chore: v1.9.1 Changelog (#1358)

google · Oct 30, 2024 · b13f37e · b13f37e
1 parent 8af6458
commit b13f37e
Show file tree

Hide file tree

Showing 5 changed files with 98 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,48 @@
+OSV-Scanner v2 is coming soon! The next release will start with version `v2.0.0-alpha1`.
+
+Here's a peek at some of the exciting upcoming features:
+
+- Standalone container image scanning support.
+  - Including support for Alpine and Debian images.
+- Refactored internals to use [`osv-scalibr`](https://github.com/google/osv-scalibr) library for better extraction capabilities.
+- HTML output format for clearer vulnerability results.
+- More control over output format and logging.
+- ...and more!
+
+Importantly, the CLI interface of osv-scanner will be maintained with minimal breaking changes.
+Most breaking changes will only be in the API. More details in the upcoming alpha release.
+
+---
+
+This is the final feature v1 release of osv-scanner, future releases for v1 will only contain bug fixes.
+
+# v1.9.1
+
+### Features:
+
+- [Feature #1295](https://github.com/google/osv-scanner/pull/1295) Support offline database in fix subcommand.
+- [Feature #1342](https://github.com/google/osv-scanner/pull/1342) Add `--experimental-offline-vulnerabilities` and `--experimental-no-resolve` flags.
+- [Feature #1045](https://github.com/google/osv-scanner/pull/1045) Support private registries for Maven.
+- [Feature #1226](https://github.com/google/osv-scanner/pull/1226) Support support `vulnerabilities.ignore` in package overrides.
+
+### Fixes:
+
+- [Bug #604](https://github.com/google/osv-scanner/pull/604) Use correct path separator in SARIF output when on Windows.
+- [Bug #330](https://github.com/google/osv-scanner/pull/330) Warn about and ignore duplicate entries in SBOMs.
+- [Bug #1325](https://github.com/google/osv-scanner/pull/1325) Set CharsetReader and Entity when reading pom.xml.
+- [Bug #1310](https://github.com/google/osv-scanner/pull/1310) Update spdx license ids.
+- [Bug #1288](https://github.com/google/osv-scanner/pull/1288) Sort sbom packages by PURL.
+- [Bug #1285](https://github.com/google/osv-scanner/pull/1285) Improve handling if `docker` exits with a non-zero code when trying to scan images
+
+### API Changes:
+
+- Deprecate auxillary public packages: As part of the V2 update described above, we have started deprecating some of the auxillary packages
+  which are not commonly used to give us more room to make better API designs. These include:
+  - `config`
+  - `depsdev`
+  - `grouper`
+  - `spdx`
+
 # v1.9.0
 
 ### Features:

diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap
@@ -80,7 +80,7 @@ Loaded filter from: <rootdir>/fixtures/locks-many/osv-scanner.toml
           "informationUri": "https://github.com/google/osv-scanner",
           "name": "osv-scanner",
           "rules": [],
-          "version": "1.9.0"
+          "version": "1.9.1"
         }
       },
       "results": []
@@ -234,7 +234,7 @@ Loaded Alpine local db from <tempdir>/osv-scanner/Alpine/all.zip
               }
             }
           ],
-          "version": "1.9.0"
+          "version": "1.9.1"
         }
       },
       "artifacts": [
@@ -850,7 +850,7 @@ No issues found
 ---
 
 [TestRun/version - 1]
-osv-scanner version: 1.9.0
+osv-scanner version: 1.9.1
 commit: n/a
 built at: n/a
 
@@ -973,7 +973,7 @@ Scanned <rootdir>/fixtures/locks-insecure/osv-scanner-flutter-deps.json file as
               }
             }
           ],
-          "version": "1.9.0"
+          "version": "1.9.1"
         }
       },
       "artifacts": [

diff --git a/docs/github-action.md b/docs/github-action.md
@@ -55,7 +55,7 @@ permissions:
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
 ```
 
 ### View results
@@ -98,7 +98,7 @@ permissions:
 
 jobs:
   scan-scheduled:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
 ```
 
 As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule).
@@ -133,7 +133,7 @@ permissions:
 
 jobs:
   osv-scan:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
     with:
       # Only scan the top level go.mod file without recursively scanning directories since
       # this is pipeline is about releasing the go module and binary
@@ -186,7 +186,7 @@ Examples
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
     with:
       scan-args: |-
         --lockfile=./path/to/lockfile1
@@ -198,7 +198,7 @@ jobs:
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
     with:
       scan-args: |-
         --recursive
@@ -225,7 +225,7 @@ jobs:
     name: Vulnerability scanning
     # makes sure the extraction step is completed before running the scanner
     needs: extract-deps
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].0"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].1"
     with:
       # Download the artifact uploaded in extract-deps step
       download-artifact: converted-OSV-Scanner-deps