Skip to content

v0.3.0
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Mar 06:47
· 163 commits to main since this release
v0.3.0
54eccb9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This version switches the detector over from the GitHub advisory database to the databases provided by osv.dev, which aggregates a number of advisory databases (including the GitHub advisory database) into single ecosystem databases.

What's Changed

  • switch to using ecosystem databases from osv.dev (#59)
  • normalize names of python packages to favor false positives over false negatives (#56)
  • support SEMVER ranges (#57)
  • support OSV advisories with just versions array in affected (#58)
  • fallback to using details field if summary is not present (#60)
  • don't report vulnerabilities multiple times under different aliases (#61)
  • add --cache-all-databases flag (#68)

Full Changelog: v0.2.1...v0.3.0

Assets 17