File osv-scanner.changes of Package osv-scanner

Overview Repositories Revisions Requests Users Attributes Meta

File osv-scanner.changes of Package osv-scanner

-------------------------------------------------------------------
Thu Oct 31 10:47:27 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.9.1:
  * chore: v1.9.1 Changelog (#1358)
  * docs: update usage references (#1351)
  * chore(deps-dev): bump rexml from 3.3.8 to 3.3.9 in /docs in the
    bundler group (#1349)
  * chore: remove unused fixture file (#1353)
  * test: update snapshot (#1354)
  * chore: Also trigger workflow when merging into v2 (#1343)
  * feat: add `--experimental-offline-vulnerabilities` and
    `--experimental-no-resolve` flags (#1342)
  * docs: update documentation about Maven registry support (#1340)
  * ci: ensure that generated files have been regenerated as part
    of prerelease checks (#1312)
  * test: update snapshot (#1335)
  * feat: fetch Maven metadata from specified repositories (#1286)
  * chore(deps): lock file maintenance (#1334)
  * chore(deps): update workflows (#1333)
  * feat: deprecate axillary public packages in favor of private
    versions (#1309)
  * fix: use correct path separator in SARIF output when on Windows
    (#1294)
  * chore: Update snapshots (#1328)
  * fix: warn about and ignore duplicate entries in SBOMs (#1289)
  * feat(guided remediation): support offline database in fix
    subcommand (#1306)
  * fix: set CharsetReader and Entity when reading pom.xml (#1325)
  * fix(deps): update osv-scanner minor (#1323)
  * chore(deps): update workflows (#1322)
  * fix(guided remediation): update deps.dev Maven resolver (#1320)
  * chore: update golangci-lint to 1.61.0 (#1318)
  * fix: address a number of typos (#1307)
  * fix: update spdx license ids (#1310)
  * feat(output): add HTML output format (#1258)
  * test: update snapshots (#1314)
  * chore: ignore `node_modules` in git (#1308)
  * fix(deps): update osv-scanner minor (#1302)
  * chore(deps): update workflows (#1301)
  * chore(deps): update golang docker tag to v1.23.2 (#1300)
  * test: update snapshot (#1304)
  * refactor: Update test names (#1297)
  * test: update snapshots for guided remediation  (#1296)
  * fix: sort sbom packages by PURL (#1288)
  * fix: improve handling if `docker` exits with a non-zero code
    when trying to scan images (#1285)
  * feat: support `vulnerabilities.ignore` in package overrides
    (#1268)

-------------------------------------------------------------------
Wed Oct 02 06:30:06 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.9.0:
  * chore(release): changelog for v1.9.0 (#1292)
  * chore(deps): update workflows (#1281)
  * chore(deps): lock file maintenance (#1282)
  * fix: bump osv max concurrent requests (#1290)
  * fix: apply go version override to _all_ instances of the
    `stdlib` (#1278)
  * fix: output invalid PURLs when scanning sboms (#1283)
  * fix(offline): report all ecosystems without local databases in
    one single line (#1279)
  * test: update snapshot (#1284)
  * chore(deps): update workflows (#1264)
  * fix(deps): update osv-scanner minor (#1265)
  * feat: assume `txt` files with "requirements" in their name are
    `requirements.txt` files (#1271)
  * chore(deps): update dependency webrick to v1.8.2 [security]
    (#1270)
  * test: update case to reflect recent config parsing changes
    (#1267)
  * feat: group DSA and its CVEs together (#1262)
  * feat: error if configuration file has unknown properties
    (#1249)
  * fix: don't allow `LoadPath` to be set via config file (#1252)
  * refactor: Follow revive rules across the repo (#1263)
  * chore: make guided remediation follow revive's default lint
    rules (#1259)
  * refactor(guided remediation): Take `PreFetch` out of
    `DependencyClient`  interface and prevent repeated datasource
    network calls (#1224)
  * ci: pin `amannn/action-semantic-pull-request` to a commit
    (#1256)
  * ci: pin `actions/stale` to a commit (#1255)
  * test: update snapshots with new security vulnerabilities
    (#1254)
  * chore: deprecate parser functions in favor of their extract
    equivalents (#1253)
  * refactor: simplify and reuse `tryLoadConfig` (#1248)
  * test: ensure `cmp.Diff` usage is consistent (#1251)
  * test: restructure internal `config` cases and fixtures (#1250)
  * fix: don't assume there's always a reason for a package being
    filtered out (#1241)
  * feat: Copy over dark docs theming from osv.dev (#1245)
  * fix: announce when a config file is invalid and exit with a
    non-zero code (#1242)
  * chore(deps): update workflows (#1247)
  * fix(deps): update osv-scanner minor (#1246)
  * feat: allow explicitly ignoring the license of a package in
    config (#1243)
  * feat(guided remediation): remediate unresolved dependency
    management vulns (#1235)
  * chore(deps): update alpine:3.20 docker digest to beefdbd
    (#1230)
  * chore(deps): update golang docker tag to v1.23.1 (#1231)
  * chore(deps): update workflows (#1205)
  * fix(deps): update osv-scanner minor (#1204)
  * chore(deps): lock file maintenance (#1195)

-------------------------------------------------------------------
Sat Sep 14 10:51:29 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.5:
  * chore(release): changelog for v1.8.5 (#1237)
  * fix: make Alpine ecosystem fallback to latest release version
    (#1236)
  * feat(internal): marshal self-closing tags in XML (#1225)
  * chore: update Go to version 1.22.7 (#1233)
  * feat: support composite-based package overrides (#1214)
  * chore: update test snapshots (#1232)
  * fix: govulncheck calls on C code (#1228)
  * refactor: use forked xml package for writing (#1223)
  * chore: update test snapshots (#1222)
  * feat(internal): add Maven native dependency client (#1207)
  * fix(guided remediation): Add special handling for specific
    Maven packages (#1219)
  * fix(deps): update module github.com/charmbracelet/bubbletea to
    v1 (#1217)
  * fix(internal): encode XML tokens without escaping (#1216)
  * chore: update test snapshots (#1218)
  * chore: axe `.go-version` file (#1212)
  * feat(guided remediation): Add `FIXED-VULN-IDS` to
    non-interactive output (#1210)
  * perf: ignored packages should be filtered out before scanning
    (#1206)
  * feat: support fetching snapshot versions from a Maven registry
    (#1160)
  * fix: stop finding more parent pom if the path is empty (#1194)
  * chore: add missed test ignore vuln (#1209)
  * chore: add `osv-scanner.toml` files to make Scorecard ignore
    vulnerabilities in our test fixtures (#1202)
  * chore(deps): update workflows (#1186)
  * fix(deps): update osv-scanner minor (#1187)
  * fix: correct for breaking change in glamour v0.8.0 (#1201)
  * chore(deps): update dependency github-pages to v232 (#1189)
  * chore(deps): update golang docker tag to v1.23.0 (#1188)

