This version adds support for bun.lock and uv.lock files, comparing Ubuntu, Alpine, and Red Hat versions (though we don't support parsing their respective "lockfiles"), and upgrades us to Go v1.23.
This is also probably going to be the last version with the current lockfile and semantic packages, as I've been working with Google on reshaping these libraries which has resulted in osv-scalibr, and which has a much better API especially for lockfile (which over there is extractor).
I will likely start by replacing semantic as that has moved to osv-scalibr in a way that's nearly 1:1, with the main difference being it now returns errors instead of panicking and a much smaller public API for now.
If you are using the osv-detector public libraries, I encourage you to look at the osv-scalibr equivalents to get a sense of what to expect in terms of migrating, and please feel free to open issues either here or on the osv-scalibr repository if you have questions or feel something is missing from their packages that you'd like to make sure is brought across
What's Changed
- support parsing
bun.lockfiles (#285) - support parsing
uv.lockfiles (#287) - upgrade to Go v1.23 (#292)
- support comparing Ubuntu versions (#300)
- support comparing Alpine versions (#299)
- support comparing RedHat versions (#298)
Full Changelog: v0.13.1...v0.14.0