google
diff --git a/‎cmd/osv-scanner/scan/image/__snapshots__/command_test.snap‎
Lines changed: 319 additions & 14 deletions b/‎cmd/osv-scanner/scan/image/__snapshots__/command_test.snap‎
Lines changed: 319 additions & 14 deletions
diff --git a/‎cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml‎
Lines changed: 604 additions & 76 deletions b/‎cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml‎
Lines changed: 604 additions & 76 deletions
diff --git a/‎cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml‎
Lines changed: 557 additions & 32 deletions b/‎cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage_JSONFormat.yaml‎
Lines changed: 557 additions & 32 deletions
diff --git a/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml‎
Lines changed: 15 additions & 15 deletions b/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand.yaml‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml‎
Lines changed: 6 additions & 6 deletions b/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_CommitSupport.yaml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml‎
Lines changed: 2 additions & 2 deletions b/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_GithubActions.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml‎
Lines changed: 4 additions & 4 deletions b/‎cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_MoreLockfiles.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cmd/osv-scanner/update/__snapshots__/command_test.snap‎
Lines changed: 1 addition & 1 deletion b/‎cmd/osv-scanner/update/__snapshots__/command_test.snap‎
Lines changed: 1 addition & 1 deletion
@@ -474,7 +474,7 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4864",
-                  "modified": "2026-05-06T10:29:21.120147Z"
+                  "modified": "2026-05-07T10:29:24.131289Z"
                 },
                 {
                   "id": "GO-2026-4865",
@@ -486,15 +486,15 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4870",
-                  "modified": "2026-05-06T10:29:20.327868Z"
+                  "modified": "2026-05-07T10:29:24.251118Z"
                 },
                 {
                   "id": "GO-2026-4946",
                   "modified": "2026-04-13T08:27:23.037509Z"
                 },
                 {
                   "id": "GO-2026-4947",
-                  "modified": "2026-05-06T10:29:21.230969Z"
+                  "modified": "2026-05-07T10:29:23.938623Z"
                 }
               ]
             }
@@ -716,7 +716,7 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4864",
-                  "modified": "2026-05-06T10:29:21.120147Z"
+                  "modified": "2026-05-07T10:29:24.131289Z"
                 },
                 {
                   "id": "GO-2026-4865",
@@ -728,15 +728,15 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4870",
-                  "modified": "2026-05-06T10:29:20.327868Z"
+                  "modified": "2026-05-07T10:29:24.251118Z"
                 },
                 {
                   "id": "GO-2026-4946",
                   "modified": "2026-04-13T08:27:23.037509Z"
                 },
                 {
                   "id": "GO-2026-4947",
-                  "modified": "2026-05-06T10:29:21.230969Z"
+                  "modified": "2026-05-07T10:29:23.938623Z"
                 }
               ]
             },
@@ -908,7 +908,7 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4864",
-                  "modified": "2026-05-06T10:29:21.120147Z"