-------------------------------------------------------------------
Sat Sep 14 10:49:17 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.4:
  * chore(release): release v1.8.4 (#1200)
  * refactor: move Maven utility to a separate package (#1193)
  * docs: link to the Scorecard Report (#1197)
  * fix: unescape tabs before writing to pom.xml (#1190)
  * feat(guided remediation): add `--upgrade-config` flag (#1191)
  * chore: add PR title check to follow Git commit convention
    (#1178)
  * chore: add new vulnerability aliases to test snapshots (#1192)
  * feat: write Maven updates to parent pom.xml if possible (#1182)
  * chore: use the latest version of `golangci-lint` (#1185)
  * fix(guided remediation): error on `--data-source=native` for
    Maven (#1180)
  * ci(workflow): address address github.com/rhysd/actionlint
    findings (#1176)
  * fix(workflow): correct permission name (#1175)
  * chore(deps): update workflows (#1173)
  * fix(deps): update osv-scanner minor (#1174)
  * fix: only trim XML elements with no inner elements (#1168)
  * fix(workflow): Add explicit permissions (#1171)
  * docs: add conventional commits requirement (#1172)
  * Package tracing PoC (#1049)
  * Update go policy and use stable go version for builds (#1156)
  * chore(deps): update dependency wdm to "~> 0.2.0" (#1163)
  * fix(deps): update osv-scanner minor (#1162)
  * chore(deps): update workflows (#1161)
  * Add changelog for v1.8.3 (#1150)

-------------------------------------------------------------------
Wed Aug 07 07:04:10 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.3:
  * chore: update dependency `github.com/docker/docker` (#1166)
  * chore(deps-dev): bump rexml from 3.3.2 to 3.3.3 in /docs in the
    bundler group (#1158)
  * add maven changes
  * feat(guided remediation): add non-interactive Maven remediation
    by override (#1136)
  * Label closed stale issues/PRs (#1165)
  * Fix snapshots (#1164)
  * Refactoring Maven manifest reading (#1159)
  * Do not attempt to remediate vulnerabilities in Maven artifacts
    that have defined `<classifier>` or `<type>` (#1151)
  * Handle Maven parent relative path (#1149)
  * fix(workflow): add read permission to
    `osv-scanner-reusable.yml` (#1157)
  * fix(workflow): update prerelease-check.yml to the latest
    OSV-Scanner action (#1153)
  * fix(osv-github-action): If all vulnerabilities are not called,
    don't return an non zero exit code in osv-reporter (#1152)
  * update snaps
  * fix style
  * Add changelog for v1.8.3
  * chore(deps): lock file maintenance (#1130)
  * Increase frequency of staleness runs (#1148)
  * Improve Maven manifest updater (#1147)
  * chore(deps): update workflows (#1145)
  * fix(deps): update osv-scanner minor (#1146)
  * chore(deps): update golang:1.22.5-alpine3.19 docker digest to
    48aac60 (#1144)
  * chore(deps): update alpine:3.20 docker digest to 0a4eaa0
    (#1143)
  * feat: add "vertical" output format (#889)
  * chore(deps-dev): bump rexml from 3.3.1 to 3.3.2 in /docs in the
    bundler group (#1132)
  * Add Maven dependency management to override client (#1140)
  * Add original manifest to Maven ManifestPatch (#1134)
  * Exempt backlog label from stale treatment (#1135)
  * fix(deps): update osv-scanner minor (#1120)
  * Reflect Go 1.21.12 change more broadly (#1133)
  * ci: don't mark v2 wishlished issues as stale (#1131)
  * chore(deps): update workflows (#1119)
  * Workflow for stale issue and PR management (#1125)
  * Bump goreleaser build version to 1.22.  (#1126)
  * Set the original requirement in patches from suggest (#1117)
  * fix: ensure that `semantic` is passed a valid
    `models.Ecosystem` (#1116)
  * Update docs: test dependencies not in the resolved graph
    (#1114)
  * Improved the runtime of DiffVulnerabilityResults (#1091)
  * Start on override strategy for maven guided remediation (#1025)
  * Sort dependencies before writing to pom.xml (#1113)
  * Activate profiles before merging parent (#1108)
  * Fix the wrong dependencies/dependency tags (#1112)
  * refactor: update linter and address minor violations (#1110)
  * Add a dependency to pom.xml if it is not from the base project
    (#1105)

-------------------------------------------------------------------
Wed Jul 10 07:40:40 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.2:
  * Bump go mod min version (#1109)
  * Add changelog for v1.8.2 (#1106)
  * Fix npm grouping (#1107)
  * Add warning to the default docker container scanning method
    (#1089)
  * Move sbom to internal, and add standard output tests (#1104)
  * fix: ensure that npm dependencies retain their "production"
    grouping (#939)
  * test: add output fixtures for call analysis (#1093)
  * fix: restore custom styling to table format (#1094)
  * chore(deps): lock file maintenance (#1103)
  * chore(deps): update workflows (#1101)
  * github-action.md add version into md example (#1073)
  * ✨  Adding CycloneDX 1.4 and 1.5 reporter (#1014)
  * chore(deps): update golang docker tag to v1.22.5 (#1100)
  * fix(deps): update osv-scanner minor (#1102)
  * Add go compiler to enable call analysis in the github action
    (#1099)
  * Update github action docs in osv-scanner (#1096)
  * test: update snapshots (#1092)
  * Refactoring `manifest.Read()` for Maven (#1083)
  * refactor: just disable color output rather than tracking
    terminal width (#1087)
  * ci: upgrade `semantic` workflow to use v4 for artifact
    workflows (#1088)
  * chore(deps): update workflows (#1080)
  * fix(deps): update module github.com/spdx/tools-golang to v0.5.5
    (#1081)
  * Added Testing for the SPDX SBOM Reader (#1086)
  * Changed min and max to inbuilt functions (#1076)
  * Update snapshots (#1084)
  * fix: use errgroup to avoid hydration deadlock scenario (#1078)
  * ci: setup workflow to run `semantic` tests weekly (#958)
  * test: update snapshots (#1079)
  * filter out unimportant vulnerabilities from vuln group (#1072)
  * Fix test (#1071)
  * fix: ensure that `package` exists in `affected` property
    (#1055)
  * Cherry-pick unmerged change from docs branch (#1069)
  * chore(deps): update alpine:3.20 docker digest to b89d9c9
    (#1062)
  * chore(deps): update golang:1.22.4-alpine3.19 docker digest to
    c46c460 (#1063)
  * fix(deps): update module github.com/charmbracelet/bubbletea to
    v0.26.6 (#1064)
  * Combine Debian unimportant count logs (#1067)
  * Update tests to support go version changes (#1065)
  * fix: only care about ecosystem suffix if present in both
    ecosystems when determining equality (#1007)
  * refactor: enable `revive/indent-error-flow` (#997)

