google/osv-scanner v1.9.0

on GitHub

What's Changed

Features:

• Feature #1243 Allow explicitly ignoring the license of a package in config with license.ignore = true.
• Feature #1249 Error if configuration file has unknown properties.
• Feature #1271 Assume .txt files with "requirements" in their name are requirements.txt files

Fixes:

• Bug #1242 Announce when a config file is invalid and exit with a non-zero code.
• Bug #1241 Display (no reason given) when there is no reason in the override config.
• Bug #1252 Don't allow LoadPath to be set via config file.
• Bug #1279 Report all ecosystems without local databases in one single line.
• Bug #1283 Output invalid PURLs when scanning SBOMs.
• Bug #1278 Apply go version override to all instances of the stdlib.

Misc:

• #1253 Deprecate ParseX() functions in pkg/lockfile in favor of their Extract equivalents.
• #1290 Bump maximum number of concurrent requests to the OSV.dev API.

Full Changelog: v1.8.5...v1.9.0