Skip to content
This repository has been archived by the owner on Mar 1, 2024. It is now read-only.

Releases: silinternational/vulnerability-scanner

Bump semver to 7.5.2

16 Nov 15:04
8d7db2d
Compare
Choose a tag to compare

Security

  • Bump semver to 7.5.2

Require Node 16, and don't exit for scan failures

29 Mar 19:20
c8b2174
Compare
Choose a tag to compare

Changed

  • Upgrade to Node 16
  • Constrain Node to at least version 16
  • If we fail to check a Bitbucket repo, report that and keep going
  • If we fail to check a GitHub repo, report that and keep going

Fixed

  • Update dependencies now that we're on Node 16
    • A more readable diff for what changed is here

Added

  • List all dependencies (in a more readable format), and have make update also update that list

Included

Add PHP 8.2 EOL date, improve ease-of-use

17 Mar 18:16
ebebe55
Compare
Choose a tag to compare

Added

  • Add EOL date for PHP 8.2 (docs)
  • Make it easier to check language versions in a list of Docker images
  • Document the new command in the readme file
  • Add cli/scan.js, allowing user to pick GitHub and/or Bitbucket from CLI, without needing a specific order

Fewer API calls, fewer false positives, and fewer files published

21 Nov 16:03
1f73ebd
Compare
Choose a tag to compare

Fixed

  • Cache calls for file contents
  • Exclude aliases from the list of Docker images that a Dockerfile uses
  • Update dependencies
  • Update copyright year in LICENSE file
  • Whitelist which files to include when publishing this library
  • Fix README to clarify that VERSIONS_CSV_URL should be quoted

More helpful logs, fix local script, dependency update, add PHP 8.1

16 Nov 15:07
def5bfe
Compare
Choose a tag to compare

Fixed

  • Include docker image name in NodeJS and PHP End-Of-Life version warnings
  • Fix cross-architecture bug when running docker images locally
  • Add EOL date for PHP 8.1
  • Bump minimatch from 3.0.4 to 3.1.2

Update deps, skip unknown Docker images in helper script

25 Jan 15:47
8a9bde7
Compare
Choose a tag to compare

Fixed

  • Fix helper script to skip unknown docker image, not say "NONE" for them
  • Update dependencies
  • Fix incorrect version number in package.json/.lock files

Check NodeJS for EOL version, reduce CLI endpoints

25 Jan 14:56
d1f0df4
Compare
Choose a tag to compare

Added

  • Run the (non-integration) tests during CI/CD
  • Make it easier to run the various tests
  • Use Docker to run tests, so they're run on a consistent version of Node
  • Update helper script to also check versions of NodeJS and Python in Docker images
    • NOTE: This program does not yet do anything with the Python version information.
  • Enable checking for EOL'd NodeJS version when scanning a Bitbucket repo
  • Enable checking for EOL'd NodeJS version when scanning a GitHub repo
  • Show the download progress when pulling Docker images to check language versions

Changed

  • Renamed get-php-of-docker.sh helper script to get-docker-lang-versions.sh

Fixed

  • Adjust helper script to return NodeJS version in the expected format
  • Improve JS documentation (types, corrections, more documentation)

Removed

  • Stop providing separate CLI endpoints for checking EOL language versions
    • If a URL is provided (for a CSV of language versions by Docker image) to any of the remaining CLI endpoints, then the PHP and NodeJS versions will be checked for End-of-Life versions in use. We don't need the clutter and complexity of the extra CLI endpoints.
    • Note: This is not a backwards-compatibility-breaking change because only the methods exposed by our index.js file are used to determine backward compatibility (and this is documented in the README)

Exclude "..._archived" Bitbucket repos

10 Jan 18:36
efbbeac
Compare
Choose a tag to compare

Fixed

  • Update bitbucket.listRepos() to exclude archived repos (indicated by an "_archived" suffix on the repo name)
  • Avoid leaving docker containers lying around after checking PHP version

Added

  • Add a way to run only the non-integration tests

Update dependencies

17 Dec 21:09
cc5305e
Compare
Choose a tag to compare

Fixed

  • Update dependencies

Play nicely within Bitbucket API rate limit

22 Mar 20:28
2a333f1
Compare
Choose a tag to compare

Fixed

  • Reduce folder-depth (when searching Bitbucket repo for files) down from 50 to more reasonable 10
  • Just search for specific file names when finding files in Bitbucket
  • Cache results of listing files in a Bitbucket repo
  • Stop after 20 pages (of 100 items) when getting Bitbucket API results, to reduce wasting rate-limited API calls
  • Exit with an error if an API call returns an error (except errors about empty repos)
  • Update npm dependencies