fix(deps): lock file maintenance vulnfeeds (#2998)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
|  |  | lockFileMaintenance | All locks refreshed |  |  |  |  |
|
[cloud.google.com/go/logging](https://redirect.github.com/googleapis/google-cloud-go)
| require | minor | `v1.12.0` -> `v1.13.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2flogging/v1.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/cloud.google.com%2fgo%2flogging/v1.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/cloud.google.com%2fgo%2flogging/v1.12.0/v1.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2flogging/v1.12.0/v1.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pylint](https://redirect.github.com/pylint-dev/pylint)
([changelog](https://pylint.readthedocs.io/en/latest/whatsnew/3/)) |
dev-dependencies | patch | `3.3.2` -> `3.3.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/pylint/3.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pylint/3.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pylint/3.3.2/3.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pylint/3.3.2/3.3.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[cloud.google.com/go/secretmanager](https://redirect.github.com/googleapis/google-cloud-go)
| require | patch | `v1.14.2` -> `v1.14.3` |
[![age](https://developer.mend.io/api/mc/badges/age/go/cloud.google.com%2fgo%2fsecretmanager/v1.14.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/cloud.google.com%2fgo%2fsecretmanager/v1.14.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/cloud.google.com%2fgo%2fsecretmanager/v1.14.2/v1.14.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/cloud.google.com%2fgo%2fsecretmanager/v1.14.2/v1.14.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github.com/google/osv-scanner](https://redirect.github.com/google/osv-scanner)
| require | patch | `v1.9.1` -> `v1.9.2` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgoogle%2fosv-scanner/v1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fgoogle%2fosv-scanner/v1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fgoogle%2fosv-scanner/v1.9.1/v1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgoogle%2fosv-scanner/v1.9.1/v1.9.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| golang | stage | digest | `6c5c959` -> `94b4686` |  |  |  |  |
| golang.org/x/exp | require | digest | `1829a12` -> `7588d65` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fexp/v0.0.0-20250106191152-7588d65b2ba8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fexp/v0.0.0-20250106191152-7588d65b2ba8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fexp/v0.0.0-20241210194714-1829a127f884/v0.0.0-20250106191152-7588d65b2ba8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fexp/v0.0.0-20241210194714-1829a127f884/v0.0.0-20250106191152-7588d65b2ba8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

🔧 This Pull Request updates lock files to use the latest dependency
versions.

---

### Release Notes

<details>
<summary>pylint-dev/pylint (pylint)</summary>

###
[`v3.3.3`](https://redirect.github.com/pylint-dev/pylint/releases/tag/v3.3.3)

[Compare
Source](https://redirect.github.com/pylint-dev/pylint/compare/v3.3.2...v3.3.3)

## What's new in Pylint 3.3.3?

Release date: 2024-12-23

## False Positives Fixed

- Fix false positives for `undefined-variable` for classes using Python
3.12
    generic type syntax.

Closes
[#&#8203;9335](https://redirect.github.com/pylint-dev/pylint/issues/9335)

- Fix a false positive for `use-implicit-booleaness-not-len`. No lint
should be emitted for
    generators (`len` is not defined for generators).

Refs
[#&#8203;10100](https://redirect.github.com/pylint-dev/pylint/issues/10100)

## Other Bug Fixes

- Fix `Unable to import 'collections.abc' (import-error)` on Python
3.13.1.

Closes
[#&#8203;10112](https://redirect.github.com/pylint-dev/pylint/issues/10112)

</details>

<details>
<summary>google/osv-scanner (github.com/google/osv-scanner)</summary>

###
[`v1.9.2`](https://redirect.github.com/google/osv-scanner/releases/tag/v1.9.2)

[Compare
Source](https://redirect.github.com/google/osv-scanner/compare/v1.9.1...v1.9.2)

