Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

osv-scanner 1.8.1 #175301

Merged
merged 2 commits into from
Jun 21, 2024
Merged

osv-scanner 1.8.1 #175301

merged 2 commits into from
Jun 21, 2024

Conversation

BrewTestBot
Copy link
Member

Created by brew bump

Created with brew bump-formula-pr.

release notes 
# v1.8.0/v1.8.1:

Features:


    

  • Feature #35
    
OSV-Scanner now scans transitive dependencies in Maven pom.xml files!
    
See our documentation for more information.
    • 

  • Feature #944
    
The osv-scanner.toml configuration file can now filter specific packages with new [[PackageOverrides]] sections:

    [[PackageOverrides]]
# The package name, version, and ecosystem to match against
name = "lib"
# If version is not set or empty, it will match every version
version = "1.0.0"
ecosystem = "Go"
# Ignore this package entirely, including license scanning
ignore = true
# Override the license of the package
# This is not used if ignore = true
license.override = ["MIT", "0BSD"]
# effectiveUntil = 2022-11-09 # Optional exception expiry date
reason = "abc"
    

    • 



Minor Updates


    

  • Feature #1039 The --experimental-local-db flag has been removed and replaced with a new flag --experimental-download-offline-databases which better reflects what the flag does.
    
To replicate the behavior of the original --experimental-local-db flag, replace it with both --experimental-offline --experimental-download-offline-databases flags. This will run osv-scanner in offline mode, but download the latest version of the vulnerability databases before scanning.
    • 



Fixes:


    

  • Bug #1000 Standard dependencies now correctly override dependencyManagement dependencies when scanning pom.xml files in offline mode.
    • 



New Contributors



Full Changelog: google/osv-scanner@v1.7.4...v1.8.1

@github-actions github-actions bot added go Go use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Jun 21, 2024
@github-actions GitHub Actions
Copy link
Contributor

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Jun 21, 2024
@BrewTestBot BrewTestBot enabled auto-merge June 21, 2024 16:39
@BrewTestBot BrewTestBot added this pull request to the merge queue Jun 21, 2024
Merged via the queue into master with commit 295f6cd Jun 21, 2024
14 checks passed
@BrewTestBot BrewTestBot deleted the bump-osv-scanner-1.8.1 branch June 21, 2024 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@p-linnane p-linnane p-linnane approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
bump-formula-pr PR was created using `brew bump-formula-pr` CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. go Go use is a significant feature of the PR or issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BrewTestBot @p-linnane