Stage/vuls - vuls - Gitea: Git with a cup of tea

Stage/vuls

Author	SHA1	Message	Date
dependabot[bot]	0fa09e1517	chore(deps): bump github.com/emersion/go-smtp from 0.21.1 to 0.21.2 (#1918 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.21.1 to 0.21.2. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.21.1...v0.21.2) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-14 10:51:15 +09:00
MaineK00n	ef2be3d6ea	feat(detect/redhat): detect unpatched vulnerabilities with oval, stop using gost (#1907 ) * feat(oval/redhat): detect not fixed package * feat(gost/redhat): stop using to detect unpatched vulnerabilities v0.25.3	2024-05-10 17:32:40 +09:00
dependabot[bot]	827f2cb8d8	chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#1910 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0. - [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-08 07:10:05 +09:00
dependabot[bot]	4cb4ec4dda	chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#1909 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.14.0 to 0.15.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-08 03:04:23 +09:00
dependabot[bot]	81f3d5f3bd	chore(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10 (#1908 ) Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.9 to 1.3.10. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.9...v1.3.10) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-08 02:30:02 +09:00
MaineK00n	f3f667138d	feat(ubuntu): add 24.04 noble (#1878 )	2024-05-02 16:56:42 +09:00
dependabot[bot]	bca59ff85f	chore(deps): bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 (#1903 ) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.3 to 1.7.4. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.3...v1.7.4) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-30 15:04:15 +09:00
future-ryunosuketanai	3f98fbc82c	style(log) fix trivy scan page link (#1902 )	2024-04-25 19:20:42 +09:00
MaineK00n	73dc95f6b9	fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations (#1899 )	2024-04-23 16:30:33 +09:00
dependabot[bot]	04bdaabe6b	chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#1898 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-21 22:52:03 +09:00
Shunichi Shinohara	8f4025120d	(fix) Exclude dev dependencies from npm's package-lock.json and Fix Java DB download endpoint (#1893 ) * (fix) Exclude dev dependencies from npm's package-lock.json * chore(integration) update * choir(integration) add lib scan names to makefile * fix(javadb) add schema version only once	2024-04-17 17:23:57 +09:00
deferdeter	cfbe47bd99	chore: fix some typos in comments (#1897 ) Signed-off-by: deferdeter <deferdeter@outlook.com>	2024-04-16 19:14:00 +09:00
future-ryunosuketanai	a6cafabfb8	style(log) config.toml template docs url (#1894 ) * fix: config.toml template url * applied fixes to other places	2024-04-16 12:11:28 +09:00
dependabot[bot]	d1137ad1ca	chore(deps): bump github.com/emersion/go-smtp from 0.21.0 to 0.21.1 (#1896 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.21.0 to 0.21.1. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.21.0...v0.21.1) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-16 10:35:18 +09:00
dependabot[bot]	6181e1c4bb	chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#1890 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0. - [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-10 18:19:54 +09:00
dependabot[bot]	5f0abc971f	chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (#1891 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.18.0 to 0.19.0. - [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-04-10 17:56:53 +09:00
dependabot[bot]	3cdd2e10d0	chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 (#1888 ) * chore(deps): bump github.com/emersion/go-smtp from 0.20.2 to 0.21.0 Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.2 to 0.21.0. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.20.2...v0.21.0) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix(reporter/email): use DialStartTLS instead of StartTLS --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-04-05 17:41:41 +09:00
Konstantin Eremin	867bf63bb2	TLS insecure option adding (#1220 ) * TLS InsecureSkipVerify option added to sendMail * refactor(reporter/email): remove redundant if statement --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-04-05 13:12:47 +09:00
dependabot[bot]	5d5dcd5f41	chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 (#1885 ) * chore(deps): bump github.com/aquasecurity/trivy from 0.49.1 to 0.50.1 Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.49.1 to 0.50.1. - [Release notes](https://github.com/aquasecurity/trivy/releases) - [Changelog](https://github.com/aquasecurity/trivy/blob/main/goreleaser.yml) - [Commits](https://github.com/aquasecurity/trivy/compare/v0.49.1...v0.50.1) --- updated-dependencies: - dependency-name: github.com/aquasecurity/trivy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * refactor(cmd/report): use trivy default for trivy-java-db-repository default value --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-03-28 13:09:49 +09:00
dependabot[bot]	e25ec99968	chore(deps): bump github.com/aws/aws-sdk-go from 1.49.21 to 1.51.5 (#1881 ) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.49.21 to 1.51.5. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.49.21...v1.51.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> v0.25.2	2024-03-22 16:27:34 +09:00
future-ryunosuketanai	50580f6e98	feat(wpscan): support enterprise feature (#1875 ) * supported the enterprise version of wpscan * remove omitempty * fix struct pointer * Update detector/wordpress.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * add exploitdb to wpscan ref * unexport WpCveInfos, WpCveInfo, and References * unexport some wpscan struct and fix poc, exploit assign * change OffensiveSecurityType to wpscan * Update detector/wordpress.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-03-22 16:17:16 +09:00
MaineK00n	472df0e1b6	chore(deps): update dictionary modules (#1877 )	2024-03-22 16:10:50 +09:00
dependabot[bot]	7d5a47bc33	chore(deps): bump github.com/docker/docker (#1880 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.1+incompatible to 25.0.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.1...v25.0.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-21 13:22:24 +09:00
Shunichi Shinohara	99cf9dbccd	feat(detector/library): update JAR-like files' Name/Version in library list (#1874 ) * Update JAR-like files in library list * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-03-19 15:17:37 +09:00
MaineK00n	e1df74cbc1	fix(amazon): use major version for checking eol, security advisories (#1873 )	2024-03-18 16:13:54 +09:00
dependabot[bot]	426eb53af5	chore(deps): bump github.com/jackc/pgx/v5 from 5.5.1 to 5.5.4 (#1872 ) Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.5.1 to 5.5.4. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.5.1...v5.5.4) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-15 09:49:26 +09:00
dependabot[bot]	bda089b589	chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1871 ) Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-14 15:13:37 +09:00
dependabot[bot]	02d1f6f59e	chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1868 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0. - [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-12 04:02:19 +09:00
Shunichi Shinohara	75c1956635	fix(build): Change timeout to 60 minutes (#1867 ) v0.25.1	2024-03-11 10:08:51 +09:00
MaineK00n	b8320c05d2	fix(scanner): output all results even if all fail (#1866 ) v0.25.0	2024-03-07 22:07:32 +09:00
tk007	be7b9114cc	feat(PackageURL):add package URL for library scan result (#1862 ) * add: package url in model.Library * feat(trivy-to-vuls): add purl for library scan result * feat(scanner/library): add purl for lockfile scan result * fix: model.Library test * fix: trivy-to-vuls test data * fix: panic case to generate purl * fix: add blank line * fix: trivy-to-vuls for using Trivy version 0.49.0 or earlier * fix: remove comment * fix: remove print * fix: testcase for Package.Identifier does not exist version * fix: add blank line * fix: expected libs * fix: PackageURL -> PURL * fix: blank line	2024-03-07 16:21:15 +09:00
MaineK00n	bf14b5f61f	fix(detector): library.Scan move to detector (#1864 )	2024-03-06 16:59:06 +09:00
MaineK00n	dc496468b9	refactor(config): move syslogconf to config/syslog package (#1865 )	2024-03-05 18:11:45 +09:00
dependabot[bot]	54dae08f54	chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#1861 ) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-05 15:45:01 +09:00
Shunichi Shinohara	d1f9233409	Avoid to use sync.Once inside trivy javadb Updater (#1859 ) * Avoid to use once inside trivy javadb Updater Because detector package may be used as library-like way * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/javadb/javadb.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Avoid else if, unless necessary * go mod tidy * Add package comment --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-03-05 15:23:45 +09:00
dependabot[bot]	eed4328e2c	chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.2 (#1856 ) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.0 to 3.14.2. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.14.0...v3.14.2) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-28 16:38:43 +09:00
MaineK00n	05e0f05f5a	fix(ci): use go version of go.mod (#1858 )	2024-02-28 16:20:55 +09:00
Shunichi Shinohara	351cf4f712	Update trivy from 0.35.0 to 0.49.1 (#1806 ) * Update trivy 0.35.0->0.48.0 - Specify oras-go 1.2.4 in indirect dependencies docker/docker changes a part of its API at 24.0 - registry: return concrete service type · moby/moby@7b3acdf - `7b3acdff5d (diff-8325eae896b1149bf92c826d07fc29005b1b102000b766ffa5a238d791e0849bR18-R21)` oras-go 1.2.3 uses 23.0.1 and trivy transitively depends on docker/docker 24.y.z. There is a build error between oras-go and docker/dockr. - Update disabled analyzers - Update language scanners, enable all of them * move javadb init to scan.go * Add options for java db init() * Update scanner/base.go * Remove unused codes * Add some lock file names * Typo fix * Remove space character (0x20) * Add java-db options for integration scan * Minor fomartting fix * minor fix * conda is NOT supported by Trivy for library scan * Configure trivy log in report command too * Init trivy in scanner * Use trivy's jar.go and replace client which does almost nothing * mv jar.go * Add sha1 hash to result and add filepath for report phase * Undo added 'vuls scan' options * Update oras-go to 1.2.4 * Move Java DB related config items to report side * Add java db search in detect phase * filter top level jar only * Update trivy to 0.49.1 * go mod tidy * Update to newer interface * Refine lock file list, h/t MaineK00n * Avoid else clauses if possible, h/t MaineK00n * Avoid missing word for find and lang types, h/t MaineK00n * Add missing ecosystems, h/t MaineK00n * Add comments why to use custom jar analyzer, h/t MaineK00n * Misc * Misc * Misc * Include go-dep-parser's pares.go for modification * Move digest field from LibraryScanner to Library * Use inner jars sha1 for each * Add Seek to file head before handling zip file entry * Leave Digest feild empty for entries from pom.xml * Don't import python/pkg (don't look into package.json) * Make privete where private is sufficient * Remove duplicate after Java DB lookup * misc * go mod tidy * Comment out ruby/gemspec * misc * Comment out python/packaging * misc * Use custom jar * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/parse.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Missing changes in name change * Update models/github.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update models/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/base.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update scanner/trivy/jar/jar.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Don't import fanal/types at github.go * Rewrite code around java db initialization * Add comment * refactor * Close java db client * rename * Let LibraryScanner have java db client * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * Update detector/library.go Co-authored-by: MaineK00n <mainek00n.1229@gmail.com> * inline variable * misc * Fix typo --------- Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>	2024-02-28 14:25:58 +09:00
dependabot[bot]	d7e1e82299	chore(deps): bump go.etcd.io/bbolt from 1.3.8 to 1.3.9 (#1854 ) Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.8 to 1.3.9. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](https://github.com/etcd-io/bbolt/compare/v1.3.8...v1.3.9) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-27 09:57:43 +09:00
dependabot[bot]	6f63566b68	chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#1849 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-13 03:53:42 +09:00
MaineK00n	b9ebcf351b	fix(scanner/windows): support when default shell is powershell (#1844 ) v0.24.9	2024-02-02 15:42:43 +09:00
MaineK00n	7e91f5ef7e	fix(contrib/trivy): fix convert for src package (#1842 )	2024-02-02 15:35:05 +09:00
hiroka-wada	76267a54fc	delete: cab validation (#1843 ) Co-authored-by: wadahiroka <wadahiroka@wadahirokanoMBP.AirPort>	2024-02-01 12:58:33 +09:00
MaineK00n	ea84385c42	fix(scanner/macos): remove unnecessary error check (#1836 )	2024-01-31 05:33:47 +09:00
dependabot[bot]	d6589c2193	chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#1837 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-31 05:32:51 +09:00
dependabot[bot]	6e07103036	chore(deps): bump github.com/emersion/go-smtp from 0.20.1 to 0.20.2 (#1838 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.1 to 0.20.2. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.20.1...v0.20.2) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-31 05:32:32 +09:00
dependabot[bot]	b7e5bb2fbb	chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#1831 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.15.0 to 0.16.0. - [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.16.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-16 07:58:40 +09:00
dependabot[bot]	91ed76838e	chore(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 (#1833 ) Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.5.0 to 0.6.0. - [Commits](https://github.com/golang/sync/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-16 07:49:21 +09:00
Sinclair	098f3089dd	chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1829 )	2024-01-12 14:17:12 +09:00
dependabot[bot]	0e04d21bef	chore(deps): bump github.com/emersion/go-smtp from 0.20.0 to 0.20.1 (#1826 ) Bumps [github.com/emersion/go-smtp](https://github.com/emersion/go-smtp) from 0.20.0 to 0.20.1. - [Release notes](https://github.com/emersion/go-smtp/releases) - [Commits](https://github.com/emersion/go-smtp/compare/v0.20.0...v0.20.1) --- updated-dependencies: - dependency-name: github.com/emersion/go-smtp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-09 23:40:33 +09:00

1 2 3 4 5 ...

1470 Commits