Bump github.com/google/osv-scanner from 1.4.3 to 1.5.0

[dependabot]

Bumps github.com/google/osv-scanner from 1.4.3 to 1.5.0.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.5.0

Changelog

Features

• [Feature #501](google/osv-scanner#501) Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
• [Feature #642](google/osv-scanner#642) Support scanning renv files for the R language ecosystem.
• [Feature #513](google/osv-scanner#513) Stabilize call analysis for Go! The experimental --experimental-call-analysis flag has now been updated to:

  --call-analysis=<language/all>
  --no-call-analysis=<language/all>
  

  with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!
• [Feature #676](google/osv-scanner#676) Simplify return codes:
  • Return 0 if there are no findings or errors.
  • Return 1 if there are any findings (license violations or vulnerabilities).
  • Return 128 if no packages are found.
• [Feature #651](google/osv-scanner#651) CVSS v4.0 support.
• [Feature #60](google/osv-scanner#60) Pre-commit hook support.

Fixes

• [Bug #639](google/osv-scanner#639) We now filter local packages from scans, and report the filtering of those packages.
• [Bug #645](google/osv-scanner#645) Properly handle file/url paths on Windows.
• [Bug #660](google/osv-scanner#660) Remove noise from failed lockfile parsing.
• [Bug #649](google/osv-scanner#649) No longer include vendored libraries in C/C++ package analysis.
• [Bug #634](google/osv-scanner#634) Fix filtering of aliases to also include non OSV aliases

New Contributors

• @​hogo6002 made their first contribution in google/osv-scanner#665
• @​pandatix made their first contribution in google/osv-scanner#651
• @​kemzeb made their first contribution in google/osv-scanner#669

Full Changelog: google/osv-scanner@v1.4.3...v1.5.0

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.5.0:

Features

• [Feature #501](google/osv-scanner#501) Add experimental license scanning support! See https://osv.dev/blog/posts/introducing-license-scanning-with-osv-scanner/ for more information!
• [Feature #642](google/osv-scanner#642) Support scanning renv files for the R language ecosystem.
• [Feature #513](google/osv-scanner#513) Stabilize call analysis for Go! The experimental --experimental-call-analysis flag has now been updated to:

  --call-analysis=<language/all>
  --no-call-analysis=<language/all>
  

  with call analysis for Go enabled by default. See https://google.github.io/osv-scanner/usage/#scanning-with-call-analysis for the documentation!
• [Feature #676](google/osv-scanner#676) Simplify return codes:
  • Return 0 if there are no findings or errors.
  • Return 1 if there are any findings (license violations or vulnerabilities).
  • Return 128 if no packages are found.
• [Feature #651](google/osv-scanner#651) CVSS v4.0 support.
• [Feature #60](google/osv-scanner#60) Pre-commit hook support.

Fixes

• [Bug #639](google/osv-scanner#639) We now filter local packages from scans, and report the filtering of those packages.
• [Bug #645](google/osv-scanner#645) Properly handle file/url paths on Windows.
• [Bug #660](google/osv-scanner#660) Remove noise from failed lockfile parsing.
• [Bug #649](google/osv-scanner#649) No longer include vendored libraries in C/C++ package analysis.
• [Bug #634](google/osv-scanner#634) Fix filtering of aliases to also include non OSV aliases

Miscellaneous

• The minimum go version has been updated to go1.21 from go1.18.

Commits

• 060799c Add changelog for verson 1.5.0 (#692)
• 6d2154f Fix go mod (#691)
• b2e8e85 chore(deps): lock file maintenance (#653)
• 41a9c5b refactor: switch golang.org/x/exp/slices usages to stdlib (#690)
• 56a6590 Include available formats in --format help message (#685)
• 979ca0b chore(deps): update golang:alpine docker digest to 70afe55 (#687)
• d5052e7 chore(deps): update alpine:3.18 docker digest to 34871e7 (#686)
• 289f653 fix(deps): update osv-scanner minor (#688)
• b7ef0d7 Add osv-scanner pre-commit hook (#669)
• 9b4d714 Fix goreleaser build (#683)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[academo]

@briangann could you check this one?

[dependabot]

Superseded by #164.