diff --git a/CHANGELOG.md b/CHANGELOG.md index 8748071d1d..f063572c80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +# v1.8.5: + +### Features: + +- [Feature #1160](https://github.com/google/osv-scanner/pull/1160) Support fetching snapshot versions from a Maven registry. +- [Feature #1177](https://github.com/google/osv-scanner/pull/1177) Support composite-based package overrides. This allows for ignoring entire manifests when scanning. +- [Feature #1210](https://github.com/google/osv-scanner/pull/1210) Add FIXED-VULN-IDS to guided remediation non-interactive output. + +### Fixes: + +- [Bug #1220](https://github.com/google/osv-scanner/issues/1220) Fix govulncheck calls on C code. +- [Bug #1236](https://github.com/google/osv-scanner/pull/1236) Alpine package scanning now falls back to latest release version if no release version can be found. + # v1.8.4: ### Features: diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 373ca98121..b03183ad54 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -9,7 +9,7 @@ No package sources found, --help for usage information. --- [TestRun/#01 - 1] -osv-scanner version: 1.8.4 +osv-scanner version: 1.8.5 commit: n/a built at: n/a @@ -141,7 +141,7 @@ Loaded filter from: /fixtures/locks-many/osv-scanner.toml "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -254,7 +254,7 @@ Loaded Alpine local db from /osv-scanner/Alpine/all.zip } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -793,7 +793,7 @@ Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ diff --git a/docs/github-action.md b/docs/github-action.md index 471c8c6c6f..aa29061efc 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -55,7 +55,7 @@ permissions: jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" ``` ### View results @@ -98,7 +98,7 @@ permissions: jobs: scan-scheduled: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" ``` As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule). @@ -133,7 +133,7 @@ permissions: jobs: osv-scan: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" with: # Only scan the top level go.mod file without recursively scanning directories since # this is pipeline is about releasing the go module and binary @@ -186,7 +186,7 @@ Examples ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" with: scan-args: |- --lockfile=./path/to/lockfile1 @@ -198,7 +198,7 @@ jobs: ```yml jobs: scan-pr: - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" with: scan-args: |- --recursive @@ -225,7 +225,7 @@ jobs: name: Vulnerability scanning # makes sure the extraction step is completed before running the scanner needs: extract-deps - uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.4" + uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v1.8.5" with: # Download the artifact uploaded in extract-deps step download-artifact: converted-OSV-Scanner-deps diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap index 3e0d9dcb1a..3b7d8e65de 100755 --- a/internal/output/__snapshots__/sarif_test.snap +++ b/internal/output/__snapshots__/sarif_test.snap @@ -62,7 +62,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -149,7 +149,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -170,7 +170,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -191,7 +191,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -212,7 +212,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -233,7 +233,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -254,7 +254,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -275,7 +275,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -296,7 +296,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -317,7 +317,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -338,7 +338,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -359,7 +359,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -380,7 +380,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -401,7 +401,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -422,7 +422,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -443,7 +443,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -501,7 +501,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -631,7 +631,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -743,7 +743,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -809,7 +809,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -875,7 +875,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -941,7 +941,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1061,7 +1061,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1272,7 +1272,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1410,7 +1410,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -1468,7 +1468,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1634,7 +1634,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1845,7 +1845,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -1983,7 +1983,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -2004,7 +2004,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -2025,7 +2025,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -2046,7 +2046,7 @@ "informationUri": "https://github.com/google/osv-scanner", "name": "osv-scanner", "rules": [], - "version": "1.8.4" + "version": "1.8.5" } }, "results": [] @@ -2104,7 +2104,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2187,7 +2187,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2253,7 +2253,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2319,7 +2319,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2385,7 +2385,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2452,7 +2452,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2536,7 +2536,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2637,7 +2637,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2720,7 +2720,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ @@ -2786,7 +2786,7 @@ } } ], - "version": "1.8.4" + "version": "1.8.5" } }, "artifacts": [ diff --git a/internal/version/version.go b/internal/version/version.go index 2943ee75a0..b11dbcdc8f 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -1,4 +1,4 @@ package version // OSVVersion is the current release version, you should update this variable when doing a release -var OSVVersion = "1.8.4" +var OSVVersion = "1.8.5"