{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":565629124,"defaultBranch":"main","name":"osv-scanner","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-11-14T01:05:20.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726033728.0","currentOid":""},"activityList":{"items":[{"before":"570480614f1ed352328ac6ca2ccee9deff685c97","after":"46ab63d7d1f5ad10db4ea27c5b76181d1aa70f5c","ref":"refs/heads/main","pushedAt":"2024-09-20T06:14:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"refactor: Follow revive rules across the repo (#1263)\n\nFollowup to #1259 \r\n\r\nResolves #1257","shortMessageHtmlLink":"refactor: Follow revive rules across the repo (#1263)"}},{"before":"1856adda556e99a5aec08d99c9ae9b028ddc8b6d","after":"570480614f1ed352328ac6ca2ccee9deff685c97","ref":"refs/heads/main","pushedAt":"2024-09-20T04:51:19.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore: make guided remediation follow revive's default lint rules (#1259)\n\nHelping with #1257\r\nChanged the guided remediation code (`cmd/osv-scanner/fix`, and\r\n`internal/resolution`, `remediation` and `tui`) to fix lint errors found\r\nwhen using `revive`'s default settings. All of this is internal, so\r\nthere's no API breakages.\r\n\r\nIt was mostly `unexported-return` and stuttering complaints (e.g.\r\n`resolution.ResolutionResult` -> `resolution.Result`), so a bunch of\r\nstructs have been renamed.","shortMessageHtmlLink":"chore: make guided remediation follow revive's default lint rules (#1259"}},{"before":"c3295de04dadb4a5096fa3d90c777234f933d398","after":"1856adda556e99a5aec08d99c9ae9b028ddc8b6d","ref":"refs/heads/main","pushedAt":"2024-09-18T23:51:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"refactor(guided remediation): Take `PreFetch` out of `DependencyClient` interface and prevent repeated datasource network calls (#1224)\n\nWhat I mentioned in\r\nhttps://github.com/google/osv-scanner/pull/1207#discussion_r1733737395\r\n\r\nMake `PreFetch` a standalone function that takes in a client that uses\r\nevery `DependencyClient` method call.\r\nSince the underlying datasources tend to use the same request for\r\nmultiple methods, I've made a `requestCache` type that uses logic based\r\non the\r\n[singleflight](https://cs.opensource.google/go/x/sync/+/refs/tags/v0.8.0:singleflight/singleflight.go;l=91)\r\npackage to prevent the same requests being made multiple times. I've\r\nsimplified it a bit by skipping the bespoke handling of panics /\r\n`runtime.Goexit`.","shortMessageHtmlLink":"refactor(guided remediation): Take PreFetch out of `DependencyClien…"}},{"before":"89c5953fb05e418424dcb7b55b120a812b9c9d6a","after":"c3295de04dadb4a5096fa3d90c777234f933d398","ref":"refs/heads/main","pushedAt":"2024-09-18T04:44:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: pin `amannn/action-semantic-pull-request` to a commit (#1256)\n\nI noticed that this hasn't been pinned, which it should be to make\r\nscorecard happier","shortMessageHtmlLink":"ci: pin amannn/action-semantic-pull-request to a commit (#1256)"}},{"before":"caeca392c7b9dffa574fc97b17e36e4ce60e94d0","after":"89c5953fb05e418424dcb7b55b120a812b9c9d6a","ref":"refs/heads/main","pushedAt":"2024-09-18T04:43:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"ci: pin `actions/stale` to a commit (#1255)\n\nI noticed that this hasn't been pinned, which it should be to make\r\nscorecard happier\r\n\r\nCo-authored-by: Rex P <106129829+another-rex@users.noreply.github.com>","shortMessageHtmlLink":"ci: pin actions/stale to a commit (#1255)"}},{"before":"76a40a016eb41165a3e8d2ae6260f4750ec98201","after":"caeca392c7b9dffa574fc97b17e36e4ce60e94d0","ref":"refs/heads/main","pushedAt":"2024-09-18T04:40:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"test: update snapshots with new security vulnerabilities (#1254)\n\nJust in time for some things to be landed on main 😂","shortMessageHtmlLink":"test: update snapshots with new security vulnerabilities (#1254)"}},{"before":"02dd87eeaa8fce0026ce77ded482ddb3f6f2f23c","after":"76a40a016eb41165a3e8d2ae6260f4750ec98201","ref":"refs/heads/main","pushedAt":"2024-09-18T02:47:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore: deprecate parser functions in favor of their extract equivalents (#1253)\n\nI think it's time to start getting the word out...\r\n\r\nResolves #1021","shortMessageHtmlLink":"chore: deprecate parser functions in favor of their extract equivalen…"}},{"before":"bc35854ad2981429bbd4181d358e8e96a2490cc4","after":"02dd87eeaa8fce0026ce77ded482ddb3f6f2f23c","ref":"refs/heads/main","pushedAt":"2024-09-18T02:43:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"refactor: simplify and reuse `tryLoadConfig` (#1248)\n\n`toml.DecodeFile` does literally what we're doing except without the\r\ncustom error messages, which I don't think should matter as we don't\r\nintentionally expose those as an actual API; there also doesn't seem to\r\nbe anything special about what `UseOverride` is doing to prevent it from\r\nusing `tryLoadConfig`.