Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / google/osv-scanner issues and pull requests

#1199 - Docs

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 2 comments

#1198 - docs: merge v1.8.3 into docs

Pull Request - State: closed - Opened by andrewpollock 3 months ago

#1197 - docs: link to the Scorecard Report

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 1 comment

#1196 - Merge main branch into the docs branch

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 2 comments

#1195 - chore(deps): lock file maintenance

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 1 comment
Labels: dependencies

#1194 - fix: stop finding more parent pom if the path is empty

Pull Request - State: closed - Opened by cuixq 3 months ago - 1 comment

#1193 - refactor: move Maven utility to a separate package

Pull Request - State: closed - Opened by cuixq 3 months ago - 1 comment

#1192 - chore: add new vulnerability aliases to test snapshots

Pull Request - State: closed - Opened by michaelkedar 3 months ago - 1 comment

#1191 - feat(guided remediation): add `--upgrade-config` flag

Pull Request - State: closed - Opened by michaelkedar 3 months ago - 1 comment
Labels: guided remediation

#1190 - fix: unescape tabs before writing to pom.xml

Pull Request - State: closed - Opened by cuixq 3 months ago - 5 comments

#1189 - chore(deps): update dependency github-pages to v232

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 1 comment
Labels: dependencies

#1188 - chore(deps): update golang docker tag to v1.23.0

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 1 comment
Labels: dependencies

#1187 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 2 comments
Labels: dependencies

#1186 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 1 comment
Labels: dependencies

#1185 - chore: use the latest version of `golangci-lint`

Pull Request - State: closed - Opened by cuixq 3 months ago - 1 comment

#1184 - Unexpected diff when writing XML

Issue - State: open - Opened by cuixq 3 months ago - 4 comments
Labels: bug, guided remediation

#1183 - Handle special versioning of `com.google.guava:guava`

Issue - State: closed - Opened by cuixq 3 months ago
Labels: guided remediation

#1182 - feat: write Maven updates to parent pom.xml if possible

Pull Request - State: closed - Opened by cuixq 3 months ago - 1 comment

#1181 - docs(guided remediation): document override strategy for Maven remediation

Pull Request - State: open - Opened by michaelkedar 3 months ago - 2 comments
Labels: guided remediation, stale

#1180 - fix(guided remediation): error on `--data-source=native` for Maven

Pull Request - State: closed - Opened by michaelkedar 3 months ago
Labels: guided remediation

#1179 - Add go vet rule to check whether we are using incompatible go features

Issue - State: open - Opened by another-rex 3 months ago - 1 comment
Labels: backlog

#1178 - chore: add PR title check to follow Git commit convention

Pull Request - State: closed - Opened by hogo6002 3 months ago - 1 comment

#1177 - Allow control over allowed individual package upgrade versions in non-interactive guided remediation

Issue - State: closed - Opened by michaelkedar 3 months ago - 2 comments
Labels: guided remediation

#1176 - ci(workflow): address address github.com/rhysd/actionlint findings

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 1 comment

#1175 - fix(workflow): correct permission name

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 2 comments

#1174 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 3 months ago - 2 comments
Labels: dependencies

#1173 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 3 months ago
Labels: dependencies

#1172 - docs: add conventional commits requirement

Pull Request - State: closed - Opened by hogo6002 3 months ago - 2 comments

#1171 - fix(workflow): Add explicit permissions

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 1 comment

#1170 - Guided Remediation for Gradle

Issue - State: closed - Opened by cuixq 3 months ago - 2 comments
Labels: guided remediation, stale, autoclosed

#1169 - Write updates to parent pom.xml as well

Issue - State: closed - Opened by cuixq 3 months ago
Labels: guided remediation

#1168 - fix: only trim XML elements with no inner elements

Pull Request - State: closed - Opened by cuixq 3 months ago - 3 comments

#1167 - Merge main branch into the docs branch

Pull Request - State: closed - Opened by hogo6002 3 months ago - 2 comments

#1166 - chore: update dependency `github.com/docker/docker`

Pull Request - State: closed - Opened by cuixq 3 months ago - 1 comment

#1165 - Label closed stale issues/PRs

Pull Request - State: closed - Opened by andrewpollock 3 months ago - 1 comment

#1164 - Fix snapshots

Pull Request - State: closed - Opened by another-rex 4 months ago

#1163 - chore(deps): update dependency wdm to "~> 0.2.0"

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 3 comments
Labels: dependencies

#1162 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 2 comments
Labels: dependencies

#1161 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 2 comments
Labels: dependencies

#1160 - feat: support fetching snapshot versions from a Maven registry

Pull Request - State: closed - Opened by cuixq 4 months ago - 2 comments

#1159 - Refactoring Maven manifest reading

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1158 - chore(deps-dev): bump rexml from 3.3.2 to 3.3.3 in /docs in the bundler group

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, ruby

#1157 - fix(workflow): add read permission to `osv-scanner-reusable.yml`

Pull Request - State: closed - Opened by hogo6002 4 months ago

#1156 - Update go policy and use stable go version for builds

Pull Request - State: closed - Opened by another-rex 4 months ago - 1 comment

#1155 - Is there a way to ignore all vulnerabilities for a given lockfile?

Issue - State: closed - Opened by ia0 4 months ago - 3 comments
Labels: enhancement

#1154 - chore(deps): bump the go_modules group across 3 directories with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 2 comments
Labels: dependencies, go

#1151 - Do not attempt to remediate vulnerabilities in Maven artifacts that have defined `<classifier>` or `<type>`

Pull Request - State: closed - Opened by michaelkedar 4 months ago - 2 comments
Labels: guided remediation

#1150 - Add changelog for v1.8.3

Pull Request - State: closed - Opened by hogo6002 4 months ago - 2 comments

#1149 - Handle Maven parent relative path

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1148 - Increase frequency of staleness runs

Pull Request - State: closed - Opened by andrewpollock 4 months ago - 1 comment

#1147 - Improve Maven manifest updater

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1146 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 2 comments
Labels: dependencies

#1145 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1144 - chore(deps): update golang:1.22.5-alpine3.19 docker digest to 48aac60

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1143 - chore(deps): update alpine:3.20 docker digest to 0a4eaa0

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1142 - OSV scalibr interface

Pull Request - State: closed - Opened by another-rex 4 months ago

#1141 - Guided Remediation for Maven pom.xml

Issue - State: open - Opened by michaelkedar 4 months ago - 1 comment
Labels: guided remediation

#1140 - Add Maven dependency management to override client

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1138 - Composer version not always a string

Issue - State: open - Opened by 3asm 4 months ago - 7 comments
Labels: bug

#1137 - Tests fail if /etc/alpine-release exists

Issue - State: open - Opened by kpcyrd 4 months ago - 2 comments
Labels: bug, backlog

#1136 - feat(guided remediation): add non-interactive Maven remediation by override

Pull Request - State: closed - Opened by michaelkedar 4 months ago - 2 comments
Labels: guided remediation

#1135 - Exempt backlog label from stale treatment

Pull Request - State: closed - Opened by andrewpollock 4 months ago - 1 comment

#1134 - Add original manifest to Maven ManifestPatch

Pull Request - State: closed - Opened by michaelkedar 4 months ago - 1 comment

#1133 - Reflect Go 1.21.12 change more broadly

Pull Request - State: closed - Opened by andrewpollock 4 months ago - 2 comments

#1132 - chore(deps-dev): bump rexml from 3.3.1 to 3.3.2 in /docs in the bundler group

Pull Request - State: closed - Opened by dependabot[bot] 4 months ago - 1 comment
Labels: dependencies, ruby

#1131 - ci: don't mark v2 wishlished issues as stale

Pull Request - State: closed - Opened by G-Rath 4 months ago - 1 comment

#1130 - chore(deps): lock file maintenance

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1129 - Support conda environment files as lockfiles

Issue - State: open - Opened by maaaaz 4 months ago - 2 comments
Labels: enhancement, backlog

#1128 - Crucial bug: osv-scanner does not detect known malicious package in lockfiles

Issue - State: open - Opened by maaaaz 4 months ago - 1 comment
Labels: bug

#1127 - Support snapshot artifacts when fetching Maven parent POMs

Issue - State: closed - Opened by Malayke 4 months ago - 8 comments
Labels: enhancement

#1126 - Bump goreleaser build version to 1.22.

Pull Request - State: closed - Opened by another-rex 4 months ago - 2 comments

#1125 - Workflow for stale issue and PR management

Pull Request - State: closed - Opened by andrewpollock 4 months ago - 1 comment

#1124 - Support ignoring a package only from license scanning

Issue - State: closed - Opened by shahar-h 4 months ago - 2 comments
Labels: enhancement

#1123 - issue when running osv-scanner on project running with golang 1.22

Issue - State: closed - Opened by felangga 4 months ago - 3 comments

#1122 - maven dependency but no version

Issue - State: closed - Opened by jsqfengbao 4 months ago - 5 comments
Labels: question

#1121 - Support a --no-resolve flag to avoid resolving transitive dependencies during scanning

Issue - State: closed - Opened by jsqfengbao 4 months ago - 10 comments
Labels: enhancement, backlog

#1120 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 2 comments
Labels: dependencies

#1119 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1117 - Set the original requirement in patches from suggest

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1116 - fix: ensure that `semantic` is passed a valid `models.Ecosystem`

Pull Request - State: closed - Opened by G-Rath 4 months ago - 1 comment

#1114 - Update docs: test dependencies not in the resolved graph

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1113 - Sort dependencies before writing to pom.xml

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1112 - Fix the wrong dependencies/dependency tags

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1111 - Dockerfile is not working when I run it after building it

Issue - State: closed - Opened by m8nt0 4 months ago - 1 comment
Labels: question

#1110 - refactor: update linter and address minor violations

Pull Request - State: closed - Opened by G-Rath 4 months ago - 1 comment

#1109 - Bump go mod min version

Pull Request - State: closed - Opened by another-rex 4 months ago

#1108 - Activate profiles before merging parent

Pull Request - State: closed - Opened by cuixq 4 months ago - 2 comments

#1107 - Fix npm grouping

Pull Request - State: closed - Opened by another-rex 4 months ago - 1 comment

#1106 - Add changelog for v1.8.2

Pull Request - State: closed - Opened by another-rex 4 months ago - 1 comment

#1105 - Add a dependency to pom.xml if it is not from the base project

Pull Request - State: closed - Opened by cuixq 4 months ago - 1 comment

#1104 - Move sbom to internal, and add standard output tests

Pull Request - State: closed - Opened by another-rex 4 months ago - 2 comments

#1103 - chore(deps): lock file maintenance

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1102 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 2 comments
Labels: dependencies

#1101 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies

#1100 - chore(deps): update golang docker tag to v1.22.5

Pull Request - State: closed - Opened by renovate-bot 4 months ago - 1 comment
Labels: dependencies