Updating docs branch for GitHub action #725
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If [NuGet central package management](https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management) is enabled, V2 lock files will be generated when restoring projects. Check out [NuGet source](https://github.com/NuGet/NuGet.Client/blob/a59e64507383b64bcfbe9bf63b34aca946ab0da9/src/NuGet.Core/NuGet.Commands/PackagesLockFileBuilder.cs#L119-L128) for reference. Since version V2 is backward compatible with V1, the required change to support it is straightforward.
Issue #332 Non-default dependency groups are recorded in strings as per eco-system: - **Composer:** development dependencies in `packages-dev` - **Conan:** dependencies in `build-requires` and `python-requires` - **Maven:** `<scope/>` in `<dependency/>` - **npm:** `dev` and `optional` dependencies - **pipenv:** development dependencies in `develop` - **pnpm:** development dependencies with `dev` as true - **Poetry:** optional dependencies with `optional = true` - **Pubspec:** development dependencies marked with `dev` - **requirements.txt:** group of a dependency is the file name without the extension Reporters: - **table:** non-default groups are appended to the end of package name, for example: `abc (development)` - **json:** non-default group information in `dependencyGroups` --------- Co-authored-by: josieang <[email protected]> Co-authored-by: Gareth Jones <[email protected]> Co-authored-by: Mend Renovate <[email protected]>
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | golang | stage | digest | `70afe55` -> `feceecc` | --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: Xueqin Cui <[email protected]>
…s enabled simultaneously (#703) When --local-db or --offline flags are passed in the user expects no requests containing individual packages to be made to an external service.
Combine the 2 osv-scanner actions into one file. This is an example of what will be shown in the starter-workflows example, allowing us to have one starter-workflow that does both PR scanning and scheduled scanning. Ideally we can hide the skipped workflows, but that's not possible at the moment: https://github.com/orgs/community/discussions/18001
The current version makes osv-scanner unusable against SBOM generated by the latest version of CycloneDx/cdxgen
…han lockfile.Ecosystems (#705) Imports ecosystems from `models` package rather than `lockfile` for `internal/semantic`. --------- Co-authored-by: Rex P <[email protected]>
When I originally implemented `Reporter`, IDEs such as GoLand didn't support custom `Printf` functions so I stuck with plain methods and did the `fmt` formatting on the string; that's changed as of GoLand 2023.3 via [GO-5841](https://youtrack.jetbrains.com/issue/GO-5841) 🎉 Technically adding to `Reporter` is a breaking change but as covered [in this comment](#698 (comment)): > I believe there are no other implementations (at least public on github, from a quick code search) of this interface, and there are no good use cases for implementing this manually instead of using one of the preset implementations we provide. Either way I think it's better to land these ASAP to reduce the blast radius then to carry them around for possibly a lot longer - note that I'm not strictly against deprecating/removing `PrintText` and `PrintError` though I don't think there's a lot of value in keeping them. As penance, I've also added rich method comments for the interface. (having said that, since this is a breaking change already maybe we should just remove `PrintText` and `PrintError` right now)
…rity] (#721) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) | `v5.10.1` -> `v5.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49568](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) ### Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to `v5.11`. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in `go-git` clients. Applications using only the in-memory filesystem supported by `go-git` are not affected by this vulnerability. This is a `go-git` implementation issue and does not affect the upstream `git` cli. ### Patches Users running versions of `go-git` from `v4` and above are recommended to upgrade to `v5.11` in order to mitigate this vulnerability. ### Workarounds In cases where a bump to the latest version of `go-git` is not possible, we recommend limiting its use to only trust-worthy Git servers. ## Credit Thanks to Ionut Lalu for responsibly disclosing this vulnerability to us. ### References - [GHSA-mw99-9chc-xw7r](https://togithub.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r) --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.11.0`](https://togithub.com/go-git/go-git/releases/tag/v5.11.0) [Compare Source](https://togithub.com/go-git/go-git/compare/v5.10.1...v5.11.0) #### What's Changed - git: validate reference names ([#​929](https://togithub.com/go-git/go-git/issues/929)) by [@​aymanbagabas](https://togithub.com/aymanbagabas) in [https://github.com/go-git/go-git/pull/950](https://togithub.com/go-git/go-git/pull/950) - git: stop iterating at oldest shallow when pulling. Fixes [#​305](https://togithub.com/go-git/go-git/issues/305) by [@​dhoizner](https://togithub.com/dhoizner) in [https://github.com/go-git/go-git/pull/939](https://togithub.com/go-git/go-git/pull/939) - plumbing: object, enable renames in getFileStatsFromFilePatches by [@​djmoch](https://togithub.com/djmoch) in [https://github.com/go-git/go-git/pull/941](https://togithub.com/go-git/go-git/pull/941) - storage: filesystem, Add option to set a specific FS for alternates by [@​pjbgf](https://togithub.com/pjbgf) in [https://github.com/go-git/go-git/pull/953](https://togithub.com/go-git/go-git/pull/953) - Align worktree validation with upstream and remove build warnings by [@​pjbgf](https://togithub.com/pjbgf) in [https://github.com/go-git/go-git/pull/958](https://togithub.com/go-git/go-git/pull/958) #### New Contributors - [@​dhoizner](https://togithub.com/dhoizner) made their first contribution in [https://github.com/go-git/go-git/pull/939](https://togithub.com/go-git/go-git/pull/939) - [@​djmoch](https://togithub.com/djmoch) made their first contribution in [https://github.com/go-git/go-git/pull/941](https://togithub.com/go-git/go-git/pull/941) **Full Changelog**: go-git/go-git@v5.10.1...v5.11.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
Adjusting docs to account for the new combined action. [Preview](https://hayleycd.github.io/osv-scanner/github-action/) --------- Signed-off-by: Hayley Denbraver <[email protected]> Co-authored-by: Rex P <[email protected]> Co-authored-by: Gareth Jones <[email protected]> Co-authored-by: Rex P <[email protected]>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
1 similar comment
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
another-rex
added a commit
that referenced
this pull request
Dec 28, 2023
](https://renovatebot.com){kind=link}
This reverts commit 26c82fa.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.