\r\n\r\nThis will mean error output will probably have changed slightly, but it\r\nshould still be accurate and we're not purposely providing custom or\r\ndedicated errors in this package so I don't think it should be\r\nconsidered breaking.","shortMessageHtmlLink":"refactor: simplify and reuse tryLoadConfig (#1248)"}},{"before":"60609a478435ac5e632ae154fc0dcccec0e6b569","after":"bc35854ad2981429bbd4181d358e8e96a2490cc4","ref":"refs/heads/main","pushedAt":"2024-09-16T05:20:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"test: ensure `cmp.Diff` usage is consistent (#1251)\n\nThe examples in the docs suggest passing `want, got` rather the other\r\nway around which we're already mostly doing but have a few cases where\r\nwe're not - likewise with the messaging we've been mostly consistent\r\nbetween three slightly different phrasing, which I've updated to always\r\nbe `(-want +got)` which is what's in the example for `cmp.Diff`","shortMessageHtmlLink":"test: ensure cmp.Diff usage is consistent (#1251)"}},{"before":"12eefba8a2e93b4af3cc3676edc9a2959a00d6f6","after":"60609a478435ac5e632ae154fc0dcccec0e6b569","ref":"refs/heads/main","pushedAt":"2024-09-16T04:54:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"test: restructure internal `config` cases and fixtures (#1250)\n\nThese tests are so old that they predate the repository itself and are\r\nnot giving the best coverage of what they say they're testing so I've\r\nrefactored them so that:\r\n- the fixtures now live in the package, since that's the only place\r\nthey're used\r\n- (we could probably improve this a bit further, but I've not done\r\nanything extra for now as I don't think it's as important)\r\n - the tests are now laid out as tables and run in parallel\r\n- methods are being tested independently, and with improved comparators\r\n - include a few missing cases such as when the file is missing","shortMessageHtmlLink":"test: restructure internal config cases and fixtures (#1250)"}},{"before":"84f1a961ec47263182cf1d9a1868df92b52eae7a","after":"12eefba8a2e93b4af3cc3676edc9a2959a00d6f6","ref":"refs/heads/main","pushedAt":"2024-09-16T01:33:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix: don't assume there's always a reason for a package being filtered out (#1241)\n\nCurrently if you don't provide a reason for an override the scanner will\r\njust output \"because: \" which looks weird and results in a trailing\r\nspace in our snapshots which IDEs try to trim.\r\n\r\nSince we want to encourage people to provide a reason, I've changed the\r\nscanner to explicitly state \"(no reason provided)\" in this situation","shortMessageHtmlLink":"fix: don't assume there's always a reason for a package being filtere…"}},{"before":"6f61445b22e99d3a0a3ffb5dad7b723a9fa84964","after":"84f1a961ec47263182cf1d9a1868df92b52eae7a","ref":"refs/heads/docs","pushedAt":"2024-09-16T01:27:02.000Z","pushType":"push","commitsCount":11,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: Copy over dark docs theming from osv.dev (#1245)\n\nSee preview here: https://another-rex.github.io/osv-scanner/","shortMessageHtmlLink":"feat: Copy over dark docs theming from osv.dev (#1245)"}},{"before":"3dceabd1c013321b3d80bf059b189d9298d49270","after":"84f1a961ec47263182cf1d9a1868df92b52eae7a","ref":"refs/heads/main","pushedAt":"2024-09-16T01:24:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: Copy over dark docs theming from osv.dev (#1245)\n\nSee preview here: https://another-rex.github.io/osv-scanner/","shortMessageHtmlLink":"feat: Copy over dark docs theming from osv.dev (#1245)"}},{"before":"eccb9a2ba273ba56af6ecea047a98f6ca875e581","after":"3dceabd1c013321b3d80bf059b189d9298d49270","ref":"refs/heads/main","pushedAt":"2024-09-16T00:55:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix: announce when a config file is invalid and exit with a non-zero code (#1242)\n\nWhen looking into some other config stuff I realised the current loading\r\nlogic just assumes that an error is because a config doesn't exist and\r\nsilently falls back to the default one, when really it could be that\r\nthere is a config but it's invalid","shortMessageHtmlLink":"fix: announce when a config file is invalid and exit with a non-zero …"}},{"before":"0401f79da4454f673dc362146cb236d37e37c877","after":"eccb9a2ba273ba56af6ecea047a98f6ca875e581","ref":"refs/heads/main","pushedAt":"2024-09-16T00:54:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#1247)\n\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| [actions/setup-java](https://redirect.github.com/actions/setup-java) |\r\naction | minor | `v4.2.2` -> `v4.3.0` |\r\n|\r\n[github/codeql-action](https://redirect.github.com/github/codeql-action)\r\n| action | patch | `v3.26.6` -> `v3.26.7` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/setup-java (actions/setup-java)\r\n\r\n###\r\n[`v4.3.0`](https://redirect.github.com/actions/setup-java/compare/v4.2.2...v4.3.0)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/actions/setup-java/compare/v4.2.2...v4.3.0)\r\n\r\n
\r\n\r\n
\r\ngithub/codeql-action (github/codeql-action)\r\n\r\n###\r\n[`v3.26.7`](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/github/codeql-action/compare/v3.26.6...v3.26.7)\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config\r\nhelp](https://redirect.github.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n","shortMessageHtmlLink":"chore(deps): update workflows (#1247)"}},{"before":"19e0abe3dea87c958c3cbe79bc20a304242a24f7","after":"0401f79da4454f673dc362146cb236d37e37c877","ref":"refs/heads/main","pushedAt":"2024-09-16T00:53:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#1246)\n\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence | Type |\r\nUpdate |\r\n|---|---|---|---|---|---|---|---|\r\n|\r\n[github.com/CycloneDX/cyclonedx-go](https://redirect.github.com/CycloneDX/cyclonedx-go)\r\n| `v0.9.0` -> `v0.9.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.0/v0.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fCycloneDX%2fcyclonedx-go/v0.9.0/v0.9.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | patch |\r\n|\r\n[github.com/charmbracelet/bubbletea](https://redirect.github.com/charmbracelet/bubbletea)\r\n| `v1.1.0` -> `v1.1.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbletea/v1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbletea/v1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbletea/v1.1.0/v1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbletea/v1.1.0/v1.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | patch |\r\n|\r\n[github.com/ianlancetaylor/demangle](https://redirect.github.com/ianlancetaylor/demangle)\r\n| `81f5be9` -> `0a2b629` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240912202439-0a2b6291aafd?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240912202439-0a2b6291aafd?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240805132620-81f5be970eca/v0.0.0-20240912202439-0a2b6291aafd?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fianlancetaylor%2fdemangle/v0.0.0-20240805132620-81f5be970eca/v0.0.0-20240912202439-0a2b6291aafd?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | digest |\r\n| [google.golang.org/grpc](https://redirect.github.com/grpc/grpc-go) |\r\n`v1.66.1` -> `v1.66.2` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.66.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.66.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.66.1/v1.66.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.66.1/v1.66.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | patch |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nCycloneDX/cyclonedx-go\r\n(github.com/CycloneDX/cyclonedx-go)\r\n\r\n###\r\n[`v0.9.1`](https://redirect.github.com/CycloneDX/cyclonedx-go/releases/tag/v0.9.1)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/CycloneDX/cyclonedx-go/compare/v0.9.0...v0.9.1)\r\n\r\n#### Changelog\r\n\r\n##### Fixes\r\n\r\n-\r\n[`6f0e0cf`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/6f0e0cf025dd99ab903e33f8e043d92b28dab4f6):\r\nfix: `nil` pointer dereference during evidence conversion\r\n([@​nscuro](https://redirect.github.com/nscuro))\r\n-\r\n[`ce43b6f`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/ce43b6f4cb5707d3ef2db1af1d597f5b23bf0e15):\r\nfix: make linter happy\r\n([@​nscuro](https://redirect.github.com/nscuro))\r\n-\r\n[`5d799e6`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/5d799e634b9bed9c86621048544737b210e433e8):\r\nfix: remove deprecated goreleaser flag\r\n([@​nscuro](https://redirect.github.com/nscuro))\r\n\r\n##### Building and Packaging\r\n\r\n-\r\n[`6d5bcb0`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/6d5bcb0e277207551dbc728eb29959f1d3cbd685):\r\nbuild(deps): bump actions/checkout from 4.1.6 to 4.1.7\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n-\r\n[`f34fc0c`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/f34fc0c413da74d20d1cc240863aaf2eb6b274f7):\r\nbuild(deps): bump actions/setup-go from 5.0.1 to 5.0.2\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n-\r\n[`71cff22`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/71cff221b8dbbc1d50f839fa76ecea4e42d83a2b):\r\nbuild(deps): bump gitpod/workspace-go from `8d15123` to `2a9e01c`\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n-\r\n[`ea69355`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/ea693550558d230b3fbba810b6e75ac2eb0b55c8):\r\nbuild(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n-\r\n[`d5cbdad`](https://redirect.github.com/CycloneDX/cyclonedx-go/commit/d5cbdad49dfbf54f2dab4ad95bd1a47c710a526c):\r\nbuild(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n\r\n
