Next | Query returned 25 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2024-09-06 20:49:02 by Benny Siegert | Files touched by this commit (180) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-08-11 17:57:15 by Benny Siegert | Files touched by this commit (176) | Package updated
Log message:
Revbump all Go packages after update
   2024-07-03 08:59:36 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 security update
   2024-06-13 15:47:13 by Benny Siegert | Files touched by this commit (169) | Package updated
Log message:
Revbump all Go packages after go122 update
   2024-06-01 16:03:06 by Benny Siegert | Files touched by this commit (168)
Log message:
Revbump all Go packages, default Go version is now 1.22.
   2024-05-30 17:07:56 by Pierre Pronchery | Files touched by this commit (4) | Package updated
Log message:
osv-scanner: update to 1.7.4

Changes in 1.7.4:

* Feature #943 Support scanning gradle/verification-metadata.xml files.
* Bug #968 Hide unimportant Debian vulnerabilities to reduce noise.

Changes in 1.7.3:

* Feature #934 add support for PNPM v9 lockfiles.
* Bug #938 Ensure the sarif output has a stable order.
* Bug #922 Support filtering on alias IDs in Guided Remediation.

Tested on NetBSD/amd64.
   2024-05-09 00:17:10 by Pierre Pronchery | Files touched by this commit (4) | Package updated
Log message:
osv-scanner: update to 1.7.2

This package hasn't been updated in a long time. The following list of
changes was therefore curated to focus on features or recent bugfixes.

Changes in 1.7.2:

* Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly.
* Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info.
* Bug #914 Fix regression for go call analysis introduced in 1.7.0.

Changes in 1.7.0:

* Feature #352 Guided Remediation
  Introducing our new experimental guided remediation feature on osv-scanner fix \ 
subcommand.
* Feature #805 Include CVSS MaxSevirity in JSON output.

Changes in 1.6.2:

* Feature #694 OSV-Scanner now has subcommands!
  The base command has been moved to scan (currently the only commands is scan). \ 
By default if you do not pass in a command, scan will be used, so CLI remains \ 
backwards compatible.
* Feature #776 Add pdm lockfile support.

Changes in 1.6.0 and 1.6.1:

* Feature #694 Add support for NuGet lock files version 2.
* Feature #655 Scan and report dependency groups (e.g. "dev \ 
dependencies") for vulnerabilities.
* Feature #702 Created an option to skip/disable upload to code scanning.
* Feature #732 Add option to not fail on vulnerability being found for GitHub \ 
Actions.
* Feature #729 Verify the spdx licenses passed in to the license allowlist.

Changes in 1.5.0:

* Feature #501 Add experimental license scanning support!
* Feature #642 Support scanning renv files for the R language ecosystem.
* Feature #513 Stabilize call analysis for Go
* Feature #676 Simplify return codes:
  Return 0 if there are no findings or errors.
  Return 1 if there are any findings (license violations or vulnerabilities).
  Return 128 if no packages are found.
* Feature #651 CVSS v4.0 support.
* Feature #60 Pre-commit hook support.

Changes in 1.4.3:

* Feature #621 Add support for scanning vendored C/C++ files.
* Feature #581 Scan submodules commit hashes.

Changes in 1.4.1:

* Feature #534 New SARIF format that separates out individual vulnerabilities
* Experimental Feature #57 Experimental Github Action

Changes in 1.4.0:

* Feature #183 Add (experimental) offline mode
* Feature #452 Add (experimental) rust call analysis, detect whether vulnerable \ 
functions are actually called in your Rust project
* Feature #505 OSV-Scanner support custom lockfile formats

Changes in 1.3.5:

* Feature #409 Adds an additional column to the table output which shows the \ 
severity if available.

Changes in 1.3.0:

* Feature #198 GoVulnCheck integration! Try it out when scanning go code by \ 
adding the --experimental-call-analysis flag.
* Feature #260 Support -r flag in requirements.txt files.
* Feature #300 Make IgnoredVulns also ignore aliases.
* Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities.

Changes in 1.2.0:

* Feature #168 Support for scanning debian package status file, usually located \ 
in /var/lib/dpkg/status. Thanks @cmaritan
* Feature #94 Specify what parser should be used in --lockfile.
* Feature #158 Specify output format to use with the --format flag.
* Feature #165 Respect .gitignore files by default when scanning.
* Feature #156 Support markdown table output format. Thanks @deftdawg
* Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4
* Updated documentation! Check it out here: https://google.github.io/osv-scanner/

Changes in 1.1.0:

* Feature #98: Support for NuGet ecosystem.
* Feature #71: Now supports Pipfile.lock scanning.
* Bug #85: Even better support for narrow terminals by shortening osv.dev URLs.
* Bug #105: Fix rare cases of too many open file handles.
* Bug #131: Fix table highlighting overflow.
* Bug #101: Now supports 32 bit systems.

Tested on NetBSD/amd64.
   2024-04-05 21:14:14 by Benny Siegert | Files touched by this commit (161) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-02-07 15:51:04 by Benny Siegert | Files touched by this commit (156) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-01-10 20:14:43 by Benny Siegert | Files touched by this commit (152) | Package updated
Log message:
Revbump all Go packages after go121 update

Next | Query returned 25 messages, browsing 1 to 10 | Previous