-------------------------------------------------------------------
Fri Jun 21 20:09:23 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.1:
  * Make 1.8.1 release (#1056)
  * feat: bump goreleaser to v2 (#1054)
  * Update goreleaser.yml (#1052)

-------------------------------------------------------------------
Fri Jun 21 20:07:23 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.8.0:
  * v1.8.0 Changelog (#1050)
  * Add documentation for the configuration. (#1051)
  * Update documentation for transitive dependency scanning (#1040)
  * Invoke `MavenResolverExtrator` when scanning pom.xml (#1028)
  * fix(deps): update osv-scanner minor (#1044)
  * chore(deps): update workflows (#1043)
  * chore(deps): update golang docker tag to v1.22.4 (#896)
  * chore(deps): lock file maintenance (#1033)
  * chore(deps): update goreleaser/goreleaser-action action to v6
    (#1032)
  * Add `experimental-download-offline-databases` flag (#1039)
  * Update snapshots and exit codes (#1041)
  * Upgrade deps.dev dependencies (#1035)
  * Remove busybox from alpine SBOM (#1037)
  * Add go binary scanning (#1011)
  * Update Go patch version (#1030)
  * Merge parent projects for Maven pom.xml (#1019)
  * Update base docker image for golang 1.21.11 (#1029)
  * implement filtering by packages through the config (#944)
  * Dependency imports should always be fetched from upstream
    (#1027)
  * Upgrade go version (#1024)
  * Fix broken TUI styling (#1023)
  * Update test snapshots (#1022)
  * chore(deps): lock file maintenance (#1018)
  * fix(deps): update osv-scanner minor (#1017)
  * chore(deps): update workflows (#1016)
  * ci: don't try to upload code coverage on macOS (#1020)
  * Fix some Maven manifest & resolver issues (#1008)
  * Transitive dependency support for Maven pom.xml (#1002)
  * Select a version that actually exists (#1012)
  * Maven standard dependencies should take precedence over managed
    dependencies (#1000)
  * Do not record Maven `compile` scope in dependency groups (#1003)

-------------------------------------------------------------------
Thu May 30 09:34:18 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.7.4:
  * Remove feature from changelog as it's still blocked on #769
    (#1006)
  * V1.7.4 changelog (#1001)
  * Update typo in supported_languages_and_lockfiles.md (#998)
  * feat: support comparing Alpine versions locally (#980)
  * Now that we have updated to go1.21.10, we can remove the ignore
    line from osv-scanner.toml (#996)
  * chore(deps): update workflows (major) (#897)
  * fix(deps): update osv-scanner minor (#994)
  * chore(deps): update alpine docker tag to v3.20 (#993)
  * Update test snapshots (#992)
  * test: add cases for output functions (#937)
  * fix(deps): update osv-scanner minor (#978)
  * Add a new Maven pom.xml extractor (#982)
  * feat: support parsing `gradle/verification-metadata.xml` (#943)
  * chore(deps): update workflows (#977)
  * chore(deps): update golang:1.21-alpine3.19 docker digest to
    1c2e474 (#985)
  * chore(deps-dev): Bump the bundler group across 1 directory with
    2 updates (#983)
  * make Maven parent path relative on current project (#987)
  * Fix snapshots and alpine version (#990)
  * Update deps.dev dependencies (#984)
  * [docs] Add installation instructions for FreeBSD and NetBSD
    (#969)
  * Disable all unimportant vulnerabilities (#968)
  * GR: Add test universe generation script and tests for patch
    generation (#967)

-------------------------------------------------------------------
Thu May 09 07:20:31 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.7.3:
  * chore(deps): update golang:1.21-alpine3.19 docker digest to
    b3aea8d (#973)
  * v1.7.3 changelog and version bump (#972)
  * Update gomod go version (#971)
  * Fix tests; add newly discovered vulns (#970)
  * Update go.mod to 1.21.9 (#907)
  * chore: import `sys` in Python generators (#966)
  * ci: upgrade `golangci/golangci-lint-action` to v5 (#964)
  * chore: only extract versions from packages in the generator
    ecosystem (#957)
  * refactor: encapsulate getting the working directory in a helper
    function (#961)
  * refactor: apply Rubocop to Ruby generator (#956)
  * test: remove future snapshots (#960)
  * chore(deps): update workflows (#935)
  * fix(deps): update osv-scanner minor (#945)
  * chore(deps): lock file maintenance (#962)
  * Fix snapshot for test (#963)
  * fix: ensure the sarif output has a stable order (#938)
  * chore: support skipping known unsupported comparisons in
    generators (#954)
  * chore(deps): lock file maintenance (#936)
  * chore: improve version fixture generators for local usage
    (#953)
  * ci: cancel in-progress runs when new changes are pushed (#959)
  * Automated Updates: support parents and dependency imports
    (#890)
  *  GR: Support filtering on alias IDs (#946)
  * ci: ensure input name case matches just to be safe (#955)
  * refactor: use `maps` functions instead of custom
    implementations (#940)
  * test: update snapshots due to external vulnerability changes
    (#951)
  * ci: upgrade Codecov to v4 (#941)
  * feat: add support for PNPM v9 lockfiles (#934)
  * Add new vuln to tests (#947)
  * chore: add missing space to panic message (#942)
  * test: include groups when describing package details (#933)