\r\n\r\n
\r\ncharmbracelet/bubbletea\r\n(github.com/charmbracelet/bubbletea)\r\n\r\n###\r\n[`v1.1.1`](https://redirect.github.com/charmbracelet/bubbletea/releases/tag/v1.1.1)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/charmbracelet/bubbletea/compare/v1.1.0...v1.1.1)\r\n\r\n### Don't panic!\r\n\r\nPanicking is a part of life…and a part of workin’ in Go. This release\r\naddresses two edge cases where a `panic()` could tank Bubble Tea and\r\nbreak your terminal:\r\n\r\n#### Panics outside of Bubble Tea\r\n\r\nIf a panic occurs outside of Bubble Tea you can use\r\n[`Program.Kill`](https://pkg.go.dev/github.com/charmbracelet/bubbletea#Program.Kill)\r\nto restore the terminal state before exiting:\r\n\r\n```go\r\nfunc main() {\r\n\tp := tea.NewProgram(model{})\r\n\r\n\tgo func() {\r\n\t\ttime.Sleep(3 * time.Second)\r\n\t\tdefer p.Kill()\r\n\t\tpanic(\"Urgh\")\r\n\t}()\r\n\r\n\tif _, err := p.Run(); err != nil {\r\n\t\tlog.Fatal(err)\r\n\t}\r\n}\r\n```\r\n\r\n#### Panics in Cmds\r\n\r\nIf a panic occurs in a `Cmd` Bubble Tea will now automatically restore\r\nthe terminal to its natural state before exiting.\r\n\r\n```go\r\ntype model struct{}\r\n\r\n// This command will totally panic.\r\nfunc pancikyCmd() tea.Msg {\r\n\tpanic(\"Oh no! Jk.\")\r\n}\r\n\r\nfunc (m model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {\r\n\tswitch msg := msg.(type) {\r\n\tcase tea.KeyMsg:\r\n\t\tswitch msg.String() {\r\n\t\tcase \"enter\":\r\n\t\t\t// Panic time! But everything will be OK.\r\n\t\t\treturn m, pancikyCmd\r\n\t\t}\r\n\t}\r\n\treturn m, nil\r\n}\r\n```\r\n\r\nHappy panicking (if that makes any sense).\r\n\r\n#### Changelog\r\n\r\n##### Fixed!\r\n\r\n-\r\n[`0589921`](https://redirect.github.com/charmbracelet/bubbletea/commit/0589921d2e5a1ee33e0dba1d54836946e78fe059):\r\nfix: recover from panics within cmds\r\n([@​aymanbagabas](https://redirect.github.com/aymanbagabas))\r\n-\r\n[`6e71f52`](https://redirect.github.com/charmbracelet/bubbletea/commit/6e71f52a8add0fdeba202d4e1bdd289182b156ac):\r\nfix: restore the terminal on kill\r\n([@​aymanbagabas](https://redirect.github.com/aymanbagabas))\r\n\r\n***\r\n\r\n\"The\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.technology/@​charm), or on\r\n[Discord](https://charm.sh/chat).\r\n\r\n
\r\n\r\n
\r\ngrpc/grpc-go (google.golang.org/grpc)\r\n\r\n###\r\n[`v1.66.2`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.66.2):\r\nRelease 1.66.2\r\n\r\n[Compare\r\nSource](https://redirect.github.com/grpc/grpc-go/compare/v1.66.1...v1.66.2)\r\n\r\n### Dependencies\r\n\r\n- Remove unintentional dependency on the `testing` package\r\n([#​7579](https://redirect.github.com/grpc/grpc-go/issues/7579))\r\n- Remove unintentional dependency on the `flate` package\r\n([#​7595](https://redirect.github.com/grpc/grpc-go/issues/7595))\r\n- Special Thanks: [@​ash2k](https://redirect.github.com/ash2k)\r\n\r\n### Bug Fixes\r\n\r\n- client: fix a bug that prevented memory reuse after handling unary\r\nRPCs\r\n([#​7571](https://redirect.github.com/grpc/grpc-go/issues/7571))\r\n- Special Thanks: [@​coxley](https://redirect.github.com/coxley)\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config\r\nhelp](https://redirect.github.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (#1246)"}},{"before":"308a7bf7138bde6360ee11ea9003a4c47a8e3c69","after":"19e0abe3dea87c958c3cbe79bc20a304242a24f7","ref":"refs/heads/main","pushedAt":"2024-09-13T05:28:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: allow explicitly ignoring the license of a package in config (#1243)\n\nThis allows you to configure the scanner to completely ignore the\r\nlicense of a package in a way that is explicit, as oppose to configuring\r\n`license.overrides` to set the package license to an allowed one.\r\n\r\nResolves #1124","shortMessageHtmlLink":"feat: allow explicitly ignoring the license of a package in config (#…"}},{"before":"f8953ffd0b0ac78f0228f6cae873cf1b8eee4e95","after":"308a7bf7138bde6360ee11ea9003a4c47a8e3c69","ref":"refs/heads/main","pushedAt":"2024-09-13T04:23:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"feat(guided remediation): remediate unresolved dependency management vulns (#1235)\n\nAdds functionality to allow guided remediation to fix vulns in\r\n`dependencyManagement` dependencies that do not appear in the resolved\r\ndependency graph of the POM - useful for 'remediating' POMs without any\r\nactual dependencies.\r\n\r\nI've accomplished this by checking if each of the original management\r\ndependencies (*excluding* those inherited from parents) appear in the\r\ngraph after the initial resolution. If they're missing, I add them to\r\nthe graph as direct dependencies (not resolving their transitive\r\ndependencies).