Releases: owasp-dep-scan/dep-scan
Releases · owasp-dep-scan/dep-scan
Release v5.3.2
What's Changed
- Added generic cdxgen_args that can be passed as an environment variable or argument to depscan itself. by @deleterepo in #292
- Update cdxgen to bring go purl compatibility fixes by @prabhu in #297
Full Changelog: v5.3.1...v5.3.2
Release v5.3.1
Release v5.3.0
From this release, deprecated packages would always get flagged regardless of the score with risk audit. For PyPI, we look for couple of strings in the description since not every vendor follows the procedure to yank
the packages correctly.
Full Changelog: v5.2.15...v5.3.0
Release v5.2.15
Release v5.2.14
Update cdxgen to bring dotnet packages.lock.json fix
Full Changelog: v5.2.13...v5.2.14
Release v5.2.13
Fix cdxgen version in container image to 10.2.5
What's Changed
- backport: Add pyproject.nix flake by @Quince-Pie in #278
Full Changelog: v5.2.12...v5.2.13
Release v5.2.12
What's Changed
- fixing keyerror in version and purl by @almaz045 in #266
- Added more alias for js audit by @prabhu in #267
- backport: Add compatibility for future oras releases by @Quince-Pie in #272
Full Changelog: v5.2.11...v5.2.12
Release v5.2.11
What's Changed
Full Changelog: v5.2.10...v5.2.11
Release v5.2.10
What's Changed
- Handle zero scores from npm with vdb 5.6.3 by @prabhu in #258
- Fixes #259 by ignoring pysec feeds with matching github advisory id
Full Changelog: v5.2.9...v5.2.10
Release v5.2.9
What's Changed
Full Changelog: v5.2.8...v5.2.9