v0.3.0
This version switches the detector over from the GitHub advisory database to the databases provided by osv.dev, which aggregates a number of advisory databases (including the GitHub advisory database) into single ecosystem databases.
What's Changed
- switch to using ecosystem databases from osv.dev (#59)
- normalize names of python packages to favor false positives over false negatives (#56)
- support SEMVER ranges (#57)
- support OSV advisories with just
versions
array in affected (#58) - fallback to using
details
field ifsummary
is not present (#60) - don't report vulnerabilities multiple times under different aliases (#61)
- add
--cache-all-databases
flag (#68)
Full Changelog: v0.2.1...v0.3.0