osv-scanner-1.4.0-bp156.1.11

- Update to version 1.4.0:
  * Fix issue in the changelog (#533)
  * 1.4.0 changelog and docs (#532)
  * Adding Offline info (#517)
  * chore(deps): update golang:alpine docker digest to 96634e5
    (#527)
  * chore(deps): update workflows (#529)
  * fix(deps): update osv-scanner minor (#528)
  * Fix result scanning (#526)
  * ci: change how coverage is collected (#525)
  * chore: capture coverage and upload it to codecov (#512)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#520)
  * Correctly use matchFileNames in renovate.json (#522)
  * Update test results to pass new test (#523)
  * Revert breaking change in `osv.go` (#514)
  * Add osv output lockfile + refactor (#505)
  * Update renovate.json (#504)
  * fix(deps): update osv-scanner minor (#506)
  * Refactor models (#510)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#508)
  * chore(deps): update actions/checkout action to v3.6.0 (#507)
  * Update contributing docs (#502)
  * chore(deps-dev): Bump activesupport from 7.0.7 to 7.0.7.2 in
    /docs (#503)
  * fix(deps): update golang.org/x/exp digest to d852ddb (#496)
  * Add fixtures go to renovate bot ignore (#500)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#498)
  * chore(deps): update golangci/golangci-lint-action action to
    v3.7.0 (#499)
  * chore(deps): update actions/setup-go action to v4.1.0 (#497)
  * If go version can't be found, don't add stdlib (#494)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#448)
  * feat: support `io.Reader` based parsers (#451)
  * fix: don't error if local db directory already exists (#493)
  * fix: ensure that "introduced 0" events are sorted before any
    other event (#492)
  * Add go stdlib version support (#484)
  * chore(deps): update golang:alpine docker digest to 445f340
    (#467)
  * chore(deps): update alpine docker tag to v3.18 (#468)
  * chore(deps): update slsa-framework/slsa-github-generator action
    to v1.8.0 (#469)
  * chore(deps): update alpine:3.18 docker digest to 7144f7b (#480)
  * chore(deps): update alpine:3.17 docker digest to f71a5f0 (#466)
  * chore(deps): update
    gaurav-nelson/github-action-markdown-link-check digest to
    46e4421 (#481)
  * fix(deps): update golang.org/x/exp digest to 89c5cff (#482)
  * chore(deps): update github/codeql-action action to v2.21.4
    (#483)
  * Fix some vulns and ignore others (#490)
  * Rust call analysis (#452)
  * Scanner action should pass if the vulnerabilities remain the
    same (#475)
  * Tidy up scanner action (#474)
  * Manually update dependencies to resolve vulnerability
    https://osv.dev/GO-2023-1988 (#472)
  * feat: add experimental offline mode (#183)
  * Move github action back to the main branch (#465)
  * refactor: move experimental flags into their own struct (#463)
  * fix: use correct plural and singular forms based on count
    (#462)
  * chore(deps): update github/codeql-action action to v2.21.2
    (#455)
  * fix(deps): update osv-scanner minor (#456)
  * Add annotations and osv-scanner table in the Github Action
    output (#460)
  * Fix purl mapping (#457)
  * test: make `output` tests their own package (#461)
  * Updated github actions to use main branch now that the PR is
    merged in (#459)
  * Recreated Github Action PR  (#432)
  * chore: minor grammar fixes (#454)
  * chore(deps): update docker/setup-buildx-action digest to
    4c0219f (#437)
  * chore(deps): update golang:alpine docker digest to 7839c9f
    (#444)
  * Optimize Dockerfile and add .dockerignore (#441)
  * chore(deps): update github/codeql-action action to v2.21.0
    (#449)
  * Enable lockfile maintaince (#450)
  * fix(deps): update osv-scanner minor (#445)

- Update to version 1.3.6:
  * Prepare for v1.3.6 Release (#447)
  * Adjusting GitHub actions (#446)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#438)
  * go.mod: upgrade to golang.org/x/vuln@v1.0.0 (#443)
  * Fix PURLToPackage function and move it (#439)
  * Update README.md (#440)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#422)
  * chore(deps): update workflows (#429)
  * fix(deps): update osv-scanner minor (#430)
  * update govulncheck integration (#431)

