SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for osv-scanner-1.9.0-lp160.1.5.x86_64.rpm :

* Wed Oct 02 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.9.0:
* chore(release): changelog for v1.9.0 (#1292)
* chore(deps): update workflows (#1281)
* chore(deps): lock file maintenance (#1282)
* fix: bump osv max concurrent requests (#1290)
* fix: apply go version override to _all_ instances of the `stdlib` (#1278)
* fix: output invalid PURLs when scanning sboms (#1283)
* fix(offline): report all ecosystems without local databases in one single line (#1279)
* test: update snapshot (#1284)
* chore(deps): update workflows (#1264)
* fix(deps): update osv-scanner minor (#1265)
* feat: assume `txt` files with \"requirements\" in their name are `requirements.txt` files (#1271)
* chore(deps): update dependency webrick to v1.8.2 [security] (#1270)
* test: update case to reflect recent config parsing changes (#1267)
* feat: group DSA and its CVEs together (#1262)
* feat: error if configuration file has unknown properties (#1249)
* fix: don\'t allow `LoadPath` to be set via config file (#1252)
* refactor: Follow revive rules across the repo (#1263)
* chore: make guided remediation follow revive\'s default lint rules (#1259)
* refactor(guided remediation): Take `PreFetch` out of `DependencyClient` interface and prevent repeated datasource network calls (#1224)
* ci: pin `amannn/action-semantic-pull-request` to a commit (#1256)
* ci: pin `actions/stale` to a commit (#1255)
* test: update snapshots with new security vulnerabilities (#1254)
* chore: deprecate parser functions in favor of their extract equivalents (#1253)
* refactor: simplify and reuse `tryLoadConfig` (#1248)
* test: ensure `cmp.Diff` usage is consistent (#1251)
* test: restructure internal `config` cases and fixtures (#1250)
* fix: don\'t assume there\'s always a reason for a package being filtered out (#1241)
* feat: Copy over dark docs theming from osv.dev (#1245)
* fix: announce when a config file is invalid and exit with a non-zero code (#1242)
* chore(deps): update workflows (#1247)
* fix(deps): update osv-scanner minor (#1246)
* feat: allow explicitly ignoring the license of a package in config (#1243)
* feat(guided remediation): remediate unresolved dependency management vulns (#1235)
* chore(deps): update alpine:3.20 docker digest to beefdbd (#1230)
* chore(deps): update golang docker tag to v1.23.1 (#1231)
* chore(deps): update workflows (#1205)
* fix(deps): update osv-scanner minor (#1204)
* chore(deps): lock file maintenance (#1195)
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.5:
* chore(release): changelog for v1.8.5 (#1237)
* fix: make Alpine ecosystem fallback to latest release version (#1236)
* feat(internal): marshal self-closing tags in XML (#1225)
* chore: update Go to version 1.22.7 (#1233)
* feat: support composite-based package overrides (#1214)
* chore: update test snapshots (#1232)
* fix: govulncheck calls on C code (#1228)
* refactor: use forked xml package for writing (#1223)
* chore: update test snapshots (#1222)
* feat(internal): add Maven native dependency client (#1207)
* fix(guided remediation): Add special handling for specific Maven packages (#1219)
* fix(deps): update module github.com/charmbracelet/bubbletea to v1 (#1217)
* fix(internal): encode XML tokens without escaping (#1216)
* chore: update test snapshots (#1218)
* chore: axe `.go-version` file (#1212)
* feat(guided remediation): Add `FIXED-VULN-IDS` to non-interactive output (#1210)
* perf: ignored packages should be filtered out before scanning (#1206)
* feat: support fetching snapshot versions from a Maven registry (#1160)
* fix: stop finding more parent pom if the path is empty (#1194)
* chore: add missed test ignore vuln (#1209)
* chore: add `osv-scanner.toml` files to make Scorecard ignore vulnerabilities in our test fixtures (#1202)
* chore(deps): update workflows (#1186)
* fix(deps): update osv-scanner minor (#1187)
* fix: correct for breaking change in glamour v0.8.0 (#1201)
* chore(deps): update dependency github-pages to v232 (#1189)
* chore(deps): update golang docker tag to v1.23.0 (#1188)
* Sat Sep 14 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.4:
* chore(release): release v1.8.4 (#1200)
* refactor: move Maven utility to a separate package (#1193)
* docs: link to the Scorecard Report (#1197)
* fix: unescape tabs before writing to pom.xml (#1190)
* feat(guided remediation): add `--upgrade-config` flag (#1191)
* chore: add PR title check to follow Git commit convention (#1178)
* chore: add new vulnerability aliases to test snapshots (#1192)
* feat: write Maven updates to parent pom.xml if possible (#1182)
* chore: use the latest version of `golangci-lint` (#1185)
* fix(guided remediation): error on `--data-source=native` for Maven (#1180)
* ci(workflow): address address github.com/rhysd/actionlint findings (#1176)
* fix(workflow): correct permission name (#1175)
* chore(deps): update workflows (#1173)
* fix(deps): update osv-scanner minor (#1174)
* fix: only trim XML elements with no inner elements (#1168)
* fix(workflow): Add explicit permissions (#1171)
* docs: add conventional commits requirement (#1172)
* Package tracing PoC (#1049)
* Update go policy and use stable go version for builds (#1156)
* chore(deps): update dependency wdm to \"~> 0.2.0\" (#1163)
* fix(deps): update osv-scanner minor (#1162)
* chore(deps): update workflows (#1161)
* Add changelog for v1.8.3 (#1150)
* Wed Aug 07 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.3:
* chore: update dependency `github.com/docker/docker` (#1166)
* chore(deps-dev): bump rexml from 3.3.2 to 3.3.3 in /docs in the bundler group (#1158)
* add maven changes