#### Changelog

##### Fixes:

- [Bug
#&#8203;1327](https://redirect.github.com/google/osv-scanner/pull/1327)
Parsing crash on malformed pnpm lockfile.
- [Bug
#&#8203;1377](https://redirect.github.com/google/osv-scanner/pull/1377)
Warn if a vulnerability is ignored multiple times in the same config.
- [Bug
#&#8203;1394](https://redirect.github.com/google/osv-scanner/pull/1394)
Guided remediation: handle extraneous/missing packages in
package-lock.json more leniently.
- [Bug
#&#8203;1443](https://redirect.github.com/google/osv-scanner/issues/1443)
Go call analysis now works with Go version up to v1.23.4.
- [Bug
#&#8203;1436](https://redirect.github.com/google/osv-scanner/pull/1436)
Only fetch Maven snapshots and releases when enabled.
- [Bug
#&#8203;1456](https://redirect.github.com/google/osv-scanner/pull/1456)
Remove redundant calls from PreFetch.

#### New Contributors

- [@&#8203;ivmeta](https://redirect.github.com/ivmeta) made their first
contribution in
[https://github.com/google/osv-scanner/pull/1327](https://redirect.github.com/google/osv-scanner/pull/1327)
- [@&#8203;janniclas](https://redirect.github.com/janniclas) made their
first contribution in
[https://github.com/google/osv-scanner/pull/1398](https://redirect.github.com/google/osv-scanner/pull/1398)

**Full Changelog**:
google/osv-scanner@v1.9.1...v1.9.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS42OS4zIiwidXBkYXRlZEluVmVyIjoiMzkuOTIuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

vulnfeeds/cmd/alpine/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src

vulnfeeds/cmd/combine-to-osv/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src

vulnfeeds/cmd/cpe-repo-gen/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src

vulnfeeds/cmd/debian/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src

vulnfeeds/cmd/download-cves/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src

vulnfeeds/cmd/nvd-cve-osv/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS GO_BUILD
+FROM golang:1.23.4-alpine@sha256:94b4686346804a8cfc3d2c9069bbdf4bfb21ac8bdc6d99e23f529e295db1cd81 AS GO_BUILD
 
 WORKDIR /go/src
 

vulnfeeds/go.mod

@@ -3,26 +3,26 @@ module github.com/google/osv/vulnfeeds
 go 1.23.1
 
 require (
-	cloud.google.com/go/logging v1.12.0
-	cloud.google.com/go/secretmanager v1.14.2
+	cloud.google.com/go/logging v1.13.0
+	cloud.google.com/go/secretmanager v1.14.3
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
 	github.com/atombender/go-jsonschema v0.17.0
 	github.com/go-git/go-git/v5 v5.13.1
 	github.com/google/go-cmp v0.6.0
-	github.com/google/osv-scanner v1.9.1
+	github.com/google/osv-scanner v1.9.2
 	github.com/knqyf263/go-cpe v0.0.0-20230627041855-cb0794d06872
 	github.com/sethvargo/go-retry v0.3.0
-	golang.org/x/exp v0.0.0-20241210194714-1829a127f884
+	golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
-	cloud.google.com/go v0.116.0 // indirect
-	cloud.google.com/go/auth v0.9.9 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
-	cloud.google.com/go/compute/metadata v0.5.2 // indirect
-	cloud.google.com/go/iam v1.2.1 // indirect
-	cloud.google.com/go/longrunning v0.6.1 // indirect
+	cloud.google.com/go v0.117.0 // indirect
+	cloud.google.com/go/auth v0.13.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	cloud.google.com/go/iam v1.2.2 // indirect
+	cloud.google.com/go/longrunning v0.6.2 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v1.1.3 // indirect
@@ -38,7 +38,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/package-url/packageurl-go v0.1.3 // indirect
@@ -47,27 +47,26 @@ require (
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.29.0 // indirect
-	go.opentelemetry.io/otel/metric v1.29.0 // indirect
-	go.opentelemetry.io/otel/trace v1.29.0 // indirect
-	golang.org/x/crypto v0.31.0 // indirect
+	go.opentelemetry.io/otel v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	golang.org/x/crypto v0.32.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.28.0 // indirect
+	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	golang.org/x/tools v0.28.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
+	golang.org/x/tools v0.29.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
-	google.golang.org/api v0.203.0 // indirect
-	google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/api v0.214.0 // indirect
+	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
+	google.golang.org/grpc v1.69.0 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )