.1.1
 
 require (
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/tools v0.20.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7 // indirect
 )
 
 go 1.20
diff --git a/tools/go.sum b/tools/go.sum
@@ -1,11 +1,11 @@
 github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
 golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
-golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
-golang.org/x/vuln v1.1.0 h1:ECEdI+aEtjpF90eqEcDL5Q11DWSZAw5PJQWlp0+gWqc=
-golang.org/x/vuln v1.1.0/go.mod h1:HT/Ar8fE34tbxWG2s7PYjVl+iIE4Er36/940Z+K540Y=
+golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7 h1:DnP3aRQn/r68glNGB8/7+3iE77jA+YZZCxpfIXx2MdA=
+golang.org/x/tools v0.21.1-0.20240514024235-59d9797072e7/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/vuln v1.1.1 h1:4nYQg4OSr7uYQMtjuuYqLAEVuTjY4k/CPMYqvv5OPcI=
+golang.org/x/vuln v1.1.1/go.mod h1:hNgE+SKMSp2wHVUpW0Ow2ejgKpNJePdML+4YjxrVxik=