* feat(guided remediation): add non-interactive Maven remediation by override (#1136)
* Label closed stale issues/PRs (#1165)
* Fix snapshots (#1164)
* Refactoring Maven manifest reading (#1159)
* Do not attempt to remediate vulnerabilities in Maven artifacts that have defined `` or `` (#1151)
* Handle Maven parent relative path (#1149)
* fix(workflow): add read permission to `osv-scanner-reusable.yml` (#1157)
* fix(workflow): update prerelease-check.yml to the latest OSV-Scanner action (#1153)
* fix(osv-github-action): If all vulnerabilities are not called, don\'t return an non zero exit code in osv-reporter (#1152)
* update snaps
* fix style
* Add changelog for v1.8.3
* chore(deps): lock file maintenance (#1130)
* Increase frequency of staleness runs (#1148)
* Improve Maven manifest updater (#1147)
* chore(deps): update workflows (#1145)
* fix(deps): update osv-scanner minor (#1146)
* chore(deps): update golang:1.22.5-alpine3.19 docker digest to 48aac60 (#1144)
* chore(deps): update alpine:3.20 docker digest to 0a4eaa0 (#1143)
* feat: add \"vertical\" output format (#889)
* chore(deps-dev): bump rexml from 3.3.1 to 3.3.2 in /docs in the bundler group (#1132)
* Add Maven dependency management to override client (#1140)
* Add original manifest to Maven ManifestPatch (#1134)
* Exempt backlog label from stale treatment (#1135)
* fix(deps): update osv-scanner minor (#1120)
* Reflect Go 1.21.12 change more broadly (#1133)
* ci: don\'t mark v2 wishlished issues as stale (#1131)
* chore(deps): update workflows (#1119)
* Workflow for stale issue and PR management (#1125)
* Bump goreleaser build version to 1.22. (#1126)
* Set the original requirement in patches from suggest (#1117)
* fix: ensure that `semantic` is passed a valid `models.Ecosystem` (#1116)
* Update docs: test dependencies not in the resolved graph (#1114)
* Improved the runtime of DiffVulnerabilityResults (#1091)
* Start on override strategy for maven guided remediation (#1025)
* Sort dependencies before writing to pom.xml (#1113)
* Activate profiles before merging parent (#1108)
* Fix the wrong dependencies/dependency tags (#1112)
* refactor: update linter and address minor violations (#1110)
* Add a dependency to pom.xml if it is not from the base project (#1105)
* Wed Jul 10 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.2:
* Bump go mod min version (#1109)
* Add changelog for v1.8.2 (#1106)
* Fix npm grouping (#1107)
* Add warning to the default docker container scanning method (#1089)
* Move sbom to internal, and add standard output tests (#1104)
* fix: ensure that npm dependencies retain their \"production\" grouping (#939)
* test: add output fixtures for call analysis (#1093)
* fix: restore custom styling to table format (#1094)
* chore(deps): lock file maintenance (#1103)
* chore(deps): update workflows (#1101)
* github-action.md add version into md example (#1073)
* ✨ Adding CycloneDX 1.4 and 1.5 reporter (#1014)
* chore(deps): update golang docker tag to v1.22.5 (#1100)
* fix(deps): update osv-scanner minor (#1102)
* Add go compiler to enable call analysis in the github action (#1099)
* Update github action docs in osv-scanner (#1096)
* test: update snapshots (#1092)
* Refactoring `manifest.Read()` for Maven (#1083)
* refactor: just disable color output rather than tracking terminal width (#1087)
* ci: upgrade `semantic` workflow to use v4 for artifact workflows (#1088)
* chore(deps): update workflows (#1080)
* fix(deps): update module github.com/spdx/tools-golang to v0.5.5 (#1081)
* Added Testing for the SPDX SBOM Reader (#1086)
* Changed min and max to inbuilt functions (#1076)
* Update snapshots (#1084)
* fix: use errgroup to avoid hydration deadlock scenario (#1078)
* ci: setup workflow to run `semantic` tests weekly (#958)
* test: update snapshots (#1079)
* filter out unimportant vulnerabilities from vuln group (#1072)
* Fix test (#1071)
* fix: ensure that `package` exists in `affected` property (#1055)
* Cherry-pick unmerged change from docs branch (#1069)
* chore(deps): update alpine:3.20 docker digest to b89d9c9 (#1062)
* chore(deps): update golang:1.22.4-alpine3.19 docker digest to c46c460 (#1063)
* fix(deps): update module github.com/charmbracelet/bubbletea to v0.26.6 (#1064)
* Combine Debian unimportant count logs (#1067)
* Update tests to support go version changes (#1065)
* fix: only care about ecosystem suffix if present in both ecosystems when determining equality (#1007)
* refactor: enable `revive/indent-error-flow` (#997)
* Fri Jun 21 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.1:
* Make 1.8.1 release (#1056)
* feat: bump goreleaser to v2 (#1054)
* Update goreleaser.yml (#1052)
* Fri Jun 21 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.8.0:
* v1.8.0 Changelog (#1050)
* Add documentation for the configuration. (#1051)
* Update documentation for transitive dependency scanning (#1040)
* Invoke `MavenResolverExtrator` when scanning pom.xml (#1028)
* fix(deps): update osv-scanner minor (#1044)
* chore(deps): update workflows (#1043)
* chore(deps): update golang docker tag to v1.22.4 (#896)
* chore(deps): lock file maintenance (#1033)
* chore(deps): update goreleaser/goreleaser-action action to v6 (#1032)
* Add `experimental-download-offline-databases` flag (#1039)
* Update snapshots and exit codes (#1041)
* Upgrade deps.dev dependencies (#1035)
* Remove busybox from alpine SBOM (#1037)
* Add go binary scanning (#1011)
* Update Go patch version (#1030)
* Merge parent projects for Maven pom.xml (#1019)
* Update base docker image for golang 1.21.11 (#1029)
* implement filtering by packages through the config (#944)
* Dependency imports should always be fetched from upstream (#1027)
* Upgrade go version (#1024)
