Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Updates osv-scanner dependency to 1.2.0. #2704

Merged
merged 3 commits into from Mar 9, 2023
Merged

🐛 Updates osv-scanner dependency to 1.2.0. #2704

merged 3 commits into from Mar 9, 2023

Conversation

another-rex
Copy link
Contributor

What kind of change does this PR introduce?

Updates osv-scanner dependency to 1.2.0 from 0.0.0.
The 1.0 release changed the return value for osv-scanner to output an error when vulnerabilities are found, modified to handle this error correctly. This will fix ossf/scorecard-action#1092 once it is also updated.

Which issue(s) this PR fixes

ossf/scorecard-action#1092

Special notes for your reviewer

Does this PR introduce a user-facing change?

No

NONE

@another-rex another-rex temporarily deployed to integration-test March 1, 2023 03:03 — with GitHub Actions Inactive
@another-rex another-rex force-pushed the update-osv-scanner-dependency branch from a0f821d to 17931e3 Compare March 1, 2023 03:04
@another-rex another-rex temporarily deployed to integration-test March 1, 2023 03:05 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Mar 1, 2023
edited

Codecov Report

Merging #2704 (72a5a90) into main (5f13a66) will decrease coverage by 0.02%.
The diff coverage is 0.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2704      +/-   ##
==========================================
- Coverage   49.87%   49.86%   -0.02%     
==========================================
  Files         156      156              
  Lines       11572    11576       +4     
==========================================
  Hits         5772     5772              
- Misses       5450     5454       +4     
  Partials      350      350

@another-rex another-rex temporarily deployed to integration-test March 2, 2023 00:03 — with GitHub Actions Inactive
@spencerschrock spencerschrock mentioned this pull request Mar 2, 2023
Closed
@another-rex another-rex temporarily deployed to integration-test March 8, 2023 05:30 — with GitHub Actions Inactive
@another-rex
Copy link
Contributor Author

Updated the osv-scanner version to a pseudo version 1.2.1-0.20230302232134-592acbc2539b, which contains some extra fixes, notably :

@spencerschrock fyi

@spencerschrock
Copy link
Contributor

@another-rex Thanks for the pseudo update. If you could just DCO your last commit I can get this merged in.

@another-rex another-rex force-pushed the update-osv-scanner-dependency branch from 3e10b82 to 05cd7f8 Compare March 8, 2023 23:10
@another-rex another-rex temporarily deployed to integration-test March 8, 2023 23:11 — with GitHub Actions Inactive
@another-rex @spencerschrock
Updates osv-scanner dependency to 1.2.0.
63b3531 
The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>
@another-rex @spencerschrock
Add some additional comments
f23a9dd 
Signed-off-by: Rex Pan <rexpan@google.com>
@another-rex @spencerschrock
Update osv-scanner to include SBOM and logging fixes
72a5a90 
Signed-off-by: Rex Pan <rexpan@google.com>
@spencerschrock spencerschrock temporarily deployed to integration-test March 8, 2023 23:54 — with GitHub Actions Inactive
@spencerschrock spencerschrock enabled auto-merge (squash) March 8, 2023 23:54
@spencerschrock spencerschrock merged commit 170af75 into ossf:main Mar 9, 2023
36 of 37 checks passed
Shofiya2003 pushed a commit to Shofiya2003/scorecard that referenced this pull request Mar 10, 2023
@another-rex @Shofiya2003
🐛 Updates osv-scanner dependency to 1.2.0. (ossf#2704)
040bc90 
* Updates osv-scanner dependency to 1.2.0.

The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>

* Add some additional comments

Signed-off-by: Rex Pan <rexpan@google.com>

* Update osv-scanner to include SBOM and logging fixes

Signed-off-by: Rex Pan <rexpan@google.com>

---------

Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Shofiya2003 <shofiyabootwala@gmail.com>
Shofiya2003 pushed a commit to Shofiya2003/scorecard that referenced this pull request Mar 10, 2023
@another-rex @Shofiya2003
🐛 Updates osv-scanner dependency to 1.2.0. (ossf#2704)
222da3f 
* Updates osv-scanner dependency to 1.2.0.

The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>

* Add some additional comments

Signed-off-by: Rex Pan <rexpan@google.com>

* Update osv-scanner to include SBOM and logging fixes

Signed-off-by: Rex Pan <rexpan@google.com>

---------

Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Shofiya2003 <shofiyabootwala@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurentsimon laurentsimon laurentsimon approved these changes

@azeemshaikh38 azeemshaikh38 Awaiting requested review from azeemshaikh38

@justaugustus justaugustus Awaiting requested review from justaugustus

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan

@spencerschrock spencerschrock Awaiting requested review from spencerschrock

@raghavkaul raghavkaul Awaiting requested review from raghavkaul

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BUG: Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
3 participants
@another-rex @spencerschrock @laurentsimon