Changelog
0.115.0 (2024-12-19)
📣 Breaking Changes
- renovate-to-sbom: ignore dependencies without a
CurrentVersion
(c3c412f8)
When using the SBOM exported by `renovate-to-sbom` with other tools,
some pieces of data are not useful when they are i.e. a range of
versions.
Instead of this, we can - by default - ignore anything that doesn't have
a resolved `CurrentVersion` as it's likely that the exact version will
not be present.
This is a breaking change as we change the behaviour of the command.
We can introduce a flag to re-enable the functionality, as well as
document the fact that this may cause false positives.
As this is not a breaking change in dependency-management-data itself,
we will not bump `compatible_since`.
🚧 Chores
- update CHANGELOG post-release (24acaa06)
0.114.0 (2024-12-19)
📣 Breaking Changes
- renovate: prioritise
packageName
over depName
(20a77d8b)
When deriving the underlying `package_name` for the Renovate datasource,
we've been using `depName` from the underlying package data exports.
For most cases, this gives us exactly what we want, but in some cases,
this presents a different a different `package_name`, as the `depName`
is generally intended to be for the "pretty" name for a package.
For instance:
{
"depType": "plugin",
"depName": "org.sonarqube",
"packageName": "org.sonarqube:org.sonarqube.gradle.plugin",
"currentValue": "3.3",
"datasource": "maven",
"packageScope": "org.sonarqube",
"currentVersion": "3.3",
"isSingleVersion": true,
"fixedVersion": "3.3"
}
To correct this, we can make sure we now prioritise `packageName`.
This requires a bump of `compatible_since`, as this is a change to the
way that the data is derived, and may incur breakages to existing users'
queries.
🚧 Chores
- update CHANGELOG post-release (f7e6e0f2)
0.113.5 (2024-12-19)
🐞 Bug Fixes
- renovate-to-sbom: correctly pass
outPath
around (76b8fd4f)
🚧 Chores
- update CHANGELOG post-release (5f3ddc86)
0.113.4 (2024-12-13)
🐞 Bug Fixes
- renovate-packagedata-diff: deduplicate additions/deletions (ab92e821)
🚧 Chores
- update CHANGELOG post-release (8ce1f247)
📦 Build
- use larger instances for integration tests and releases (70cb5f56)
0.113.3 (2024-12-10)
🐞 Bug Fixes
- renovate-packagedata-diff: don't partially discard diffs (b2858c8f)
🚧 Chores
- update CHANGELOG post-release (afa2a8aa)
0.113.2 (2024-12-10)
🐞 Bug Fixes
- renovate-packagedata-diff: exit early when
--output json
and notes (d696337b)
🚧 Chores
- update CHANGELOG post-release (74687a6f)
0.113.1 (2024-12-10)
🐞 Bug Fixes
- renovate-packagedata-diff: report all messages as JSON when
--output json
(8351bc05)
🚧 Chores
- renovate-packagedata-diff: initialise all empty slices (7d25441d)
- renovate-packagedata-diff: make schema more strict (6e745261)
- update CHANGELOG post-release (9b93d795)
0.113.0 (2024-12-09)
🎁 Feature
- renovate-packagedata-diff: add a
--output json
flag (20860bc8)
📄 Documentation
- renovate-packagedata-diff: document JSON output (03caef5a)
🚧 Chores
- update CHANGELOG post-release (35e7fcbc)
0.112.0 (2024-12-09)
🎁 Feature
- renovate-packagedata-diff: add
--output html
option (556b0248)
🚧 Chores
- renovate-packagedata-diff: add to gitignore (05bb306d)
- gendoc: add
renovate-packagedata-diff
to gitignore (ce0d5485)
- update CHANGELOG post-release (150473e2)
0.111.1 (2024-12-09)
🐞 Bug Fixes
- deps: update module github.com/spdx/tools-golang to v0.5.5 (bf4a5394)
🚧 Chores
- correct typos (45e6f9cc)
- re-add CHANGELOG (bf39c78d)
- update CHANGELOG post-release (0ddba938)
📦 Build
- renovate-to-sbom: add a pre-built binary (00356a37)
- renovate-packagedata-diff: add a pre-built binary (c0e5cd34)
- ensure we prepend changelog (8f8ba4f3)
0.111.0 (2024-12-08)
🎁 Feature
- renovate-packagedata-diff: create CLI for semantic diffs (fb906bf3)
📄 Documentation
- renovate-packagedata-diff: document how to use
renovate-packagedata-diff
(bcc02738)
🚧 Chores
- renovate: store the
ParsingSource
(89340058)
- renovate: parse the
major
version (b3347918)
- renovate: add a named struct for
packageDataDependency
(73794e08)
- domain: add
RepoKey.Equals
(981e8e39)
- update CHANGELOG post-release (6e89d7e7)
0.110.2 (2024-11-29)
🐞 Bug Fixes
- telemetry: correctly retrieve telemetry from failing commands (617509ce)
🚧 Chores
- use
RunE
for all commands (1c05e30c)
- use
errgroup
not cobra.CheckErr
in a Goroutine (a7e3e137)
- update CHANGELOG post-release (66b67ecd)
0.110.1 (2024-11-21)
🐞 Bug Fixes
- telemetry: ensure
span.End
is called where appropriate (720f8555)
🔀 Code Refactoring
- telemetry: pre-wrap commands in Spans (af88ce1d)
🚧 Chores
- update CHANGELOG post-release (d0d39b63)
0.110.0 (2024-11-18)
🎁 Feature
- telemetry: add
telemetry
subcommand (cce15d6a)
🐞 Bug Fixes
- correctly trigger pre-flight checks (b3fa5218)
- contrib: add required
--db
parameter to contrib sync
(adf93452)
- telemetry: explicit batch timeout (85b08181)
📄 Documentation
- telemetry: add overview + cookbook for telemetry (44163127)
- add CHANGELOG to the docs site (96efc3de)
🔀 Code Refactoring
- telemetry: rename
advisories.source
(3ad37bef)
- telemetry: use
autoexport
(7bc52857)
- telemetry: pre-wrap commands in Spans (9374d156)
- renovate: ensure context propagation when parsing (e12d4fdb)
- aws: ensure context propagation when parsing (ac594e8f)
- securityscorecards: ensure context propagation (e4495dd1)
- contrib: use a consistent
http.Client
for GitLab (2ae46663)
- endoflifedate: instrument advisories (4bc0d631)
- depsdev: ensure context propagation (a773dbc1)
- don't use
retryablehttp
(45c605de)
- telemetry: pass around
context.Context
(017f0ff4)
🚧 Chores
- telemetry: instrument pre-flight checks (09e9fcf2)
- securityscorecards: instrument calls (df128c89)
- componentmetadata: instrument importing of data (511f9ec7)
- externaldata: instrument importing license data (63a9fc95)
- sbom: instrument parsing + importing (25fef60e)
- dependabot: instrument parsing + importing (41bc962f)
- renovate: instrument parsing + importing (82f14cd3)
- telemetry: instrument
import bulk
(ab116102)
