{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":327775269,"defaultBranch":"master","name":"osv.dev","ownerLogin":"google","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-01-08T02:14:10.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1342004?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717025442.0","currentOid":""},"activityList":{"items":[{"before":"875fbd231ac929da62055ef46ea4727a3cae4d0a","after":"7428293389102994be1aa90499ed18c11f5fa19a","ref":"refs/heads/master","pushedAt":"2024-05-31T05:27:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance api (#2245)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change | Age | Adoption | Passing |\r\nConfidence |\r\n|---|---|---|---|---|---|---|---|\r\n|  |  | lockFileMaintenance | All locks refreshed |  |  |  |  |\r\n| google-cloud-pubsub | packages | patch | `==2.21.1` -> `==2.21.2` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/pypi/google-cloud-pubsub/2.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/google-cloud-pubsub/2.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/google-cloud-pubsub/2.21.1/2.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/google-cloud-pubsub/2.21.1/2.21.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| grpcio | packages | minor | `==1.63.0` -> `==1.64.0` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/pypi/grpcio/1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/grpcio/1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/grpcio/1.63.0/1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/grpcio/1.63.0/1.64.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n| [requests](https://togithub.com/psf/requests)\r\n([changelog](https://togithub.com/psf/requests/blob/master/HISTORY.md))\r\n| packages | patch | `==2.32.2` -> `==2.32.3` |\r\n[![age](https://developer.mend.io/api/mc/badges/age/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/requests/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/requests/2.32.2/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/requests/2.32.2/2.32.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)\r\n|\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n<details>\r\n<summary>psf/requests (requests)</summary>\r\n\r\n###\r\n[`v2.32.3`](https://togithub.com/psf/requests/blob/HEAD/HISTORY.md#2323-2024-05-29)\r\n\r\n[Compare\r\nSource](https://togithub.com/psf/requests/compare/v2.32.2...v2.32.3)\r\n\r\n**Bugfixes**\r\n\r\n- Fixed bug breaking the ability to specify custom SSLContexts in\r\nsub-classes of\r\nHTTPAdapter.\r\n([#&#8203;6716](https://togithub.com/psf/requests/issues/6716))\r\n- Fixed issue where Requests started failing to run on Python versions\r\ncompiled\r\nwithout the `ssl` module.\r\n([#&#8203;6724](https://togithub.com/psf/requests/issues/6724))\r\n\r\n</details>\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on wednesday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv.dev).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->","shortMessageHtmlLink":"chore(deps): lock file maintenance api (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321720524\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2245\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2245/hovercard\" href=\"https://github.com/google/osv.dev/pull/2245\">#2245</a>)"}},{"before":"40c63369151168c8adca5bd3c1dc77cf20b2b40b","after":"875fbd231ac929da62055ef46ea4727a3cae4d0a","ref":"refs/heads/master","pushedAt":"2024-05-31T04:22:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): update golang:1.22.3-alpine docker digest to 7e78833 (#2242)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| golang | stage | digest | `2a88224` -> `7e78833` |\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on wednesday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\r\nagain.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv.dev).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->","shortMessageHtmlLink":"chore(deps): update golang:1.22.3-alpine docker digest to 7e78833 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321309154\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2242\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2242/hovercard\" href=\"https://github.com/google/osv.dev/pull/2242\">#2242</a>"}},{"before":"4efb2e5114970cb6e9cd66eaa12bf52c97ef24f5","after":"40c63369151168c8adca5bd3c1dc77cf20b2b40b","ref":"refs/heads/master","pushedAt":"2024-05-31T04:14:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update to the latest pipenv version to make renovatebot changes valid (#2260)\n\nRenovatebot lockfile maintenance #2245 and #2244 uses the latest Pipenv\r\nversion, which doesn't seem to be backwards compatible. Specifically, it\r\nadds a marker (python >= 3.7) to an editable dependency (./../..) (our\r\nosv dependency).\r\n\r\nOlder versions of Pipenv running `pipenv sync` will fail, so updating\r\nthe CI image to the latest version of pipenv. If you have manually\r\ninstalled pipenv, you'll also need to update your local dev pipenv after\r\n#2245 and #2244 is merged.","shortMessageHtmlLink":"Update to the latest pipenv version to make renovatebot changes valid (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2326846727\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2260\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2260/hovercard\" href=\"https://github.com/google/osv.dev/pull/2260\">…</a>"}},{"before":"05bff3adf185b801cd93997a2587b2ec52b7d09f","after":"4efb2e5114970cb6e9cd66eaa12bf52c97ef24f5","ref":"refs/heads/master","pushedAt":"2024-05-31T00:12:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Handle negative page for vulnerability list page (#2258)\n\nIssue: #1117\r\n\r\nAutomatically redirect to the first page if query string has a negative\r\npage number","shortMessageHtmlLink":"Handle negative page for vulnerability list page (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2325230768\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2258\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2258/hovercard\" href=\"https://github.com/google/osv.dev/pull/2258\">#2258</a>)"}},{"before":"d4dbc01c807a3c8527e6a8dd64e7c5ecce509a7c","after":"05bff3adf185b801cd93997a2587b2ec52b7d09f","ref":"refs/heads/master","pushedAt":"2024-05-30T23:47:04.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Update snapshots (#2256)\n\nTurns out we haven't regenerated snapshots in a while, and PrettyPrinter\r\nat some point changed behaviour to also add the indent to the start of\r\nan array/list.\r\n\r\nAlso removed the custom max_width in prettier I added 8 months ago. I'm\r\nnot exactly sure what that was for, but it causes very large changes to\r\nthe existing snapshots, while also not being significantly prettier.\r\nThis is what causes the big change to the REST snapshots in this PR, as\r\nthey were generated when the width=200 was set.","shortMessageHtmlLink":"Update snapshots (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324469031\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2256\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2256/hovercard\" href=\"https://github.com/google/osv.dev/pull/2256\">#2256</a>)"}},{"before":"381f459de12e181447731beee9ba4b06a513c586","after":"d4dbc01c807a3c8527e6a8dd64e7c5ecce509a7c","ref":"refs/heads/master","pushedAt":"2024-05-30T23:27:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Retry these GCS list operations also (#2259)\n\nBased on a recent unexpected failure, these list_blobs() calls can fail,\r\nand are retryable.","shortMessageHtmlLink":"Retry these GCS list operations also (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2326652269\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2259\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2259/hovercard\" href=\"https://github.com/google/osv.dev/pull/2259\">#2259</a>)"}},{"before":"bd0df631a78cc24a1fab9497c4449d271b6f06ca","after":"381f459de12e181447731beee9ba4b06a513c586","ref":"refs/heads/master","pushedAt":"2024-05-30T04:39:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Remove App Engine backend from GCLB (#2257)\n\nThis just removes App Engine from the load balancer. I'll manually apply\r\nthis on prod after it's merged.