* Fix broken TUI styling (#1023)
* Update test snapshots (#1022)
* chore(deps): lock file maintenance (#1018)
* fix(deps): update osv-scanner minor (#1017)
* chore(deps): update workflows (#1016)
* ci: don\'t try to upload code coverage on macOS (#1020)
* Fix some Maven manifest & resolver issues (#1008)
* Transitive dependency support for Maven pom.xml (#1002)
* Select a version that actually exists (#1012)
* Maven standard dependencies should take precedence over managed dependencies (#1000)
* Do not record Maven `compile` scope in dependency groups (#1003)
* Thu May 30 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.7.4:
* Remove feature from changelog as it\'s still blocked on #769 (#1006)
* V1.7.4 changelog (#1001)
* Update typo in supported_languages_and_lockfiles.md (#998)
* feat: support comparing Alpine versions locally (#980)
* Now that we have updated to go1.21.10, we can remove the ignore line from osv-scanner.toml (#996)
* chore(deps): update workflows (major) (#897)
* fix(deps): update osv-scanner minor (#994)
* chore(deps): update alpine docker tag to v3.20 (#993)
* Update test snapshots (#992)
* test: add cases for output functions (#937)
* fix(deps): update osv-scanner minor (#978)
* Add a new Maven pom.xml extractor (#982)
* feat: support parsing `gradle/verification-metadata.xml` (#943)
* chore(deps): update workflows (#977)
* chore(deps): update golang:1.21-alpine3.19 docker digest to 1c2e474 (#985)
* chore(deps-dev): Bump the bundler group across 1 directory with 2 updates (#983)
* make Maven parent path relative on current project (#987)
* Fix snapshots and alpine version (#990)
* Update deps.dev dependencies (#984)
* [docs] Add installation instructions for FreeBSD and NetBSD (#969)
* Disable all unimportant vulnerabilities (#968)
* GR: Add test universe generation script and tests for patch generation (#967)
* Thu May 09 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.7.3:
* chore(deps): update golang:1.21-alpine3.19 docker digest to b3aea8d (#973)
* v1.7.3 changelog and version bump (#972)
* Update gomod go version (#971)
* Fix tests; add newly discovered vulns (#970)
* Update go.mod to 1.21.9 (#907)
* chore: import `sys` in Python generators (#966)
* ci: upgrade `golangci/golangci-lint-action` to v5 (#964)
* chore: only extract versions from packages in the generator ecosystem (#957)
* refactor: encapsulate getting the working directory in a helper function (#961)
* refactor: apply Rubocop to Ruby generator (#956)
* test: remove future snapshots (#960)
* chore(deps): update workflows (#935)
* fix(deps): update osv-scanner minor (#945)
* chore(deps): lock file maintenance (#962)
* Fix snapshot for test (#963)
* fix: ensure the sarif output has a stable order (#938)
* chore: support skipping known unsupported comparisons in generators (#954)
* chore(deps): lock file maintenance (#936)
* chore: improve version fixture generators for local usage (#953)
* ci: cancel in-progress runs when new changes are pushed (#959)
* Automated Updates: support parents and dependency imports (#890)
* GR: Support filtering on alias IDs (#946)
* ci: ensure input name case matches just to be safe (#955)
* refactor: use `maps` functions instead of custom implementations (#940)
* test: update snapshots due to external vulnerability changes (#951)
* ci: upgrade Codecov to v4 (#941)
* feat: add support for PNPM v9 lockfiles (#934)
* Add new vuln to tests (#947)
* chore: add missing space to panic message (#942)
* test: include groups when describing package details (#933)
* Fri Apr 19 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.7.2:
* Changelog for v1.7.2 (#932)
* GR: Use deps.dev schema for graph definition in tests (#911)
* ci: ensure snapshots are always cleaned up (#903)
* test: clean up image snapshots (#923)
* Fix paths in test snapshots (#930)
* Fix regression for go call analysis in 1.7.0 (#926)
* fix(deps): update osv-scanner minor (#918)
* chore(deps): lock file maintenance (#919)
* Ignore stdlib vuln (#920)
* GR: Test `MatchVuln()` (#912)
* GR: resolve tests & mock client (#909)
* GR: Parse paths in npmrc auth fields correctly (#901)
* Fix rust call analysis by explicitly disabling stripping of debug info (#908)
* fix(deps): update osv-scanner minor (#895)
* chore(deps): update golang:1.21-alpine3.19 docker digest to ed8ce6c (#905)
* chore(deps): update workflows (#906)
* chore(deps): lock file maintenance (#898)
* test: clean and sort snapshots (#904)
* Add new vuln for failing test (#900)
* GR: Tests for npm relaxer (#894)
* GR: Add simple test for package-lock.json writing (#891)
* chore(deps): update workflows (#886)
* fix(deps): update osv-scanner minor (#885)
* update deps.dev/util/maven (#892)
* Make MockHTTPServer for tests (#888)
* GR: Add tests for npmrc & npm registry api (#879)
* Update github action docs to v1.7.1 (#881)
* Use stable deps.dev v3 API (#882)
* test: pin alpine image to exact sha (#880)
* test: change how snapshot matchers are called and update example name for consistency (#866)
* [docs] Fix the HTTP link for downloading offline database. (#877)
* fix(renovate): constrain go to 1.21 and do not update golang (#874)
* ci: harden workflow permissions (#872)
* chore(deps): Bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible (#878)
* Wed Mar 20 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.7.1:
* v1.7.1 changelog and removing unused fixtures (#876)
* Fix/update retry logic in OSV (#860)
* perf: optimize string formatting and update linting (#828)
* test: add cli cases for `node_modules` images (#870)
* Follow up PR851 mark acceptance on image tests (#869)
* GR: Add npm lockfile read tests (#853)
* ci: downgrade codecov action to v3 (#871)
