Skip to content

osv-scanner 2.0.3 #226986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
BrewTestBot merged 2 commits into from
Jun 16, 2025
Merged

osv-scanner 2.0.3 #226986

BrewTestBot merged 2 commits into from
Jun 16, 2025

Conversation

@BrewTestBot
Copy link
Contributor

@BrewTestBot BrewTestBot commented Jun 16, 2025

Created by brew bump

Created with brew bump-formula-pr.

release notes 
# v2.0.3

Features:


    

  • Feature #1943 Added a flag to suppress "no package sources found" error.
    • 

  • Feature #1844 Allow flags to be passed after scan targets, e.g. osv-scanner ./scan-this-dir --format=vertical, by updating to cli/v3
    • 

  • Feature #1882 Added a stable tag to container images for releases that follow semantic versioning.
    • 

  • Feature #1846 Experimental: Add --experimental-extractors and --experimental-disable-extractors flags to allow for more granular control over which OSV-Scalibr dependency extractors are used.
    • 



Fixes:


    

  • Bug #1856 Improve XML output by guessing and matching the indentation of existing <dependency> elements.
    • 

  • Bug #1850 Prevent escaping of single quotes in XML attributes for better readability and correctness.
    • 

  • Bug #1922 Prevent a potential panic in MatchVulnerabilities when the API response is nil, particularly on timeout.
    • 

  • Bug #1916 Add the "ubuntu" namespace to the debian purl type to correctly parse dpkg BOMs generated on Ubuntu.
    • 

  • Bug #1871 Ensure inventories are sorted by PURL in addition to name and version to prevent incorrect deduplication of packages.
    • 

  • Bug #1919 Improve error reporting by including the underlying error when the response body from a Maven registry cannot be read.
    • 

  • Bug #1857 Fix an issue where SPDX output is not correctly outputted because it was getting overwritten.
    • 

  • Bug #1873 Fix the GitHub Action to not ignore general errors during execution.
    • 

  • Bug #1955 Fix issue causing error messages to be spammed when not running in a git repository.
    • 

  • Bug #1930 Fix issue where Maven client loses auth data during extraction.
    • 



Misc:


    

  • Update dependencies and updated golang to 1.24.4
    • 



New Contributors



Full Changelog: google/osv-scanner@v2.0.2...v2.0.3

View the full release notes at https://github.com/google/osv-scanner/releases/tag/v2.0.3.

@github-actions github-actions bot added go Go use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Jun 16, 2025
@chenrui333 chenrui333 added the CI-no-fail-fast Continue CI tests despite failing GitHub Actions matrix builds. label Jun 16, 2025
@BrewTestBot @chenrui333
osv-scanner 2.0.3
66adf48 
osv-scanner: drop linux arm support

Signed-off-by: Rui Chen <rui@chenrui.dev>
@chenrui333 chenrui333 force-pushed the bump-osv-scanner-2.0.3 branch from 6dfb95d to 66adf48 Compare June 16, 2025 14:33
@chenrui333 chenrui333 added linux-arm Linux ARM is specifically affected ready to merge PR can be merged once CI is green labels Jun 16, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 16, 2025

🤖 An automated task has requested bottles to be published to this PR.

Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Jun 16, 2025
@BrewTestBot BrewTestBot enabled auto-merge June 16, 2025 15:04
@BrewTestBot BrewTestBot added this pull request to the merge queue Jun 16, 2025
Merged via the queue into master with commit 66139da Jun 16, 2025
17 checks passed
@BrewTestBot BrewTestBot deleted the bump-osv-scanner-2.0.3 branch June 16, 2025 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daeho-ro daeho-ro daeho-ro approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

bump-formula-pr PR was created using `brew bump-formula-pr` CI-no-fail-fast Continue CI tests despite failing GitHub Actions matrix builds. CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. go Go use is a significant feature of the PR or issue linux-arm Linux ARM is specifically affected ready to merge PR can be merged once CI is green

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@BrewTestBot @daeho-ro @chenrui333