\r\n\r\nThis behaviour is disabled by default, and I've added a\r\n`--maven-fix-management` flag to enable it. I was going to try combine\r\nthis and `--ignore-dev` into a `--groups` flag but it seemed like it\r\nwould be a bit too complicated.","shortMessageHtmlLink":"feat(guided remediation): remediate unresolved dependency management …"}},{"before":"c2124e52b31678b909614cee1a6b591fa61f786f","after":"f8953ffd0b0ac78f0228f6cae873cf1b8eee4e95","ref":"refs/heads/main","pushedAt":"2024-09-11T06:30:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update alpine:3.20 docker digest to beefdbd (#1230)\n\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| alpine | final | digest | `0a4eaa0` -> `beefdbd` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update alpine:3.20 docker digest to beefdbd (#1230)"}},{"before":"b9b1b986b6a7a7191f0e1b8018e73c0f79f8c9bf","after":"c2124e52b31678b909614cee1a6b591fa61f786f","ref":"refs/heads/main","pushedAt":"2024-09-11T06:29:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update golang docker tag to v1.23.1 (#1231)\n\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | patch | `1.23.0-alpine3.19` -> `1.23.1-alpine3.19` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update golang docker tag to v1.23.1 (#1231)"}},{"before":"5402211fb50d5c8049bb802be91a64c9a8d293a0","after":"b9b1b986b6a7a7191f0e1b8018e73c0f79f8c9bf","ref":"refs/heads/main","pushedAt":"2024-09-11T06:29:37.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): update workflows (#1205)\n\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n|\r\n[actions/setup-python](https://redirect.github.com/actions/setup-python)\r\n| action | minor | `v5.1.1` -> `v5.2.0` |\r\n|\r\n[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)\r\n| action | minor | `v4.3.6` -> `v4.4.0` |\r\n|\r\n[github/codeql-action](https://redirect.github.com/github/codeql-action)\r\n| action | patch | `v3.26.4` -> `v3.26.6` |\r\n| [ruby/setup-ruby](https://redirect.github.com/ruby/setup-ruby) |\r\naction | minor | `v1.190.0` -> `v1.191.0` |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/setup-python (actions/setup-python)\r\n\r\n###\r\n[`v5.2.0`](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0)\r\n\r\n
\r\n\r\n
\r\nactions/upload-artifact (actions/upload-artifact)\r\n\r\n###\r\n[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0)\r\n\r\n
\r\n\r\n
\r\ngithub/codeql-action (github/codeql-action)\r\n\r\n###\r\n[`v3.26.6`](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/github/codeql-action/compare/v3.26.5...v3.26.6)\r\n\r\n###\r\n[`v3.26.5`](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/github/codeql-action/compare/v3.26.4...v3.26.5)\r\n\r\n
\r\n\r\n
\r\nruby/setup-ruby (ruby/setup-ruby)\r\n\r\n###\r\n[`v1.191.0`](https://redirect.github.com/ruby/setup-ruby/releases/tag/v1.191.0)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/ruby/setup-ruby/compare/v1.190.0...v1.191.0)\r\n\r\n#### What's Changed\r\n\r\n- Add ruby-3.3.5 by\r\n[@​ruby-builder-bot](https://redirect.github.com/ruby-builder-bot)\r\nin\r\n[https://github.com/ruby/setup-ruby/pull/634](https://redirect.github.com/ruby/setup-ruby/pull/634)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ruby/setup-ruby/compare/v1.190.0...v1.191.0\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config\r\nhelp](https://redirect.github.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): update workflows (#1205)"}},{"before":"1d99551482b140361b1e2118c60cd6aff50961be","after":"5402211fb50d5c8049bb802be91a64c9a8d293a0","ref":"refs/heads/main","pushedAt":"2024-09-11T06:29:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"fix(deps): update osv-scanner minor (#1204)\n\nThis PR contains the following updates:\r\n\r\n| Package | Change | Age | Adoption | Passing | Confidence | Type |\r\nUpdate |\r\n|---|---|---|---|---|---|---|---|\r\n|\r\n[github.com/charmbracelet/bubbles](https://redirect.github.com/charmbracelet/bubbles)\r\n| `v0.19.0` -> `v0.20.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcharmbracelet%2fbubbles/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcharmbracelet%2fbubbles/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcharmbracelet%2fbubbles/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcharmbracelet%2fbubbles/v0.19.0/v0.20.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| golang.org/x/exp | `778ce7b` -> `701f63a` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/v0.0.0-20240909161429-701f63a606c0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/v0.0.0-20240909161429-701f63a606c0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20240822175202-778ce7bba035/v0.0.0-20240909161429-701f63a606c0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20240822175202-778ce7bba035/v0.0.0-20240909161429-701f63a606c0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | digest |\r\n| golang.org/x/mod | `v0.20.0` -> `v0.21.