+                  "modified": "2026-05-07T10:29:24.131289Z"
                 },
                 {
                   "id": "GO-2026-4865",
@@ -920,15 +920,15 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4870",
-                  "modified": "2026-05-06T10:29:20.327868Z"
+                  "modified": "2026-05-07T10:29:24.251118Z"
                 },
                 {
                   "id": "GO-2026-4946",
                   "modified": "2026-04-13T08:27:23.037509Z"
                 },
                 {
                   "id": "GO-2026-4947",
-                  "modified": "2026-05-06T10:29:21.230969Z"
+                  "modified": "2026-05-07T10:29:23.938623Z"
                 }
               ]
             }
@@ -1143,7 +1143,7 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4864",
-                  "modified": "2026-05-06T10:29:21.120147Z"
+                  "modified": "2026-05-07T10:29:24.131289Z"
                 },
                 {
                   "id": "GO-2026-4865",
@@ -1155,15 +1155,15 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4870",
-                  "modified": "2026-05-06T10:29:20.327868Z"
+                  "modified": "2026-05-07T10:29:24.251118Z"
                 },
                 {
                   "id": "GO-2026-4946",
                   "modified": "2026-04-13T08:27:23.037509Z"
                 },
                 {
                   "id": "GO-2026-4947",
-                  "modified": "2026-05-06T10:29:21.230969Z"
+                  "modified": "2026-05-07T10:29:23.938623Z"
                 }
               ]
             }
@@ -5518,7 +5518,7 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4864",
-                  "modified": "2026-05-06T10:29:21.120147Z"
+                  "modified": "2026-05-07T10:29:24.131289Z"
                 },
                 {
                   "id": "GO-2026-4865",
@@ -5530,15 +5530,15 @@ interactions:
                 },
                 {
                   "id": "GO-2026-4870",
-                  "modified": "2026-05-06T10:29:20.327868Z"
+                  "modified": "2026-05-07T10:29:24.251118Z"
                 },
                 {
                   "id": "GO-2026-4946",
                   "modified": "2026-04-13T08:27:23.037509Z"
                 },
                 {
                   "id": "GO-2026-4947",
-                  "modified": "2026-05-06T10:29:21.230969Z"
+                  "modified": "2026-05-07T10:29:23.938623Z"
                 }
               ]
             },
 
@@ -132,7 +132,7 @@ interactions:
                 },
                 {
                   "id": "OSV-2024-340",
-                  "modified": "2026-05-06T14:39:08.795866Z"
+                  "modified": "2026-05-07T14:09:36.724586Z"
                 }
               ]
             },
@@ -181,7 +181,7 @@ interactions:
                 },
                 {
                   "id": "CVE-2025-9230",
-                  "modified": "2026-04-16T04:40:07.876695Z"
+                  "modified": "2026-05-07T18:29:19.531271Z"
                 },
                 {
                   "id": "CVE-2025-9231",
@@ -197,15 +197,15 @@ interactions:
               "vulns": [
                 {
                   "id": "CVE-2025-11187",
-                  "modified": "2026-04-12T17:35:47.236202Z"
+                  "modified": "2026-05-07T18:29:21.756996Z"
                 },
                 {
                   "id": "CVE-2025-15467",
-                  "modified": "2026-04-16T04:39:55.464242Z"
