diff --git a/CHANGELOG.md b/CHANGELOG.md index 47ee92f6dd..8748071d1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +# v1.8.4: + +### Features: + +- [Feature #1177](https://github.com/google/osv-scanner/pull/1177) Adds `--upgrade-config` flag for configuring allowed upgrades on a per-package basis. Also hide & deprecate previous `--disallow-major-upgrades` and `--disallow-package-upgrades` flags. + +### Fixes: + +- [Bug #1123](https://github.com/google/osv-scanner/issues/1123) Issue when running osv-scanner on project running with golang 1.22 #1123 + +### Misc: + +- [Feature #638](https://github.com/google/osv-scanner/issues/638) Update go policy to use stable go version for builds (updated to go 1.23) + # v1.8.3: ### Features: diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index ac2739b209..0e59849a3c 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -9,7 +9,7 @@ No package sources found, --help for usage information. --- [TestRun/#01 - 1] -osv-scanner version: 1.8.3 +osv-scanner version: 1.8.4 commit: n/a built at: n/a @@ -138,7 +138,7 @@ Scanned /fixtures/locks-many/composer.lock file and found 1 package "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -252,7 +252,7 @@ Filtered 1 vulnerability from output } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -735,7 +735,7 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ diff --git a/docs/github-action.md b/docs/github-action.md index 03b702491f..471c8c6c6f 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -55,7 +55,7 @@ permissions: jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" ``` ### View results @@ -98,7 +98,7 @@ permissions: jobs: scan-scheduled: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" ``` As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule). @@ -133,7 +133,7 @@ permissions: jobs: osv-scan: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" with: # Only scan the top level go.mod file without recursively scanning directories since # this is pipeline is about releasing the go module and binary @@ -186,7 +186,7 @@ Examples ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" with: scan-args: |- --lockfile=./path/to/lockfile1 @@ -198,7 +198,7 @@ jobs: ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" with: scan-args: |- --recursive @@ -225,7 +225,7 @@ jobs: name: Vulnerability scanning # makes sure the extraction step is completed before running the scanner needs: extract-deps - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.3" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" with: # Download the artifact uploaded in extract-deps step download-artifact: converted-OSV-Scanner-deps diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index c263067fe1..3e0d9dcb1a 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -62,7 +62,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -149,7 +149,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -170,7 +170,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -191,7 +191,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -212,7 +212,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -233,7 +233,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -254,7 +254,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -275,7 +275,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -296,7 +296,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -317,7 +317,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -338,7 +338,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -359,7 +359,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -380,7 +380,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -401,7 +401,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -422,7 +422,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -443,7 +443,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -501,7 +501,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -631,7 +631,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -743,7 +743,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -809,7 +809,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -875,7 +875,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -941,7 +941,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1061,7 +1061,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1272,7 +1272,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1410,7 +1410,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -1468,7 +1468,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1634,7 +1634,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1845,7 +1845,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -1983,7 +1983,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -2004,7 +2004,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -2025,7 +2025,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -2046,7 +2046,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.3" + "version": "1.8.4" } }, "results": [] @@ -2104,7 +2104,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2187,7 +2187,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2253,7 +2253,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2319,7 +2319,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2385,7 +2385,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2452,7 +2452,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2536,7 +2536,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2637,7 +2637,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2720,7 +2720,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ @@ -2786,7 +2786,7 @@ } } ], - "version": "1.8.3" + "version": "1.8.4" } }, "artifacts": [ diff --git a/internal/version/version.go b/internal/version/version.go index 864a4a4e2f..2943ee75a0 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -1,4 +1,4 @@ package version // OSVVersion is the current release version, you should update this variable when doing a release -var OSVVersion = "1.8.3" +var OSVVersion = "1.8.4"