-------------------------------------------------------------------
Fri Apr 19 04:46:42 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.7.2:
  * Changelog for v1.7.2 (#932)
  * GR: Use deps.dev schema for graph definition in tests (#911)
  * ci: ensure snapshots are always cleaned up (#903)
  * test: clean up image snapshots (#923)
  * Fix paths in test snapshots (#930)
  * Fix regression for go call analysis in 1.7.0 (#926)
  * fix(deps): update osv-scanner minor (#918)
  * chore(deps): lock file maintenance (#919)
  * Ignore stdlib vuln (#920)
  * GR: Test `MatchVuln()` (#912)
  * GR: resolve tests & mock client (#909)
  * GR: Parse paths in npmrc auth fields correctly (#901)
  * Fix rust call analysis by explicitly disabling stripping of
    debug info (#908)
  * fix(deps): update osv-scanner minor (#895)
  * chore(deps): update golang:1.21-alpine3.19 docker digest to
    ed8ce6c (#905)
  * chore(deps): update workflows (#906)
  * chore(deps): lock file maintenance (#898)
  * test: clean and sort snapshots (#904)
  * Add new vuln for failing test (#900)
  * GR: Tests for npm relaxer (#894)
  * GR: Add simple test for package-lock.json writing (#891)
  * chore(deps): update workflows (#886)
  * fix(deps): update osv-scanner minor (#885)
  * update deps.dev/util/maven (#892)
  * Make MockHTTPServer for tests (#888)
  * GR: Add tests for npmrc & npm registry api (#879)
  * Update github action docs to v1.7.1 (#881)
  * Use stable deps.dev v3 API (#882)
  * test: pin alpine image to exact sha (#880)
  * test: change how snapshot matchers are called and update
    example name for consistency (#866)
  * [docs] Fix the HTTP link for downloading offline database.
    (#877)
  * fix(renovate): constrain go to 1.21 and do not update golang
    (#874)
  * ci: harden workflow permissions (#872)
  * chore(deps): Bump github.com/docker/docker from
    25.0.3+incompatible to 25.0.5+incompatible (#878)

-------------------------------------------------------------------
Wed Mar 20 06:19:45 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.7.1:
  * v1.7.1 changelog and removing unused fixtures (#876)
  * Fix/update retry logic in OSV (#860)
  * perf: optimize string formatting and update linting (#828)
  * test: add cli cases for `node_modules` images (#870)
  * Follow up PR851 mark acceptance on image tests (#869)
  * GR: Add npm lockfile read tests (#853)
  * ci: downgrade codecov action to v3 (#871)
  * test: use "public" package where possible (#838)
  * test: regenerate snapshots (#867)
  * Pin the dockerfiles to the correct base image (#865)
  * chore(deps): update workflows (#863)
  * fix(deps): update osv-scanner minor (#864)
  * add MakeVersionRequestsWithContext() (#781)
  * improve error messages in Maven registry client (#859)
  * Fix location of "*" for requirements.txt (#858)
  * docs: reword sentence in guided-remediation (#846)
  * Put API/networking errors on another error code (#857)
  * chore(deps): update golang:alpine docker digest to fc5e584
    (#852)
  * Find and save the distro version when extracting from debian
    and alpine (#854)
  * fix: allow users to override GOVERSION (#850)
  * feat: support scanning `node_modules` generated by NPM in
    container images (#851)
  * GR: Add npm ManifestIO tests & minor fixes (#845)
  * Automated Updates: set up update subcommand (#830)

-------------------------------------------------------------------
Fri Mar 15 21:49:28 UTC 2024 - opensuse_buildservice@ojkastl.de

- BuildRequire go 1.21.8 to follow upstream
- Update to version 1.7.0:
  * Update changelog for v1.7.0 (#843)
  * Merge docs to main (#842)
  * Replace stereoscope with using go-containerregistry directly
    (#836)
  * Rename relaxer and suggester (#839)
  * Update deps (#841)
  * Downgrade go.mod (#833)
  * chore(deps): update workflows (#835)
  * Add more guided remediation known issues re: vulnerabilitiy
    counting (#840)
  * Guided Remediation Docs (#827)
  * test: automatically cleanup test zip server (#834)
  * chore(deps): lock file maintenance (#822)
  * fix(deps): update osv-scanner minor (#807)
  * ci: remove unneeded `setup-go` step and pin
    `actions/download-artifact` (#786)
  * Dont traverse gitignored dirs for gitignore files (#797)
  * test: make `createTestDir` a general test utility (#832)
  * Maximum severity rating for each Group object in JSON output
    (#805)
  * Automated Updates: add a simple Maven registry API client
    (#837)
  * Automated Updates: only append dependencies with property to
    original requirements (#823)
  * chore(deps): update dependency github-pages to v231 (#821)
  * chore(deps): update workflows to v4 (major) (#784)
  * chore(deps): update workflows (#806)
  * Added a switch for using cached local db in test to improve
    speed (#826)
  * Remove version from the binary name. (#831)
  * Automated Updates: suggest property patches to update for Maven
    (#824)
  * refactor: replace usage of deprecated function (#829)
  * chore: don't ignore `fixtures` directory (#825)
  * Align GoVulncheck Go version with go.mod (#818)
  * Guided Remediation: Compute Dev dependencies in in-place
    parsing (#816)
  * Automated Updates: add ManifestIO for Maven (#813)
  * Update suggester package name (#817)
  * Automated Updates: add version suggester for Maven (#815)
  * Guided remediation: Interactive mode TUI (#811)
  * Proof of Concept of container scanning (#808)
  * Guided Remediation: non-interactive mode (#798)
  * Update main with the new docs updates.  (#810)
  * Add user agent to deps.dev requests (#804)
  * chore(deps): update golang:alpine docker digest to 8e96e6c
    (#793)
  * fix(deps): update osv-scanner minor (#794)
  * chore(deps): update dependency github-pages to v230 (#796)
  * chore(deps): update workflows (#795)
  * Start setting up guided remediation subcommand (#792)
  * Guided Remediation: Compute in-place updates (#789)
  * Guided Remediation: Add `package-lock.json` LockfileIO (#785)
  * add new spdx identifiers (#788)
  * chore(deps-dev): Bump nokogiri from 1.15.5 to 1.16.2 in /docs
    (#787)
  * chore(deps): update workflows (#783)
  * fix(deps): update osv-scanner minor (#782)
  * Guided Remediation: add npm registry clients & `.npmrc` parsing
    (#778)
  * Fix tests (#780)

-------------------------------------------------------------------
Wed Jan 31 14:00:36 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.6.2:
  * Update changelog for 1.6.2 (#779)
  * chore(deps): update golang:alpine docker digest to a6a7f1f
    (#772)
  * chore(deps): update alpine:3.19 docker digest to c5b1261 (#771)
  * Add pdm lockfile support (#776)
  * Guided Remediation: Make `VulnerabilityClient` for OSV queries
    (#773)
  * Do not fail if no lockfiles found in github action (#774)
  * Guided Remediation: Add computation for all relaxation patches
    (#766)
  * Parse severities for guided remediation (#767)
  * Add pictures to github action docs (#768)
  * Guided Remediation: Add dependency relaxation & re-resolution
    (#765)
  * Update govet printf settings (#745)
  * fix: improve wording of usage description (#764)
  * Guided Remediation: add npm `package.json` manifest parser
    (#763)
  * Update github action version (#761)
  * Guided Remediation: Add manifest resolution (#757)
  * Add OSV-Scanner subcommands (#748)
  * test: use snapshot-based testing (#717)
  * chore(deps): lock file maintenance (#760)
  * fix(deps): update osv-scanner minor (#758)
  * chore(deps): update workflows (#759)
  * add dependency groups to flattened vulnerability (#754)
  * Use new GitHub action in new repository (#756)

-------------------------------------------------------------------
Thu Jan 18 08:15:11 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.6.1:
  * Final goreleaser fix (#753)
  * Remove unnecessary docker manifest entry in goreleaser (#752)
  * Update goreleaser to fix release pipeline (#751)

-------------------------------------------------------------------
Thu Jan 18 08:13:06 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.6.0:
  * Update CHANGELOG.md for 1.6.0 (#749)
  * Bump version for OSV-Scanner. (#750)
  * Build action image when releasing (#747)
  * fix(deps): update osv-scanner minor (#743)
  * chore(deps): update actions/upload-artifact action to v4.1.0
    (#744)
  * chore(deps): update golang:alpine docker digest to fd78f2f
    (#719)
  * chore(deps): update workflows (major) (#709)
  * chore(deps): update alpine docker tag to v3.19 (#708)
  * fix(deps): update osv-scanner minor (#700)
  * chore(deps): lock file maintenance (#710)
  * chore(deps): update github/codeql-action action to v2.23.0
    (#707)
  * Assume latest patch version if version does not exist (#740)
  * Add support for verbosity levels (#727)
  * Show ecosystem and version even if git is shown if the info
    exists. (#736)
  * chore(deps): Bump github.com/cloudflare/circl from 1.3.3 to
    1.3.7 (#738)
  * Add option to not fail on vuln to workflow files (#737)
  * Fix vulnerabilities that OSV-Scanner found (#724)
  * Add option to not fail on vulnerability being found for github
    action (#732)
  * fix: remove deprecated `Reporter` methods (#722)
  * fix directives related to go generate in package spdx (#730)
  * verify license allowlist against spdx identifiers (#729)
  * Add formatting instructions to docs contribution (#723)
  * Adjusting docs (#716)
  * fix(deps): update module github.com/go-git/go-git/v5 to v5.11.0
    [security] (#721)
  * Get go stdlib version from go.mod (#704)
  * feat: support `PrintTextf` and `PrintErrorf` on `Reporter`
    (#706)
  * Refactor: attempt to transition into using models.Ecosystems
    rather than lockfile.Ecosystems (#705)
  * Updating cdxgen-go version in go.mod (#718)
  * Unify OSV scanner action (#711)
  * refactor: setup `prettier` for formatting files (#693)
  * Return an error if both license scanning and local/offline
    scanning is enabled simultaneously (#703)
  * chore(deps): update golang:alpine docker digest to feceecc
    (#699)
  * scan and report dependency groups of vulnerabilities (#655)
  * Create an option to skip/disable upload to code scanning (#702)
  * Add support for NuGet lock files version 2 (#694)
  * remove extra backtick in license scanning documentation (#696)
  * Update changelog to include minimum go version changes (#695)

-------------------------------------------------------------------
Wed Dec 06 12:05:33 UTC 2023 - kastl@b1-systems.de

- Update to version 1.5.0:
  * Add changelog for verson 1.5.0 (#692)
  * Fix go mod (#691)
  * chore(deps): lock file maintenance (#653)
  * refactor: switch golang.org/x/exp/slices usages to stdlib
    (#690)
  * Include available formats in `--format` help message (#685)
  * chore(deps): update golang:alpine docker digest to 70afe55
    (#687)
  * chore(deps): update alpine:3.18 docker digest to 34871e7 (#686)
  * fix(deps): update osv-scanner minor (#688)
  * Add `osv-scanner` pre-commit hook (#669)
  * Fix goreleaser build (#683)
  * feat: CVSS v4.0 support and replace cvss implementation to
    comply with the specifications (#651)
  * chore(deps): update workflows (#666)
  * Added license scanning info (#674)
  * update docs for call analysis. (#682)
  * Setup manual release pipeline (#681)
  * add experimental-licenses summary flag (#678)
  * Set Go call analysis to default behaviour (#665)
  * Fix filter ids (#647)
  * feat: add support for `renv.lock` (#668)
  * Simplify return codes to return 1 if any vulnerability related
    error (#677)
  * fix(deps): update osv-scanner minor (#652)
  * refactor: upgrade golangci-lint (#673)
  * make license allowlist matching case insensitive (#672)
  * ci: run tests on Windows (#646)
  * feat: add support for comparing CRAN versions (#656)
  * ci: update `golangci-lint` to v1.54 (#661)
  * Don't include nested vendored libs in determineversions query.
    (#649)
  * chore: disable `goconst` linter (#662)
  * fix: remove noise lockfile warnings (#660)
  * ci: enforce that `cachedregexp` is always used instead of
    `regexp` (#663)
  * Adding C/C++ info to the docs (#648)
  * cmd/osv-scanner: update sarif output in test cases (#659)
  * Downgrade jekyll-feed. Update lock file (#650)
  * chore(deps): update golang:alpine docker digest to 110b07a
    (#640)
  * fix: properly handle file/url paths on Windows (#645)
  * test: don't ignore anything from coverage (#627)
  * fix(deps): update osv-scanner minor (#641)
  * Filter local packages from scanning, and report the filtering.
    (#643)
  * license checking experimental feature (#501)
  * upgrade version of Go in GitHub checks (#637)
  * test: check against error type rather than message (#628)
  * Minor github action docs changes to clarify behaviour. (#630)

-------------------------------------------------------------------
Thu Nov 02 05:58:57 UTC 2023 - kastl@b1-systems.de

- Update to version 1.4.3:
  * Prepare for v1.4.3 release (#629)
  * Add support for determineversions API (#612). (#621)
  * Refactor package scanning to produce packages instead of
    queries (#614)
  * Fix permissions in PR osv-scanner (#625)
  * Fix gitignore matching for root directory (#626)
  * Go binary not found should not be an error (#622)
  * Scan submodules too. (#581)
  * fix: handle yarn aliased packages (#615)
  * fix(deps): update osv-scanner minor (#618)
  * chore(deps): update github/codeql-action action to v2.22.5
    (#616)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#597)
  * chore(deps): update workflows (#596)
  * handle npm aliased packages (#610)
  * Some minor post release fixes (#613)
  * Gate extended tests (#598)
  * test: use `cmp.Diff` for diffing (#605)
  * fix: remove some extra newlines in sarif report (#607)

-------------------------------------------------------------------
Wed Oct 25 04:43:42 UTC 2023 - kastl@b1-systems.de

- Update to version 1.4.2:
  * Prepare for 1.4.2 release (#609)
  * chore: don't trim trailing whitespace on fixture snapshots
    (#608)
  * Update release pipeline (#602)
  * fix: trim leading and trailing newlines off SARIF output (#606)
  * Add name field to sarif rule output (#600)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#579)
  * chore(deps): update golang:alpine docker digest to 926f7f7
    (#591)
  * chore(deps): update workflows (#592)
  * Make scheduled and PR scanning only scan the relevant files and
    ignore fixtures (#594)
  * Update docs to add in saving to file option (#593)
  * Clarify in the docs actions will fail when vulns are found
    (#587)
  * chore(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#585)
  * Change branch back in github action (#586)
  * Fix permissions and attempt "Download Artifact" option to allow
    custom lockfiles (#584)
  * Small doc adjustments for GitHub Actions (#582)
  * fix(deps): update osv-scanner minor (#578)
  * Update deps and fix tests (#583)
  * Improve documentation for github actions (#575)
  * chore(deps): update golang:alpine docker digest to a76f153
    (#577)
  * chore(deps): update workflows (#580)
  * fix: support versions with build metadata in `yarn.lock` files
    (#576)
  * Add additional tests for git scanning, and markdown format
    (#569)

-------------------------------------------------------------------
Fri Oct 06 13:11:57 UTC 2023 - kastl@b1-systems.de

- Update to version 1.4.1:
  * Allow release scanning to upload SARIF file.  (#573)
  * Fix goreleaser and update changelog (#572)
  * 1.4.1 release and changelog (#571)
  * SARIF with fixed version (#559)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#568)
  * chore(deps): update github/codeql-action action to v2.21.9
    (#567)
  * chore(deps): update golang:alpine docker digest to 4bc6541
    (#566)
  * chore(deps): update alpine:3.18 docker digest to eece025 (#565)
  * ci: don't fetch the whole repository history when its not
    needed (#562)
  * ci: ensure that `actions/checkout` is pinned (#563)
  * Block release on vuln scan (#561)
  * ci: use `.go-version` file (#564)
  * ci: run tests on macos and in parallel when releasing (#560)
  * test: use `cmp.Diff` for comparing output (#558)
  * Add new ecosystems, and a slice containing all of them. (#557)
  * test: compare expected with actual rather than the other way
    around (#556)
  * chore: move scripts into the `scripts` directory (#555)
  * ci: combine lint and test workflows (#554)
  * test: add cases for extra coverage (#524)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#544)
  * chore(deps): lock file maintenance (#545)
  * chore(deps): update workflows (#538)
  * Add custom scan arguments (#552)
  * SARIF output fixes. (#547)
  * Minor readme update (#546)
  * Action docs (#541)
  * Update SARIF format (#534)
  * Fix action naming and scheduled scan parameters (#543)
  * chore(deps): update workflows (major) (#540)
  * Attempt at multiline action (#542)
  * fix(deps): update osv-scanner minor (#539)
  * Update experimental.md (#536)

-------------------------------------------------------------------
Thu Sep 14 05:01:43 UTC 2023 - kastl@b1-systems.de

- Update to version 1.4.0:
  * Fix issue in the changelog (#533)
  * 1.4.0 changelog and docs (#532)
  * Adding Offline info (#517)
  * chore(deps): update golang:alpine docker digest to 96634e5
    (#527)
  * chore(deps): update workflows (#529)
  * fix(deps): update osv-scanner minor (#528)
  * Fix result scanning (#526)
  * ci: change how coverage is collected (#525)
  * chore: capture coverage and upload it to codecov (#512)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#520)
  * Correctly use matchFileNames in renovate.json (#522)
  * Update test results to pass new test (#523)
  * Revert breaking change in `osv.go` (#514)
  * Add osv output lockfile + refactor (#505)
  * Update renovate.json (#504)
  * fix(deps): update osv-scanner minor (#506)
  * Refactor models (#510)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#508)
  * chore(deps): update actions/checkout action to v3.6.0 (#507)
  * Update contributing docs (#502)
  * chore(deps-dev): Bump activesupport from 7.0.7 to 7.0.7.2 in
    /docs (#503)
  * fix(deps): update golang.org/x/exp digest to d852ddb (#496)
  * Add fixtures go to renovate bot ignore (#500)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#498)
  * chore(deps): update golangci/golangci-lint-action action to
    v3.7.0 (#499)
  * chore(deps): update actions/setup-go action to v4.1.0 (#497)
  * If go version can't be found, don't add stdlib (#494)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#448)
  * feat: support `io.Reader` based parsers (#451)
  * fix: don't error if local db directory already exists (#493)
  * fix: ensure that "introduced 0" events are sorted before any
    other event (#492)
  * Add go stdlib version support (#484)
  * chore(deps): update golang:alpine docker digest to 445f340
    (#467)
  * chore(deps): update alpine docker tag to v3.18 (#468)
  * chore(deps): update slsa-framework/slsa-github-generator action
    to v1.8.0 (#469)
  * chore(deps): update alpine:3.18 docker digest to 7144f7b (#480)
  * chore(deps): update alpine:3.17 docker digest to f71a5f0 (#466)
  * chore(deps): update
    gaurav-nelson/github-action-markdown-link-check digest to
    46e4421 (#481)
  * fix(deps): update golang.org/x/exp digest to 89c5cff (#482)
  * chore(deps): update github/codeql-action action to v2.21.4
    (#483)
  * Fix some vulns and ignore others (#490)
  * Rust call analysis (#452)
  * Scanner action should pass if the vulnerabilities remain the
    same (#475)
  * Tidy up scanner action (#474)
  * Manually update dependencies to resolve vulnerability
    https://osv.dev/GO-2023-1988 (#472)
  * feat: add experimental offline mode (#183)
  * Move github action back to the main branch (#465)
  * refactor: move experimental flags into their own struct (#463)
  * fix: use correct plural and singular forms based on count
    (#462)
  * chore(deps): update github/codeql-action action to v2.21.2
    (#455)
  * fix(deps): update osv-scanner minor (#456)
  * Add annotations and osv-scanner table in the Github Action
    output (#460)
  * Fix purl mapping (#457)
  * test: make `output` tests their own package (#461)
  * Updated github actions to use main branch now that the PR is
    merged in (#459)
  * Recreated Github Action PR  (#432)
  * chore: minor grammar fixes (#454)
  * chore(deps): update docker/setup-buildx-action digest to
    4c0219f (#437)
  * chore(deps): update golang:alpine docker digest to 7839c9f
    (#444)
  * Optimize Dockerfile and add .dockerignore (#441)
  * chore(deps): update github/codeql-action action to v2.21.0
    (#449)
  * Enable lockfile maintaince (#450)
  * fix(deps): update osv-scanner minor (#445)

-------------------------------------------------------------------
Wed Jul 19 06:29:55 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.6:
  * Prepare for v1.3.6 Release (#447)
  * Adjusting GitHub actions (#446)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#438)
  * go.mod: upgrade to golang.org/x/vuln@v1.0.0 (#443)
  * Fix PURLToPackage function and move it (#439)
  * Update README.md (#440)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#422)
  * chore(deps): update workflows (#429)
  * fix(deps): update osv-scanner minor (#430)
  * update govulncheck integration (#431)

-------------------------------------------------------------------
Wed Jun 28 06:19:46 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.5:
  * Add more ignores now that debian PURLs are parsed correctly
    (#428)
  * Adds changelog for v1.3.5 (#427)
  * chore(deps): update alpine docker tag to v3.18 (#382)
  * test: ensure fixtures directory isn't already a git repository
    (#426)
  * chore: ignore `.idea` directory (#425)
  * Add withdrawn and fix time serialization to conform to the
    schema. (#424)
  * test: make `models` tests their own package (#423)
  * Updated to reflect cvss scores being added to output table.
    (#419)
  * chore(deps): update workflows (#421)
  * chore(deps): update alpine:3.17 docker digest to e95676d (#413)
  * Add option to include severity in table output (#409)
  * Update the model to better match schema and add YAML tags.
    (#417)
  * chore(deps): update golang:alpine docker digest to fd9d9d7
    (#405)
  * chore(deps): update workflows (#406)
  * fix(deps): update osv-scanner minor (#415)
  * Fixing broken github page (#412)
  * Link checker (#408)
  * fix(deps): update osv-scanner minor (#407)
  * refactor: enable `goimports` linter (#404)
  * Update the model to match the latest version of the OSV schema
    (#403)

-------------------------------------------------------------------
Mon Jun 12 20:13:33 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.4:
  * Prepare for 1.3.4 release. (#401)
  * chore(deps): update workflows (#393)
  * fix(deps): update osv-scanner minor (#392)
  * Fix version printer to use app stdout and stderr (#395)
  * OSV user agent (#390)

-------------------------------------------------------------------
Wed May 17 05:07:22 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.3:
  * Add new line and fix test to avoid having to change version
    twice (#387)
  * 1.3.3 Release (#385)
  * Use upload draft assets option (#384)
  * chore(deps): update golang:alpine docker digest to ee2f23f
    (#380)
  * chore(deps): update slsa-framework/slsa-github-generator action
    to v1.6.0 (#383)
  * fix(deps): update osv-scanner minor (#381)
  * Remove --hash from version in requirements.txt (#379)
  * Small formatting changes (#377)
  * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to
    1.3.3 (#378)
  * add unit tests for results.go (#368)
  * Improve exit docs and add No vulns found to output (#373)
  * Update exit docs (#375)
  * chore(deps): update github/codeql-action action to v2.3.3
    (#372)
  * chore(deps): update golang:alpine docker digest to 913de96
    (#305)
  * fix: handle cyclical `-r`s in `requirements.txt` (#366)
  * fix: don't panic on empty  files (#367)
  * fix(deps): update osv-scanner minor (#327)
  * Update spdx to 0.5.0 (#365)
  * Update pkg/osv to allow overriding the http client / transport.
    (#357)
  * chore(deps): update github/codeql-action action to v2.3.2
    (#363)
  * Enable osvVulnerabilityAlerts (#362)

-------------------------------------------------------------------
Wed Apr 26 08:43:23 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.2:
  * Fix sbom scanning code (#360)
  * 1.3.2 Release (#359)
  * Refactor reporter to interfaces (#345)
  * Update all minor dependencies without spdx (#358)
  * chore(deps): update workflows (#334)
  * Better SBOM documentation and error message (#349)
  * Move a specific regex to static variable (#346)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#328)
  * chore(deps): bump nokogiri from 1.14.1 to 1.14.3 in /docs
    (#338)
  * chore(deps): bump commonmarker from 0.23.8 to 0.23.9 in /docs
    (#337)
  * SBOM parsing improvements. (#339)
  * Make the reporter public (#341)
  * Set `skip-pkg-cache: true` for golangci-lint (#340)
  * Support PNPM v6+ Lockfile (#325)
  * chore(deps): update alpine:3.17 docker digest to 124c7d2 (#326)
  * Call analysis note fixed.  (#331)
  * Add configs to ignore test vulnerabilities (#329)

-------------------------------------------------------------------
Thu Mar 30 08:10:56 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.1:
  * Release 1.3.1 changelog (#321)
  * chore(deps): update ossf/scorecard-action action to v2.1.3
    (#322)
  * Add nil check to CycloneDX enumeration (#320)

-------------------------------------------------------------------
Tue Mar 28 04:59:28 UTC 2023 - kastl@b1-systems.de

- Update to version 1.3.0:
  * Update changelog and version for v1.3.0 (#316)
  * chore(deps): update workflows (#314)
  * fix(deps): update osv-scanner minor (#313)
  * Update workflows to compositing, so that goreleaser workflow
    can run them. (#315)
  * Fix workflow (#311)
  * Fix some issues with the model. (#312)
  * Improve the OSV models to allow for 3rd party use of the
    library. (#310)
  * Adds concurrency to hydration requests (#304)
  * Make `IgnoredVulns` also ignore aliases (#300)
  * fix(deps): update osv-scanner minor (#306)
  * chore(deps): update actions/setup-go action to v4 (#308)
  * chore(deps): update workflows (#307)
  * Run tests before release (#301)
  * chore(deps): bump activesupport from 7.0.4.2 to 7.0.4.3 in
    /docs (#302)
  * Pin lint action (#299)
  * fix(deps): update osv-scanner minor (#288)
  * fix: support Pipenv develop packages without versions. (#297)
  * Set version in source code (#295)
  * Prevent `.gitignore` files from interfering with tests (#292)
  * fix: trim leading zeros off when comparing numerical components
    in Maven versions (better) (#285)
  * fix: avoid infinite loops parsing Maven poms with syntax errors
    (#294)
  * Check if PURL is valid before adding it to queries (#291)
  * Renovate bot ignore vulns package (#289)
  * chore(deps): update workflows (#287)
  * fix: trim leading zeros off when comparing numerical components
    in Maven versions (#279)
  * Adding call graph info back in (#284)
  * Update Colors for Accessibility (#278)
  * Removed call graph analysis for now. (#282)
  * Remove "working doc" concept (#275)
  * feat: improved error message when pom dependency version not
    found (#253)
  * Add tags and point people to slsa-verifier (#265)
  * ci: harden permissions (#269)
  * Run on merge queue (#272)
  * fix: properly handle comparing zero versions in Maven (#267)
  * chore: add `.editorconfig` file (#266)
  * fix(deps): update osv-scanner minor (#270)
  * Renovate bot use ignorePaths instead for fixtures (#264)
  * test: update case with new advisory (#268)
  * fix: deduplicate packages that appear multiple times in
    `Pipenv.lock` files (#261)
  * feat: support `-r` flag in `requirements.txt` files (#260)
  * chore(deps): update workflows (#242)
  * fix: avoid panic when parsing `file:` dependencies in `pnpm`
    lockfiles (#259)
  * More specific cyclone dx parsing (#258)
  * Parse nested CycloneDX components correctly (#251)
  * fix: support yarn locks with quoted properties (#250)
  * Update renovate.json (#248)
  * fix(deps): update golang.org/x/exp digest to c95f2b4 (#241)
  * govulncheck integration (#198)
  * Create draft release first in goreleaser (#236)
  * Adding additional installation instructions (#235)

-------------------------------------------------------------------
Thu Feb 23 10:38:20 UTC 2023 - kastl@b1-systems.de

- Update to version 1.2.0:
  * Changelog update for v1.2.0 (#233)
  * Moving Working Docs to Current (#234)
  * Update the output docs, make logo a lot bigger, make page slightly wider (#226)
  * Upgrade to yaml v3 (#231)
  * ParseAs for dpkg-status (#229)
  * Update analytics for documentation. (#230)
  * chore(deps): update docker/setup-buildx-action digest to f03ac48 (#223)
  * fix(deps): update osv-scanner minor (#225)
  * chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 (#222)
  * chore(deps): update dependency http_parser.rb to "~> 0.8.0" (#224)
  * fix: ensure that vulnerability results are ordered deterministically (#220)
  * test: ensure case names match function under test (#228)
  * Nits  - APK installed optimizations (#227)
  * Support for DPKG (Debian) parser (#168)
  * feat: support `dependencyManagement` in Maven poms (#221)
  * Google analytics added. (#215)
  * Console formatting changes
  * Documentation Style Improvements (#211)
  * fixed broken link (#210)
  * Documentation moved to github page.
  * Minor changes for gitignore parsing (#208)
  * Improve gitignore parsing (#206)
  * fix(deps): update osv-scanner minor (#205)
  * chore(deps): update github/codeql-action action to v2.2.4 (#204)
  * Move instructions to Usage (#197)
  * Make scanner respect .gitignore files (#191)
  * feat: support specifying what parser to use in `--lockfile` (#94)
  * fix: add missing toml tags to struct (and update linter) (#190)
  * fix(deps): update golang.org/x/exp digest to 98cc5a0 (#188)
  * fix(osv-query): omit SourceInfo from JSON marshaling (#185)
  * test: remove nonsense case and correct names (#187)
  * Update readme usage section (#171)
  * chore(deps): update docker/login-action action to v2 (#148)
  * fix(deps): update osv-scanner minor (#147)
  * Support SPDX 2.3 (#178)
  * chore(deps): update workflows (#172)
  * feat: Render output as a markdown table for use in github comments (#156)
  * APK: fix test function (#180)
  * Log number of packages scanned from SBOMs. (#179)
  * Make OSV api public (#167)
  * Add experimental comment (#173)
  * fix: exit with generic non-zero code when there is a general error (#161)
  * fix: reuse app-level writer and err writers in `VersionPrinter` (#166)
  * chore(deps): update github/codeql-action action to v2.1.39 (#159)
  * test: add cases for `semantic.MustParse` (#160)
  * feat: create `--format` flag (#158)
  * golangci checks in github action, and fixes initial linter issues (#149)
  * test: add case for `--version` flag (#162)
  * chore: remove duplicated generators (#157)
  * - add conan.lock to the list (#59)
  * Fix endpoint typo (#152)
  * feat: add `semantic` package (#92)
  * Adding re-try for getting a Vuln for the given ID (#141)
  * chore(deps): update github/codeql-action action to v2.1.38 (#146)
  * chore: adjust comment to match type name (#143)
  * Mention Pipfile.lock support in changelog. (#140)
  * Fix link to GitHub issues (#139)

-------------------------------------------------------------------
Thu Jan 12 06:01:09 UTC 2023 - kastl@b1-systems.de

- Update to version 1.1.0:
  * Fix goreleaser permissions (#138)
  * v1.1.0 release PR (#137)
  * fix(deps): update osv-scanner minor (#79)
  * Temporarily disable alpine package scanning (#136)
  * Move tests from cloudbuild to gh actions (#135)
  * Use short url in scanner output (#134)
  * chore(deps): update workflows (#78)
  * Update readme and add changelog (#133)
  * fix: use correct ecosystem for NuGet (#132)
  * Do not highlight borders of result table (#131)
  * Add contributing file (#130)
  * Update README.md (#127)
  * docs: describe build process (#109)
  * Add gomodtidy after renovate updates (#120)
  * Make lint trigger same as others (#125)
  * Minor documentation updates. (#121)
  * Add support for Alpine Linux /lib/apk/db/installed (Resolves #72) (#107)
  * feat: add docker publish method (#70)
  * Add Pipenv lockfile support (Resolves #71) (#66)
  * Lint readme (#100)
  * Have renovate-bot label its PRs as it does with osv.dev (#116)
  * [pkg] implement NuGet ecosystem parser (#98)
  * Update github.com/spdx/gordf dependency to fix 32 bit support (#104)
  * test: update spec case and adjust assertion message (#99)
  * fix: ensure that files are closed when they're no longer needed (#106)
  * Fix lockfile example syntax (#103)
  * docs: add homebrew installation note (#89)

-------------------------------------------------------------------
Tue Dec 20 13:53:44 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- add build parameters, so 'osv-scanner --version' shows proper version,
  build date and the release tag as commit

-------------------------------------------------------------------
Tue Dec 20 12:39:13 UTC 2022 - kastl@b1-systems.de

- Update to version 1.0.2:
  * shorten affected package to package (#90)
  * Move table columns so that the important column is displayed first (#87)
  * Add blog post link to README (#84)
  * Minor updates to install instruction title (#80)
  * Added installation instructions for Scoop (#68)
  * Update README.md (#77)
  * Fix readme anchor link. (#76)
  * Update README.md (#58)
  * Add disclaimer on Debian scanning. (#65)
  * Add gradle lockfile support (#46)

-------------------------------------------------------------------
Tue Dec 20 12:38:20 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>

- new package osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Places

File osv-scanner.changes of Package osv-scanner

Places