- Update to version 1.3.5:
  * Add more ignores now that debian PURLs are parsed correctly
    (#428)
  * Adds changelog for v1.3.5 (#427)
  * chore(deps): update alpine docker tag to v3.18 (#382)
  * test: ensure fixtures directory isn't already a git repository
    (#426)
  * chore: ignore `.idea` directory (#425)
  * Add withdrawn and fix time serialization to conform to the
    schema. (#424)
  * test: make `models` tests their own package (#423)
  * Updated to reflect cvss scores being added to output table.
    (#419)
  * chore(deps): update workflows (#421)
  * chore(deps): update alpine:3.17 docker digest to e95676d (#413)
  * Add option to include severity in table output (#409)
  * Update the model to better match schema and add YAML tags.
    (#417)
  * chore(deps): update golang:alpine docker digest to fd9d9d7
    (#405)
  * chore(deps): update workflows (#406)
  * fix(deps): update osv-scanner minor (#415)
  * Fixing broken github page (#412)
  * Link checker (#408)
  * fix(deps): update osv-scanner minor (#407)
  * refactor: enable `goimports` linter (#404)
  * Update the model to match the latest version of the OSV schema
    (#403)

- Update to version 1.3.4:
  * Prepare for 1.3.4 release. (#401)
  * chore(deps): update workflows (#393)
  * fix(deps): update osv-scanner minor (#392)
  * Fix version printer to use app stdout and stderr (#395)
  * OSV user agent (#390)

- Update to version 1.3.3:
  * Add new line and fix test to avoid having to change version
    twice (#387)
  * 1.3.3 Release (#385)
  * Use upload draft assets option (#384)
  * chore(deps): update golang:alpine docker digest to ee2f23f
    (#380)
  * chore(deps): update slsa-framework/slsa-github-generator action
    to v1.6.0 (#383)
  * fix(deps): update osv-scanner minor (#381)
  * Remove --hash from version in requirements.txt (#379)
  * Small formatting changes (#377)
  * chore(deps): bump github.com/cloudflare/circl from 1.1.0 to
    1.3.3 (#378)
  * add unit tests for results.go (#368)
  * Improve exit docs and add No vulns found to output (#373)
  * Update exit docs (#375)
  * chore(deps): update github/codeql-action action to v2.3.3
    (#372)
  * chore(deps): update golang:alpine docker digest to 913de96
    (#305)
  * fix: handle cyclical `-r`s in `requirements.txt` (#366)
  * fix: don't panic on empty  files (#367)
  * fix(deps): update osv-scanner minor (#327)
  * Update spdx to 0.5.0 (#365)
  * Update pkg/osv to allow overriding the http client / transport.
    (#357)
  * chore(deps): update github/codeql-action action to v2.3.2
    (#363)
  * Enable osvVulnerabilityAlerts (#362)

- Update to version 1.3.2:
  * Fix sbom scanning code (#360)
  * 1.3.2 Release (#359)
  * Refactor reporter to interfaces (#345)
  * Update all minor dependencies without spdx (#358)
  * chore(deps): update workflows (#334)
  * Better SBOM documentation and error message (#349)
  * Move a specific regex to static variable (#346)
  * chore(deps): update dependency jekyll-feed to v0.17.0 (#328)
  * chore(deps): bump nokogiri from 1.14.1 to 1.14.3 in /docs
    (#338)
  * chore(deps): bump commonmarker from 0.23.8 to 0.23.9 in /docs
    (#337)
  * SBOM parsing improvements. (#339)
  * Make the reporter public (#341)
  * Set `skip-pkg-cache: true` for golangci-lint (#340)
  * Support PNPM v6+ Lockfile (#325)
  * chore(deps): update alpine:3.17 docker digest to 124c7d2 (#326)
  * Call analysis note fixed.  (#331)
  * Add configs to ignore test vulnerabilities (#329)

