go-dep-parser
go-dep-parser copied to clipboard
aquasecurity
Dependency Parser for Multiple Programming Languages
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.20.0 to 0.24.0. Commits 7bbe320 go.mod: update golang.org/x dependencies c48da13 http2: fix TestServerContinuationFlood flakes 762b58d http2: fix tipos in comment ba87210 http2: close connections when receiving too...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.15.0 to 0.17.0. Commits aa51b25 modfile: do not collapse if there are unattached comments within blocks 87140ec sumdb/tlog: make NewTiles only generate strictly necessary tiles 18d3f56 modfile:...
Hello, This PR parses the versions of standalone binaries (PHP / Java / Node.js) that are extracted from tarballs and not packages. Let me know if you wish to add...
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. Release notes Sourced from github.com/stretchr/testify's releases. v1.9.0 What's Changed Fix Go modules version by @SuperQ in stretchr/testify#1394 Document that require is not safe to...
Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0. Release notes Sourced from go.uber.org/zap's releases. v1.27.0 Enhancements: #1378[]: Add WithLazy method for SugaredLogger. #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility...
If I understand, only compile scope dependencies are listed: https://github.com/aquasecurity/go-dep-parser/blob/423cd04548a5b091a553574747aa658b16a22e8b/pkg/java/pom/parse.go#L381-L385 So when I use Trivy, it seems what vulnerabilities in runtime scope dependencies are not found. For example, if `spring-cloud-starter-netflix-eureka-client`...
## Description To exclude prefixes for licenses, add a new License structure with types: - file - Name - non-separable This structure will be needed for subsequent analysis of these...
Currently, the `workspaces` field in package.json files is only allowed to be an array of strings. However, it has also an object version. https://classic.yarnpkg.com/blog/2018/02/15/nohoist/ Example ``` "workspaces": { "packages": [...
Currently maven repos with credentials doesn't seems to be supported for fetching the packages. Adding the support will be useful for private repositories like which has credentials set Error when...
C# project files, with the extension .csproj, are XML files that can specify project dependencies in `` tags. See also: * https://github.com/aquasecurity/trivy/issues/2668 * https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files
Metadata
Owner
Metadata
Dependency Parser for Multiple Programming Languages