* test: use \"public\" package where possible (#838)
* test: regenerate snapshots (#867)
* Pin the dockerfiles to the correct base image (#865)
* chore(deps): update workflows (#863)
* fix(deps): update osv-scanner minor (#864)
* add MakeVersionRequestsWithContext() (#781)
* improve error messages in Maven registry client (#859)
* Fix location of \"
*\" for requirements.txt (#858)
* docs: reword sentence in guided-remediation (#846)
* Put API/networking errors on another error code (#857)
* chore(deps): update golang:alpine docker digest to fc5e584 (#852)
* Find and save the distro version when extracting from debian and alpine (#854)
* fix: allow users to override GOVERSION (#850)
* feat: support scanning `node_modules` generated by NPM in container images (#851)
* GR: Add npm ManifestIO tests & minor fixes (#845)
* Automated Updates: set up update subcommand (#830)
* Fri Mar 15 2024 opensuse_buildserviceAATTojkastl.de- BuildRequire go 1.21.8 to follow upstream- Update to version 1.7.0:
* Update changelog for v1.7.0 (#843)
* Merge docs to main (#842)
* Replace stereoscope with using go-containerregistry directly (#836)
* Rename relaxer and suggester (#839)
* Update deps (#841)
* Downgrade go.mod (#833)
* chore(deps): update workflows (#835)
* Add more guided remediation known issues re: vulnerabilitiy counting (#840)
* Guided Remediation Docs (#827)
* test: automatically cleanup test zip server (#834)
* chore(deps): lock file maintenance (#822)
* fix(deps): update osv-scanner minor (#807)
* ci: remove unneeded `setup-go` step and pin `actions/download-artifact` (#786)
* Dont traverse gitignored dirs for gitignore files (#797)
* test: make `createTestDir` a general test utility (#832)
* Maximum severity rating for each Group object in JSON output (#805)
* Automated Updates: add a simple Maven registry API client (#837)
* Automated Updates: only append dependencies with property to original requirements (#823)
* chore(deps): update dependency github-pages to v231 (#821)
* chore(deps): update workflows to v4 (major) (#784)
* chore(deps): update workflows (#806)
* Added a switch for using cached local db in test to improve speed (#826)
* Remove version from the binary name. (#831)
* Automated Updates: suggest property patches to update for Maven (#824)
* refactor: replace usage of deprecated function (#829)
* chore: don\'t ignore `fixtures` directory (#825)
* Align GoVulncheck Go version with go.mod (#818)
* Guided Remediation: Compute Dev dependencies in in-place parsing (#816)
* Automated Updates: add ManifestIO for Maven (#813)
* Update suggester package name (#817)
* Automated Updates: add version suggester for Maven (#815)
* Guided remediation: Interactive mode TUI (#811)
* Proof of Concept of container scanning (#808)
* Guided Remediation: non-interactive mode (#798)
* Update main with the new docs updates. (#810)
* Add user agent to deps.dev requests (#804)
* chore(deps): update golang:alpine docker digest to 8e96e6c (#793)
* fix(deps): update osv-scanner minor (#794)
* chore(deps): update dependency github-pages to v230 (#796)
* chore(deps): update workflows (#795)
* Start setting up guided remediation subcommand (#792)
* Guided Remediation: Compute in-place updates (#789)
* Guided Remediation: Add `package-lock.json` LockfileIO (#785)
* add new spdx identifiers (#788)
* chore(deps-dev): Bump nokogiri from 1.15.5 to 1.16.2 in /docs (#787)
* chore(deps): update workflows (#783)
* fix(deps): update osv-scanner minor (#782)
* Guided Remediation: add npm registry clients & `.npmrc` parsing (#778)
* Fix tests (#780)
* Wed Jan 31 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.6.2:
* Update changelog for 1.6.2 (#779)
* chore(deps): update golang:alpine docker digest to a6a7f1f (#772)
* chore(deps): update alpine:3.19 docker digest to c5b1261 (#771)
* Add pdm lockfile support (#776)
* Guided Remediation: Make `VulnerabilityClient` for OSV queries (#773)
* Do not fail if no lockfiles found in github action (#774)
* Guided Remediation: Add computation for all relaxation patches (#766)
* Parse severities for guided remediation (#767)
* Add pictures to github action docs (#768)
* Guided Remediation: Add dependency relaxation & re-resolution (#765)
* Update govet printf settings (#745)
* fix: improve wording of usage description (#764)
* Guided Remediation: add npm `package.json` manifest parser (#763)
* Update github action version (#761)
* Guided Remediation: Add manifest resolution (#757)
* Add OSV-Scanner subcommands (#748)
* test: use snapshot-based testing (#717)
* chore(deps): lock file maintenance (#760)
* fix(deps): update osv-scanner minor (#758)
* chore(deps): update workflows (#759)
* add dependency groups to flattened vulnerability (#754)
* Use new GitHub action in new repository (#756)
* Thu Jan 18 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.6.1:
* Final goreleaser fix (#753)
* Remove unnecessary docker manifest entry in goreleaser (#752)
* Update goreleaser to fix release pipeline (#751)
* Thu Jan 18 2024 opensuse_buildserviceAATTojkastl.de- Update to version 1.6.0:
* Update CHANGELOG.md for 1.6.0 (#749)
* Bump version for OSV-Scanner. (#750)
* Build action image when releasing (#747)
* fix(deps): update osv-scanner minor (#743)
* chore(deps): update actions/upload-artifact action to v4.1.0 (#744)
* chore(deps): update golang:alpine docker digest to fd78f2f (#719)
* chore(deps): update workflows (major) (#709)
* chore(deps): update alpine docker tag to v3.19 (#708)
* fix(deps): update osv-scanner minor (#700)
* chore(deps): lock file maintenance (#710)
* chore(deps): update github/codeql-action action to v2.23.0 (#707)
* Assume latest patch version if version does not exist (#740)
* Add support for verbosity levels (#727)
* Show ecosystem and version even if git is shown if the info exists. (#736)
* chore(deps): Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#738)
* Add option to not fail on vuln to workflow files (#737)
* Fix vulnerabilities that OSV-Scanner found (#724)
* Add option to not fail on vulnerability being found for github action (#732)
* fix: remove deprecated `Reporter` methods (#722)
* fix directives related to go generate in package spdx (#730)
* verify license allowlist against spdx identifiers (#729)
* Add formatting instructions to docs contribution (#723)
* Adjusting docs (#716)
* fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0 [security] (#721)
* Get go stdlib version from go.mod (#704)
* feat: support `PrintTextf` and `PrintErrorf` on `Reporter` (#706)
* Refactor: attempt to transition into using models.Ecosystems rather than lockfile.Ecosystems (#705)
* Updating cdxgen-go version in go.mod (#718)
* Unify OSV scanner action (#711)
* refactor: setup `prettier` for formatting files (#693)
* Return an error if both license scanning and local/offline scanning is enabled simultaneously (#703)
* chore(deps): update golang:alpine docker digest to feceecc (#699)
* scan and report dependency groups of vulnerabilities (#655)
* Create an option to skip/disable upload to code scanning (#702)
* Add support for NuGet lock files version 2 (#694)
* remove extra backtick in license scanning documentation (#696)
* Update changelog to include minimum go version changes (#695)
* Wed Dec 06 2023 kastlAATTb1-systems.de- Update to version 1.5.0:
* Add changelog for verson 1.5.0 (#692)
* Fix go mod (#691)
* chore(deps): lock file maintenance (#653)
* refactor: switch golang.org/x/exp/slices usages to stdlib (#690)
* Include available formats in `--format` help message (#685)
* chore(deps): update golang:alpine docker digest to 70afe55 (#687)
* chore(deps): update alpine:3.18 docker digest to 34871e7 (#686)
* fix(deps): update osv-scanner minor (#688)
* Add `osv-scanner` pre-commit hook (#669)
* Fix goreleaser build (#683)
* feat: CVSS v4.0 support and replace cvss implementation to comply with the specifications (#651)
* chore(deps): update workflows (#666)
* Added license scanning info (#674)
* update docs for call analysis. (#682)
* Setup manual release pipeline (#681)
* add experimental-licenses summary flag (#678)
* Set Go call analysis to default behaviour (#665)
* Fix filter ids (#647)
* feat: add support for `renv.lock` (#668)
* Simplify return codes to return 1 if any vulnerability related error (#677)
* fix(deps): update osv-scanner minor (#652)
* refactor: upgrade golangci-lint (#673)
* make license allowlist matching case insensitive (#672)
* ci: run tests on Windows (#646)
* feat: add support for comparing CRAN versions (#656)
* ci: update `golangci-lint` to v1.54 (#661)
* Don\'t include nested vendored libs in determineversions query. (#649)
* chore: disable `goconst` linter (#662)
* fix: remove noise lockfile warnings (#660)
* ci: enforce that `cachedregexp` is always used instead of `regexp` (#663)
* Adding C/C++ info to the docs (#648)
* cmd/osv-scanner: update sarif output in test cases (#659)
* Downgrade jekyll-feed. Update lock file (#650)
* chore(deps): update golang:alpine docker digest to 110b07a (#640)
* fix: properly handle file/url paths on Windows (#645)
* test: don\'t ignore anything from coverage (#627)
* fix(deps): update osv-scanner minor (#641)
* Filter local packages from scanning, and report the filtering. (#643)
* license checking experimental feature (#501)
* upgrade version of Go in GitHub checks (#637)
* test: check against error type rather than message (#628)
* Minor github action docs changes to clarify behaviour. (#630)
* Thu Nov 02 2023 kastlAATTb1-systems.de- Update to version 1.4.3:
* Prepare for v1.4.3 release (#629)
* Add support for determineversions API (#612). (#621)
* Refactor package scanning to produce packages instead of queries (#614)
* Fix permissions in PR osv-scanner (#625)
* Fix gitignore matching for root directory (#626)
* Go binary not found should not be an error (#622)
* Scan submodules too. (#581)
* fix: handle yarn aliased packages (#615)
* fix(deps): update osv-scanner minor (#618)
* chore(deps): update github/codeql-action action to v2.22.5 (#616)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#597)
* chore(deps): update workflows (#596)
* handle npm aliased packages (#610)
* Some minor post release fixes (#613)
* Gate extended tests (#598)
* test: use `cmp.Diff` for diffing (#605)
* fix: remove some extra newlines in sarif report (#607)
* Wed Oct 25 2023 kastlAATTb1-systems.de- Update to version 1.4.2:
* Prepare for 1.4.2 release (#609)
* chore: don\'t trim trailing whitespace on fixture snapshots (#608)
* Update release pipeline (#602)
* fix: trim leading and trailing newlines off SARIF output (#606)
* Add name field to sarif rule output (#600)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#579)
* chore(deps): update golang:alpine docker digest to 926f7f7 (#591)
* chore(deps): update workflows (#592)
* Make scheduled and PR scanning only scan the relevant files and ignore fixtures (#594)
* Update docs to add in saving to file option (#593)
* Clarify in the docs actions will fail when vulns are found (#587)
* chore(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#585)
* Change branch back in github action (#586)
* Fix permissions and attempt \"Download Artifact\" option to allow custom lockfiles (#584)
* Small doc adjustments for GitHub Actions (#582)
* fix(deps): update osv-scanner minor (#578)
* Update deps and fix tests (#583)
* Improve documentation for github actions (#575)
* chore(deps): update golang:alpine docker digest to a76f153 (#577)
* chore(deps): update workflows (#580)
* fix: support versions with build metadata in `yarn.lock` files (#576)
* Add additional tests for git scanning, and markdown format (#569)
* Fri Oct 06 2023 kastlAATTb1-systems.de- Update to version 1.4.1:
* Allow release scanning to upload SARIF file. (#573)
* Fix goreleaser and update changelog (#572)
* 1.4.1 release and changelog (#571)
* SARIF with fixed version (#559)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#568)
* chore(deps): update github/codeql-action action to v2.21.9 (#567)
* chore(deps): update golang:alpine docker digest to 4bc6541 (#566)
* chore(deps): update alpine:3.18 docker digest to eece025 (#565)
* ci: don\'t fetch the whole repository history when its not needed (#562)
* ci: ensure that `actions/checkout` is pinned (#563)
* Block release on vuln scan (#561)
* ci: use `.go-version` file (#564)
* ci: run tests on macos and in parallel when releasing (#560)
* test: use `cmp.Diff` for comparing output (#558)
* Add new ecosystems, and a slice containing all of them. (#557)
* test: compare expected with actual rather than the other way around (#556)
* chore: move scripts into the `scripts` directory (#555)
* ci: combine lint and test workflows (#554)
* test: add cases for extra coverage (#524)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#544)
* chore(deps): lock file maintenance (#545)
* chore(deps): update workflows (#538)
* Add custom scan arguments (#552)
* SARIF output fixes. (#547)
* Minor readme update (#546)
* Action docs (#541)
* Update SARIF format (#534)
* Fix action naming and scheduled scan parameters (#543)
* chore(deps): update workflows (major) (#540)
* Attempt at multiline action (#542)
* fix(deps): update osv-scanner minor (#539)
* Update experimental.md (#536)
* Thu Sep 14 2023 kastlAATTb1-systems.de- Update to version 1.4.0:
* Fix issue in the changelog (#533)
* 1.4.0 changelog and docs (#532)
* Adding Offline info (#517)
* chore(deps): update golang:alpine docker digest to 96634e5 (#527)
* chore(deps): update workflows (#529)
* fix(deps): update osv-scanner minor (#528)
* Fix result scanning (#526)
* ci: change how coverage is collected (#525)
* chore: capture coverage and upload it to codecov (#512)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#520)
* Correctly use matchFileNames in renovate.json (#522)
* Update test results to pass new test (#523)
* Revert breaking change in `osv.go` (#514)
* Add osv output lockfile + refactor (#505)
* Update renovate.json (#504)
* fix(deps): update osv-scanner minor (#506)
* Refactor models (#510)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#508)
* chore(deps): update actions/checkout action to v3.6.0 (#507)
* Update contributing docs (#502)
* chore(deps-dev): Bump activesupport from 7.0.7 to 7.0.7.2 in /docs (#503)
* fix(deps): update golang.org/x/exp digest to d852ddb (#496)
* Add fixtures go to renovate bot ignore (#500)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#498)
* chore(deps): update golangci/golangci-lint-action action to v3.7.0 (#499)
* chore(deps): update actions/setup-go action to v4.1.0 (#497)
* If go version can\'t be found, don\'t add stdlib (#494)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#448)
* feat: support `io.Reader` based parsers (#451)
* fix: don\'t error if local db directory already exists (#493)
* fix: ensure that \"introduced 0\" events are sorted before any other event (#492)
* Add go stdlib version support (#484)
* chore(deps): update golang:alpine docker digest to 445f340 (#467)
* chore(deps): update alpine docker tag to v3.18 (#468)
* chore(deps): update slsa-framework/slsa-github-generator action to v1.8.0 (#469)
* chore(deps): update alpine:3.18 docker digest to 7144f7b (#480)
* chore(deps): update alpine:3.17 docker digest to f71a5f0 (#466)
* chore(deps): update gaurav-nelson/github-action-markdown-link-check digest to 46e4421 (#481)
* fix(deps): update golang.org/x/exp digest to 89c5cff (#482)
* chore(deps): update github/codeql-action action to v2.21.4 (#483)
* Fix some vulns and ignore others (#490)
* Rust call analysis (#452)
* Scanner action should pass if the vulnerabilities remain the same (#475)
* Tidy up scanner action (#474)
* Manually update dependencies to resolve vulnerability https://osv.dev/GO-2023-1988 (#472)
* feat: add experimental offline mode (#183)
* Move github action back to the main branch (#465)
* refactor: move experimental flags into their own struct (#463)
* fix: use correct plural and singular forms based on count (#462)
* chore(deps): update github/codeql-action action to v2.21.2 (#455)
* fix(deps): update osv-scanner minor (#456)
* Add annotations and osv-scanner table in the Github Action output (#460)
* Fix purl mapping (#457)
* test: make `output` tests their own package (#461)
* Updated github actions to use main branch now that the PR is merged in (#459)
* Recreated Github Action PR (#432)
* chore: minor grammar fixes (#454)
* chore(deps): update docker/setup-buildx-action digest to 4c0219f (#437)
* chore(deps): update golang:alpine docker digest to 7839c9f (#444)
* Optimize Dockerfile and add .dockerignore (#441)
* chore(deps): update github/codeql-action action to v2.21.0 (#449)
* Enable lockfile maintaince (#450)
* fix(deps): update osv-scanner minor (#445)
* Wed Jul 19 2023 kastlAATTb1-systems.de- Update to version 1.3.6:
* Prepare for v1.3.6 Release (#447)
* Adjusting GitHub actions (#446)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#438)
* go.mod: upgrade to golang.org/x/vulnAATTv1.0.0 (#443)
* Fix PURLToPackage function and move it (#439)
* Update README.md (#440)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#422)
* chore(deps): update workflows (#429)
* fix(deps): update osv-scanner minor (#430)
* update govulncheck integration (#431)
* Wed Jun 28 2023 kastlAATTb1-systems.de- Update to version 1.3.5:
* Add more ignores now that debian PURLs are parsed correctly (#428)
* Adds changelog for v1.3.5 (#427)
* chore(deps): update alpine docker tag to v3.18 (#382)
* test: ensure fixtures directory isn\'t already a git repository (#426)
* chore: ignore `.idea` directory (#425)
* Add withdrawn and fix time serialization to conform to the schema. (#424)
* test: make `models` tests their own package (#423)
* Updated to reflect cvss scores being added to output table. (#419)
* chore(deps): update workflows (#421)
* chore(deps): update alpine:3.17 docker digest to e95676d (#413)
* Add option to include severity in table output (#409)
* Update the model to better match schema and add YAML tags. (#417)
* chore(deps): update golang:alpine docker digest to fd9d9d7 (#405)
* chore(deps): update workflows (#406)
* fix(deps): update osv-scanner minor (#415)
* Fixing broken github page (#412)
* Link checker (#408)
* fix(deps): update osv-scanner minor (#407)
* refactor: enable `goimports` linter (#404)
* Update the model to match the latest version of the OSV schema (#403)
* Mon Jun 12 2023 kastlAATTb1-systems.de- Update to version 1.3.4:
* Prepare for 1.3.4 release. (#401)
* chore(deps): update workflows (#393)
* fix(deps): update osv-scanner minor (#392)
* Fix version printer to use app stdout and stderr (#395)
* OSV user agent (#390)
* Wed May 17 2023 kastlAATTb1-systems.de- Update to version 1.3.3:
* Add new line and fix test to avoid having to change version twice (#387)
* 1.3.3 Release (#385)
* Use upload draft assets option (#384)
* chore(deps): update golang:alpine docker digest to ee2f23f (#380)
* chore(deps): update slsa-framework/slsa-github-generator action to v1.6.0 (#383)
* fix(deps): update osv-scanner minor (#381)
* Remove --hash from version in requirements.txt (#379)
* Small formatting changes (#377)
* chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#378)
* add unit tests for results.go (#368)
* Improve exit docs and add No vulns found to output (#373)
* Update exit docs (#375)
* chore(deps): update github/codeql-action action to v2.3.3 (#372)
* chore(deps): update golang:alpine docker digest to 913de96 (#305)
* fix: handle cyclical `-r`s in `requirements.txt` (#366)
* fix: don\'t panic on empty files (#367)
* fix(deps): update osv-scanner minor (#327)
* Update spdx to 0.5.0 (#365)
* Update pkg/osv to allow overriding the http client / transport. (#357)
* chore(deps): update github/codeql-action action to v2.3.2 (#363)
* Enable osvVulnerabilityAlerts (#362)
* Wed Apr 26 2023 kastlAATTb1-systems.de- Update to version 1.3.2:
* Fix sbom scanning code (#360)
* 1.3.2 Release (#359)
* Refactor reporter to interfaces (#345)
* Update all minor dependencies without spdx (#358)
* chore(deps): update workflows (#334)
* Better SBOM documentation and error message (#349)
* Move a specific regex to static variable (#346)
* chore(deps): update dependency jekyll-feed to v0.17.0 (#328)
* chore(deps): bump nokogiri from 1.14.1 to 1.14.3 in /docs (#338)
* chore(deps): bump commonmarker from 0.23.8 to 0.23.9 in /docs (#337)
* SBOM parsing improvements. (#339)
* Make the reporter public (#341)
* Set `skip-pkg-cache: true` for golangci-lint (#340)
* Support PNPM v6+ Lockfile (#325)
* chore(deps): update alpine:3.17 docker digest to 124c7d2 (#326)
* Call analysis note fixed. (#331)
* Add configs to ignore test vulnerabilities (#329)
* Thu Mar 30 2023 kastlAATTb1-systems.de- Update to version 1.3.1:
* Release 1.3.1 changelog (#321)
* chore(deps): update ossf/scorecard-action action to v2.1.3 (#322)
* Add nil check to CycloneDX enumeration (#320)
* Tue Mar 28 2023 kastlAATTb1-systems.de- Update to version 1.3.0:
* Update changelog and version for v1.3.0 (#316)
* chore(deps): update workflows (#314)
* fix(deps): update osv-scanner minor (#313)
* Update workflows to compositing, so that goreleaser workflow can run them. (#315)
* Fix workflow (#311)
* Fix some issues with the model. (#312)
* Improve the OSV models to allow for 3rd party use of the library. (#310)
* Adds concurrency to hydration requests (#304)
* Make `IgnoredVulns` also ignore aliases (#300)
* fix(deps): update osv-scanner minor (#306)
* chore(deps): update actions/setup-go action to v4 (#308)
* chore(deps): update workflows (#307)
* Run tests before release (#301)
* chore(deps): bump activesupport from 7.0.4.2 to 7.0.4.3 in /docs (#302)
* Pin lint action (#299)
* fix(deps): update osv-scanner minor (#288)
* fix: support Pipenv develop packages without versions. (#297)
* Set version in source code (#295)
* Prevent `.gitignore` files from interfering with tests (#292)
* fix: trim leading zeros off when comparing numerical components in Maven versions (better) (#285)
* fix: avoid infinite loops parsing Maven poms with syntax errors (#294)
* Check if PURL is valid before adding it to queries (#291)
* Renovate bot ignore vulns package (#289)
* chore(deps): update workflows (#287)
* fix: trim leading zeros off when comparing numerical components in Maven versions (#279)
* Adding call graph info back in (#284)
* Update Colors for Accessibility (#278)
* Removed call graph analysis for now. (#282)
* Remove \"working doc\" concept (#275)
* feat: improved error message when pom dependency version not found (#253)
* Add tags and point people to slsa-verifier (#265)
* ci: harden permissions (#269)
* Run on merge queue (#272)
* fix: properly handle comparing zero versions in Maven (#267)
* chore: add `.editorconfig` file (#266)
* fix(deps): update osv-scanner minor (#270)
* Renovate bot use ignorePaths instead for fixtures (#264)
* test: update case with new advisory (#268)
* fix: deduplicate packages that appear multiple times in `Pipenv.lock` files (#261)
* feat: support `-r` flag in `requirements.txt` files (#260)
* chore(deps): update workflows (#242)
* fix: avoid panic when parsing `file:` dependencies in `pnpm` lockfiles (#259)
* More specific cyclone dx parsing (#258)
* Parse nested CycloneDX components correctly (#251)
* fix: support yarn locks with quoted properties (#250)
* Update renovate.json (#248)
* fix(deps): update golang.org/x/exp digest to c95f2b4 (#241)
* govulncheck integration (#198)
* Create draft release first in goreleaser (#236)
* Adding additional installation instructions (#235)
* Thu Feb 23 2023 kastlAATTb1-systems.de- Update to version 1.2.0:
* Changelog update for v1.2.0 (#233)
* Moving Working Docs to Current (#234)
* Update the output docs, make logo a lot bigger, make page slightly wider (#226)
* Upgrade to yaml v3 (#231)
* ParseAs for dpkg-status (#229)
* Update analytics for documentation. (#230)
* chore(deps): update docker/setup-buildx-action digest to f03ac48 (#223)
* fix(deps): update osv-scanner minor (#225)
* chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 (#222)
* chore(deps): update dependency http_parser.rb to \"~> 0.8.0\" (#224)
* fix: ensure that vulnerability results are ordered deterministically (#220)
* test: ensure case names match function under test (#228)
* Nits - APK installed optimizations (#227)
* Support for DPKG (Debian) parser (#168)
* feat: support `dependencyManagement` in Maven poms (#221)
* Google analytics added. (#215)
* Console formatting changes
* Documentation Style Improvements (#211)
* fixed broken link (#210)
* Documentation moved to github page.
* Minor changes for gitignore parsing (#208)
* Improve gitignore parsing (#206)
* fix(deps): update osv-scanner minor (#205)
* chore(deps): update github/codeql-action action to v2.2.4 (#204)
* Move instructions to Usage (#197)
* Make scanner respect .gitignore files (#191)
* feat: support specifying what parser to use in `--lockfile` (#94)
* fix: add missing toml tags to struct (and update linter) (#190)
* fix(deps): update golang.org/x/exp digest to 98cc5a0 (#188)
* fix(osv-query): omit SourceInfo from JSON marshaling (#185)
* test: remove nonsense case and correct names (#187)
* Update readme usage section (#171)
* chore(deps): update docker/login-action action to v2 (#148)
* fix(deps): update osv-scanner minor (#147)
* Support SPDX 2.3 (#178)
* chore(deps): update workflows (#172)
* feat: Render output as a markdown table for use in github comments (#156)
* APK: fix test function (#180)
* Log number of packages scanned from SBOMs. (#179)
* Make OSV api public (#167)
* Add experimental comment (#173)
* fix: exit with generic non-zero code when there is a general error (#161)
* fix: reuse app-level writer and err writers in `VersionPrinter` (#166)
* chore(deps): update github/codeql-action action to v2.1.39 (#159)
* test: add cases for `semantic.MustParse` (#160)
* feat: create `--format` flag (#158)
* golangci checks in github action, and fixes initial linter issues (#149)
* test: add case for `--version` flag (#162)
* chore: remove duplicated generators (#157)
* - add conan.lock to the list (#59)
* Fix endpoint typo (#152)
* feat: add `semantic` package (#92)
* Adding re-try for getting a Vuln for the given ID (#141)
* chore(deps): update github/codeql-action action to v2.1.38 (#146)
* chore: adjust comment to match type name (#143)
* Mention Pipfile.lock support in changelog. (#140)
* Fix link to GitHub issues (#139)
* Thu Jan 12 2023 kastlAATTb1-systems.de- Update to version 1.1.0:
* Fix goreleaser permissions (#138)
* v1.1.0 release PR (#137)
* fix(deps): update osv-scanner minor (#79)
* Temporarily disable alpine package scanning (#136)
* Move tests from cloudbuild to gh actions (#135)
* Use short url in scanner output (#134)
* chore(deps): update workflows (#78)
* Update readme and add changelog (#133)
* fix: use correct ecosystem for NuGet (#132)
* Do not highlight borders of result table (#131)
* Add contributing file (#130)
* Update README.md (#127)
* docs: describe build process (#109)
* Add gomodtidy after renovate updates (#120)
* Make lint trigger same as others (#125)
* Minor documentation updates. (#121)
* Add support for Alpine Linux /lib/apk/db/installed (Resolves #72) (#107)
* feat: add docker publish method (#70)
* Add Pipenv lockfile support (Resolves #71) (#66)
* Lint readme (#100)
* Have renovate-bot label its PRs as it does with osv.dev (#116)
* [pkg] implement NuGet ecosystem parser (#98)
* Update github.com/spdx/gordf dependency to fix 32 bit support (#104)
* test: update spec case and adjust assertion message (#99)
* fix: ensure that files are closed when they\'re no longer needed (#106)
* Fix lockfile example syntax (#103)
* docs: add homebrew installation note (#89)
* Tue Dec 20 2022 Johannes Kastl - add build parameters, so \'osv-scanner --version\' shows proper version, build date and the release tag as commit
* Tue Dec 20 2022 kastlAATTb1-systems.de- Update to version 1.0.2:
* shorten affected package to package (#90)
* Move table columns so that the important column is displayed first (#87)
* Add blog post link to README (#84)
* Minor updates to install instruction title (#80)
* Added installation instructions for Scoop (#68)
* Update README.md (#77)
* Fix readme anchor link. (#76)
* Update README.md (#58)
* Add disclaimer on Debian scanning. (#65)
* Add gradle lockfile support (#46)
* Tue Dec 20 2022 Johannes Kastl - new package osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  
ICM