Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.2 #4464

Merged
merged 3 commits into from
Jan 2, 2025
Merged

🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.2 #4464

merged 3 commits into from
Jan 2, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 23, 2024
edited
Loading

Bumps github.com/google/osv-scanner from 1.9.0 to 1.9.2.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.9.2

Changelog

Fixes:

New Contributors

Full Changelog: google/osv-scanner@v1.9.1...v1.9.2

v1.9.1

OSV-Scanner v2 is coming soon! The next release will start with version v2.0.0-alpha1.

Here's a peek at some of the exciting upcoming features:

  • Standalone container image scanning support.
    • Including support for Alpine and Debian images.
  • Refactored internals to use osv-scalibr library for better extraction capabilities.
  • HTML output format for clearer vulnerability results.
  • More control over output format and logging.
  • ...and more!

Importantly, the CLI interface of osv-scanner will be maintained with minimal breaking changes. Most breaking changes will only be in the API. More details in the upcoming alpha release.

This is the final feature v1 release of osv-scanner, future releases for v1 will only contain bug fixes.

v1.9.1

Features:

Fixes:

... (truncated)

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.9.2

Fixes:

v1.9.1

OSV-Scanner v2 is coming soon! The next release will start with version v2.0.0-alpha1.

Here's a peek at some of the exciting upcoming features:

  • Standalone container image scanning support.
    • Including support for Alpine and Debian images.
  • Refactored internals to use osv-scalibr library for better extraction capabilities.
  • HTML output format for clearer vulnerability results.
  • More control over output format and logging.
  • ...and more!

Importantly, the CLI interface of osv-scanner will be maintained with minimal breaking changes. Most breaking changes will only be in the API. More details in the upcoming alpha release.

This is the final feature v1 release of osv-scanner, future releases for v1 will only contain bug fixes.

Features:

Fixes:

API Changes:

  • Deprecate auxillary public packages: As part of the V2 update described above, we have started deprecating some of the auxillary packages

... (truncated)

Commits
  • 1e295ee chore: v1.9.2 Changelog (#1455)
  • 5e6828a chore: cherry-pick fixes to v1 (#1459)
  • 474edfd chore: Update test dockerfile node hash
  • 15d1aea chore(deps): update alpine docker tag to v3.21 (#1431)
  • 152731f test(maven): remove the test of transitive scanning on native data source (#1...
  • 722ff76 chore: update golangci-lint to version 1.62.2 (#1426)
  • 5ae7169 test: update snapshots (#1421)
  • 4906e9d ci: add versions fixture generator for Red Hat (#1356)
  • 4ba4a92 docs: clarify commit message requirements in contribution.md (#1416)
  • 9e98057 chore(deps): lock file maintenance (#1415)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner December 23, 2024 08:17
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Dec 23, 2024
@dependabot dependabot bot requested review from justaugustus and raghavkaul and removed request for a team December 23, 2024 08:17
@dependabot dependabot bot temporarily deployed to integration-test December 23, 2024 08:18 Inactive
spencerschrock
spencerschrock requested changes Dec 23, 2024
View reviewed changes
go.mod Show resolved Hide resolved
@dependabot
🌱 Bump github.com/google/osv-scanner from 1.9.0 to 1.9.2
7b42341 
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.9.0 to 1.9.2.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/v1.9.2/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.9.0...v1.9.2)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/github.com/google/osv-scanner-1.9.2 branch from dfe852f to 7b42341 Compare December 30, 2024 08:58
@dependabot dependabot bot temporarily deployed to integration-test December 30, 2024 08:58 Inactive
@spencerschrock
fix go directive
9373f8e 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Merge branch 'main' into dependabot/go_modules/github.com/google/osv-…
4368292 
…scanner-1.9.2

Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Member

/scdiff generate Vulnerabilities

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 2, 2025

Here's a link to the scdiff run

spencerschrock
spencerschrock approved these changes Jan 2, 2025
View reviewed changes
Copy link
Member

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot squash and merge

@dependabot dependabot bot merged commit 975ee23 into main Jan 2, 2025
39 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/google/osv-scanner-1.9.2 branch January 2, 2025 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock spencerschrock approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

@raghavkaul raghavkaul Awaiting requested review from raghavkaul raghavkaul is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@spencerschrock