chore(deps): Update dependency scanoss to v1.54.1#377
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.25.2→1.54.1Release Notes
scanoss/scanoss.py (scanoss)
v1.54.1Compare Source
Fixed
settings.skip.patterns.fingerprinting(andsettings.skip.sizes.fingerprinting) are now applied to the fingerprinting operation (wfpcommand). Previously the fingerprinting code path always read thescanningsection, so fingerprinting-specific skip rules were silently ignored.!) skip patterns being ignored when combined with a broad root pattern. A pattern such as["/*", "!/game"]matched the scan root itself and pruned the entire tree before the negation could re-include anything, so nothing was ever kept. The scan root is no longer treated as a candidate for exclusion.v1.54.0Compare Source
Added
--scan-rootto specify the scan root to load scanoss.json from (Commands:scan,wfp,dependencies,folder-scan,folder-hash)--scan-rootif specified) 3. CWD)v1.53.2Compare Source
Fixed
Changed
Retry-Afterheader on HTTP 429/503 responses, retrying with backoff (capped at 60s) instead of aborting immediately on the first 503v1.53.1Compare Source
Added
--apiurloption to thefolder-scancommand to configure a custom SCANOSS API base URL (consistent with thescancommand)Changed
--rank-thresholdfor thefolder-scan/fscommand from5to9, so valid components with ranks 6-9 are no longer filtered out by defaultv1.53.0Compare Source
Added
--files-from)v1.52.1Compare Source
Fixed
--format spdxlite)externalRefswithreferenceCategory: SECURITYreferenceType: cpe23Type; legacycpe:/...andcpe:2.2:...usecpe22Typev1.52.0Compare Source
Added
statussubcommand query tocomponentcommand to retrieve development life-cycle status:v1.51.1Compare Source
Fixed
fs) command--outputwith folder-scanv1.51.0Compare Source
Added
--format rawoption tofolder-scancommand to export HFH results in snippet-scanner JSON formatpath_id(deepest directory match wins)v1.50.1Compare Source
Fixed
bom.replacerules with alicensefield: the license is now applied to the replaced result instead of being silently droppedv1.50.0Compare Source
Fixed
requirementfield being lost during dependency decoration in scan commandextracted_requirementto strip redundant package name prefix (e.g.,gtest==1.17.0→1.17.0)v1.49.1Compare Source
Fixed
v1.49.0Compare Source
Fixed
--skip-headersincorrectly identifying continuation lines inside multi-line import blocksChanged
is_binarycheck to catchRuntimeErrorand default to treating the file as binaryv1.48.0Compare Source
Added
--apiurloption to all component subcommands (comp vulns,comp licenses,comp semgrep,comp provenance,comp search,comp versions) to allow overriding the default API base URLv1.47.0Compare Source
Added
settings.skip.patterns.dependenciesChanged
--grpc,--rest,--api2url, and--grpc-proxyCLI flags now cause an error if used (gRPC is no longer supported)v1.46.0Compare Source
Added
include,exclude,remove, andreplacerules"path": "src/vendor/") in addition to individual filesincludeentries are sent as identify context only for files under the matching folderexcludeentries are sent as blacklist context only for files under the matching folderreplace_withPURL to the scan context, improving server-side matchingsrc/vendor/andsrc/vendorare equivalent)Changed
SbomContextresolution viaScanossSettings.get_sbom_context()BomEntryfrom TypedDict to dataclass hierarchy withmatches_path(),matches_purl(), andprioritysupport_iter_wfp_filesgenerator to simplify WFP parsing inscan_wfp_file_threadedv1.45.1Compare Source
Fixed
--inputargument validation for inspect subcommands (copyleft, undeclared, license-summary, component-summary) by making it required at the argparse level instead of manual runtime checksv1.45.0Compare Source
Added
--min-snippet-hits- Minimum snippet hits required (0 defers to server config)--min-snippet-lines- Minimum snippet lines required (0 defers to server config)--ranking- Enable/disable result ranking (unset/true/false)--ranking-threshold- Ranking threshold value (-1 to 10, -1 defers to server config)--honour-file-exts- Honour file extensions during matching (unset/true/false)file_snippetsection to scanoss.json settings schema for configuring tuning parametersScanSettingsBuilderclass for merging CLI and settings file configurations with priority: CLI > file_snippet > root settingsv1.44.0Compare Source
Changed
--apiurlparameter to accept base URLs instead of full endpoint URLshttps://api.scanoss.cominstead ofhttps://api.scanoss.com/scan/direct/scan/directendpoint pathurllib.parsefor robust URL handling (ports, IPv6, encoded characters)SCANOSS_SCAN_URLenvironment variablev1.43.1Compare Source
Changed
--no-wfp-outputflag for backwards compatibility (deprecated, no effect)v1.43.0Compare Source
Changed
scanner_output.wfpfile--no-wfp-outputflag (no longer needed)v1.42.0Compare Source
Added
--skip-headersit will skip over copyright notices, import statements, comments, etc.--skip-headers-limitoption specifies the maximum number of lines to skip if required.v1.41.1Compare Source
componentsinstead ofpurlsfor vulnerability detection when converting to CycloneDX format in Folder Scanv1.41.0Compare Source
Added
--license-sources(-ls) option to copyleft inspection-ls source1 source2and-ls source1 -ls source2syntaxChanged
Switched to OSADL authoritative copyleft license data
-or-laterlicense variants (GPL-2.0-or-later, GPL-3.0-or-later, LGPL-2.1-or-later, etc.)Copyleft inspection now defaults to component-level licenses only (component_declared, license_file)
-lsto override and check specific sourcesFixed
v1.40.1Compare Source
Changed
policy_checkandsummarysubdirectoriespolicy_check/scanoss/summary/policy_check/dependency_track/ScanResultProcessorutility classPolicyOutputnamed tuple for policy check resultsPolicyCheckclass explicitly abstract with ABCAdded
linter,linter-fix,linter-docker,linter-docker-fix)v1.40.0Compare Source
Added
--resttofolder-scancommandv1.39.0Compare Source
Added
glc-codequalityformat to convert subcommandinspect gitlab matchessubcommand to generate GitLab-compatible Markdown match summary from SCANOSS scan resultsmarkdown_utils.pyandfile_utils.py)Changed
markdown_utilsmodulefile_utilsmodulev1.38.0Compare Source
Added
SCANOSS_DEBUGenvironment variablev1.37.1Compare Source
Added
Fixed
v1.37.0Compare Source
Added
v1.36.0Compare Source
Added
--recursive-thresholdargument to folder scan command--depthargument tofolder-scanandfolder-hashcommandsv1.35.0Compare Source
Modified
v1.34.0Compare Source
Added
v1.32.0Compare Source
Added
v1.31.5Compare Source
Added
scanoss-py comp versionsresponsev1.31.4Compare Source
Added
v1.31.3Compare Source
Fixed
v1.31.2Compare Source
Fixed
v1.31.1Compare Source
Fixed
v1.31.0Compare Source
Added
inspect dependency-track project-violationssubcommand to retrieve Dependency Track project violations in Markdown and JSON formatsChanged
inspect copylefttoinspect raw copyleftinspect undeclaredtoinspect raw undeclaredinspect component-summarytoinspect raw component-summaryinspect license-summarytoinspect raw license-summaryFixed
v1.30.0Compare Source
Added
export dtsubcommand to export SBOM files to Dependency Trackv1.29.0Compare Source
Changed
v1.28.3Compare Source
Fixed
Added
v1.28.2Compare Source
Fixed
v1.28.1Compare Source
Added
cryptosubcommandv1.28.0Compare Source
Added
folder-scanCycloneDX outputv1.27.1Compare Source
Fixed
folder-scanwith--format cyclonedxthe output was not writing to filecontainer-scanwith--format cyclonedxthe output was not writing to filev1.27.0Compare Source
Added
v1.26.3Compare Source
Fixed
v1.26.2Compare Source
Fixed
v1.26.1Compare Source
Added
Changed
v1.26.0Compare Source
Added
inspect license-summarysubcommand to generate license summaries from scan resultsinspect component-summarysubcommand to generate component summaries from scan resultsFixed
inspect undeclaredbug where pending status now takes precedence over identified status for the same componentChanged
inspect undeclaredview formdformat to remove version informationConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.