fix(deps): update osv-scanner minor (#918)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Adoption | Passing |
Confidence |
|---|---|---|---|---|---|---|---|
| [deps.dev/api/v3](https://togithub.com/google/deps.dev) | require |
digest | `2c48bd5` -> `f6f382d` | | | | |
| [deps.dev/util/maven](https://togithub.com/google/deps.dev) | require
| digest | `2c48bd5` -> `f6f382d` | | | | |
| [deps.dev/util/resolve](https://togithub.com/google/deps.dev) |
require | digest | `2c48bd5` -> `f6f382d` | | | | |
| [deps.dev/util/semver](https://togithub.com/google/deps.dev) | require
| digest | `2c48bd5` -> `f6f382d` | | | | |
| [github.com/spdx/tools-golang](https://togithub.com/spdx/tools-golang)
| require | patch | `v0.5.3` -> `v0.5.4` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fspdx%2ftools-golang/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fspdx%2ftools-golang/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fspdx%2ftools-golang/v0.5.3/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fspdx%2ftools-golang/v0.5.3/v0.5.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| golang.org/x/exp | require | digest | `93d18d7` -> `fe59bbe` | | | | |

---

### Release Notes

<details>
<summary>spdx/tools-golang (github.com/spdx/tools-golang)</summary>

###
[`v0.5.4`](https://togithub.com/spdx/tools-golang/releases/tag/v0.5.4)

[Compare
Source](https://togithub.com/spdx/tools-golang/compare/v0.5.3...v0.5.4)

##### What's Changed

- Stop escaping HTML by [@&#8203;kzantow](https://togithub.com/kzantow)
in
[spdx/tools-golang#224
- Don't create empty `ExcludedFiles` array by
[@&#8203;DmitriyLewen](https://togithub.com/DmitriyLewen) in
[spdx/tools-golang#230
- Add external reference category `OTHER` by
[@&#8203;mcombuechen](https://togithub.com/mcombuechen) in
[spdx/tools-golang#229
- Remove empty packageVerificationCode in 2.2 JSON by
[@&#8203;kzantow](https://togithub.com/kzantow) in
[spdx/tools-golang#223

##### New Contributors

- [@&#8203;mcombuechen](https://togithub.com/mcombuechen) made their
first contribution in
[spdx/tools-golang#229

**Full Changelog**:
spdx/tools-golang@v0.5.3...v0.5.4

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjMwMS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

go.mod

@@ -3,10 +3,10 @@ module github.com/google/osv-scanner
 go 1.21.8
 
 require (
-	deps.dev/api/v3 v3.0.0-20240410004301-2c48bd578133
-	deps.dev/util/maven v0.0.0-20240410004301-2c48bd578133
-	deps.dev/util/resolve v0.0.0-20240410004301-2c48bd578133
-	deps.dev/util/semver v0.0.0-20240410004301-2c48bd578133
+	deps.dev/api/v3 v3.0.0-20240411010756-f6f382da6e02
+	deps.dev/util/maven v0.0.0-20240411010756-f6f382da6e02
+	deps.dev/util/resolve v0.0.0-20240411010756-f6f382da6e02
+	deps.dev/util/semver v0.0.0-20240411010756-f6f382da6e02
 	github.com/BurntSushi/toml v1.3.2
 	github.com/CycloneDX/cyclonedx-go v0.8.0
 	github.com/charmbracelet/bubbles v0.18.0
@@ -25,12 +25,12 @@ require (
 	github.com/owenrumney/go-sarif/v2 v2.3.1
 	github.com/package-url/packageurl-go v0.1.2
 	github.com/pandatix/go-cvss v0.6.2
-	github.com/spdx/tools-golang v0.5.3
+	github.com/spdx/tools-golang v0.5.4
 	github.com/tidwall/gjson v1.17.1
 	github.com/tidwall/pretty v1.2.1
 	github.com/tidwall/sjson v1.2.5
 	github.com/urfave/cli/v2 v2.27.1
-	golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8
+	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
 	golang.org/x/mod v0.17.0
 	golang.org/x/sync v0.7.0
 	golang.org/x/term v0.19.0

go.sum

@@ -1,13 +1,13 @@
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-deps.dev/api/v3 v3.0.0-20240410004301-2c48bd578133 h1:RZj09g++MGd4JkSmFqU5g3KJiuY2LB5LW2vgOVsyYp4=
-deps.dev/api/v3 v3.0.0-20240410004301-2c48bd578133/go.mod h1:k3RHZwAw7ijqoXmVDvcO7ikeTwTC4jtmhCDathV+IKE=
-deps.dev/util/maven v0.0.0-20240410004301-2c48bd578133 h1:QHLkms89+9CAsK9XajnsBUdeDQ/bx9VOemJZD1e6/Dg=
-deps.dev/util/maven v0.0.0-20240410004301-2c48bd578133/go.mod h1:SBW3EribdkZYk6zxi5oVn/ZECvi4ixb7EGgEWfSimNk=
-deps.dev/util/resolve v0.0.0-20240410004301-2c48bd578133 h1:jnYj12u4w8JUwT5Aom+zSJd1fm3YPkVYGG3wWNT0W80=
-deps.dev/util/resolve v0.0.0-20240410004301-2c48bd578133/go.mod h1:8JnoxYaxXYJ0gJ9RbNPFgCZFDO/TMNFrHTcRkGApBV0=
-deps.dev/util/semver v0.0.0-20240410004301-2c48bd578133 h1:ezuCAD47LNWxNRZ9KtDYWfOx7OtdEG+bQ4a6uN6pIiM=
-deps.dev/util/semver v0.0.0-20240410004301-2c48bd578133/go.mod h1:jkcH+k02gWHBiZ7G4OnUOkSZ6WDq54Pt5DrOA8FN8Uo=
+deps.dev/api/v3 v3.0.0-20240411010756-f6f382da6e02 h1:ygllcnHZYlhWVYdYjZ9G3RnncTaOT8K7dD8B86IC/OA=
+deps.dev/api/v3 v3.0.0-20240411010756-f6f382da6e02/go.mod h1:k3RHZwAw7ijqoXmVDvcO7ikeTwTC4jtmhCDathV+IKE=
+deps.dev/util/maven v0.0.0-20240411010756-f6f382da6e02 h1:IU9seTEQeiguUPGi7xWb4BKYeaBipctbVnkGnpTNTeQ=
+deps.dev/util/maven v0.0.0-20240411010756-f6f382da6e02/go.mod h1:SBW3EribdkZYk6zxi5oVn/ZECvi4ixb7EGgEWfSimNk=
+deps.dev/util/resolve v0.0.0-20240411010756-f6f382da6e02 h1:qnSop1qW1PTSHUDyq4nYn/JygjjKrB191HYravpnZ20=
+deps.dev/util/resolve v0.0.0-20240411010756-f6f382da6e02/go.mod h1:8JnoxYaxXYJ0gJ9RbNPFgCZFDO/TMNFrHTcRkGApBV0=
+deps.dev/util/semver v0.0.0-20240411010756-f6f382da6e02 h1:56t2Bz/U4j13sQPVUT+w9S9T7D4zy7J6W6OICo9L5AI=
+deps.dev/util/semver v0.0.0-20240411010756-f6f382da6e02/go.mod h1:jkcH+k02gWHBiZ7G4OnUOkSZ6WDq54Pt5DrOA8FN8Uo=
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/CycloneDX/cyclonedx-go v0.8.0 h1:FyWVj6x6hoJrui5uRQdYZcSievw3Z32Z88uYzG/0D6M=
@@ -195,11 +195,12 @@ github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3
 github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
 github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY=
 github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
-github.com/spdx/tools-golang v0.5.3 h1:ialnHeEYUC4+hkm5vJm4qz2x+oEJbS0mAMFrNXdQraY=
-github.com/spdx/tools-golang v0.5.3/go.mod h1:/ETOahiAo96Ob0/RAIBmFZw6XN0yTnyr/uFZm2NTMhI=
+github.com/spdx/tools-golang v0.5.4 h1:fRW4iz16P1ZCUtWStFqS6YiMgnK7WgfTFU/lrsYlvqY=
+github.com/spdx/tools-golang v0.5.4/go.mod h1:MVIsXx8ZZzaRWNQpUDhC4Dud34edUYJYecciXgrw5vE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -250,8 +251,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
-golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc=
-golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
+golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
+golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
@@ -338,4 +339,4 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=