2.32.1

Full Changelog: 2.32.0...2.32.1

2.32.0

What's Changed

• chore: reformat go.mod by @RTann in #1247
• build: use ubi8 latest by @RTann in #1241
• Bump golang.org/x/sys from 0.11.0 to 0.12.0 by @dependabot in #1250
• Bump google.golang.org/api from 0.138.0 to 0.140.0 by @dependabot in #1252
• Bump cloud.google.com/go/storage from 1.32.0 to 1.33.0 by @dependabot in #1253
• Bump github.com/containers/image/v5 from 5.27.0 to 5.28.0 by @dependabot in #1251
• Bump actions/checkout from 3 to 4 by @dependabot in #1249
• Bump honnef.co/go/tools from 0.4.5 to 0.4.6 in /tools/linters by @dependabot in #1254
• Bump google.golang.org/grpc from 1.57.0 to 1.58.1 by @dependabot in #1257
• Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 by @dependabot in #1256
• fix(scanner): Fix dotnet-runtime-6.0 latest FixedBy by @jvdm in #1259
• Bump google.golang.org/api from 0.140.0 to 0.143.0 by @dependabot in #1261
• Bump google.golang.org/grpc from 1.58.1 to 1.58.2 by @dependabot in #1260
• ROX-18363: Fix RHEL CVSS equals 0 even after update by @connorgorman in #1258
• fix: reorder rhelv2 required files by @RTann in #1264
• ROX-19942: support usr/lib/redhat-release and RHEL Atomic Host release by @RTann in #1263
• Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in #1265
• Bump github.com/docker/distribution from 2.8.2+incompatible to 2.8.3+incompatible by @dependabot in #1266
• build(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in #1271
• build(deps): bump google.golang.org/api from 0.143.0 to 0.146.0 by @dependabot in #1270
• build(deps): bump github.com/stackrox/stackrox from v0.0.0-2023030115… by @RTann in #1274
• vulns: add curl and libcurl vulns by @RTann in #1275
• vulns: add HTTP/2 vulns by @RTann in #1281
• build(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot in #1269
• Fix e2e tests related to nginx image by @dcaravel in #1288
• chore: allow integer env vars by @RTann in #1289
• ROX-20122: set gRPC max concurrent streams to 100 by @vladbologa in #1287
• http(metrics): disallow auto HTTP/2 enablement by @RTann in #1297
• e2e: improve logging by @RTann in #1268
• build(deps): bump google.golang.org/api from 0.146.0 to 0.147.0 by @dependabot in #1302
• build(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot in #1301
• go: bump go to 1.20.10 by @RTann in #1300
• build(deps): bump google.golang.org/api from 0.147.0 to 0.148.0 by @dependabot in #1306
• build(deps): bump github.com/jstemmer/go-junit-report/v2 from 2.0.0 to 2.1.0 in /tools/test by @dependabot in #1307
• chore: Fix "FixedBy" for some E2E tests by @jvdm in #1303

Full Changelog: 2.31.0...2.32.0

2.31.1

What's Changed

• build(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 by @RTann in #1280

Full Changelog: 2.31.0...2.31.1

2.30.5

Full Changelog: 2.30.4...2.30.5

2.29.6

What's Changed

• build(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 by @RTann in #1278

Full Changelog: 2.29.5...2.29.6

2.28.5

What's Changed

• build(deps): bump golang.org/x/net from 0.5.0 to 0.17.0 by @RTann in #1277

Full Changelog: 2.28.4...2.28.5

2.31.0

What's Changed

• Bump google.golang.org/api from 0.125.0 to 0.127.0 by @dependabot in #1196
• Bump golang.org/x/sys from 0.8.0 to 0.9.0 by @dependabot in #1195
• fix: Expected fixedby version for sandbox-dotnet-60-runtime by @dcaravel in #1201
• Bump github.com/golangci/golangci-lint from 1.53.2 to 1.53.3 in /tools/linters by @dependabot in #1197
• Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #1198
• Bump google.golang.org/grpc from 1.55.0 to 1.56.0 by @dependabot in #1199
• Bump google.golang.org/api from 0.127.0 to 0.128.0 by @dependabot in #1200
• Bump github.com/containers/image/v5 from 5.25.0 to 5.26.0 by @dependabot in #1204
• Improve FixedBy assertion by @jvdm in #1207
• Bump google.golang.org/grpc from 1.56.0 to 1.56.1 by @dependabot in #1203
• Bump google.golang.org/api from 0.128.0 to 0.129.0 by @dependabot in #1202
• Bump golang.org/x/sys from 0.9.0 to 0.10.0 by @dependabot in #1210
• Bump github.com/containers/image/v5 from 5.26.0 to 5.26.1 by @dependabot in #1209
• Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 by @dependabot in #1208
• ROX-18001: add drools CPE for CVE-2021-41411 by @dcaravel in #1205
• bump docker-registry-client by @RTann in #1206
• Bump go.uber.org/ratelimit from 0.2.0 to 0.3.0 by @dependabot in #1213
• Bump google.golang.org/grpc from 1.56.1 to 1.56.2 by @dependabot in #1215
• Bump google.golang.org/api from 0.129.0 to 0.131.0 by @dependabot in #1216
• return err when version conversion fails by @daynewlee in #1212
• ci(e2e): update .NET vulns by @RTann in #1218
• ROX-18001: update timestamp for manual drools entry by @dcaravel in #1211
• Bump google.golang.org/api from 0.131.0 to 0.132.0 by @dependabot in #1221
• Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 by @dependabot in #1225
• Bump google.golang.org/api from 0.132.0 to 0.133.0 by @dependabot in #1226
• chore(deps): bump docker-registry-client by @RTann in #1217
• ROX-17114: Fix misattribution of Java versions when there are multiple matching lines by @connorgorman in #1224
• Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 by @dependabot in #1228
• Bump google.golang.org/grpc from 1.56.2 to 1.57.0 by @dependabot in #1230
• Bump google.golang.org/api from 0.133.0 to 0.134.0 by @dependabot in #1229
• ROX-18202: Fix language layer error due to unique constraint by @connorgorman in #1223
• Bump golang.org/x/sys from 0.10.0 to 0.11.0 by @dependabot in #1231
• Bump github.com/containers/image/v5 from 5.26.1 to 5.27.0 by @dependabot in #1233
• Bump google.golang.org/api from 0.134.0 to 0.136.0 by @dependabot in #1232
• e2e: misc test updates by @RTann in #1234
• Bump google.golang.org/api from 0.136.0 to 0.137.0 by @dependabot in #1239
• Bump github.com/golangci/golangci-lint from 1.53.3 to 1.54.1 in /tools/linters by @dependabot in #1240
• Bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 by @dependabot in #1238
• ROX-19096, ROX-19098, ROX-19099: add various OS support by @RTann in #1235
• Take runtime.GOARCH into account for list manifests by @connorgorman in #1237
• fix: do not skip NVD vulns with just CVSSv3 by @RTann in #1236
• Bump google.golang.org/api from 0.137.0 to 0.138.0 by @dependabot in #1242
• Bump honnef.co/go/tools from 0.4.3 to 0.4.5 in /tools/linters by @dependabot in #1244
• ROX-19024: Remove RHCOS FF by @Maddosaurus in #1245
• Update Genesis Dump by @RTann in #1246
• chore: log requests upon retrieval by @RTann in #1140
• Bump github.com/golangci/golangci-lint from 1.54.1 to 1.54.2 in /tools/linters by @dependabot in #1243

Full Changelog: 2.30.0...2.31.0

2.29.5

Full Changelog: 2.29.4...2.29.5

2.30.2

Full Changelog: 2.30.0...2.30.2

2.30.0

What's Changed

• ROX-16421: support OCI image index media type by @RTann in #1154
• Bump google.golang.org/api from 0.115.0 to 0.117.0 by @dependabot in #1157
• Bump github.com/containers/image/v5 from 5.24.2 to 5.25.0 by @dependabot in #1156
• Bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible by @dependabot in #1158
• RHSA-2023:1655 fixed-by version update by @daynewlee in #1159
• increase MAX_GCS_OBJECT_AGE_SECONDS by @daynewlee in #1160
• Bump google.golang.org/api from 0.117.0 to 0.118.0 by @dependabot in #1163
• Bump github.com/lib/pq from 1.10.7 to 1.10.8 by @dependabot in #1162
• Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 by @dependabot in #1161
• Bump google.golang.org/api from 0.118.0 to 0.119.0 by @dependabot in #1165
• Bump google.golang.org/api from 0.119.0 to 0.120.0 by @dependabot in #1166
• go1.20.3 by @RTann in #1167
• Update e2e Jenkins FixedBy version to 4.10.1681719745-1.el8 by @dcaravel in #1168
• Bump github.com/lib/pq from 1.10.8 to 1.10.9 by @dependabot in #1169
• Bump google.golang.org/api from 0.120.0 to 0.122.0 by @dependabot in #1172
• Bump golang.org/x/sys from 0.7.0 to 0.8.0 by @dependabot in #1171
• Bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 by @dependabot in #1170
• Fixed fixedby version for RHSA-2023:2523 by @daynewlee in #1174
• Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1175
• Bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1176
• update dependabot reviewers to scanner team by @RTann in #1173
• Bump google.golang.org/grpc from 1.54.0 to 1.55.0 by @dependabot in #1177
• ROX-13770: Introduce local Node Scanner by @Maddosaurus in #1164
• Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 by @dependabot in #1178
• UBI 8.8 by @RTann in #1179
• Bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 by @dependabot in #1185
• Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 by @dependabot in #1186
• Bump google.golang.org/api from 0.122.0 to 0.124.0 by @dependabot in #1187
• go1.20.4 by @RTann in #1181
• Bump google.golang.org/api from 0.124.0 to 0.125.0 by @dependabot in #1188
• Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 by @dependabot in #1189
• Reduce scanning time and memory pressure by disabling active vuln mgmt by @connorgorman in #1190
• Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 by @dependabot in #1192
• Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.2 in /tools/linters by @dependabot in #1191
• fix: Expected fixedby version for jenkins-2-plugins by @jvdm in #1193
• Genesis Dump Update by @RTann in #1194

Full Changelog: 2.29.0...2.30.0