\r\n\r\nI still need to understand what happens to Datastore if we delete App\r\nEngine entirely.","shortMessageHtmlLink":"Remove App Engine backend from GCLB (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324672564\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2257\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2257/hovercard\" href=\"https://github.com/google/osv.dev/pull/2257\">#2257</a>)"}},{"before":"6cbdd8411ba53f845ba6e1e31f0903053bacd683","after":null,"ref":"refs/heads/andrewpollock-patch-1","pushedAt":"2024-05-29T23:30:42.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"}},{"before":"d9d82156479f79a3eca6b9ccccca97ae63f25bc1","after":"bd0df631a78cc24a1fab9497c4449d271b6f06ca","ref":"refs/heads/master","pushedAt":"2024-05-29T23:30:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Improve multiline formatting in issue automation (#2253)\n\nAccording to\r\nhttps://stackoverflow.com/questions/3790454/how-do-i-break-a-string-in-yaml-over-multiple-lines\r\nthis ought to do the trick and make the output look a little nicer,\r\nbased on how it's currently rendering for #2251\r\n\r\nYAML sucks.","shortMessageHtmlLink":"Improve multiline formatting in issue automation (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2324386385\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2253\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2253/hovercard\" href=\"https://github.com/google/osv.dev/pull/2253\">#2253</a>)"}},{"before":null,"after":"6cbdd8411ba53f845ba6e1e31f0903053bacd683","ref":"refs/heads/andrewpollock-patch-1","pushedAt":"2024-05-29T23:20:58.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Improve multiline formatting\n\nAccording to https://stackoverflow.com/questions/3790454/how-do-i-break-a-string-in-yaml-over-multiple-lines this ought to do the trick and make the output look a little nicer, based on how it's currently rendering for #2251\r\n\r\nYAML sucks.","shortMessageHtmlLink":"Improve multiline formatting"}},{"before":"bdd557d0d6d334a9a6dc590203e18a798422146f","after":"d9d82156479f79a3eca6b9ccccca97ae63f25bc1","ref":"refs/heads/master","pushedAt":"2024-05-29T05:34:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Collapse fields on vulnerability page when it's too long (#2223)\n\nIssue: #2216\r\n\r\nResult:\r\n![May-21-2024\r\n15-13-51](https://github.com/google/osv.dev/assets/13760813/3a1fe591-11ae-41d0-9c5e-0f37b8912afd)\r\n\r\nDoes not render a toggle button if it's a short list:\r\n<img width=\"813\" alt=\"image\"\r\nsrc=\"https://github.com/google/osv.dev/assets/13760813/d075284f-fe6a-429e-b994-f4828b58a72e\">","shortMessageHtmlLink":"Collapse fields on vulnerability page when it's too long (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2307309952\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2223\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2223/hovercard\" href=\"https://github.com/google/osv.dev/pull/2223\">#2223</a>)"}},{"before":"3d93251a4373d15f40536974778f7bebb6e210ea","after":"bdd557d0d6d334a9a6dc590203e18a798422146f","ref":"refs/heads/master","pushedAt":"2024-05-29T04:53:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"chore(deps): lock file maintenance (#2243)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Update | Change |\r\n|---|---|\r\n| lockFileMaintenance | All locks refreshed |\r\n\r\n🔧 This Pull Request updates lock files to use the latest dependency\r\nversions.\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n📅 **Schedule**: Branch creation - \"before 6am on wednesday\" in timezone\r\nAustralia/Sydney, Automerge - At any time (no schedule defined).\r\n\r\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n👻 **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR has been generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View\r\nrepository job log\r\n[here](https://developer.mend.io/github/google/osv.dev).\r\n\r\n<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNzcuOCIsInVwZGF0ZWRJblZlciI6IjM3LjM3Ny44IiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->","shortMessageHtmlLink":"chore(deps): lock file maintenance (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2321309248\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2243\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2243/hovercard\" href=\"https://github.com/google/osv.dev/pull/2243\">#2243</a>)"}},{"before":"9ec5daa06fdace741958e4a7a20f7d1931948393","after":"3d93251a4373d15f40536974778f7bebb6e210ea","ref":"refs/heads/master","pushedAt":"2024-05-29T04:52:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Fix another bug in alpine enumeration (#2241)\n\nTurns out alpine enumeration currently works by accident, relying on git\r\nto bundle the changes to package version and package revision in the\r\nsame diff hunk, which is not always the case.\r\n\r\nThis caused enumeration to break for some packages (e.g. busybox\r\nhttps://osv.dev/vulnerability/CVE-2023-42366 , 3.16.1 only have r11).\r\n\r\nThis change fixes this by separating out the \"start\" search for versions\r\nand revisions, so changes to both are displayed, not just changes to the\r\nfirst element found (which is usually `pkgver`, therefore it was relying\r\non changes in `pkgrel` to be in the same diff hunk in git to be shown).","shortMessageHtmlLink":"Fix another bug in alpine enumeration (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2320249464\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2241\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2241/hovercard\" href=\"https://github.com/google/osv.dev/pull/2241\">#2241</a>)"}},{"before":"18a0405ac473079e74e1f88489fa9c3d55b9b4c4","after":"9ec5daa06fdace741958e4a7a20f7d1931948393","ref":"refs/heads/master","pushedAt":"2024-05-29T04:24:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Remove the duplicate closing tag (#2250)\n\nRemove duplicate closing tag introduced in #2227","shortMessageHtmlLink":"Remove the duplicate closing tag (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322316897\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2250\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2250/hovercard\" href=\"https://github.com/google/osv.dev/pull/2250\">#2250</a>)"}},{"before":"46600a8aeb623feac68a65d32268dcb53da45abd","after":"18a0405ac473079e74e1f88489fa9c3d55b9b4c4","ref":"refs/heads/master","pushedAt":"2024-05-29T03:59:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Remove copy pasta (#2249)\n\nThis was causing reader confusion about the expected behaviour of this\r\ntest case.","shortMessageHtmlLink":"Remove copy pasta (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322285258\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2249\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2249/hovercard\" href=\"https://github.com/google/osv.dev/pull/2249\">#2249</a>)"}},{"before":"fff35462e8c582f81a836de339c2f46e564f0880","after":"46600a8aeb623feac68a65d32268dcb53da45abd","ref":"refs/heads/master","pushedAt":"2024-05-29T03:53:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Bump actions in publish-to-pypi.yaml (#2181)\n\nDidn't see an open @renovate-bot PR for these\r\n\r\nhttps://github.com/actions/checkout/releases/tag/v4.1.4\r\nhttps://github.com/actions/setup-python/releases/tag/v5.1.0\r\n\r\nCo-authored-by: Andrew Pollock <andrewpollock@users.noreply.github.com>","shortMessageHtmlLink":"Bump actions in publish-to-pypi.yaml (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2284689388\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2181\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2181/hovercard\" href=\"https://github.com/google/osv.dev/pull/2181\">#2181</a>)"}},{"before":"7de7911751a42f22df8b7925dcd4450579352c32","after":"fff35462e8c582f81a836de339c2f46e564f0880","ref":"refs/heads/master","pushedAt":"2024-05-29T03:42:47.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Manually bump requests as renovatebot doesn't seem to update them correctly (#2248)\n\nManually bump requests to resolve\r\nhttps://osv.dev/vulnerability/GHSA-9wx4-h78v-vm56 as renovatebot doesn't\r\nseem to reliably update them. (And causes other breaking changes which\r\nwill be fixed in followup PRs)","shortMessageHtmlLink":"Manually bump requests as renovatebot doesn't seem to update them cor…"}},{"before":"a6619eaa0e13f42647a7bec092d8b410f55cdf5a","after":"7de7911751a42f22df8b7925dcd4450579352c32","ref":"refs/heads/master","pushedAt":"2024-05-29T01:53:31.