Navigation:
Browse pkgsrc
(this page)
security osv-scan..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2024-12-12 11:51:49 by Leonardo Taccari | Files touched by this commit (4) |
Log message: osv-scanner: Update to 1.9.1 pkgsrc changes: - Only install osv-scanner. osv-reporter is intended only for GitHub Actions and generate_mock_resolution_universe is only intended for internal use/osv-scanner development - Remove not needed / nop USE_LANGUAGES (it is already defined to c by default) Changes: v1.9.1 - Support offline database in fix subcommand. - Add `--experimental-offline-vulnerabilities` and `--experimental-no-resolve` flags. - Support private registries for Maven. - Support `vulnerabilities.ignore` in package overrides. - Bug fixes v1.9.0 - Allow explicitly ignoring the license of a package in config with `license.ignore = true`. - Error if configuration file has unknown properties. - Assume `.txt` files with "requirements" in their name are `requirements.txt` files - Bug fixes v1.8.5 - Support fetching snapshot versions from a Maven registry. - Support composite-based package overrides. This allows for ignoring entire manifests when scanning. - Add FIXED-VULN-IDS to guided remediation non-interactive output. - Bug fixes v1.8.4 - Adds `--upgrade-config` flag for configuring allowed upgrades on a per-package \ basis. Also hide & deprecate previous `--disallow-major-upgrades` and `--disallow-package-upgrades` flags. - Bug fixes v1.8.3 - OSV-Scanner now provides "vertical" output format! - Bug fixes v1.8.2 - Adding CycloneDX 1.4 and 1.5 output format. Thanks marcwieserdev! - Bug fixes v1.8.0/v1.8.1 - OSV-Scanner now scans transitive dependencies in Maven `pom.xml` files! - The `osv-scanner.toml` configuration file can now filter specific packages with new `[[PackageOverrides]]` sections. - The `--experimental-local-db` flag has been removed and replaced with a new flag `--experimental-download-offline-databases` which better reflects what the flag does. To replicate the behavior of the original `--experimental-local-db` flag, replace it with both `--experimental-offline --experimental-download-offline-databases` flags. This will run osv-scanner in offline mode, but download the latest version of the vulnerability databases before scanning. - Bug fixes |
2024-09-06 20:49:02 by Benny Siegert | Files touched by this commit (180) |  |
Log message: Revbump all Go packages after go122 update |
| 2024-08-11 17:57:15 by Benny Siegert | Files touched by this commit (176) | |
Log message: Revbump all Go packages after update |
| 2024-07-03 08:59:36 by Benny Siegert | Files touched by this commit (169) | |
Log message: Revbump all Go packages after go122 security update |
| 2024-06-13 15:47:13 by Benny Siegert | Files touched by this commit (169) | |
Log message: Revbump all Go packages after go122 update |
| 2024-06-01 16:03:06 by Benny Siegert | Files touched by this commit (168) |
Log message: Revbump all Go packages, default Go version is now 1.22. |
| 2024-05-30 17:07:56 by Pierre Pronchery | Files touched by this commit (4) | |
Log message: osv-scanner: update to 1.7.4 Changes in 1.7.4: * Feature #943 Support scanning gradle/verification-metadata.xml files. * Bug #968 Hide unimportant Debian vulnerabilities to reduce noise. Changes in 1.7.3: * Feature #934 add support for PNPM v9 lockfiles. * Bug #938 Ensure the sarif output has a stable order. * Bug #922 Support filtering on alias IDs in Guided Remediation. Tested on NetBSD/amd64. |
| 2024-05-09 00:17:10 by Pierre Pronchery | Files touched by this commit (4) | |
Log message: osv-scanner: update to 1.7.2 This package hasn't been updated in a long time. The following list of changes was therefore curated to focus on features or recent bugfixes. Changes in 1.7.2: * Bug #899 Guided Remediation: Parse paths in npmrc auth fields correctly. * Bug #908 Fix rust call analysis by explicitly disabling stripping of debug info. * Bug #914 Fix regression for go call analysis introduced in 1.7.0. Changes in 1.7.0: * Feature #352 Guided Remediation Introducing our new experimental guided remediation feature on osv-scanner fix \ subcommand. * Feature #805 Include CVSS MaxSevirity in JSON output. Changes in 1.6.2: * Feature #694 OSV-Scanner now has subcommands! The base command has been moved to scan (currently the only commands is scan). \ By default if you do not pass in a command, scan will be used, so CLI remains \ backwards compatible. * Feature #776 Add pdm lockfile support. Changes in 1.6.0 and 1.6.1: * Feature #694 Add support for NuGet lock files version 2. * Feature #655 Scan and report dependency groups (e.g. "dev \ dependencies") for vulnerabilities. * Feature #702 Created an option to skip/disable upload to code scanning. * Feature #732 Add option to not fail on vulnerability being found for GitHub \ Actions. * Feature #729 Verify the spdx licenses passed in to the license allowlist. Changes in 1.5.0: * Feature #501 Add experimental license scanning support! * Feature #642 Support scanning renv files for the R language ecosystem. * Feature #513 Stabilize call analysis for Go * Feature #676 Simplify return codes: Return 0 if there are no findings or errors. Return 1 if there are any findings (license violations or vulnerabilities). Return 128 if no packages are found. * Feature #651 CVSS v4.0 support. * Feature #60 Pre-commit hook support. Changes in 1.4.3: * Feature #621 Add support for scanning vendored C/C++ files. * Feature #581 Scan submodules commit hashes. Changes in 1.4.1: * Feature #534 New SARIF format that separates out individual vulnerabilities * Experimental Feature #57 Experimental Github Action Changes in 1.4.0: * Feature #183 Add (experimental) offline mode * Feature #452 Add (experimental) rust call analysis, detect whether vulnerable \ functions are actually called in your Rust project * Feature #505 OSV-Scanner support custom lockfile formats Changes in 1.3.5: * Feature #409 Adds an additional column to the table output which shows the \ severity if available. Changes in 1.3.0: * Feature #198 GoVulnCheck integration! Try it out when scanning go code by \ adding the --experimental-call-analysis flag. * Feature #260 Support -r flag in requirements.txt files. * Feature #300 Make IgnoredVulns also ignore aliases. * Feature #304 OSV-Scanner now runs faster when there's multiple vulnerabilities. Changes in 1.2.0: * Feature #168 Support for scanning debian package status file, usually located \ in /var/lib/dpkg/status. Thanks @cmaritan * Feature #94 Specify what parser should be used in --lockfile. * Feature #158 Specify output format to use with the --format flag. * Feature #165 Respect .gitignore files by default when scanning. * Feature #156 Support markdown table output format. Thanks @deftdawg * Feature #59 Support conan.lock lockfiles and ecosystem Thanks @SSE4 * Updated documentation! Check it out here: https://google.github.io/osv-scanner/ Changes in 1.1.0: * Feature #98: Support for NuGet ecosystem. * Feature #71: Now supports Pipfile.lock scanning. * Bug #85: Even better support for narrow terminals by shortening osv.dev URLs. * Bug #105: Fix rare cases of too many open file handles. * Bug #131: Fix table highlighting overflow. * Bug #101: Now supports 32 bit systems. Tested on NetBSD/amd64. |
New packages: