This repository has been archived by the owner on Mar 1, 2024. It is now read-only.
Releases: silinternational/vulnerability-scanner
Releases · silinternational/vulnerability-scanner
Bump semver to 7.5.2
Require Node 16, and don't exit for scan failures
Changed
- Upgrade to Node 16
- Constrain Node to at least version 16
- If we fail to check a Bitbucket repo, report that and keep going
- If we fail to check a GitHub repo, report that and keep going
Fixed
- Update dependencies now that we're on Node 16
- A more readable diff for what changed is here
Added
- List all dependencies (in a more readable format), and have
make update
also update that list
Included
Add PHP 8.2 EOL date, improve ease-of-use
Added
- Add EOL date for PHP 8.2 (docs)
- Make it easier to check language versions in a list of Docker images
- Document the new command in the readme file
- Add
cli/scan.js
, allowing user to pick GitHub and/or Bitbucket from CLI, without needing a specific order
Fewer API calls, fewer false positives, and fewer files published
Fixed
- Cache calls for file contents
- Exclude aliases from the list of Docker images that a Dockerfile uses
- Update dependencies
- Update copyright year in LICENSE file
- Whitelist which files to include when publishing this library
- Fix README to clarify that VERSIONS_CSV_URL should be quoted
More helpful logs, fix local script, dependency update, add PHP 8.1
Fixed
- Include docker image name in NodeJS and PHP End-Of-Life version warnings
- Fix cross-architecture bug when running docker images locally
- Add EOL date for PHP 8.1
- Bump minimatch from 3.0.4 to 3.1.2
Update deps, skip unknown Docker images in helper script
Fixed
- Fix helper script to skip unknown docker image, not say "NONE" for them
- Update dependencies
- Fix incorrect version number in package.json/.lock files
Check NodeJS for EOL version, reduce CLI endpoints
Added
- Run the (non-integration) tests during CI/CD
- Make it easier to run the various tests
- Use Docker to run tests, so they're run on a consistent version of Node
- Update helper script to also check versions of NodeJS and Python in Docker images
- NOTE: This program does not yet do anything with the Python version information.
- Enable checking for EOL'd NodeJS version when scanning a Bitbucket repo
- Enable checking for EOL'd NodeJS version when scanning a GitHub repo
- Show the download progress when pulling Docker images to check language versions
Changed
- Renamed
get-php-of-docker.sh
helper script toget-docker-lang-versions.sh
Fixed
- Adjust helper script to return NodeJS version in the expected format
- Improve JS documentation (types, corrections, more documentation)
Removed
- Stop providing separate CLI endpoints for checking EOL language versions
- If a URL is provided (for a CSV of language versions by Docker image) to any of the remaining CLI endpoints, then the PHP and NodeJS versions will be checked for End-of-Life versions in use. We don't need the clutter and complexity of the extra CLI endpoints.
- Note: This is not a backwards-compatibility-breaking change because only the methods exposed by our
index.js
file are used to determine backward compatibility (and this is documented in the README)
Exclude "..._archived" Bitbucket repos
Fixed
- Update
bitbucket.listRepos()
to exclude archived repos (indicated by an "_archived" suffix on the repo name) - Avoid leaving docker containers lying around after checking PHP version
Added
- Add a way to run only the non-integration tests
Update dependencies
Fixed
- Update dependencies
Play nicely within Bitbucket API rate limit
Fixed
- Reduce folder-depth (when searching Bitbucket repo for files) down from 50 to more reasonable 10
- Just search for specific file names when finding files in Bitbucket
- Cache results of listing files in a Bitbucket repo
- Stop after 20 pages (of 100 items) when getting Bitbucket API results, to reduce wasting rate-limited API calls
- Exit with an error if an API call returns an error (except errors about empty repos)
- Update npm dependencies