2.28.5

What's Changed

• build(deps): bump golang.org/x/net from 0.5.0 to 0.17.0 by @RTann in #1277

Full Changelog: 2.28.4...2.28.5

2.31.0

What's Changed

• Bump google.golang.org/api from 0.125.0 to 0.127.0 by @dependabot in #1196
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #1195
• fix: Expected fixedby version for sandbox-dotnet-60-runtime by @dcaravel in #1201
• Bump github.com/golangci/golangci-lint from 1.53.2 to 1.53.3 in /tools/linters by @dependabot in #1197
• Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #1198
• Bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot in #1199
• Bump google.golang.org/api from 0.127.0 to 0.128.0 by @dependabot in #1200
• Bump github.com/containers/image/v5 from 5.25.0 to 5.26.0 by @dependabot in #1204
• Improve FixedBy assertion by @jvdm in #1207
• Bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot in #1203
• Bump google.golang.org/api from 0.128.0 to 0.129.0 by @dependabot in #1202
• Bump golang.org/x/sys from 0.9.0 to 0.10.0 by @dependabot in #1210
• Bump github.com/containers/image/v5 from 5.26.0 to 5.26.1 by @dependabot in #1209
• Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 by @dependabot in #1208
• ROX-18001: add drools CPE for CVE-2021-41411 by @dcaravel in #1205
• bump docker-registry-client by @RTann in #1206
• Bump go.uber.org/ratelimit from 0.2.0 to 0.3.0 by @dependabot in #1213
• Bump google.golang.org/grpc from 1.56.1 to 1.56.2 by @dependabot in #1215
• Bump google.golang.org/api from 0.129.0 to 0.131.0 by @dependabot in #1216
• return err when version conversion fails by @daynewlee in #1212
• ci(e2e): update .NET vulns by @RTann in #1218
• ROX-18001: update timestamp for manual drools entry by @dcaravel in #1211
• Bump google.golang.org/api from 0.131.0 to 0.132.0 by @dependabot in #1221
• Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #1225
• Bump google.golang.org/api from 0.132.0 to 0.133.0 by @dependabot in #1226
• chore(deps): bump docker-registry-client by @RTann in #1217
• ROX-17114: Fix misattribution of Java versions when there are multiple matching lines by @connorgorman in #1224
• Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 by @dependabot in #1228
• Bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #1230
• Bump google.golang.org/api from 0.133.0 to 0.134.0 by @dependabot in #1229
• ROX-18202: Fix language layer error due to unique constraint by @connorgorman in #1223
• Bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot in #1231
• Bump github.com/containers/image/v5 from 5.26.1 to 5.27.0 by @dependabot in #1233
• Bump google.golang.org/api from 0.134.0 to 0.136.0 by @dependabot in #1232
• e2e: misc test updates by @RTann in #1234
• Bump google.golang.org/api from 0.136.0 to 0.137.0 by @dependabot in #1239
• Bump github.com/golangci/golangci-lint from 1.53.3 to 1.54.1 in /tools/linters by @dependabot in #1240
• Bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 by @dependabot in #1238
• ROX-19096, ROX-19098, ROX-19099: add various OS support by @RTann in #1235
• Take runtime.GOARCH into account for list manifests by @connorgorman in #1237
• fix: do not skip NVD vulns with just CVSSv3 by @RTann in #1236
• Bump google.golang.org/api from 0.137.0 to 0.138.0 by @dependabot in #1242
• Bump honnef.co/go/tools from 0.4.3 to 0.4.5 in /tools/linters by @dependabot in #1244
• ROX-19024: Remove RHCOS FF by @Maddosaurus in #1245
• Update Genesis Dump by @RTann in #1246
• chore: log requests upon retrieval by @RTann in #1140
• Bump github.com/golangci/golangci-lint from 1.54.1 to 1.54.2 in /tools/linters by @dependabot in #1243

Full Changelog: 2.30.0...2.31.0

2.29.5

Full Changelog: 2.29.4...2.29.5

2.30.2

Full Changelog: 2.30.0...2.30.2

2.30.0

What's Changed

• ROX-16421: support OCI image index media type by @RTann in #1154
• Bump google.golang.org/api from 0.115.0 to 0.117.0 by @dependabot in #1157
• Bump github.com/containers/image/v5 from 5.24.2 to 5.25.0 by @dependabot in #1156
• Bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible by @dependabot in #1158
• RHSA-2023:1655 fixed-by version update by @daynewlee in #1159
• increase MAX_GCS_OBJECT_AGE_SECONDS by @daynewlee in #1160
• Bump google.golang.org/api from 0.117.0 to 0.118.0 by @dependabot in #1163
• Bump github.com/lib/pq from 1.10.7 to 1.10.8 by @dependabot in #1162
• Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 by @dependabot in #1161
• Bump google.golang.org/api from 0.118.0 to 0.119.0 by @dependabot in #1165
• Bump google.golang.org/api from 0.119.0 to 0.120.0 by @dependabot in #1166
• go1.20.3 by @RTann in #1167
• Update e2e Jenkins FixedBy version to 4.10.1681719745-1.el8 by @dcaravel in #1168
• Bump github.com/lib/pq from 1.10.8 to 1.10.9 by @dependabot in #1169
• Bump google.golang.org/api from 0.120.0 to 0.122.0 by @dependabot in #1172
• Bump golang.org/x/sys from 0.7.0 to 0.8.0 by @dependabot in #1171
• Bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 by @dependabot in #1170
• Fixed fixedby version for RHSA-2023:2523 by @daynewlee in #1174
• Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1175
• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1176
• update dependabot reviewers to scanner team by @RTann in #1173
• Bump google.golang.org/grpc from 1.54.0 to 1.55.0 by @dependabot in #1177
• ROX-13770: Introduce local Node Scanner by @Maddosaurus in #1164
• Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 by @dependabot in #1178
• UBI 8.8 by @RTann in #1179
• Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 by @dependabot in #1185
• Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 by @dependabot in #1186
• Bump google.golang.org/api from 0.122.0 to 0.124.0 by @dependabot in #1187
• go1.20.4 by @RTann in #1181
• Bump google.golang.org/api from 0.124.0 to 0.125.0 by @dependabot in #1188
• Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 by @dependabot in #1189
• Reduce scanning time and memory pressure by disabling active vuln mgmt by @connorgorman in #1190
• Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #1192
• Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.2 in /tools/linters by @dependabot in #1191
• fix: Expected fixedby version for jenkins-2-plugins by @jvdm in #1193
• Genesis Dump Update by @RTann in #1194

Full Changelog: 2.29.0...2.30.0

2.29.4

What's Changed

• go1.19.9 by @RTann in #1182

Full Changelog: 2.29.3...2.29.4

2.28.4

What's Changed

• go1.19.9 by @RTann in #1183

Full Changelog: 2.28.3...2.28.4

2.27.8

What's Changed

• go1.19.9 by @RTann in #1184

Full Changelog: 2.27.7...2.27.8

2.29.2

Full Changelog: 2.29.1...2.29.2

2.29.0

What's Changed

• ROX-12238: Add node analysis package by @jvdm in #911
• Do not analyze language vulns unless the feature is enabled by @jvdm in #924
• Refactor common detection function to its own package by @jvdm in #926
• Update style checks by @RTann in #902
• Statically build scanner by @connorgorman in #918
• CI: Continue even with GitHub comment error by @RTann in #933
• Copy over stackrox/stackrox#3032 by @RTann in #931
• ROX-12226: Fetch RHELv2 unpatched CVE components resolution status and store them in scanner db by @daynewlee in #935
• Minor updates for #911 by @RTann in #936
• Bump google.golang.org/api from 0.95.0 to 0.96.0 by @dependabot in #938
• Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #932
• Fix local deployment by @RTann in #942
• RHBA-2022:5747 CVSSv3 update by @RTann in #939
• Update docker-entrypoint.sh to match latest version by @RTann in #940
• Update go.mods to 1.18 by @RTann in #944
• ROX-12556: Always initialize from scratch by @RTann in #941
• ROX-12735: add automation to enter new community PRs to OSS Triage board automatically by @tommartensen in #946
• update .editorconfig for protobufs by @RTann in #945
• Bump cloud.google.com/go/storage from 1.26.0 to 1.27.0 by @dependabot in #948
• Bump google.golang.org/api from 0.96.0 to 0.98.0 by @dependabot in #949
• Bump github.com/quay/goval-parser from 0.8.7 to 0.8.8 by @dependabot in #950
• Update stackrox/stackrox dependency by @RTann in #947
• fix resolution state for packages with modules by @RTann in #937
• fix tag used for hourly CI runs by @RTann in #954
• Use http consts for HTTP methods by @dhaus67 in #958
• Update stackrox dependency by @RTann in #959
• Use ROX_SCANNER_DB_INIT env var in ScannerDB initContainer by @RTann in #960
• Bump github.com/containers/image/v5 from 5.20.0 to 5.23.0 by @dependabot in #962
• Update osrelease and redhatrelease detectors to detect Rocky Linux as… by @msierks in #745
• Pass correct arguments to tar when creating db bundle by @vladbologa in #964
• CI: Fix missing CLUSTER_NAME by @gavin-stackrox in #972
• Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in #969
• Bump github.com/opencontainers/image-spec from 1.1.0-rc1 to 1.1.0-rc2 by @dependabot in #970
• Bump google.golang.org/grpc from 1.49.0 to 1.50.0 by @dependabot in #971
• Update github.com/knqyf263/go-rpm-version dependency by @RTann in #976
• Bump google.golang.org/api from 0.98.0 to 0.99.0 by @dependabot in #978
• ROX-12577 Scanner: load Istio dump by @daynewlee in #955
• e2e: Update (asp|dot)net fixedby version by @RTann in #982
• ROX-12350: Detect CVE-2022-22978 by @RTann in #930
• CI: gate "upload-db-dump" for tag by @RTann in #979
• CI: Cleanup dangling processes by @RTann in #980
• Bump hashstructure to v2 by @RTann in #977
• Deprecate RHELv2PackageInfo by @RTann in #928
• Bump google.golang.org/grpc from 1.50.0 to 1.50.1 by @dependabot in #985
• Bump google.golang.org/api from 0.99.0 to 0.100.0 by @dependabot in #986
• Make gRPC service structs forward-compatible by embedding Unimplemented.. types by @misberner in #987
• Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #990
• Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in #988
• ROX-10613: Use ubi-minimal for scanner-db by @janisz in #956
• Bump google.golang.org/api from 0.100.0 to 0.101.0 by @dependabot in #989
• fix E2E tests based on vuln updates by @RTann in #991
• Replace uses of *zip.ReadCloser with *zip.Reader when Close is not used by @RTann in #992
• Bump GKE provisioning timeout by @RTann in #995
• e2e: Test openssl vulns in RHEL 9 by @RTann in #998
• manually add CVE-2022-3602 and CVE-2022-3786 for ubuntu:22.04 by @RTann in #997
• ROX-13136: Added suport for ubuntu 22.10 by @ksurabhi91 in #996
• CI: Switch to containerd for k8s v1.23 support by @RTann in #1002
• Replace CVE-2022-3602 and CVE-2022-3786 with RHSA-2022:7288 for RHEL 9 and rescore CVE-2022-3602 by @RTann in #1001
• manually add CVE-2022-3602 and CVE-2022-3786 for ubuntu:22.10 by @RTann in #1000
• ROX-13348: Update offline dump source by @RTann in #1005
• Bump google.golang.org/api from 0.101.0 to 0.103.0 by @dependabot in #1007
• Bump github.com/ckaznocha/protoc-gen-lint from 0.2.4 to 0.3.0 by @dependabot in #1009
• Bump cloud.google.com/go/storage from 1.27.0 to 1.28.0 by @dependabot in #1008
• Bump ubi8-minimal from 8.6 to 8.7 by @janisz in #1010
• ROX-13435: fix RHELv2 updates by @RTann in #1012
• e2e: update fixedBy version for freetype in RHEL 8 by @RTann in #1011
• Add Istio request handler and business logics for fetching Istio CVEs by @daynewlee in #984
• Remove TODO in ubuntu:22.04 E2E test by @RTann in #1003
• Minor update for Istio scanning by @daynewlee in #1013
• ROX-12784: fix unpatched OpenShift 4 vulnerability detection by @RTann in #1006
• Generate new genesis dump by @RTann in #1015
• Bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 by @dependabot in #1018
• Bump github.com/containers/image/v5 from 5.23.0 to 5.23.1 by @dependabot in #1016
• fix release tagging by @RTann in #1020
• e2e: CVE-2022-30945 rescore by @RTann in #1019
• Support following absolute symlinks for node analysis by @RTann in #1014
• e2e: update jenkins-2-plugins fixedby version by @RTann in #1021
• remove user from slack notification by @RTann in #1022
• Bump google.golang.org/grpc from 1.50.1 to 1.51.0 by @dependabot in #1023
• Bump cloud.google.com/go/storage from 1.28.0 to 1.28.1 by @dependabot in #1030
• Update Scanner/ScannerDB certs by @RTann in #1031
• test updated repository-to-cpe.json format by @RTann in #1034
• remove env isolator by @RTann in #1035
• remove timeutil package by @RTann in #1036
• Bump google.golang.org/api from 0.103.0 to 0.105.0 by @dependabot in #1037
• ROX-14082: Create test files and symlinks from code by @msugakov in #1039
• ROX-12967: Fix RHCOS detection and namespace generation by @Maddosaurus in #1026
• fix apple silicon local scanner build by @dcaravel in #1038
• Bump github.com/go-git/go-billy/v5 from 5.3.1 to 5.4.0 by @dependabot in #1041
• ROX-13627: Extend GetNodeVulnerabilities API by supporting Node Inventory by @vikin91 in #1004
• ROX-14035: only read file if within given root by @RTann in #1...