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fmod/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fmod/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fmod/v0.20.0/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fmod/v0.20.0/v0.21.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| golang.org/x/net | `v0.28.0` -> `v0.29.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fnet/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fnet/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fnet/v0.28.0/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fnet/v0.28.0/v0.29.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| golang.org/x/term | `v0.23.0` -> `v0.24.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fterm/v0.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fterm/v0.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fterm/v0.23.0/v0.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fterm/v0.23.0/v0.24.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n| [google.golang.org/grpc](https://redirect.github.com/grpc/grpc-go) |\r\n`v1.65.0` -> `v1.66.1` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/go/google.golang.org%2fgrpc/v1.66.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/google.golang.org%2fgrpc/v1.66.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/google.golang.org%2fgrpc/v1.65.0/v1.66.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/google.golang.org%2fgrpc/v1.65.0/v1.66.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n| require | minor |\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\ncharmbracelet/bubbles\r\n(github.com/charmbracelet/bubbles)\r\n\r\n###\r\n[`v0.20.0`](https://redirect.github.com/charmbracelet/bubbles/releases/tag/v0.20.0)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/charmbracelet/bubbles/compare/v0.19.0...v0.20.0)\r\n\r\n### Focus. Breathe.\r\n\r\nThis features support for Bubble Tea's new focus-blur feature as well as\r\na quality-of-life update to `paginator`. Enjoy!\r\n\r\n#### Focus\r\n\r\nYou heard that right. Focus-blur window events are now enabled for\r\n`textinput` and `textarea` which were recently added to [Bubble Tea\r\nv1.1.0](https://redirect.github.com/charmbracelet/bubbletea/releases/tag/v1.1.0).\r\nAs long as\r\n[`WithReportFocus`](https://pkg.go.dev/github.com/charmbracelet/bubbletea#WithReportFocus)\r\nis enabled in your Program you'll automatically get nicer inputs.\r\n\r\nTo enable focus reporting:\r\n\r\n```go\r\np := tea.NewProgram(model{}, tea.WithReportFocus())\r\n```\r\n\r\nRemember to stay focused and hydrated!\r\n\r\n#### Paginator opts\r\n\r\nSpeaking of functional arguments, `paginator` also received some some\r\nnew quality-of-life startup options, courtesy\r\n[@​nervo](https://redirect.github.com/nervo).\r\n\r\n```go\r\np := paginator.New(\r\n\tpaginator.WithPerPage(42),\r\n\tpaginator.WithTotalPages(42),\r\n)\r\n```\r\n\r\nOf course, you can still set the values on the model directly too:\r\n\r\n```go\r\np := paginator.New()\r\np.PerPage = 42\r\np.TotalPages = 24\r\n```\r\n\r\nHappy paging!\r\n\r\n#### Changelog\r\n\r\n##### New!\r\n\r\n-\r\n[`d3bd075`](https://redirect.github.com/charmbracelet/bubbles/commit/d3bd075ed2b27a3b5d76bb79b5d1c928dcd780d0):\r\nfeat(cursor): focus/blur support\r\n([#​581](https://redirect.github.com/charmbracelet/bubbles/issues/581))\r\n([@​caarlos0](https://redirect.github.com/caarlos0))\r\n-\r\n[`5110925`](https://redirect.github.com/charmbracelet/bubbles/commit/5110925e8788a8ecfd206df0da8dbeed36cde0f0):\r\nfeat: Introduce paginator options\r\n([@​nervo](https://redirect.github.com/nervo))\r\n\r\n##### Deps\r\n\r\n-\r\n[`3eaf8da`](https://redirect.github.com/charmbracelet/bubbles/commit/3eaf8da348203f12a72ce4f994334dc4cd8d91ba):\r\nfeat(deps): bump github.com/charmbracelet/bubbletea from 0.27.0 to 1.0.0\r\n([#​604](https://redirect.github.com/charmbracelet/bubbles/issues/604))\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n-\r\n[`6fc27e9`](https://redirect.github.com/charmbracelet/bubbles/commit/6fc27e99d3b0e0cf5db13111e518b47435c42f5a):\r\nfeat(deps): bump github.com/charmbracelet/bubbletea from 1.0.0 to 1.1.0\r\n([#​607](https://redirect.github.com/charmbracelet/bubbles/issues/607))\r\n([@​dependabot](https://redirect.github.com/dependabot)\\[bot])\r\n\r\n***\r\n\r\n\"The\r\n\r\nThoughts? Questions? We love hearing from you. Feel free to reach out on\r\n[Twitter](https://twitter.com/charmcli), [The\r\nFediverse](https://mastodon.technology/@​charm), or on\r\n[Discord](https://charm.sh/chat).\r\n\r\n
\r\n\r\n
\r\ngrpc/grpc-go (google.golang.org/grpc)\r\n\r\n###\r\n[`v1.66.1`](https://redirect.github.com/grpc/grpc-go/compare/v1.66.0...v1.66.1)\r\n\r\n[Compare\r\nSource](https://redirect.github.com/grpc/grpc-go/compare/v1.66.0...v1.66.1)\r\n\r\n###\r\n[`v1.66.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.66.0):\r\nRelease 1.66.0\r\n\r\n[Compare\r\nSource](https://redirect.github.com/grpc/grpc-go/compare/v1.65.0...v1.66.0)\r\n\r\n### New Features\r\n\r\n- metadata: stabilize `ValueFromIncomingContext`\r\n([#​7368](https://redirect.github.com/grpc/grpc-go/issues/7368))\r\n- Special Thanks:\r\n[@​KarthikReddyPuli](https://redirect.github.com/KarthikReddyPuli)\r\n- client: stabilize the `WaitForStateChange` and `GetState` methods,\r\nwhich were previously experimental.\r\n([#​7425](https://redirect.github.com/grpc/grpc-go/issues/7425))\r\n- xds: Implement ADS flow control mechanism\r\n([#​7458](https://redirect.github.com/grpc/grpc-go/issues/7458))\r\n- See\r\n[https://github.com/grpc/grpc/issues/34099](https://redirect.github.com/grpc/grpc/issues/34099)\r\nfor context.\r\n- balancer/rls: Add metrics for data cache and picker internals\r\n([#​7484](https://redirect.github.com/grpc/grpc-go/issues/7484),\r\n[#​7495](https://redirect.github.com/grpc/grpc-go/issues/7495))\r\n- xds: LRS load reports now include the `total_issued_requests` field.\r\n([#​7544](https://redirect.github.com/grpc/grpc-go/issues/7544))\r\n\r\n### Bug Fixes\r\n\r\n- grpc: Clients now return status code INTERNAL instead of UNIMPLEMENTED\r\nwhen the server uses an unsupported compressor. This is consistent with\r\nthe [gRPC compression\r\nspec](https://redirect.github.com/grpc/grpc/blob/master/doc/compression.md#compression-method-asymmetry-between-peers).\r\n([#​7461](https://redirect.github.com/grpc/grpc-go/issues/7461))\r\n- Special Thanks:\r\n[@​Gayathri625](https://redirect.github.com/Gayathri625)\r\n- transport: Fix a bug which could result in writes busy looping when\r\nthe underlying `conn.Write` returns errors\r\n([#​7394](https://redirect.github.com/grpc/grpc-go/issues/7394))\r\n- Special Thanks: [@​veshij](https://redirect.github.com/veshij)\r\n- client: fix race that could lead to orphaned connections and\r\nassociated resources.\r\n([#​7390](https://redirect.github.com/grpc/grpc-go/issues/7390))\r\n- xds: use locality from the connected address for load reporting with\r\npick_first\r\n([#​7378](https://redirect.github.com/grpc/grpc-go/issues/7378))\r\n- without this fix, if a priority contains multiple localities with\r\npick_first, load was reported for the wrong locality\r\n- client: prevent hanging during ClientConn.Close() when the network is\r\nunreachable\r\n([#​7540](https://redirect.github.com/grpc/grpc-go/issues/7540))\r\n\r\n### Performance Improvements\r\n\r\n- transport: double buffering is avoided when using an http connect\r\nproxy and the target server waits for client to send the first message.\r\n([#​7424](https://redirect.github.com/grpc/grpc-go/issues/7424))\r\n- codec: Implement a new `Codec` which uses buffer recycling for encoded\r\nmessage\r\n([#​7356](https://redirect.github.com/grpc/grpc-go/issues/7356))\r\n- introduce a `mem` package to facilitate buffer reuse\r\n([#​7432](https://redirect.github.com/grpc/grpc-go/issues/7432))\r\n- Special Thanks:\r\n[@​PapaCharlie](https://redirect.github.com/PapaCharlie)\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config\r\nhelp](https://redirect.github.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>\r\nCo-authored-by: Xueqin Cui ","shortMessageHtmlLink":"fix(deps): update osv-scanner minor (#1204)"}},{"before":"6f61445b22e99d3a0a3ffb5dad7b723a9fa84964","after":"1d99551482b140361b1e2118c60cd6aff50961be","ref":"refs/heads/main","pushedAt":"2024-09-11T06:29:09.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance (#1195)\n\nThis PR contains the following updates:\r\n\r\n| Update | Change |\r\n|---|---|\r\n| lockFileMaintenance | All locks refreshed |\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 4am on monday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://github.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/).\r\nView the [repository job\r\nlog](https://developer.mend.io/github/google/osv-scanner).\r\n\r\n\r\n\r\nCo-authored-by: Xueqin Cui <72771658+cuixq@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): lock file maintenance (#1195)"}},{"before":"4a318af4a84899723625da2927c30fcfb7247126","after":"6f61445b22e99d3a0a3ffb5dad7b723a9fa84964","ref":"refs/heads/docs","pushedAt":"2024-09-11T06:06:35.000Z","pushType":"push","commitsCount":26,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(release): changelog for v1.8.5 (#1237)\n\nPrepare for v1.8.5 release","shortMessageHtmlLink":"chore(release): changelog for v1.8.5 (#1237)"}},{"before":"981b0b520ffd808079e22c7065e727c94eed5a5e","after":"6f61445b22e99d3a0a3ffb5dad7b723a9fa84964","ref":"refs/heads/main","pushedAt":"2024-09-11T05:35:33.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore(release): changelog for v1.8.5 (#1237)\n\nPrepare for v1.8.5 release","shortMessageHtmlLink":"chore(release): changelog for v1.8.5 (#1237)"}},{"before":"b4027330cff19d038a1f40837f286d20956b155e","after":"981b0b520ffd808079e22c7065e727c94eed5a5e","ref":"refs/heads/main","pushedAt":"2024-09-10T06:28:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"fix: make Alpine ecosystem fallback to latest release version (#1236)\n\nThe latest release of osv.dev enforces the Alpine release version suffix\r\nin queries.\r\nMake the apk-installed parser use the latest Alpine version (`v3.20`)\r\nwhen it can't find the version file to stop it from erroring.","shortMessageHtmlLink":"fix: make Alpine ecosystem fallback to latest release version (#1236)"}},{"before":"07619c00d97928e7010f0a725e7381cca96d5ded","after":"b4027330cff19d038a1f40837f286d20956b155e","ref":"refs/heads/main","pushedAt":"2024-09-10T00:21:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"feat(internal): marshal self-closing tags in XML (#1225)\n\nCurrently self-closing tags are marshaled as `` which is not the\r\npreferred format ``.\r\n\r\nWith the current implementation of `encoding/xml`, self-closing tags are\r\nexpanded to `StartElement` and `EndElement` so both elements are written\r\nto output.\r\n\r\nIn this PR, a field `Empty` is added to both elements to indicate\r\nwhether the current element is empty. During encoding:\r\n - `/` is written before `>` for an empty `StartElement`\r\n - nothing will be written for an empty `EndElement`\r\n\r\nConsidering that we only want tabs not being escaped, this PR modifies\r\n`escapeNewline` to `escapeWhitespace` to indicate if we want all\r\nwhitespace characters escaped.","shortMessageHtmlLink":"feat(internal): marshal self-closing tags in XML (#1225)"}},{"before":"0cd20517b8b3035dc9f126caf6e4bd2df7f662b1","after":"07619c00d97928e7010f0a725e7381cca96d5ded","ref":"refs/heads/main","pushedAt":"2024-09-10T00:04:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore: update Go to version 1.22.7 (#1233)\n\nA few Go vulnerabilities are reported so this PR updates Go to the fixed\r\nversion 1.22.7.\r\n\r\nAlso `golang.org/x/mod@v0.21.0` requires Go 1.22.0 as mentioned in\r\nhttps://github.com/google/osv-scanner/pull/1204.\r\n\r\nDue to this version update, there are two new lint checks:\r\n[copyloopvar](https://github.com/karamaru-alpha/copyloopvar) and\r\n[intrange](https://github.com/ckaznocha/intrange).","shortMessageHtmlLink":"chore: update Go to version 1.22.7 (#1233)"}},{"before":"1c086dfc3fa2170c4bebf62e2e0bc63b6651be1d","after":"0cd20517b8b3035dc9f126caf6e4bd2df7f662b1","ref":"refs/heads/main","pushedAt":"2024-09-09T04:31:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"feat: support composite-based package overrides (#1214)\n\nThis rewrites the package overrides logic to be composition based,\r\ngranting a lot more flexibility:\r\n\r\n```\r\n# ignore everything\r\n[[PackageOverrides]]\r\nignore = true\r\n\r\n# ignore everything in this group\r\n[[PackageOverrides]]\r\ngroup = \"dev\"\r\nignore = true\r\n\r\n# ignore everything in this ecosystem\r\n[[PackageOverrides]]\r\necosystem = \"go\"\r\nignore = true\r\n\r\n# ignore all packages named \"axios\" regardless of ecosystem or group\r\n[[PackageOverrides]]\r\nname = \"axios\"\r\nignore = true\r\n\r\n# ignore all packages named \"axios\" in the npm ecosystem that are in the dev group\r\n[[PackageOverrides]]\r\nname = \"axios\"\r\necosystem = \"npm\"\r\ngroup = \"dev\"\r\nignore = true\r\n\r\n# ... and so on\r\n```\r\n\r\nWhile some of these might seem a bit extreme, ultimately I think this is\r\nprobably the way to go as the logic itself is very straightforward and\r\nit gives a lot more power to the people.\r\n\r\nSince `config` is a public package, I've had to deprecated the related\r\nexisting public methods and there's a bit of naming & structural yuck\r\nbut I figure that's not a big deal since v2 is right around the corner\r\nand again the logic itself is very straightforward.\r\n\r\nResolves #1211\r\nResolves #1155","shortMessageHtmlLink":"feat: support composite-based package overrides (#1214)"}},{"before":"61669db4b540598ad57a6edb4d21fd67d18c43af","after":"1c086dfc3fa2170c4bebf62e2e0bc63b6651be1d","ref":"refs/heads/main","pushedAt":"2024-09-09T03:33:15.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"cuixq","name":"Xueqin Cui","path":"/cuixq","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/72771658?s=80&v=4"},"commit":{"message":"chore: update test snapshots (#1232)","shortMessageHtmlLink":"chore: update test snapshots (#1232)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEu5wiXAA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv-scanner"}