chore: Changelog and version update for v2.0.1 (#1775)

another-rex · michaelkedar · web-flow · commit be9015f32569 · 2025-04-03T13:12:38.000+11:00
Co-authored-by: Michael Kedar &lt;michaelkedar@google.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,30 @@
+# v2.0.1
+
+### Features:
+
+- [Feature #1730](https://github.com/google/osv-scanner/pull/1730) Add support for extracting dependencies from .NET `packages.config` and `packages.lock.json` files.
+- [Feature #1770](https://github.com/google/osv-scanner/pull/1770) Add support for extracting dependencies from rust binaries compiled with cargo-auditable.
+- [Feature #1761](https://github.com/google/osv-scanner/pull/1761) Improve output when scanning for OS packages, we now show binary packages associated with a source package in the table output.
+
+### Fixes:
+
+- [Bug #1752](https://github.com/google/osv-scanner/pull/1752) Fix paging depth issue when querying the osv.dev API.
+- [Bug #1747](https://github.com/google/osv-scanner/pull/1747) Ensure osv-reporter prints warnings instead of errors for certain messages to return correct exit code (related to [osv-scanner-action#65](https://github.com/google/osv-scanner-action/issues/65)).
+- [Bug #1717](https://github.com/google/osv-scanner/pull/1717) Fix issue where nested CycloneDX components were not being parsed.
+- [Bug #1744](https://github.com/google/osv-scanner/pull/1744) Fix issue where empty CycloneDX SBOMs was causing a panic.
+- [Bug #1726](https://github.com/google/osv-scanner/pull/1726) De-duplicate references in CycloneDX report output for improved validity.
+- [Bug #1727](https://github.com/google/osv-scanner/pull/1727) Remove automatic opening of HTML reports in the browser (fixes [#1721](https://github.com/google/osv-scanner/issues/1721)).
+- [Bug #1735](https://github.com/google/osv-scanner/pull/1735) Require a tag when scanning container images to prevent potential errors.
+
+### Docs:
+
+- [Docs #1753](https://github.com/google/osv-scanner/pull/1753) Correct documentation for the OSV-Scanner GitHub Action (fixes [osv-scanner-action#68](https://github.com/google/osv-scanner-action/issues/68)).
+- [Docs #1743](https://github.com/google/osv-scanner/pull/1743) Minor grammar fixes in documentation.
+
+### API Changes:
+
+- [API Change #1763](https://github.com/google/osv-scanner/pull/1763) Made the SourceType enum public.
+
 # OSV-Scanner v2.0.0
 
 This release merges the improvements, features, and fixes from v2.0.0-rc1, v2.0.0-beta2, and v2.0.0-beta1.
diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap
@@ -24,7 +24,7 @@ OPTIONS:
 ---
 
 [Test_run/version - 1]
-osv-scanner version: 2.0.0
+osv-scanner version: 2.0.1
 commit: n/a
 built at: n/a
 
diff --git a/cmd/osv-scanner/scan/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/__snapshots__/command_test.snap
@@ -95,7 +95,7 @@ Loaded filter from: <rootdir>/osv-scanner/fixtures/locks-many/osv-scanner.toml
           "informationUri": "https://github.com/google/osv-scanner",
           "name": "osv-scanner",
           "rules": [],
-          "version": "2.0.0"
+          "version": "2.0.1"
         }
       },
       "results": []
@@ -265,7 +265,7 @@ Loaded Alpine local db from <tempdir>/osv-scanner/Alpine/all.zip
               }
             }
           ],
-          "version": "2.0.0"
+          "version": "2.0.1"
         }
       },
       "artifacts": [
@@ -1109,7 +1109,7 @@ No issues found
 ---
 
 [TestCommand/version - 1]
-osv-scanner version: 2.0.0
+osv-scanner version: 2.0.1
 commit: n/a
 built at: n/a
 
@@ -1242,7 +1242,7 @@ Scanned <rootdir>/osv-scanner/fixtures/locks-insecure/osv-scanner-flutter-deps.j
               }
             }
           ],
-          "version": "2.0.0"
+          "version": "2.0.1"
         }
       },
       "artifacts": [
diff --git a/docs/github-action.md b/docs/github-action.md
@@ -55,7 +55,7 @@ permissions:
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.1"
 ```
 
 ### View results
@@ -98,7 +98,7 @@ permissions:
 
 jobs:
   scan-scheduled:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.1"
 ```
 
 As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule).
@@ -133,7 +133,7 @@ permissions:
 
 jobs:
   osv-scan:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@v2.0.1"
     with:
       # Only scan the top level go.mod file without recursively scanning directories since
       # this is pipeline is about releasing the go module and binary
@@ -185,7 +185,7 @@ Examples
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.1"
     with:
       scan-args: |-
         --lockfile=./path/to/lockfile1
@@ -197,7 +197,7 @@ jobs:
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.1"
     with:
       scan-args: |-
         --recursive
@@ -223,7 +223,7 @@ jobs:
     name: Vulnerability scanning
     # makes sure the extraction step is completed before running the scanner
     needs: extract-deps
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.0"
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@v2.0.1"
     with:
       # Download the artifact uploaded in extract-deps step
       download-artifact: converted-OSV-Scanner-deps
@@ -273,7 +273,7 @@ jobs:
           {target_arch: armhf},
           {target_arch: aarch64}
         ]
-    uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.0.0"
+    uses: "extract/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v2.0.1"
     with:
       download-artifact: "${{ matrix.platform.target_arch }}-OSV-Scanner-deps"
       matrix-property: "${{ matrix.platform.target_arch }}-"
diff --git a/internal/output/__snapshots__/sarif_test.snap b/internal/output/__snapshots__/sarif_test.snap
diff --git a/internal/version/version.go b/internal/version/version.go

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ Loaded filter from: <rootdir>/osv-scanner/fixtures/locks-many/osv-scanner.toml`
`95`	`95`	`"informationUri": "https://github.com/google/osv-scanner",`
`96`	`96`	`"name": "osv-scanner",`
`97`	`97`	`"rules": [],`
`98`		`- "version": "2.0.0"`
	`98`	`+ "version": "2.0.1"`
`99`	`99`	`}`
`100`	`100`	`},`
`101`	`101`	`"results": []`
`@@ -265,7 +265,7 @@ Loaded Alpine local db from <tempdir>/osv-scanner/Alpine/all.zip`
`265`	`265`	`}`
`266`	`266`	`}`
`267`	`267`	`],`
`268`		`- "version": "2.0.0"`
	`268`	`+ "version": "2.0.1"`
`269`	`269`	`}`
`270`	`270`	`},`
`271`	`271`	`"artifacts": [`
`@@ -1109,7 +1109,7 @@ No issues found`
`1109`	`1109`	`---`
`1110`	`1110`
`1111`	`1111`	`[TestCommand/version - 1]`
`1112`		`-osv-scanner version: 2.0.0`
	`1112`	`+osv-scanner version: 2.0.1`
`1113`	`1113`	`commit: n/a`
`1114`	`1114`	`built at: n/a`
`1115`	`1115`
`@@ -1242,7 +1242,7 @@ Scanned <rootdir>/osv-scanner/fixtures/locks-insecure/osv-scanner-flutter-deps.j`
`1242`	`1242`	`}`
`1243`	`1243`	`}`
`1244`	`1244`	`],`
`1245`		`- "version": "2.0.0"`
	`1245`	`+ "version": "2.0.1"`
`1246`	`1246`	`}`
`1247`	`1247`	`},`
`1248`	`1248`	`"artifacts": [`