Add changelog for v1.8.3

CHANGELOG.md

@@ -1,3 +1,20 @@
+# v1.8.3:
+
+### Features:
+
+- [Feature #889](https://github.com/google/osv-scanner/pull/889) OSV-Scanner now provides "vertical" output format!
+
+### Fixes:
+
+- [Bug #1115](https://github.com/google/osv-scanner/issues/1115) Ensure that `semantic` is passed a valid `models.Ecosystem`.
+- [Bug #1140](https://github.com/google/osv-scanner/pull/1140) Add Maven dependency management to override client.
+- [Bug #1149](https://github.com/google/osv-scanner/pull/1149) Handle Maven parent relative path.
+
+### Misc:
+
+- [Feature #1091](https://github.com/google/osv-scanner/pull/1091) Improved the runtime of DiffVulnerabilityResults. Thanks @neilnaveen!
+- [Feature #1125](https://github.com/google/osv-scanner/pull/1125) Workflow for stale issue and PR management.
+
 # v1.8.2:
 
 ### Features:

cmd/osv-scanner/__snapshots__/main_test.snap

@@ -9,7 +9,7 @@ No package sources found, --help for usage information.
 ---
 
 [TestRun/#01 - 1]
-osv-scanner version: 1.8.2
+osv-scanner version: 1.8.3
 commit: n/a
 built at: n/a
 
@@ -138,7 +138,7 @@ Scanned <rootdir>/fixtures/locks-many/composer.lock file and found 1 package
           "informationUri": "https://github.com/google/osv-scanner",
           "name": "osv-scanner",
           "rules": [],
-          "version": "1.8.2"
+          "version": "1.8.3"
         }
       },
       "results": []
@@ -252,7 +252,7 @@ Filtered 1 vulnerability from output
               }
             }
           ],
-          "version": "1.8.2"
+          "version": "1.8.3"
         }
       },
       "artifacts": [
@@ -731,7 +731,7 @@ Scanned <rootdir>/fixtures/locks-insecure/osv-scanner-flutter-deps.json file as
               }
             }
           ],
-          "version": "1.8.2"
+          "version": "1.8.3"
         }
       },
       "artifacts": [

docs/github-action.md

@@ -55,7 +55,7 @@ permissions:
 
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
 ```
 
 ### View results
@@ -98,7 +98,7 @@ permissions:
 
 jobs:
   scan-scheduled:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
 ```
 
 As written, the scanner will run on 12:30 pm UTC every Monday, and also on every push to the main branch. You can change the schedule by following the instructions [here](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule).
@@ -133,7 +133,7 @@ permissions:
 
 jobs:
   osv-scan:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
     with:
       # Only scan the top level go.mod file without recursively scanning directories since
       # this is pipeline is about releasing the go module and binary
@@ -186,7 +186,7 @@ Examples
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
     with:
       scan-args: |-
         --lockfile=./path/to/lockfile1
@@ -198,7 +198,7 @@ jobs:
 ```yml
 jobs:
   scan-pr:
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
     with:
       scan-args: |-
         --recursive
@@ -225,7 +225,7 @@ jobs:
     name: Vulnerability scanning
     # makes sure the extraction step is completed before running the scanner
     needs: extract-deps
-    uses: "google/osv-scanner-action/.github/workflows/[email protected].2"
+    uses: "google/osv-scanner-action/.github/workflows/[email protected].3"
     with:
       # Download the artifact uploaded in extract-deps step
       download-artifact: converted-OSV-Scanner-deps