+                  "modified": "2026-05-07T18:29:22.159755Z"
                 },
                 {
                   "id": "CVE-2025-15468",
-                  "modified": "2026-04-12T17:59:06.013579Z"
+                  "modified": "2026-05-07T18:29:20.997946Z"
                 },
                 {
                   "id": "CVE-2025-15469",
@@ -241,7 +241,7 @@ interactions:
                 },
                 {
                   "id": "CVE-2025-9230",
-                  "modified": "2026-04-16T04:40:07.876695Z"
+                  "modified": "2026-05-07T18:29:19.531271Z"
                 },
                 {
                   "id": "CVE-2025-9231",
 
@@ -296,7 +296,7 @@ interactions:
                 },
                 {
                   "id": "CVE-2025-15467",
-                  "modified": "2026-04-16T04:39:55.464242Z"
+                  "modified": "2026-05-07T18:29:22.159755Z"
                 },
                 {
                   "id": "CVE-2025-68160",
@@ -320,7 +320,7 @@ interactions:
                 },
                 {
                   "id": "CVE-2025-9230",
-                  "modified": "2026-04-16T04:40:07.876695Z"
+                  "modified": "2026-05-07T18:29:19.531271Z"
                 },
                 {
                   "id": "CVE-2025-9232",
 
@@ -401,15 +401,15 @@ interactions:
                 },
                 {
                   "id": "GHSA-c4rq-3m3g-8wgx",
-                  "modified": "2026-05-06T18:31:28.340368Z"
+                  "modified": "2026-05-07T15:59:19.908097Z"
                 },
                 {
                   "id": "GHSA-mrxw-mxhj-p664",
                   "modified": "2026-02-04T04:34:58.905946Z"
                 },
                 {
                   "id": "GHSA-v2fc-qm4h-8hqv",
-                  "modified": "2026-05-06T18:31:19.487042Z"
+                  "modified": "2026-05-07T15:59:19.133488Z"
                 },
                 {
                   "id": "GHSA-vvfq-8hwr-qm4m",
@@ -650,11 +650,11 @@ interactions:
               "vulns": [
                 {
                   "id": "GHSA-7gcm-g887-7qv7",
-                  "modified": "2026-02-05T16:35:34.839005Z"
+                  "modified": "2026-05-07T15:11:10.704825Z"
                 },
                 {
                   "id": "GHSA-8qvm-5x2c-j2w7",
-                  "modified": "2026-02-04T03:00:07.684118Z"
+                  "modified": "2026-05-07T15:11:16.613726Z"
                 }
               ]
             }
 
@@ -287,7 +287,7 @@ Version updates (the update command) can be risky when run on untrusted projects
         <dependency>
           <groupId>org.apache.logging.log4j</groupId>
           <artifactId>log4j-api</artifactId>
-          <version>2.25.4</version>
+          <version>2.26.0</version>
         </dependency>
       </dependencies>
     </profile>
Original file line number	Diff line number	Diff line change
`@@ -474,7 +474,7 @@ interactions:`
`474`	`474`	`},`
`475`	`475`	`{`
`476`	`476`	`"id": "GO-2026-4864",`
`477`		`- "modified": "2026-05-06T10:29:21.120147Z"`
	`477`	`+ "modified": "2026-05-07T10:29:24.131289Z"`
`478`	`478`	`},`
`479`	`479`	`{`
`480`	`480`	`"id": "GO-2026-4865",`
`@@ -486,15 +486,15 @@ interactions:`
`486`	`486`	`},`
`487`	`487`	`{`
`488`	`488`	`"id": "GO-2026-4870",`
`489`		`- "modified": "2026-05-06T10:29:20.327868Z"`
	`489`	`+ "modified": "2026-05-07T10:29:24.251118Z"`
`490`	`490`	`},`
`491`	`491`	`{`
`492`	`492`	`"id": "GO-2026-4946",`
`493`	`493`	`"modified": "2026-04-13T08:27:23.037509Z"`
`494`	`494`	`},`
`495`	`495`	`{`
`496`	`496`	`"id": "GO-2026-4947",`
`497`		`- "modified": "2026-05-06T10:29:21.230969Z"`
	`497`	`+ "modified": "2026-05-07T10:29:23.938623Z"`
`498`	`498`	`}`
`499`	`499`	`]`
`500`	`500`	`}`
`@@ -716,7 +716,7 @@ interactions:`
`716`	`716`	`},`
`717`	`717`	`{`
`718`	`718`	`"id": "GO-2026-4864",`
`719`		`- "modified": "2026-05-06T10:29:21.120147Z"`
	`719`	`+ "modified": "2026-05-07T10:29:24.131289Z"`
`720`	`720`	`},`
`721`	`721`	`{`
`722`	`722`	`"id": "GO-2026-4865",`
`@@ -728,15 +728,15 @@ interactions:`
`728`	`728`	`},`
`729`	`729`	`{`
`730`	`730`	`"id": "GO-2026-4870",`
`731`		`- "modified": "2026-05-06T10:29:20.327868Z"`
	`731`	`+ "modified": "2026-05-07T10:29:24.251118Z"`
`732`	`732`	`},`
`733`	`733`	`{`
`734`	`734`	`"id": "GO-2026-4946",`
`735`	`735`	`"modified": "2026-04-13T08:27:23.037509Z"`
`736`	`736`	`},`
`737`	`737`	`{`
`738`	`738`	`"id": "GO-2026-4947",`
`739`		`- "modified": "2026-05-06T10:29:21.230969Z"`
	`739`	`+ "modified": "2026-05-07T10:29:23.938623Z"`
`740`	`740`	`}`
`741`	`741`	`]`
`742`	`742`	`},`
`@@ -908,7 +908,7 @@ interactions:`
`908`	`908`	`},`
`909`	`909`	`{`
`910`	`910`	`"id": "GO-2026-4864",`
`911`		`- "modified": "2026-05-06T10:29:21.120147Z"`
	`911`	`+ "modified": "2026-05-07T10:29:24.131289Z"`
`912`	`912`	`},`
`913`	`913`	`{`
`914`	`914`	`"id": "GO-2026-4865",`
`@@ -920,15 +920,15 @@ interactions:`
`920`	`920`	`},`
`921`	`921`	`{`
`922`	`922`	`"id": "GO-2026-4870",`
`923`		`- "modified": "2026-05-06T10:29:20.327868Z"`
	`923`	`+ "modified": "2026-05-07T10:29:24.251118Z"`
`924`	`924`	`},`
`925`	`925`	`{`
`926`	`926`	`"id": "GO-2026-4946",`
`927`	`927`	`"modified": "2026-04-13T08:27:23.037509Z"`
`928`	`928`	`},`
`929`	`929`	`{`
`930`	`930`	`"id": "GO-2026-4947",`
`931`		`- "modified": "2026-05-06T10:29:21.230969Z"`
	`931`	`+ "modified": "2026-05-07T10:29:23.938623Z"`
`932`	`932`	`}`
`933`	`933`	`]`
`934`	`934`	`}`
`@@ -1143,7 +1143,7 @@ interactions:`
`1143`	`1143`	`},`
`1144`	`1144`	`{`
`1145`	`1145`	`"id": "GO-2026-4864",`
`1146`		`- "modified": "2026-05-06T10:29:21.120147Z"`
	`1146`	`+ "modified": "2026-05-07T10:29:24.131289Z"`
`1147`	`1147`	`},`
`1148`	`1148`	`{`
`1149`	`1149`	`"id": "GO-2026-4865",`
`@@ -1155,15 +1155,15 @@ interactions:`
`1155`	`1155`	`},`
`1156`	`1156`	`{`
`1157`	`1157`	`"id": "GO-2026-4870",`
`1158`		`- "modified": "2026-05-06T10:29:20.327868Z"`
	`1158`	`+ "modified": "2026-05-07T10:29:24.251118Z"`
`1159`	`1159`	`},`
`1160`	`1160`	`{`
`1161`	`1161`	`"id": "GO-2026-4946",`
`1162`	`1162`	`"modified": "2026-04-13T08:27:23.037509Z"`
`1163`	`1163`	`},`
`1164`	`1164`	`{`
`1165`	`1165`	`"id": "GO-2026-4947",`
`1166`		`- "modified": "2026-05-06T10:29:21.230969Z"`
	`1166`	`+ "modified": "2026-05-07T10:29:23.938623Z"`
`1167`	`1167`	`}`
`1168`	`1168`	`]`
`1169`	`1169`	`}`
`@@ -5518,7 +5518,7 @@ interactions:`
`5518`	`5518`	`},`
`5519`	`5519`	`{`
`5520`	`5520`	`"id": "GO-2026-4864",`
`5521`		`- "modified": "2026-05-06T10:29:21.120147Z"`
	`5521`	`+ "modified": "2026-05-07T10:29:24.131289Z"`
`5522`	`5522`	`},`
`5523`	`5523`	`{`
`5524`	`5524`	`"id": "GO-2026-4865",`
`@@ -5530,15 +5530,15 @@ interactions:`
`5530`	`5530`	`},`
`5531`	`5531`	`{`
`5532`	`5532`	`"id": "GO-2026-4870",`
`5533`		`- "modified": "2026-05-06T10:29:20.327868Z"`
	`5533`	`+ "modified": "2026-05-07T10:29:24.251118Z"`
`5534`	`5534`	`},`
`5535`	`5535`	`{`
`5536`	`5536`	`"id": "GO-2026-4946",`
`5537`	`5537`	`"modified": "2026-04-13T08:27:23.037509Z"`
`5538`	`5538`	`},`
`5539`	`5539`	`{`
`5540`	`5540`	`"id": "GO-2026-4947",`
`5541`		`- "modified": "2026-05-06T10:29:21.230969Z"`
	`5541`	`+ "modified": "2026-05-07T10:29:23.938623Z"`
`5542`	`5542`	`}`
`5543`	`5543`	`]`
`5544`	`5544`	`},`
Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ interactions:`
`132`	`132`	`},`
`133`	`133`	`{`
`134`	`134`	`"id": "OSV-2024-340",`
`135`		`- "modified": "2026-05-06T14:39:08.795866Z"`
	`135`	`+ "modified": "2026-05-07T14:09:36.724586Z"`
`136`	`136`	`}`
`137`	`137`	`]`
`138`	`138`	`},`
`@@ -181,7 +181,7 @@ interactions:`
`181`	`181`	`},`
`182`	`182`	`{`
`183`	`183`	`"id": "CVE-2025-9230",`
`184`		`- "modified": "2026-04-16T04:40:07.876695Z"`
	`184`	`+ "modified": "2026-05-07T18:29:19.531271Z"`
`185`	`185`	`},`
`186`	`186`	`{`
`187`	`187`	`"id": "CVE-2025-9231",`
`@@ -197,15 +197,15 @@ interactions:`
`197`	`197`	`"vulns": [`
`198`	`198`	`{`
`199`	`199`	`"id": "CVE-2025-11187",`
`200`		`- "modified": "2026-04-12T17:35:47.236202Z"`
	`200`	`+ "modified": "2026-05-07T18:29:21.756996Z"`
`201`	`201`	`},`
`202`	`202`	`{`
`203`	`203`	`"id": "CVE-2025-15467",`
`204`		`- "modified": "2026-04-16T04:39:55.464242Z"`
	`204`	`+ "modified": "2026-05-07T18:29:22.159755Z"`
`205`	`205`	`},`
`206`	`206`	`{`
`207`	`207`	`"id": "CVE-2025-15468",`
`208`		`- "modified": "2026-04-12T17:59:06.013579Z"`
	`208`	`+ "modified": "2026-05-07T18:29:20.997946Z"`
`209`	`209`	`},`
`210`	`210`	`{`
`211`	`211`	`"id": "CVE-2025-15469",`
`@@ -241,7 +241,7 @@ interactions:`
`241`	`241`	`},`
`242`	`242`	`{`
`243`	`243`	`"id": "CVE-2025-9230",`
`244`		`- "modified": "2026-04-16T04:40:07.876695Z"`
	`244`	`+ "modified": "2026-05-07T18:29:19.531271Z"`
`245`	`245`	`},`
`246`	`246`	`{`
`247`	`247`	`"id": "CVE-2025-9231",`
Original file line number	Diff line number	Diff line change
`@@ -296,7 +296,7 @@ interactions:`
`296`	`296`	`},`
`297`	`297`	`{`
`298`	`298`	`"id": "CVE-2025-15467",`
`299`		`- "modified": "2026-04-16T04:39:55.464242Z"`
	`299`	`+ "modified": "2026-05-07T18:29:22.159755Z"`
`300`	`300`	`},`
`301`	`301`	`{`
`302`	`302`	`"id": "CVE-2025-68160",`
`@@ -320,7 +320,7 @@ interactions:`
`320`	`320`	`},`
`321`	`321`	`{`
`322`	`322`	`"id": "CVE-2025-9230",`
`323`		`- "modified": "2026-04-16T04:40:07.876695Z"`
	`323`	`+ "modified": "2026-05-07T18:29:19.531271Z"`
`324`	`324`	`},`
`325`	`325`	`{`
`326`	`326`	`"id": "CVE-2025-9232",`
Original file line number	Diff line number	Diff line change
`@@ -401,15 +401,15 @@ interactions:`
`401`	`401`	`},`
`402`	`402`	`{`
`403`	`403`	`"id": "GHSA-c4rq-3m3g-8wgx",`
`404`		`- "modified": "2026-05-06T18:31:28.340368Z"`
	`404`	`+ "modified": "2026-05-07T15:59:19.908097Z"`
`405`	`405`	`},`
`406`	`406`	`{`
`407`	`407`	`"id": "GHSA-mrxw-mxhj-p664",`
`408`	`408`	`"modified": "2026-02-04T04:34:58.905946Z"`
`409`	`409`	`},`
`410`	`410`	`{`
`411`	`411`	`"id": "GHSA-v2fc-qm4h-8hqv",`
`412`		`- "modified": "2026-05-06T18:31:19.487042Z"`
	`412`	`+ "modified": "2026-05-07T15:59:19.133488Z"`
`413`	`413`	`},`
`414`	`414`	`{`
`415`	`415`	`"id": "GHSA-vvfq-8hwr-qm4m",`
`@@ -650,11 +650,11 @@ interactions:`
`650`	`650`	`"vulns": [`
`651`	`651`	`{`
`652`	`652`	`"id": "GHSA-7gcm-g887-7qv7",`
`653`		`- "modified": "2026-02-05T16:35:34.839005Z"`
	`653`	`+ "modified": "2026-05-07T15:11:10.704825Z"`
`654`	`654`	`},`
`655`	`655`	`{`
`656`	`656`	`"id": "GHSA-8qvm-5x2c-j2w7",`
`657`		`- "modified": "2026-02-04T03:00:07.684118Z"`
	`657`	`+ "modified": "2026-05-07T15:11:16.613726Z"`
`658`	`658`	`}`
`659`	`659`	`]`
`660`	`660`	`}`