- Update to version 1.3.1:
  * Release 1.3.1 changelog (#321)
  * chore(deps): update ossf/scorecard-action action to v2.1.3
    (#322)
  * Add nil check to CycloneDX enumeration (#320)

- Update to version 1.3.0:
  * Update changelog and version for v1.3.0 (#316)
  * chore(deps): update workflows (#314)
  * fix(deps): update osv-scanner minor (#313)
  * Update workflows to compositing, so that goreleaser workflow
    can run them. (#315)
  * Fix workflow (#311)
  * Fix some issues with the model. (#312)
  * Improve the OSV models to allow for 3rd party use of the
    library. (#310)
  * Adds concurrency to hydration requests (#304)
  * Make `IgnoredVulns` also ignore aliases (#300)
  * fix(deps): update osv-scanner minor (#306)
  * chore(deps): update actions/setup-go action to v4 (#308)
  * chore(deps): update workflows (#307)
  * Run tests before release (#301)
  * chore(deps): bump activesupport from 7.0.4.2 to 7.0.4.3 in
    /docs (#302)
  * Pin lint action (#299)
  * fix(deps): update osv-scanner minor (#288)
  * fix: support Pipenv develop packages without versions. (#297)
  * Set version in source code (#295)
  * Prevent `.gitignore` files from interfering with tests (#292)
  * fix: trim leading zeros off when comparing numerical components
    in Maven versions (better) (#285)
  * fix: avoid infinite loops parsing Maven poms with syntax errors
    (#294)
  * Check if PURL is valid before adding it to queries (#291)
  * Renovate bot ignore vulns package (#289)
  * chore(deps): update workflows (#287)
  * fix: trim leading zeros off when comparing numerical components
    in Maven versions (#279)
  * Adding call graph info back in (#284)
  * Update Colors for Accessibility (#278)
  * Removed call graph analysis for now. (#282)
  * Remove "working doc" concept (#275)
  * feat: improved error message when pom dependency version not
    found (#253)
  * Add tags and point people to slsa-verifier (#265)
  * ci: harden permissions (#269)
  * Run on merge queue (#272)
  * fix: properly handle comparing zero versions in Maven (#267)
  * chore: add `.editorconfig` file (#266)
  * fix(deps): update osv-scanner minor (#270)
  * Renovate bot use ignorePaths instead for fixtures (#264)
  * test: update case with new advisory (#268)
  * fix: deduplicate packages that appear multiple times in
    `Pipenv.lock` files (#261)
  * feat: support `-r` flag in `requirements.txt` files (#260)
  * chore(deps): update workflows (#242)
  * fix: avoid panic when parsing `file:` dependencies in `pnpm`
    lockfiles (#259)
  * More specific cyclone dx parsing (#258)
  * Parse nested CycloneDX components correctly (#251)
  * fix: support yarn locks with quoted properties (#250)
  * Update renovate.json (#248)
  * fix(deps): update golang.org/x/exp digest to c95f2b4 (#241)
  * govulncheck integration (#198)
  * Create draft release first in goreleaser (#236)
  * Adding additional installation instructions (#235)

- Update to version 1.2.0:
  * Changelog update for v1.2.0 (#233)
  * Moving Working Docs to Current (#234)
  * Update the output docs, make logo a lot bigger, make page slightly wider (#226)
  * Upgrade to yaml v3 (#231)
  * ParseAs for dpkg-status (#229)
  * Update analytics for documentation. (#230)
  * chore(deps): update docker/setup-buildx-action digest to f03ac48 (#223)
  * fix(deps): update osv-scanner minor (#225)
  * chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 (#222)
  * chore(deps): update dependency http_parser.rb to "~> 0.8.0" (#224)
  * fix: ensure that vulnerability results are ordered deterministically (#220)
  * test: ensure case names match function under test (#228)
  * Nits  - APK installed optimizations (#227)
  * Support for DPKG (Debian) parser (#168)
  * feat: support `dependencyManagement` in Maven poms (#221)
  * Google analytics added. (#215)
  * Console formatting changes
  * Documentation Style Improvements (#211)
  * fixed broken link (#210)
  * Documentation moved to github page.
  * Minor changes for gitignore parsing (#208)
  * Improve gitignore parsing (#206)
  * fix(deps): update osv-scanner minor (#205)
  * chore(deps): update github/codeql-action action to v2.2.4 (#204)
  * Move instructions to Usage (#197)
  * Make scanner respect .gitignore files (#191)
  * feat: support specifying what parser to use in `--lockfile` (#94)
  * fix: add missing toml tags to struct (and update linter) (#190)
  * fix(deps): update golang.org/x/exp digest to 98cc5a0 (#188)
  * fix(osv-query): omit SourceInfo from JSON marshaling (#185)
  * test: remove nonsense case and correct names (#187)
  * Update readme usage section (#171)
  * chore(deps): update docker/login-action action to v2 (#148)
  * fix(deps): update osv-scanner minor (#147)
  * Support SPDX 2.3 (#178)
  * chore(deps): update workflows (#172)
  * feat: Render output as a markdown table for use in github comments (#156)
  * APK: fix test function (#180)
  * Log number of packages scanned from SBOMs. (#179)
  * Make OSV api public (#167)
  * Add experimental comment (#173)
  * fix: exit with generic non-zero code when there is a general error (#161)
  * fix: reuse app-level writer and err writers in `VersionPrinter` (#166)
  * chore(deps): update github/codeql-action action to v2.1.39 (#159)
  * test: add cases for `semantic.MustParse` (#160)
  * feat: create `--format` flag (#158)
  * golangci checks in github action, and fixes initial linter issues (#149)
  * test: add case for `--version` flag (#162)
  * chore: remove duplicated generators (#157)
  * - add conan.lock to the list (#59)
  * Fix endpoint typo (#152)
  * feat: add `semantic` package (#92)
  * Adding re-try for getting a Vuln for the given ID (#141)
  * chore(deps): update github/codeql-action action to v2.1.38 (#146)
  * chore: adjust comment to match type name (#143)
  * Mention Pipfile.lock support in changelog. (#140)
  * Fix link to GitHub issues (#139)

- Update to version 1.1.0:
  * Fix goreleaser permissions (#138)
  * v1.1.0 release PR (#137)
  * fix(deps): update osv-scanner minor (#79)
  * Temporarily disable alpine package scanning (#136)
  * Move tests from cloudbuild to gh actions (#135)
  * Use short url in scanner output (#134)
  * chore(deps): update workflows (#78)
  * Update readme and add changelog (#133)
  * fix: use correct ecosystem for NuGet (#132)
  * Do not highlight borders of result table (#131)
  * Add contributing file (#130)
  * Update README.md (#127)
  * docs: describe build process (#109)
  * Add gomodtidy after renovate updates (#120)
  * Make lint trigger same as others (#125)
  * Minor documentation updates. (#121)
  * Add support for Alpine Linux /lib/apk/db/installed (Resolves #72) (#107)
  * feat: add docker publish method (#70)
  * Add Pipenv lockfile support (Resolves #71) (#66)
  * Lint readme (#100)
  * Have renovate-bot label its PRs as it does with osv.dev (#116)
  * [pkg] implement NuGet ecosystem parser (#98)
  * Update github.com/spdx/gordf dependency to fix 32 bit support (#104)
  * test: update spec case and adjust assertion message (#99)
  * fix: ensure that files are closed when they're no longer needed (#106)
  * Fix lockfile example syntax (#103)
  * docs: add homebrew installation note (#89)

- add build parameters, so 'osv-scanner --version' shows proper version,
  build date and the release tag as commit

- Update to version 1.0.2:
  * shorten affected package to package (#90)
  * Move table columns so that the important column is displayed first (#87)
  * Add blog post link to README (#84)
  * Minor updates to install instruction title (#80)
  * Added installation instructions for Scoop (#68)
  * Update README.md (#77)
  * Fix readme anchor link. (#76)
  * Update README.md (#58)
  * Add disclaimer on Debian scanning. (#65)
  * Add gradle lockfile support (#46)

- new package osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev