Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 #1444

Merged
merged 2 commits into from
Nov 3, 2023
Merged

Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 #1444

merged 2 commits into from
Nov 3, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 30, 2023

Bumps github.com/google/osv-scanner from 1.4.1 to 1.4.2.

Release notes

Sourced from github.com/google/osv-scanner's releases.

v1.4.2:

Some minor fixes in this release.

Fixes

Full Changelog: google/osv-scanner@v1.4.1...v1.4.2

Changelog

Sourced from github.com/google/osv-scanner's changelog.

v1.4.2:

Fixes

Commits
  • 1372552 Prepare for 1.4.2 release (#609)
  • dfef890 chore: don't trim trailing whitespace on fixture snapshots (#608)
  • cf948ee Update release pipeline (#602)
  • 32ad454 fix: trim leading and trailing newlines off SARIF output (#606)
  • c00f630 Add name field to sarif rule output (#600)
  • 6bc8b22 chore(deps): update dependency jekyll-feed to v0.17.0 (#579)
  • 2aa1336 chore(deps): update golang:alpine docker digest to 926f7f7 (#591)
  • 8cfa4dc chore(deps): update workflows (#592)
  • 7de70e2 Make scheduled and PR scanning only scan the relevant files and ignore fixtur...
  • ff1e2cf Update docs to add in saving to file option (#593)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2
5a27aac 
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Oct 30, 2023
@pxp928 pxp928 force-pushed the dependabot/go_modules/github.com/google/osv-scanner-1.4.2 branch from 167f0ce to 4ef1bcd Compare November 2, 2023 15:26
@pxp928
Copy link
Collaborator

pxp928 commented Nov 2, 2023

fixes #635

@pxp928 pxp928 linked an issue Nov 2, 2023 that may be closed by this pull request
Inconsistency in packageurl-go for docker and OCI PURLs #635
Closed
@pxp928 pxp928 force-pushed the dependabot/go_modules/github.com/google/osv-scanner-1.4.2 branch from 4ef1bcd to 2414230 Compare November 2, 2023 15:48
@pull-request-size pull-request-size bot added size/L and removed size/M labels Nov 2, 2023
@pxp928
update test results based on update to packageurl-go library
0773253 
Signed-off-by: pxp928 <parth.psu@gmail.com>
@pxp928 pxp928 force-pushed the dependabot/go_modules/github.com/google/osv-scanner-1.4.2 branch from 2414230 to 0773253 Compare November 2, 2023 16:09
lumjjb
lumjjb approved these changes Nov 3, 2023
View reviewed changes
Copy link
Contributor

@lumjjb lumjjb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - we may probably need to cut a release since outputs may change a little

@kodiakhq kodiakhq bot merged commit 00d978b into main Nov 3, 2023
10 checks passed
@kodiakhq kodiakhq bot deleted the dependabot/go_modules/github.com/google/osv-scanner-1.4.2 branch November 3, 2023 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pxp928 pxp928 pxp928 left review comments

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

@lumjjb lumjjb lumjjb approved these changes

@kodiakhq kodiakhq[bot] kodiakhq approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inconsistency in packageurl-go for docker and OCI PURLs
3 participants
@pxp928 @mihaimaruseac @lumjjb