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"another-rex","name":"Rex P","path":"/another-rex","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/106129829?s=80&v=4"},"commit":{"message":"Fixed UI Affected Packages Ecosystems label being in uppercase (#2247)\n\nRemoved the text-transform property so affected packages ecosystems\r\nshould be in normal case:\r\n<img width=\"518\" alt=\"image\"\r\nsrc=\"https://github.com/google/osv.dev/assets/86962800/d6f0f16b-ef20-478f-88ee-850f575f8a3e\">\r\n\r\nCloses #2240\r\n\r\nP.S Hey again :D","shortMessageHtmlLink":"Fixed UI Affected Packages Ecosystems label being in uppercase (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2322170969\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2247\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2247/hovercard\" href=\"https://github.com/google/osv.dev/pull/2247\">#2247</a>)"}},{"before":"61c05783007ab499f9a66ef2c5c0c272d5488dc0","after":"a6619eaa0e13f42647a7bec092d8b410f55cdf5a","ref":"refs/heads/master","pushedAt":"2024-05-29T01:35:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Add suggest improvement button to vulnerability page (#2227)\n\nIssue: #1005\r\n\r\nResult:\r\n<img width=\"1282\" alt=\"image\"\r\nsrc=\"https://github.com/google/osv.dev/assets/13760813/a27f0990-0d8c-489b-9d02-eb9692a0c4ea\">\r\n\r\n<img width=\"552\" alt=\"image\"\r\nsrc=\"https://github.com/google/osv.dev/assets/13760813/dc8699c5-6c58-4efa-9e1f-89fadb92e6d5\">","shortMessageHtmlLink":"Add suggest improvement button to vulnerability page (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2309714232\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2227\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2227/hovercard\" href=\"https://github.com/google/osv.dev/pull/2227\">#2227</a>)"}},{"before":"7ab7d213d4daba3f0c65954b06c035aad5feb498","after":"61c05783007ab499f9a66ef2c5c0c272d5488dc0","ref":"refs/heads/master","pushedAt":"2024-05-28T02:00:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Fix for a small conversion regression (#2238)\n\n#2233 introduced a small regression, in that repositories for CPEs that\r\nhave no usable tags are no longer present in the VendorProductToRepoMap\r\n(intentionally).\r\n\r\nThis also means that CVEs for these repos that lack tags but otherwise\r\nhave a commit hash in the CVE's references now get excluded from\r\nconsideration from conversion.\r\n\r\nCVE-2023-0327 before #2233 had an entry in the VendorProductToRepoMap\r\nfor `theradsystem_project:theradsystem`,\r\neven though the repo wasn't usable. Afterwards, it does not, resulting\r\nin:\r\n\r\n```\r\n[CVE-2023-0327]: Failed to derive any repos for \"theradsystem_project\" \"theradsystem\"\r\n[CVE-2023-0327]: Summary: [CPEs=1 AppCPEs=1 DerivedRepos=0]\r\n[CVE-2023-0327]: Passing due to lack of viable repository\r\n```\r\n\r\nbecause of the added rigour of `cves.ValidRepo()`\r\n\r\n\r\nhttps://github.com/google/osv.dev/blob/7ab7d213d4daba3f0c65954b06c035aad5feb498/vulnfeeds/cmd/nvd-cve-osv/main.go#L248-L250\r\n\r\nAdd a less rigourous variation of repo validation that merely validates\r\nrepo _existence_ for this last resort conversion attempt.\r\n\r\nAdd test coverage for `ReposFromReferences()` and fix a couple of bugs\r\nthat it flushed out for when there is no VendorProductToRepoMap cache in\r\nuse.\r\n\r\nRemove some unnecessary code stubs that aren't going to get filled out\r\n(the approach to determining CVE scope changed to trying them all,\r\nregardless of language)","shortMessageHtmlLink":"Fix for a small conversion regression (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2318912496\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2238\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2238/hovercard\" href=\"https://github.com/google/osv.dev/pull/2238\">#2238</a>)"}},{"before":"28d1e63275538cf8f3c3a5ccb5cf8f87ccf2aee7","after":"7ab7d213d4daba3f0c65954b06c035aad5feb498","ref":"refs/heads/master","pushedAt":"2024-05-27T05:50:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Support converting xz CVE-2024-3094 (#2237)\n\nGitWeb URLs are very snowflakey. They don't always have the `gitweb.cgi`\r\ndistinguishing URI, but they do seem to have the `p=\\*.git` query\r\nstring.\r\n\r\nFurthermore, they don't always map to a cloneable https:// URL.\r\n\r\nThis PR handles the small range of GitWeb URLs currently observed in the\r\nwild, extending support for the repo that will make CVE-2024-3094 (that\r\nxz vulnerability) convertible.\r\n\r\nAlso teach the frontend how to rewrite GnuPG repos for existing CVEs\r\nthat are converting.","shortMessageHtmlLink":"Support converting xz <a title=\"CVE-2024-3094\" data-hovercard-type=\"advisory\" data-hovercard-url=\"/advisories/GHSA-rxwq-x6h5-x525/hovercard\" href=\"https://github.com/advisories/GHSA-rxwq-x6h5-x525\">CVE-2024-3094</a> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2318172365\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2237\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2237/hovercard\" href=\"https://github.com/google/osv.dev/pull/2237\">#2237</a>)"}},{"before":"50a17d79662090daf4ba7696a68ca8737604503c","after":"28d1e63275538cf8f3c3a5ccb5cf8f87ccf2aee7","ref":"refs/heads/master","pushedAt":"2024-05-24T04:36:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Further validate repos by only accepting ones with tags (#2233)\n\nTags are necessary for version resolution, and a repo without them is\r\nuseless to us, and many of the repos in the current denylist do not have\r\nany tags.\r\n\r\nThis enables a radical simplification of the repo denylist and largely\r\nremoves ongoing maintenance burden.\r\n\r\nLatest run in Production:\r\n```\r\nnvdcve-2.0-2024.json Metrics: {TotalCVEs:11389 CVEsForApplications:1581 CVEsForKnownRepos:2364 OSVRecordsGenerated:1093 Outcomes:map[]}\r\n```\r\n\r\nLocal test run:\r\n```\r\nnvdcve-2.0-2024.json Metrics: {TotalCVEs:11511 CVEsForApplications:1581 CVEsForKnownRepos:1651 OSVRecordsGenerated:1047 Outcomes:map[]}\r\n```\r\n\r\nA fabulous improvement in CVEsForKnownRepos, a much (durably) firmer\r\nlooking denominator for conversion metrics.","shortMessageHtmlLink":"Further validate repos by only accepting ones with tags (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2312056819\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2233\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2233/hovercard\" href=\"https://github.com/google/osv.dev/pull/2233\">#2233</a>)"}},{"before":"ee10756deb3286462704eeb4759d78ba10969110","after":null,"ref":"refs/heads/oliverchang-patch-2","pushedAt":"2024-05-24T04:36:19.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"}},{"before":"e411f4390657b90d74c0fde9b1baf6a47ea17df2","after":"50a17d79662090daf4ba7696a68ca8737604503c","ref":"refs/heads/master","pushedAt":"2024-05-24T04:36:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"Bump PyPI setup.py version. (#2236)\n\nThis was requested by a user of the package.","shortMessageHtmlLink":"Bump PyPI setup.py version. (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2314303198\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2236\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2236/hovercard\" href=\"https://github.com/google/osv.dev/pull/2236\">#2236</a>)"}},{"before":null,"after":"ee10756deb3286462704eeb4759d78ba10969110","ref":"refs/heads/oliverchang-patch-2","pushedAt":"2024-05-24T04:12:01.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"Bump PyPI setup.py version.\n\nThis was requested by a user of the package.","shortMessageHtmlLink":"Bump PyPI setup.py version."}},{"before":"53d9735e9c0766ae0de0a494a437d5a6ed92463b","after":"e411f4390657b90d74c0fde9b1baf6a47ea17df2","ref":"refs/heads/master","pushedAt":"2024-05-23T05:07:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Add more invalid repositories (#2231)\n\nIdentified from pivot table analysis of failing conversions as of May\r\n2024.","shortMessageHtmlLink":"Add more invalid repositories (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2311923832\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2231\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2231/hovercard\" href=\"https://github.com/google/osv.dev/pull/2231\">#2231</a>)"}},{"before":"ec14ce98c4fc88fc105bba682f1ab14609c1a6b5","after":"53d9735e9c0766ae0de0a494a437d5a6ed92463b","ref":"refs/heads/master","pushedAt":"2024-05-23T04:20:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Avoid false positives from half-resolved version ranges (#2226)\n\nLook at an `AffectedVersion`'s resolution in totality before using any\r\nof the commits resolved to avoid situations like in #2183 where the\r\n`introduced` versions were resolved to commits but the `fixed` versions\r\nwere not, resulting in false positives.\r\n\r\nRevise how overlapping commit ranges are detected to account for this.\r\n\r\nImproves the conversion story for at least:\r\n* CVE-2018-5407 (removes false-positive ranges and corrects invalid\r\nrange generation)\r\n* CVE-2021-23840 (removes false-positive ranges and corrects invalid\r\nrange generation)\r\n* CVE-2022-0778 (removes false-positive ranges and corrects invalid\r\nrange generation)","shortMessageHtmlLink":"Avoid false positives from half-resolved version ranges (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2309650622\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2226\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2226/hovercard\" href=\"https://github.com/google/osv.dev/pull/2226\">#2226</a>)"}},{"before":"8aa87e6287cb6ed91bdb683a71825150c3546c50","after":"ec14ce98c4fc88fc105bba682f1ab14609c1a6b5","ref":"refs/heads/master","pushedAt":"2024-05-23T04:05:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"andrewpollock","name":"Andrew Pollock","path":"/andrewpollock","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6906046?s=80&v=4"},"commit":{"message":"Fix integration tests (#2230)\n\nAs foreseen in\r\nhttps://github.com/google/osv.dev/pull/2213#issuecomment-2111818642,\r\nthese mruby CVEs have reappeared.","shortMessageHtmlLink":"Fix integration tests (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2311883793\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2230\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2230/hovercard\" href=\"https://github.com/google/osv.dev/pull/2230\">#2230</a>)"}},{"before":"b2adc40adadc21524e7026c71307434d24d99642","after":"8aa87e6287cb6ed91bdb683a71825150c3546c50","ref":"refs/heads/master","pushedAt":"2024-05-23T03:16:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"oliverchang","name":"Oliver Chang","path":"/oliverchang","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/759062?s=80&v=4"},"commit":{"message":"Add missing OSV schema fields to vulnerability page (#2132)\n\nThis change adds the following info to the vulnerability page:\r\n- purl: https://ossf.github.io/osv-schema/#affectedpackage-field\r\n- Severity: https://ossf.github.io/osv-schema/#severity-field\r\n- Credits: https://ossf.github.io/osv-schema/#credits-fields\r\n\r\nresolves #2081\r\n\r\nRegarding the second items on the issue: per-range\r\necosystem/database_specific fields I left a\r\n[question](https://github.com/google/osv.dev/issues/2081#issuecomment-2071687782)\r\non the issue.","shortMessageHtmlLink":"Add missing OSV schema fields to vulnerability page (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2258238262\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2132\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2132/hovercard\" href=\"https://github.com/google/osv.dev/pull/2132\">#2132</a>)"}},{"before":"b7c6d958aab8b1372c0020416a07cba6181ce77c","after":"b2adc40adadc21524e7026c71307434d24d99642","ref":"refs/heads/master","pushedAt":"2024-05-23T00:55:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"michaelkedar","name":"Michael Kedar","path":"/michaelkedar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/19356069?s=80&v=4"},"commit":{"message":"Remove App Engine from deployment process (#2229)\n\nSince the website's happily running on Cloud Run, we can stop deploying\r\nit to App Engine.\r\n\r\nDeleting App Engine from terraform is going to take a few steps, because\r\nterraform isn't smart enough to delete the resources in the required\r\norder (it tries to remove some resources before the resources that are\r\nusing them)","shortMessageHtmlLink":"Remove App Engine from deployment process (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2311724069\" data-permission-text=\"Title is private\" data-url=\"https://github.com/google/osv.dev/issues/2229\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/google/osv.dev/pull/2229/hovercard\" href=\"https://github.com/google/osv.dev/pull/2229\">#2229</a>)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEWKsj7gA","startCursor":null,"endCursor":null}},"title":"Activity · google/osv.dev"}