From f95879bd02b8acd7228054ee7f80d7bba9e1161e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 25 Jul 2024 08:36:09 -0700
Subject: [PATCH] build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3 in
 /tools (#1453)

Bumps [golang.org/x/vuln](https://github.com/golang/vuln) from 1.1.2 to
1.1.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/vuln/releases">golang.org/x/vuln's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.3</h2>
<p>This release brings a few bug fixes (<a
href="https://redirect.github.com/golang/go/issues/68034">#68034</a>, <a
href="https://redirect.github.com/golang/go/issues/68256">#68256</a>,
and <a
href="https://redirect.github.com/golang/go/issues/68338">#68338</a>)
and an increased support for analyzing Go binaries. Binaries built with
Go versions prior to go1.18 are now checked, but only for standard
library vulnerabilities.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/vuln/commit/4ea4418106cea3bb2c9aa098527c924e9e1fbbb4"><code>4ea4418</code></a>
internal/openvex: update handler test</li>
<li><a
href="https://github.com/golang/vuln/commit/de0a0adbc1d357501a7f291978a9f8b87d15eb5a"><code>de0a0ad</code></a>
LICENSE: update per Google Legal</li>
<li><a
href="https://github.com/golang/vuln/commit/1884dfae5d94f200377663e5be082dbe1d96b979"><code>1884dfa</code></a>
internal/vulncheck: add warning message for ancient binaries</li>
<li><a
href="https://github.com/golang/vuln/commit/d9ad5223849a23e412d4a6ac1f61ecfc94cab0d8"><code>d9ad522</code></a>
all: remove build restrictions requiring go1.18</li>
<li><a
href="https://github.com/golang/vuln/commit/44e45eaefb4e945ace34bc19e9a29cdb1b143966"><code>44e45ea</code></a>
cmd/govulncheck: clarify unsafe/reflection limitations</li>
<li><a
href="https://github.com/golang/vuln/commit/601dd9b53b1c3d43f3065ea3b24d6a5fca69b1e1"><code>601dd9b</code></a>
cmd/govulncheck: update docs for old Go binaries</li>
<li><a
href="https://github.com/golang/vuln/commit/0f7005f3db72ac2c67d870609932dd49954db764"><code>0f7005f</code></a>
internal/openvex: omit vulns with no findings</li>
<li><a
href="https://github.com/golang/vuln/commit/f94421b20479af8851aa9ecc80a1142ad6f63c93"><code>f94421b</code></a>
cmd/govulncheck/integration: adjust k8s expectations</li>
<li><a
href="https://github.com/golang/vuln/commit/684f5c9fa70708a9f79c33c09e16ce0bd25446d5"><code>684f5c9</code></a>
all: remove skipIfShort</li>
<li><a
href="https://github.com/golang/vuln/commit/d52dedc621a782b20cbbf420a6e0358e80322300"><code>d52dedc</code></a>
all: remove unnecessary test lines for staticcheck</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/vuln/compare/v1.1.2...v1.1.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/vuln&package-manager=go_modules&previous-version=1.1.2&new-version=1.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sung Yoon Whang <sungyoon@uber.com>
---
 tools/go.mod | 12 +++++++-----
 tools/go.sum | 19 +++++++++++--------
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/tools/go.mod b/tools/go.mod
index 3f4a909cb..d6a12e530 100644
--- a/tools/go.mod
+++ b/tools/go.mod
@@ -1,13 +1,15 @@
 module go.uber.org/zap/tools
 
-require golang.org/x/vuln v1.1.2
+require golang.org/x/vuln v1.1.3
 
 require (
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
-	golang.org/x/tools v0.22.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 )
 
-go 1.20
+go 1.21
+
+toolchain go1.22.2
diff --git a/tools/go.sum b/tools/go.sum
index b3a2a420c..344690681 100644
--- a/tools/go.sum
+++ b/tools/go.sum
@@ -1,15 +1,18 @@
 github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786 h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=
+github.com/google/go-cmdtest v0.4.1-0.20220921163831-55ab3332a786/go.mod h1:apVn/GCasLZUVpAJ6oWAuyP7Ne7CEsQbTnc0plM3m+o=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
 golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
-golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk=
-golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw=
+golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY=