Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 Updates osv-scanner dependency to 1.2.0. #2704

Merged
merged 3 commits into from
Mar 9, 2023

Conversation

another-rex
Copy link
Contributor

What kind of change does this PR introduce?

Updates osv-scanner dependency to 1.2.0 from 0.0.0.
The 1.0 release changed the return value for osv-scanner to output an error when vulnerabilities are found, modified to handle this error correctly. This will fix ossf/scorecard-action#1092 once it is also updated.

Which issue(s) this PR fixes

ossf/scorecard-action#1092

Special notes for your reviewer

Does this PR introduce a user-facing change?

No

NONE

@another-rex another-rex temporarily deployed to integration-test March 1, 2023 03:03 — with GitHub Actions Inactive
@another-rex another-rex force-pushed the update-osv-scanner-dependency branch from a0f821d to 17931e3 Compare March 1, 2023 03:04
@another-rex another-rex temporarily deployed to integration-test March 1, 2023 03:05 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Mar 1, 2023

Codecov Report

Merging #2704 (72a5a90) into main (5f13a66) will decrease coverage by 0.02%.
The diff coverage is 0.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2704      +/-   ##
==========================================
- Coverage   49.87%   49.86%   -0.02%     
==========================================
  Files         156      156              
  Lines       11572    11576       +4     
==========================================
  Hits         5772     5772              
- Misses       5450     5454       +4     
  Partials      350      350              

@another-rex another-rex temporarily deployed to integration-test March 2, 2023 00:03 — with GitHub Actions Inactive
@another-rex another-rex temporarily deployed to integration-test March 8, 2023 05:30 — with GitHub Actions Inactive
@another-rex
Copy link
Contributor Author

Updated the osv-scanner version to a pseudo version 1.2.1-0.20230302232134-592acbc2539b, which contains some extra fixes, notably :

@spencerschrock fyi

@spencerschrock
Copy link
Member

@another-rex Thanks for the pseudo update. If you could just DCO your last commit I can get this merged in.

@another-rex another-rex force-pushed the update-osv-scanner-dependency branch from 3e10b82 to 05cd7f8 Compare March 8, 2023 23:10
@another-rex another-rex temporarily deployed to integration-test March 8, 2023 23:11 — with GitHub Actions Inactive
The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Rex Pan <rexpan@google.com>
@spencerschrock spencerschrock temporarily deployed to integration-test March 8, 2023 23:54 — with GitHub Actions Inactive
@spencerschrock spencerschrock enabled auto-merge (squash) March 8, 2023 23:54
@spencerschrock spencerschrock merged commit 170af75 into ossf:main Mar 9, 2023
Shofiya2003 pushed a commit to Shofiya2003/scorecard that referenced this pull request Mar 10, 2023
* Updates osv-scanner dependency to 1.2.0.

The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>

* Add some additional comments

Signed-off-by: Rex Pan <rexpan@google.com>

* Update osv-scanner to include SBOM and logging fixes

Signed-off-by: Rex Pan <rexpan@google.com>

---------

Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Shofiya2003 <shofiyabootwala@gmail.com>
Shofiya2003 pushed a commit to Shofiya2003/scorecard that referenced this pull request Mar 10, 2023
* Updates osv-scanner dependency to 1.2.0.

The 1.0 release changed the return value for osv-scanner to output an error
when vulnerabilities are found, modified to handle this error correctly.

Signed-off-by: Rex Pan <rexpan@google.com>

* Add some additional comments

Signed-off-by: Rex Pan <rexpan@google.com>

* Update osv-scanner to include SBOM and logging fixes

Signed-off-by: Rex Pan <rexpan@google.com>

---------

Signed-off-by: Rex Pan <rexpan@google.com>
Signed-off-by: Shofiya2003 <shofiyabootwala@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

BUG: Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner
3 participants