chore(deps): update ghcr.io/google/osv-scanner docker tag to v1.8.4 #24
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
190ad72
to
1f37ba5
Compare
secustor
changed the title
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
1f37ba5
to
8b5aaff
Compare
secustor
changed the title
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
8b5aaff
to
6615b2b
Compare
secustor
changed the title
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
6615b2b
to
ac4f77d
Compare
secustor
changed the title
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
ac4f77d
to
907ac27
Compare
secustor
changed the title
secustor
changed the title
secustor
force-pushed
the
renovate/ghcr.io-google-osv-scanner-1.x
branch
from
907ac27
to
d1bfb92
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.3.1->v1.8.4Release Notes
google/osv-scanner (ghcr.io/google/osv-scanner)
v1.8.4Compare Source
Features:
--upgrade-configflag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous--disallow-major-upgradesand--disallow-package-upgradesflags.Fixes:
Misc:
v1.8.3Compare Source
Features:
Fixes:
semanticis passed a validmodels.Ecosystem.Misc:
v1.8.2Compare Source
Features:
Fixes:
--experimental-local-db.packageexists inaffectedproperty.v1.8.1Compare Source
Features:
OSV-Scanner now scans transitive dependencies in Maven
pom.xmlfiles!See our documentation for more information.
The
osv-scanner.tomlconfiguration file can now filter specific packages with new[[PackageOverrides]]sections:[[PackageOverrides]]v1.7.4Compare Source
Features:
Misc:
v1.7.3Compare Source
Features:
Fixes:
v1.7.2Compare Source
Fixes:
v1.7.1Compare Source
(There is no Github release for this version)
Fixes
Add retry logic to make calls to OSV.dev API more resilient. This combined with changes in OSV.dev's API should result in much less timeout errors.
API Features
add
MakeVersionRequestsWithContext()API and networking related errors now has their own error and exit code (Exit Code 129)
v1.7.0Compare Source
Features
Feature #352 Guided Remediation
Introducing our new experimental guided remediation feature on
osv-scanner fixsubcommand.See our docs for detailed usage instructions.
Feature #805
Include CVSS MaxSeverity in JSON output.
Fixes
Bug #818
Align GoVulncheck Go version with go.mod.
Bug #797
Don't traverse gitignored dirs for gitignore files.
Miscellaneous
Remove version number from the release binary name.
v1.6.2Compare Source
Features
Feature #694
Add subcommands! OSV-Scanner now has subcommands! The base command has been moved to
scan(currently the only commands isscan).By default if you do not pass in a command,
scanwill be used, so CLI remains backwards compatible.This is a building block to adding the guided remediation feature. See issue #352
for more details!
Feature #776
Add pdm lockfile support.
API Features
Add dependency groups to flattened vulnerabilities output.
v1.6.1Compare Source
v1.6.0/v1.6.1:
Features
Feature #694 Add support for NuGet lock files version 2.
Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
Feature #702 Created an option to skip/disable upload to code scanning.
Feature #732 Add option to not fail on vulnerability being found for GitHub Actions.
Feature #729 Verify the spdx licenses passed in to the license allowlist.
Fixes
Bug #736 Show ecosystem and version even if git is shown if the info exists.
Bug #703 Return an error if both license scanning and local/offline scanning is enabled simultaneously.
Bug #718 Fixed parsing of SBOMs generated by the latest CycloneDX.
Bug #704 Get go stdlib version from go.mod.
API Features
Reportermethods to add verbosity levels and to deprecate functions.New Contributors
Full Changelog: google/osv-scanner@v1.5.0...v1.6.0-alpha3
v1.5.0Compare Source
Features
Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
Support scanning
renvfiles for the R language ecosystem.Stabilize call analysis for Go! The experimental
--experimental-call-analysisflag has now been updated to:--call-analysis=<language/all>
--no-call-analysis=<language/all>
with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!
Simplify return codes:
CVSS v4.0 support.
Pre-commit hook support.
Fixes
We now filter local packages from scans, and report the filtering of those packages.
Properly handle file/url paths on Windows.
Remove noise from failed lockfile parsing.
No longer include vendored libraries in C/C++ package analysis.
Fix filtering of aliases to also include non OSV aliases
Miscellaneous
v1.4.3Compare Source
Features
Add support for scanning vendored C/C++ files.
Scan submodules commit hashes.
Fixes
Fix gitignore matching for root directory
Go binary not found should not be an error
handle npm/yarn aliased packages
fix: remove some extra newlines in sarif report
v1.4.2Compare Source
Fixes
Support versions with build metadata in
yarn.lockfilesAdd name field to sarif rule output
v1.4.1Compare Source
Features
New SARIF format that separates out individual vulnerabilities, see https://github.com/google/osv-scanner/issue/216
Have a look at https://google.github.io/osv-scanner/experimental/ for how to use the new Github Action in your repo.
Experimental, so might change with only a minor update.
API Features
v1.4.0Compare Source
Features
Add (experimental) offline mode! See our documentation for how to use it.
Add (experimental) rust call analysis, detect whether vulnerable functions are actually called in your Rust project! See our documentation for limitations and how to use this.
goversion and checks for vulnerabilities in the standard library.osv-scanner.jsonfor osv-scanner to scan. See our documentation for instructions.API Features
Fixes
Fix PURL mapping for Alpine packages
Use correct plural and singular forms based on count
v1.3.6Compare Source
Minor Updates
Update GoVulnCheck integration.
Create
models.PURLToPackage(), and deprecateosvscanner.PURLToPackage().Fixes
Fix
PURLToPackagenot returning the full namespace of packages in ecosystemsthat use them (e.g. golang).
v1.3.5Compare Source
Features
Adds an additional column to the table output which shows the severity if available.
API Features
v1.3.4Compare Source
Minor Updates
user agent to OSV API requests.
v1.3.3Compare Source
Fixes
requirements.txt misparsing lines that contain
--hash.vulnerabilities are found.
requirements.txt causing infinite recursion.
parsing empty lockfile.
API Features
pkg/osvto allow overriding the http client / transportv1.3.2Compare Source
Fixes
public to allow calling DoScan with non nil reporters.
parsing and relaxing name requirements when explicitly scanning with
--sbom.scanning speed for regex heavy lockfiles by caching regex compilation.
documentation and error messages.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.