- aws: instrument imports for AWS-based data (abe842bc)
- policies: instrument generation (c04550da)
- depsdev: instrument generation of "missing data" (581efaa9)
- libyear: instrument generation (aa02a433)
- dependency health: instrument advisories (1fa5eaef)
- aws: instrument all AWS-based advisories (b38a0e2c)
- advisory: instrument inbuilt advisories (894251be)
- advisory: instrument inbuilt advisories (ba3f92d3)
- contrib: instrument advisories (d87b85b3)
- depsdev: instrument advisories (0f50142c)
- telemetry: automagically instrument HTTP clients (8b30f143)
- telemetry: automagically instrument SQLite (311e5fab)
- telemetry: add instrumentation for
import renovate
(75148b85)
- telemetry: wrap each (sub)command in a span (102ba927)
- deps: bump digest of
golang:1.22-alpine
(4623ea11)
- correct CHANGELOG (f180d6a1)
- update CHANGELOG post-release (f36c33fa)
📦 Build
- correctly prepend CHANGELOG (ce37d865)
0.109.0 (2024-11-12)
🎁 Feature
- advisories: add Renovate EOL parser for Gradle (8935f34e)
- endoflifedate: add
is_supported
and is_eol
columns (fe95db93)
📄 Documentation
- advisories: document Gradle EOL checking (e0979c46)
🚧 Chores
- backfill
CHANGELOG.md
(c327900c)
📦 Build
- automagically build the CHANGELOG.md (dd9fa13c)
0.108.0 (2024-10-30)
📣 Breaking Changes
- dependency-health: reduce concurrent calls to Ecosystems (b45f692c)
I've noticed that in some cases we're seeing HTTP 403s from Ecosystems,
which could be due to the sheer amount of traffic we're sending.
We should significantly reduce this number to avoid the risks of rate
limiting.
This is breaking, as it does introduce a significant increase in
processing time, albeit a very reasonable change to introduce.
Related to #459.
0.107.0 (2024-10-28)
🎁 Feature
- renovate: allow providing
--platform
for debug logs/report (83a72360)
- renovate: add support for Renovate Reports (1ef913bf)
📄 Documentation
- renovate: add Report documentation (85987100)
- sboms: correctly reference
--db
parameter (ff60ddb6)
🎨 Styles
- renovate-to-sbom: don't use global variable (3663be87)
0.106.1 (2024-10-19)
🐞 Bug Fixes
- ensure that long lines can be scrolled (88b38966)
📦 Build
- move to a sub-module for
tools.go
(b683862d)
0.106.0 (2024-09-03)
🎁 Feature
- reports: add a query for Hacktoberfest participation (7442622c)
0.105.0 (2024-09-01)
🎁 Feature
- dependency health: store repo URLs (d4523937)
0.104.2 (2024-08-31)
🐞 Bug Fixes
- deps: update opa (ffb7054f)
📄 Documentation
- policies: remove "messy" rules (941f1846)
- policies: correct example (bfe43daa)
- policies: align Bytedance example with example project (1cfe0a5f)
- policies: run
regal fix
(2e4256ea)
- policies: move examples to
.rego
files (ef75b88b)
🎨 Styles
- policies: run
regal fix
(2e97f42c)
📦 Build
- skip Mermaid in checklinks validation (82afb8f2)
0.104.1 (2024-08-25)
🐞 Bug Fixes
- policies: correct ordering of arguments (f66839c6)
0.104.0 (2024-08-24)
🎁 Feature
- policies: add
endoflifedate_
functions for retrieval of dates (82f725e4)
- policies: allow storing
supported_until
and eol_from
(bbdafbe5)
📄 Documentation
- policies: note the new
endoflifedate_
functions for date retrieval (7a6f32f7)
0.103.0 (2024-07-28)
🎁 Feature
- advisories: surface Git-based NPM dependencies (406f1d1e)
0.102.0 (2024-07-27)
🎁 Feature
- policies: add builtins for interacting with EndOfLife.date (c2a54797)
- policies: allow pre-filtering data via comment directives (f110e8fc)
- policies: add a
--no-progress
(45cab3e0)
- policies: indicate when no policies (needed to be) written (5ef304ce)
- policies: output a progress bar for persisting data (d03aad48)
🐞 Bug Fixes
- policies: correctly filter
report policy-violations
(dca45b63)
- advisories: only fetch required data for policies (015feb72)
- sboms: add an index for looking up package metadata (654bfc99)
- renovate: add an index for looking up package metadata (8be30c97)
- allow concurrent read/write to the database (41fb7c8e)
📄 Documentation
- examples: update
generatePolicyViolations
(c54019ee)
- examples: update
evaluatePolicy
(750c60aa)
- policies: document how to use
endoflifedate_
functionality (3b0df20e)
- policies: document new pre-filtering behaviour (e0c8314c)
🔀 Code Refactoring
- policies: only prepare a single
Module
argument (0097570b)
🚧 Chores
- policies: log when missing Filter directives (7ea66c59)
- endoflifedate: add a
Checker
(34c23083)
- don't allow query parameters in database path (88fbfbde)
📦 Build
- remove extra
v
(462e4b3e)
0.101.0 (2024-07-14)
🎁 Feature
- rego: ensure we surface builtin errors (556e09ed)
- opa: use a cache for inter-query performance (b74a8066)
📄 Documentation
- advisory: use official docs link (b8d9a86c)
📦 Build
- announce releases to Mastodon (66255c09)
0.100.6 (2024-07-11)
🐞 Bug Fixes
- don't run preflight checks multiple times (d14b732c)
- renovate: import dependencies as we parse them (53fc5226)
📄 Documentation
- examples: update
initAndImport
(d53ee7a0)
🚧 Chores
- deps: pin golang docker tag to 8c9183f (5b4e6450)
🔁 CI
- downgrade
footer-max-line-length
to warning (79eae44c)
0.100.5 (2024-07-08)
🐞 Bug Fixes
- deps: update module github.com/xanzy/go-gitlab to v0.106.0 (38ccfb56)
0.100.4 (2024-07-08)
🐞 Bug Fixes
- deps: update module github.com/charmbracelet/log to v0.4.0 (f61742d7)
🚧 Chores
- deps: update goreleaser/goreleaser docker tag to v1.26.2 (e6ce0660)
0.100.3 (2024-07-08)
🐞 Bug Fixes
- deps: update module github.com/jedib0t/go-pretty/v6 to v6.5.9 (5be1f002)
🚧 Chores
- deps: group OPA dependencies (a7d1bc88)
0.100.2 (2024-07-08)
🐞 Bug Fixes
- deps: update module github.com/99designs/gqlgen to v0.17.49 (75d23229)
0.100.1 (2024-07-08)
🐞 Bug Fixes
- deps: update module modernc.org/sqlite to v1.30.1 (7ff998f0)
0.100.0 (2024-07-07)
📣 Breaking Changes
- sbom: remove the requirement for a Repo Key (71b685f9)
As part of #530, we want to make it possible to consume SBOMs without a
Repo Key, for instance if you've been provided an SBOM from a vendor, or
you're scanning a container image, which doesn't _necessarily_
correspond directly to a repository.
This performs a significant breakage, removing the Repo Key fields from
the `sboms` table, and instead requiring that the metadata be instead
stored in the `component_metadata` table and JOIN'd on the
`component_name` column.
This is a significant breaking change, so we mark this as a breaking
change, as well as bumping `compatible_since`.
This also:
- introduces a `path`, which provides a step towards #408 and better
monorepo support
- involves fixing /a lot/ of queries that made assumptions about Repo
Keys
- flags a number of places that will need to be improved in the future
when we want to query for non-Repo Key results i.e. in advisories or
other reports
- make it optional in `component_metadata`
- make it optional in `import sbom`
- introduce a better UX for Repo Key validation now it's optional when
importing
- amending DB docs that reference the now-nonexistent `sboms.platform`
(etc)
- making sure we pass through `sql.NullString`'s underlying `String` to
`table.Row`s, otherwise we receive i.e. `{Example true}` which isn't
helpful
- prioritise `component_metadata` over `owners` lookups, as the
Component may have an owner but not a Repo Key (i.e. if it's vendor
owned, or a Docker image)
- introduce a helper for UPSERTing, as it requires we check the row is
already there (or so I think, I aimed to avoid #549)
Closes #530.
🎁 Feature
- sbom: allow providing vendor info on import (d6769678)
- sbom: allow marking SBOMs as vendor-sourced (f412b3b4)
- component: introduce Component metadata table (82db9b24)
- sbom: add
--component-name
override (f1133e13)
- sbom: add a
component_name
field (751be5e0)
- component: add a
domain.Component
type (169645d3)
📄 Documentation
- sbom: update Getting Started guide (03d27aa2)
- examples: add more SBOM examples (18930005)
- component: add a concept page (3c0642cc)
🚧 Chores
- domain: add a
Valid
method (0ad35680)
- db: return better error on
db init
failures (aea721ad)
🔁 CI
- downgrade
body-max-line-length
to warning (b87c5a88)
- reformat
commitlint.config.js
(bc3c15e4)
0.99.0 (2024-07-02)
🎁 Feature
- depsdev: generate advisories for deprecated packages (8ea67b55)
- advisories: remove unnecessary
case
statement (6f8c1860)
- advisories: remove unnecessary lookup for ownership (6616b3a2)
📄 Documentation
- depsdev: correct description of
update_at
field (033db657)
🚧 Chores
- renovate: query for
package_type
for distinct packages (5dc62c09)
0.98.1 (2024-06-30)
🐞 Bug Fixes
- web: link to
sql-studio
in header, if enabled (4fca43ac)
0.98.0 (2024-06-28)
🎁 Feature
- web: allow using
sql-studio
as DB browser (e7e9c60d)
🚧 Chores
- web: capitalise the
D
in Datasette (684e5f53)
0.97.1 (2024-06-14)
🐞 Bug Fixes
- deps: update module github.com/sqlc-dev/sqlc to v1.26.0 (49b94f06)
0.97.0 (2024-06-14)
🎁 Feature
- web: add a
--no-datasette
flag (cda83824)
- web: implement a pure Go SQL browser (4941c970)
📄 Documentation
- web: document the inbuilt SQL browser (3426855c)
🚧 Chores
- web: log when we hit the Datasette fallback (dc2f6590)
- web: add debug logging for executed queries (ca7fadc2)
- web: allow debug logging (0165c5bf)
- web: create a central
db.Open
method (360c6517)
0.96.0 (2024-06-05)
🎁 Feature
- renovate: parse digest information (73963832)
🐞 Bug Fixes
- renovate: set
digest
as versions if no version found (2c670b45)
🚧 Chores
- deps: bump
oapi-codegen
(c3712e24)
0.95.0 (2024-05-14)
📣 Breaking Changes
- graphql: add pagination for
advisories
data (30471442)
Right now, we're returning all the results of a given repository's
advisories, which can be extremely large if targeting a monorepo, or
just a repo with a lot of dependencies.
To prevent potentially retrieving and then sending hundreds or thousands
of results to the caller, we can instead set up pagination.
This uses offset-based pagination, but with an encoded cursor, mentioned
in [0] and seen across other APIs. We use offset-based pagination as we
don't have a stable identifier for a given row, and so it's easier to
think of it in terms of an offset.
To do so, we need to change the structure of our GraphQL response, which
allows us to surface pagination information.
We can also add an explicit `pageSize` limit in our schema, so it's
clearer to the user what the default behavior is.
However, this is a breaking change as we're changing the structure of
the GraphQL response, which needs to be flagged appropriately with a
`compatible_since` bump.
This requires that we use a named variable for sqlc for `limit` and
`offset`, otherwise we get errors such as:
missing argument with index ...
Due to the rest of the query having numbered indexes generated by sqlc.
Closes #564.
[0]: https://betterprogramming.pub/understanding-the-offset-and-cursor-pagination-8ddc54d10d98
📄 Documentation
- don't show reading time if 0 minutes (271101f1)
- add DMD w/ Dan Lorenc link (db075f2b)
🔀 Code Refactoring
- graphql: eagerly load total fields if needed (0dcbc764)
🚧 Chores
- remove reliance on loopvar semantics (775e4e26)
0.94.3 (2024-04-24)
🐞 Bug Fixes
- build: ensure we set the "short" version for Goreleaser builds (f2f35a98)
- build: prefix Goreleaser version with
v
(a7debc95)
0.94.2 (2024-04-24)
🐞 Bug Fixes
- build: correctly tag versions in built binaries (a57f8ee7)
📄 Documentation
- SQL: correct the header for
sboms_endoflife
(bbad0f69)
🔀 Code Refactoring
- sbom: pass around a
RepoKey
type (511a6ea1)
- domain: don't embed the
RepoKey
struct (905efff7)
- domain: introduce a separate
RepoKey
domain object (d8b9957b)
0.94.1 (2024-04-10)
🐞 Bug Fixes
- compatibility: upgrade
compatible_since
(f25ab912)
0.94.0 (2024-04-09)
📣 Breaking Changes
- scorecards: correctly override Renovate-driven results on import (06075fa0)
As noted in #525, if you have run:
dmd [...] import renovate [...]
dmd [...] db generate dependency-health
You will receive a single entry per dependency in `dependency_health`
i.e.:
github.com/google/uuid gomod 5.012345678903459 # stale
Then, if you were to manually scan the repo with `scorecard` and import
that data in with:
dmd [...] import scorecard [...]
This then results in multiple entries in `dependency_health` i.e.:
github.com/google/uuid gomod 5.012345678903459 # stale
github.com/google/uuid golang 7.099999904632568 # newer
Then, when looking at the advisories that are present, or `JOIN`ing the
tables, we will receive the stale data.
To fix this, we can instead store, and solely use, the `package_type`,
which we've derived. This was already what we were doing, just without
the intermediate step of storing the `package_type` in the database.
One area this could cause concern is if the version of `dmd` used to
create the database + import data is different to the version then used
to generate dependency health / to import the scorecards, and there may
be a difference between the derived data in the database. However, this
is fairly non-standard.
This is a breaking change due to the definition in
https://dmd.tanna.dev/concepts/compatible-since/:
> Renaming of a column
In which we've renamed the `package_manager` to `package_type`, so need
to appropriately note that this is a breaking change.
Closes #525, and a step towards #446.
📄 Documentation
- compatibility: add more options for breaking table changes (81582e5c)
0.93.1 (2024-04-09)
🐞 Bug Fixes
- compatibility: downgrade
compatible_since
(d2b097ad)
0.93.0 (2024-04-09)
🎁 Feature
- renovate: derive
package_type
and package_url
on imports (1bda10f0)
📄 Documentation
- compatibility: downgrade breaking change for datasources (99b8d2ba)
0.92.0 (2024-04-08)
📣 Breaking Changes
- sbom: add
package_url
on imports (ccb812f4)
When importing SBOMs, we consume the Package URL (pURL) and take the
parts of it that we want to keep, but then throw away the rest.
Instead of doing this, we should make it available in the database,
where it can then be retrieved and further processed.
This allows us to take more complex pURLs like:
pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.6
pkg:deb/debian/login@1:4.8.1-1?arch=arm64
And then we're able to perform more complex processing on them.
This is a breaking change due to the definition in
https://dmd.tanna.dev/concepts/compatible-since/:
> Introducing a required column, which doesn't have a default
In which we've added the `package_url` field, so need to appropriately
note that this is a breaking change.
This also requires refactoring the parameter to
`newSBOMDependenciesQuery` as it's no longer getting a full SBOM row, as
we don't query the `package_url`.
Closes #528.
📄 Documentation
- correct version number for
compatible_since
(f19de7d7)
0.91.0 (2024-04-07)
🎁 Feature
- add
IsCompatible
method (adf8fa3e)
- introduce a
compatible_since
field into metadata
table (f67a8cca)
🐞 Bug Fixes
- web: correctly allow turning off GraphQL playground (fe96edf1)
📄 Documentation
- document Compatible Since (a5bd5151)
- markdownify descriptions (bee1aa86)
- related: add
xz
article (63191291)
- remove references to paid options (b158e99c)
🚧 Chores
- use
compatible_since
to perform compatibility validation (825e0739)
- web: add version to logger (e9c566b8)
- remove other reliances on loopvar semantics (a5eff178)
- docs: update Hugo to use Rego syntax (3bece2ea)
0.90.1 (2024-03-21)
🐞 Bug Fixes
- sqlite: use single quotes for DDL (260db714)
📄 Documentation
- cookbook: update to latest recommended ORT Docker image (3bf28c0d)
- renovate-to-sbom: align
--out-format
(99c23f4b)
0.90.0 (2024-03-06)
🎁 Feature
- web: allow outputting logs as JSON (5d530656)
📄 Documentation
- web: document
LOG_FORMAT
(44a7d2bf)
0.89.3 (2024-03-06)
🐞 Bug Fixes
- web: correctly apply
--datasette-extra-args
(72440f49)
0.89.2 (2024-03-06)
🐞 Bug Fixes
- advisories: allow multiple entries for a given level (1661dd68)
0.89.1 (2024-03-05)
🐞 Bug Fixes
- lint: correct ineffectual assignment (9d44d113)
📄 Documentation
- features: add missing reports (020febd1)
🚧 Chores
- lint: address deprecated function calls (9ebe970b)
0.89.0 (2024-02-22)
🎁 Feature
- renovate: support multi-line Renovate debug log file (f3a6c702)
🐞 Bug Fixes
- only check if DB is finalised if it exists (09fc64b3)
📄 Documentation
- renovate: add link to new cookbook (662ce558)
- cookbooks: document how to use Renovate debug log files (f93ffb62)
🚧 Chores
- add pre-flight checks in write commands (6fd3ddb9)
0.88.0 (2024-02-21)
🎁 Feature
- reports: report the number of repos in Funding report (ff0fb719)
📄 Documentation
- examples: update
reportFunding
(2e5d36e6)
0.87.0 (2024-02-20)
🎁 Feature
- graphql: expose
funding
information (c7876224)
- reports: add
report funding
(883cca51)
- add the ability to source funding information from Ecosystems (84c32015)
📄 Documentation
- examples: add a
report funding
demo (ba252784)
🔀 Code Refactoring
- web: move templating into templates (e2d9a563)
🚧 Chores
- remove ability to filter policy violations by
advisoryType
(8dede055)
- report a better message when no libyear data is found (d1a4e388)
0.86.0 (2024-02-20)
📣 Breaking Changes
- remove database anonymisation (858bcfec)
As noted in #470, the anonymisation feature may have been useful, but
has not been used.
Although we could keep the feature in, it is regularly _not_ being
implemented when new repositories are being created, so a user expecting
the feature to be available will be lulled into a false sense of
security.
Instead, we should remove the feature.
In `repositorymetadata` we need to still retain a single query, as
`sqlc` requires at least one query per schema.
Closes #470, #471, #306, #283, #274, #221, #165.
📄 Documentation
- add OpenSSF Best Practices badge (d8c1a1a7)
0.85.0 (2024-02-19)
📣 Breaking Changes
- policies: remove
policy_violations
table (d0d62380)
We first introduced `policy_violations` as a means to store data for the
Policy evaluations, and at the time we took the opportunity to include
more data in the table than was present previously.
Over time, we've seen that the new `advisories` (which replaced
`custom_advisories`) table is necessary to follow the same shape of
data, including pulling in data from each of the tables to provide a
single view of all advisories.
However, since we've made `advisories` use the same shape of data, it's
unreasonable to have both tables, when there's no purpose and it leads
to confusion.
As part of this, we can also close off some subtle implementation bugs
that were due to the complexity of the two tables having a fair bit of
overlap.
This was largely due to the way that we were allowed to use non-`POLICY`
advisory types, so lookups across tables were a little awkward.
Closes #452, #298, #400, #340.
0.84.0 (2024-02-19)
🎁 Feature
- add ability to
import scorecard
for Security Scorecards (4b7eae1c)
📄 Documentation
- cookbook: add a cookbook for
import scorecard
(0c62b336)
- add comment character to example (882f46ea)
0.83.0 (2024-02-16)
🎁 Feature
- web: show
finalised_at
date if present (4abeff53)
- log an error when trying to modify a finalised DB (da66c404)
- graphql: add support for querying
finalisedAt
(5cbd7529)
- add
finalised_at
metadata (a62ceecd)
- add ability to list the DB metadata on the CLI (f2ec4df3)
- web: don't re-fetch database metadata (ca647120)
📄 Documentation
- demos: wire in demo for
metadata
(6e29791b)
- demos: add demo for
metadata
(c86477cc)
- cookbooks: add reference to
dmd db meta finalise
(c19302a3)
- sql: document
metadata
table (8c32b198)
- add SOOC24 talk (ad1a32a0)
- features: revamp /features/ page (df1bd299)
- warn users of the performance issues Ecosystems interactions may see (be914a3b)
- commands: correctly render examples (513aeb6f)
- add dependency health blog post to /related/ (77f5469b)
- link to Case Studies from /features/ (1bf31509)
🔀 Code Refactoring
- add
openDatabaseForWrite
(199a682f)
- warn when no
dmd_version
found in pre-flight checks (48b66236)
- tweak implementation of
GetMetadata
(90f36917)
🚧 Chores
- fix
copylocks
linting violation (0e51e6a0)
- remove incorrect comment (0e9813e9)
📦 Build
- run
commitlint
alongside integration
(dcf9e40a)
- update + semantically pin
hooks-goreleaser
(5f3d704f)
0.82.2 (2024-02-08)
🐞 Bug Fixes
- increase maximum concurrency for Libyear generation (109c0070)
0.82.1 (2024-02-08)
🐞 Bug Fixes
- correct to
generate libyear
(3d2b501e)
0.82.0 (2024-02-08)
🎁 Feature
- graphql: add support for querying a repository's Libyears (9863e5c4)
- web: add report for Libyears (78c4367f)
- reports: add report for Libyears (28aee919)
- add support for generating Libyears (073114b6)
🐞 Bug Fixes
- correctly use transactions for Dependency Health (2bae2b72)
📄 Documentation
- demos: record
reportLibyear
(d1329358)
- demos: add
reportLibyear
(e0b2112c)
🔀 Code Refactoring
- extract
baseURL
to a shared constant (2a337c7b)
🚧 Chores
- add
getRegistryPackageVersion
for Ecosystems (ce6cbdb2)
- update ecosystems OpenAPI spec (f782b81e)
- web: fix rendering of Liberation Mono (Bold) (08e31524)
📦 Build
- allow Go toolchain downloads in CI (f4dd4988)
0.81.0 (2024-02-08)
📣 Breaking Changes
- require to Go 1.22 (1dafa890)
This is a breaking change as consumers who are pinning their versions of
Go will break.
📄 Documentation
- link to
dmd
CLI not README (e810a985)
- point to new talk writeup (5a0d4808)
🚧 Chores
- remove reliance on loopvar semantics (5a922253)
0.80.2 (2024-02-05)
🐞 Bug Fixes
- web: correctly filter reports by querystring (a971e0a5)
📄 Documentation
- update project description in README (74181cc4)
- make sure that pages under /commands/ have a middle breadcrumb (f6ec7fd7)
- fix rendering of Liberation Mono (Bold) (24d6c9e3)
🚧 Chores
- deps: pin dependencies (f124e596)
0.80.1 (2024-02-01)
🐞 Bug Fixes
- increment tracker on persisting (c72b6b62)
0.80.0 (2024-02-01)
📣 Breaking Changes
- web: require query parameter to load all data from reports (5cd68030)
As noted in #387, the advisories and policy violations reports are
likely to load a very large number of rows.
Instead of loading them by default, we can instead require a querystring
parameter to enforce this.
This allows us to still render the pages with all the data - at our own
risk - but the default nudges towards limiting this down.
This is a breaking change due to the expectation that a bookmarked URL
would still result in the same data.
Closes #387.
- move infrastructure advisories to their own report (377cccf0)
As noted in #199, it isn't the best experience if you don't have any (AWS)
infrastructure imported, and can be confusing.
This should be done for both the web and CLI reports.
This is a breaking change due to moving of data from where it was
previously expected.
Closes #199.
🎁 Feature
- web: add a filtering form to policy violations (3bf34c64)
- web: add a filtering form to advisories (56ce9c1f)
🐞 Bug Fixes
- web: show "you're filtering" when valid querystrings are provided (92bef416)
📄 Documentation
- add demo for
reportInfrastructureAdvisories
(97a20d32)
- add some related (external) projects (9937be34)
- tweak secondary tagline (2e9abad1)
- case study: how to look at different routers/frameworks (99f69e43)
- add breadcrumb navigation (a8b48750)
- reformat HTML (5ea22611)
🚧 Chores
📦 Build
- netlify: correctly set up environment variables (d46e6061)
0.79.0 (2024-01-31)
🎁 Feature
- add
import bulk
subcommand (a2d6b943)
📄 Documentation
- demos: update
initAndImport
recording (b75187f7)
- demos: add demo for
import bulk
(6a04afe4)
- SBOMs: add information on how to use
import bulk
(7308b2d7)
- sql: add notes about Repo Key (9cd6fafa)
- add the Repo Key concept (f0173d0a)
0.78.0 (2024-01-30)
🎁 Feature
- detect Jenkins plugins as
maven
pURLs (691ca7a9)
- add ability to modify derived Renovate pURLs (e21ef23b)
- detect Docker images in GitLab CI as pURL type
docker
(374bf055)
- detect Clojure pURL type as
clojars
(819853e9)
0.77.0 (2024-01-30)
🎁 Feature
- detect Gradle pURL type as
maven
(cc1a07ee)
📄 Documentation
- correct log message (d3e90a47)
- add WIP to /features/ (2a04336f)
0.76.0 (2024-01-27)
🎁 Feature
- OPA: add
dependency_health
data to OPA (4ede6a71)
- graphql: add support for
DependencyHealth
data (ac297797)
- generate advisories from
dependency_health
data (0efee5c2)
- add ability to source data into
dependency_health
(0d842053)
📄 Documentation
- OPA: add input data for
dependency_health
(15c22878)
- correct command invocation (637d5e1a)
🔀 Code Refactoring
- move
ToPurl
to renovate
package (5b5f83a0)
🚧 Chores
- deps: update oapi-codegen (c7084db8)
0.75.2 (2024-01-26)
🐞 Bug Fixes
- perf: manually construct
ast.Value
s for Rego (cdbf3c93)
- revert introduction of cache for policy evaluations (3decd0b6)
- introduce cache for policy evaluations (30e45569)
- don't re-query for policy evaluation inputs (28490b9c)
- construct all Rego queries up-front (654ebd5e)
📄 Documentation
- correct where
missing-data
generates from (33958fb6)
- remove outdated reference to osv.dev (839890fe)
- typo (851a4884)
🔀 Code Refactoring
- remove unnecessary logging (1f6742b0)
🚧 Chores
- add sharing metadata (a0903b28)
- add DMD logo + icons (dc444421)
0.75.1 (2024-01-23)
🐞 Bug Fixes
- use Liberation Mono as font (b8fef45a)
📦 Build
- remove extra newlines in Slack release notes output (bbd4086d)
- ensure we
go install
all tools in CI (bcb2d779)
0.75.0 (2024-01-22)
🎁 Feature
- allow marking custom advisories'
level
(5b209e75)
📄 Documentation
- case study: add OPA example for Log4shell (073fba46)
- case study: remove non-Log4shell version number (2fe5867f)
- remove unnecessary
tmp/
(3c63cbec)
- correct visibility (e3511c51)
- align indentation for versions (3f03a581)
- case study: rename file (eb763a29)
0.74.0 (2024-01-21)
🎁 Feature
- reports: show package (current) version in
dependenton
(4645f49c)
📄 Documentation
- case study: add Log4Shell (0327fbe6)
- correct placement of Getting Started (SBOM) link (5f3bf9d4)
- improve the "where can I learn more?" on / (042f91a2)
- case study: add Case Studies to the home page (a56d1fca)
- reformat long lines (abd67e23)
- case study: add example of seeing
oapi-codegen
version distribution (f8dc7d61)
- case study: add Docker examples (163ebb76)
- case study: add Gorilla Toolkit example (7a9b9f24)
- case study: add Deliveroo Kafka example (3fcdc11e)
- case study: add Case Studies content type (764434d2)
- remove deprecated builtins from OPA examples (db1bb0db)
0.73.0 (2024-01-18)
📣 Breaking Changes
- remove Dependabot tables (23d8fb1f)
The Dependabot-specific tables have been deprecated for some time, so we
should remove them to clean things up.
This could be a breaking change for anyone still relying on them, but
there's been no data imported into these tables since before v0.38.0, so
I'd be surprised if it did break anything.
Closes #168.
📄 Documentation
- examples: update
reportDependenton
(6392ee21)
- examples: update
generatePolicyViolations
(3fbb4212)
- examples: update
evaluatePolicy
(e26eb6a0)
- examples: update
reportLicenses
(fbd1adb4)
- examples: update
reportAdvisories
(ce58f342)
- examples: update
generateAdvisoryAndList
(56fd680c)
- examples: update
mostPopularPackageManagers
(aa718a58)
- examples: update
mostPopularDockerImages
(0d1926dc)
- examples: update
reportGolangCILint
(f6818ab5)
- examples: update
setOwners
(967f4df8)
- examples: update
initAndImport
(21512894)
🔀 Code Refactoring
- examples: rename
generateAdvisory
(2782cbe7)
🚧 Chores
- examples: add steps to add GDS ownership (0dd74089)
📦 Build
- remove erroneous quote sign (6c4cef00)
0.72.0 (2024-01-18)
📣 Breaking Changes
- remove
osvdev
data (55d4572b)
It's been deprecated officially for a week or so, but hasn't been
actually wired into Advisories, as we've had deps.dev's data which is
superior.
By removing this, we'll also hopefully reduce the time it takes folks to
build their databases, as osv.dev lookups were fairly slow.
📄 Documentation
- make
RG_INCLUDE_UPDATES
recommended, not optional (1bffc274)
- note when table deprecation isn't first table (b540e639)
📦 Build
- announce when breaking changes are introduced (c11fe129)
0.71.1 (2024-01-17)
🐞 Bug Fixes
- deps: update module github.com/styrainc/regal to v0.15.0 (877d643c)
- deps: update module github.com/99designs/gqlgen to v0.17.42 (c5225893)
- deps: update module github.com/oapi-codegen/runtime to v1.1.1 (68fb7a55)
- deps: update module github.com/jedib0t/go-pretty/v6 to v6.5.3 (3d0d37d5)
- deps: update module github.com/open-policy-agent/opa to v0.60.0 (a7c1de36)
- deps: update module golang.org/x/sync to v0.6.0 (5a2b5a25)
- deps: update module github.com/google/uuid to v1.5.0 (09bd7ea0)
🚧 Chores
- deps: update goreleaser/goreleaser docker tag to v1.23.0 (25ffaa13)
📦 Build
- make sure we pull the given commit for
go install ...@HEAD
(eb959b78)
- add Slack announcements on releases (3403a4ae)
- ensure that
renovate-to-sbom
installs correctly (811ad8d2)
- ensure that
dmd-graph
installs correctly (29e6b17a)
0.71.0 (2024-01-16)
📣 Breaking Changes
- rename
advisories
to custom_advisories
(fe328384)
BREAKING CHANGE:
For some time, I've regretted the naming choice, as it can be a little
confusing because the `advisories` table doesn't include all the
advisories present in the dependency trees.
This now makes it more explicit by using the new name
`custom_advisories`.
🎁 Feature
- add
advisories
table for all advisories data (fe4efc69)
📄 Documentation
- note that the
policy_violations
table is self-sufficient (f55b7472)
- add linebreak between
NOTE
and text (3a53dc45)
🔀 Code Refactoring
- remove unused type (6c1066de)
0.70.0 (2024-01-16)
📣 Breaking Changes
- use
UNMAINTAINED
for unsupported dependencies (decfc404)
This has been accidentally misaligned for some time, and will cause some
confusion when querying the data.
To keep this more consistent, we should make sure we return a known
`advisory_type`.
📄 Documentation
- graphql: correct documentation for field (a77e1010)
- remove trailing spacing after database schemas (c9c8d19a)
0.69.0 (2024-01-16)
🎁 Feature
- renovate-to-sbom: map pURL type for
bun
(aa796b03)
- renovate-to-sbom: map pURL type for Python managers (abfa47f5)
- renovate-to-sbom: map pURL type for
sbt
(92731fa3)
- renovate-to-sbom: map pURL type for
helm
datasource (6fae909f)
- renovate-to-sbom: map pURL type for
bundler
(64bfc9e8)
- renovate-to-sbom: map pURL type for
dockerfile
and docker-compose
(8df6d3ab)
- renovate-to-sbom: map pURL type for
hex
and mix
(6bf2d680)
0.68.0 (2024-01-16)
🎁 Feature
- renovate-to-sbom: add
only-include-known-purl-types
flag (8851d651)
📄 Documentation
- remove trailing spacing after examples (fc576ad1)
- renovate-to-sbom: use
Example
for command documentation (2240cdec)
- OPA: link to
policies.EvaluationInput
(0a3cd5e2)
0.67.1 (2024-01-15)
🐞 Bug Fixes
- deps: update module golang.org/x/crypto to v0.18.0 (78018c73)
0.67.0 (2024-01-12)
🎁 Feature
- OPA: expose Repository Metadata in policies (5ea741ee)
- graphql: expose
RepositoryMetadata
in GraphQL (83b899a7)
- datasource: add ability to track repository metadata (75587a70)
🐞 Bug Fixes
- OPA: correctly set
DepTypes
on policy input (c4754d70)
📄 Documentation
- update
evaluatePolicy
(4b670340)
- OPA: add docs around using repository metadata (55d3d5c4)
- OPA: add missing
licenses
to example inputs (a908539a)
- sql: correct
owners
SQL docs (091ef808)
0.66.0 (2024-01-09)
📣 Breaking Changes
- graphql: make
owner
an object (35c8e0c5)
To allow for us to make it possible to expose both the owner's name and
notes, we should refactor this into an `Owner` object, rather than a
plain string.
This requires a bit of wiring in for the different queries that use the
field, as well as making sure it gets resolved.
0.65.2 (2024-01-08)
🐞 Bug Fixes
- web: add initial-scale (6ef1f451)
📄 Documentation
- policies: add in-depth documentation for
EvaluationInput
(30b455f8)
- graphql: correct description for field (92237085)
- graphql: add in-depth documentation for GraphQL (065aa38e)
- sql: add missing ends of sentences (81699e4e)
- graphql: line-wrap long GraphQL docs lines (2fe52729)
- add initial-scale (7553a3ed)
- correct case for broken link (5da9f9f8)
- note that you can still
inner join
(658c25e7)
- sql: add initial "understanding the data model" cookbook (d159d9fb)
- move to magenta for emphasis colour (681ef310)
- remove TODO note (660a724e)
- sql: indicate that the /schema/ page may not match yours (87e76d98)
- add design decisions (b3442626)
- finish sentence (a1db791f)
🔀 Code Refactoring
- extract an
EvaluationInput
type (9f02db4b)
🚧 Chores
- web: move to magenta for emphasis colour (7ce401d0)
- don't break long line (ca1906b5)
0.65.1 (2024-01-04)
🐞 Bug Fixes
- sql: remove accidentally duplicated
policy_violations
table definition (4f57344b)
📄 Documentation
- sql: add significant documentation to database tables (d009d11f)
- sql: deprecate
dependabot_endoflife
(facad645)
- sql: deprecate osv.dev tables (76d3bb45)
- sql: only generate schema docs from
internal
(2a05d022)
- sql: correct table name for Dependabot replacement (c503f757)
- add
package data
header to datasources page (279daa95)
- concepts: link to internal docs for custom Advisories (28c2f29e)
- add deprecation warning to /schemas/ (390a9cbd)
📦 Build
- force coloured output for diffs (07a5d28f)
- add
dmd-graph
to release builds (991fad90)
0.65.0 (2023-12-22)
🎁 Feature
- reports: treat
_
as library
(5de4c989)
- reports: implement
golangCILint
for SBOMs (0e4d136d)
- reports: implement
mostPopularDockerImages
for SBOMs (d33b45fe)
- reports: implement
mostPopularPackageManagers
for SBOMs (c57dd309)
📄 Documentation
- update
reportGolangCILint
demo (fe9950ab)
- update
mostPopularPackageManagers
demo (95019818)
- update
mostPopularDockerImages
demo (95348901)
0.64.1 (2023-12-22)
🐞 Bug Fixes
- retract v1.0.0 (ac95e509)
📦 Build
- allow initial development version (159ca6fe)
- remove
goreleaser
snapshots (9c49f932)
- migrate to semantic-release (f0f4cab0)
v0.64.0 (2023-12-22)
- c3c4229 Add a page for /commands/
- 99d5d96 Add categorisation for cookbooks
- b45926b Add explanation for flags in
import sbom
- 7538887 Add more context to
owners set
- a331b4e Add redirects for
/cmd/*
- a4accde Build the
gendoc
command correctly
- f2e5d28 Complete documentation for
db anonymise --orgs
- 03a7578 Document flags that were missing a
usage
- aaa63ee Generate custom CLI documentation
- dc5b271 Merge branch 'chore/redirects' into 'main'
- da62b39 Merge branch 'docs/categorise' into 'main'
- 350b3bb Merge branch 'feature/gendoc' into 'main'
- aa2cece Merge branch 'feature/report-registries' into 'main'
- 56f8bfc Merge branch 'feature/srcery' into 'main'
- a514710 Migrate to srcery colour scheme
- a00b178 Reformat CSS
- cd258d3 Remove unnecessary full stop
- 9ad0d2c Report most popular registries in
mostPopularDockerImages
- 148ea74 Revert "Migrate to GitLab-backed changelog generation"
- 32e7b5a Update
mostPopularDockerImages
demo
- 5152fc5 Use
Example
properly for CLI documentation
v0.63.1 (2023-12-19)
v0.63.0 (2023-12-17)
- 95e474b Add Webmention support
- 7a5e24d Add
rel=me
email link
- 2d1b67f Add link to SBOM getting started on /
- 1d5cf7f Add missing
<p>
tag
- b26cd5b Merge branch 'renovate/github.com-99designs-gqlgen-0.x' into 'main'
- 405810c Merge branch 'renovate/github.com-charmbracelet-log-0.x' into 'main'
- 93a7c8c Merge branch 'renovate/github.com-cyclonedx-cyclonedx-go-0.x' into 'main'
- f55aa08 Merge branch 'renovate/github.com-hashicorp-go-retryablehttp-0.x' into 'main'
- c1ff070 Merge branch 'renovate/github.com-jedib0t-go-pretty-v6-6.x' into 'main'
- 3aa7d15 Merge branch 'renovate/github.com-oapi-codegen-runtime-1.x' into 'main'
- 03d9a9a Merge branch 'renovate/github.com-package-url-packageurl-go-0.x' into 'main'
- 2912800 Merge branch 'renovate/github.com-xanzy-go-gitlab-0.x' into 'main'
- 1674c74 Merge branch 'renovate/golang.org-x-sync-0.x' into 'main'
- ff72868 Merge branch 'renovate/goreleaser-goreleaser-1.x' into 'main'
- bcc0b95 Merge branch 'renovate/modernc.org-sqlite-1.x' into 'main'
- 0316b27 Update goreleaser/goreleaser Docker tag to v1.22.1
- 460c801 Update module github.com/99designs/gqlgen to v0.17.41
- cd75f9c Update module github.com/CycloneDX/cyclonedx-go to v0.8.0
- 2c4e94b Update module github.com/charmbracelet/log to v0.3.1
- 49aa97a Update module github.com/hashicorp/go-retryablehttp to v0.7.5
- 4fa906a Update module github.com/jedib0t/go-pretty/v6 to v6.4.9
- a5ceb08 Update module github.com/oapi-codegen/runtime to v1.1.0
- 313461e Update module github.com/package-url/packageurl-go to v0.1.2
- b6461bb Update module github.com/xanzy/go-gitlab to v0.95.2
- 138c95b Update module golang.org/x/sync to v0.5.0
- e1afe43 Update module modernc.org/sqlite to v1.28.0
- c10132d fixup! Add Webmention support
v0.62.0 (2023-12-11)
- 1492f03 Default
advisory_type
to POLICY
if not specified
- 90d5d0a Fix: Allow multiple policy violations per dependency
- f489637 Merge branch 'chore/default-policy' into 'main'
- 62d01ef Merge branch 'defect/multi-violation' into 'main'
v0.61.0 (2023-12-07)
- 5f2e647 Add
dmd-graph
to gendoc
- 400b139 Add a
dependenton
report
- 9726416 Add core GraphQL schema types
- 7abcbd7 Add demo for
report dependenton
- 45f29c3 Add policy to advisory summary output
- 6f36e7a Add recording for
reportDependenton
- 74f1b05 Bootstrap GraphQL endpoint
- a1130e1 Bump Regal
- e882861 Implement
dependentOn
query
- da588b2 Implement
repositoriesIn
query
- 7a755bc Implement
repositoriesLike
query
- 245d7a6 Implement
repository
query
- 0c6b2ae Merge branch 'defect/summary-pol' into 'main'
- 1857f7c Merge branch 'deps/regal' into 'main'
- 0693314 Merge branch 'feature/dependent-on' into 'main'
- d60b4eb Merge branch 'feature/graphql-fresh' into 'main'
v0.60.0 (2023-11-29)
- 8ec66df Add ability to
warn
in policies
- d308958 Document
warn
for policies
- e5605f4 Improve "starting point" for OPA policies
- e2cff94 Improve error messages after refactoring policy interface
- 5318472 Introduce the
level
concept for policies
- a312054 Merge branch 'feature/policy-warn' into 'main'
- e5c311f More safely reference
deny
- 3476497 Update
generatePolicyViolations
demo
v0.59.0 (2023-11-29)
- a97561c Consume licensing data from SBOMs, if present
- 0a7e024 Fix: Correctly construct package names from CycloneDX SBOMs
- 985b7b2 Introduce the
external_licenses
table
- 7c15ce8 Make
flatten
generic
- 26574a1 Merge branch 'chore/fs' into 'main'
- f5cf5d2 Merge branch 'defect/cyclone-sbom-name' into 'main'
- df24487 Merge branch 'feature/external-licenses' into 'main'
- 1a994e0 Prefer
external_licenses
over depsdev_licenses
- 8cdb349 Remove workaround for regal's missing
fs.FS
support
v0.58.0 (2023-11-28)
- 34ac6a8 Add an
unknown
license if deps.dev can't determine one
- ddd3100 De-duplicate
error
arrays
- b8f41db Merge branch 'chore/errors' into 'main'
- 81f1815 Merge branch 'defect/sbom-ver' into 'main'
- f338318 Merge branch 'feature/default-license' into 'main'
- f9f31b7 Merge branch 'feature/web-prefix' into 'main'
- 35a6e49 Prefix Datasette output in
dmd-web
- af442de Prioritise
current_version
for SBOM deps.dev lookups
v0.57.0 (2023-11-27)
- 920f3c4 Add missing
dep_types
for input example
- 84fdea7 Merge branch 'feature/policy-licenses' into 'main'
- fded60a Provide licensing data to OPA policies
- 2b3e823 Remove accidental comment
Breaking change
- 1ecad15 Simplify variables required to write a policy
v0.56.0 (2023-11-27)
- 29cf6b8 Add
policy-violations
report to docs
- 9c1769a Correct title of section
- dc3a5ab Disable
opa-fmt
in policy evaluate
- bd18c25 Document policy violations
- c9e5abd Document requirement for
advisory_type
to be a string
- 00b512f Fix: Correctly return
dep_types
in policy evaluations
- 117d214 Merge branch 'feature/improve-msg' into 'main'
- 7437fa5 Remove debug logging
- 527d2ae Remove nesting
- a3a18dc Return early when erroring.
- 1ecad15 Simplify variables required to write a policy
- 0d125b2 fixup! Add the
POLICY
advisory type
v0.55.0 (2023-11-25)
- 13b2b03 Add
policy lint
via regal
- 1acf625 Merge branch 'feature/policy-lint' into 'main'
v0.54.0 (2023-11-24)
- a6b1103 Add CLI to write policy violations to the DB
- 5969375 Add Policy violations into Advisories report
- df99b73 Add a report for policy violations
- 07ee044 Add cookbook for custom advisories
- 5de75cb Add demos for policies
- 674ddc6 Add support for evaluating OPA policies
- e7a940c Add the
POLICY
advisory type
- c26c82e Allow checklinks to warn when DMD links fail
- 7d43760 Document how to use OPA Policies
- e836c2d Document the Policy concept
- 2324080 Don't perform pre-flight checks for temporary DBs
- ea92483 Fix: Correctly wire in
out
for advisories CSV output
- d6c28c1 Merge branch 'feature/opa' into 'main'
Breaking changes
- b54b914 Make
dmd-web
a full Cobra CLI
v0.53.0 (2023-11-20)
- 21dac76 Generate documentation for
dmd-web
as part of docs
- b54b914 Make
dmd-web
a full Cobra CLI
- bcba7b4 Merge branch 'feature/web-cli' into 'main'
- 9e5ccc6 Provide a URL for
dmd-web
v0.52.9 (2023-11-19)
- 5c1b687 fixup! fixup! Fix: Correctly generate Goreleaser SBOMs
v0.52.8 (2023-11-19)
- 208760d fixup! Fix: Correctly generate Goreleaser SBOMs
v0.52.7 (2023-11-16)
- 1579c6d Fix: Correctly generate Goreleaser SBOMs
v0.52.6 (2023-11-16)
- 0968c8a Add
dmd-web
to release builds
- 55bd2c9 Remove explicit reference to
builds
v0.52.5 (2023-11-15)
- 6664107 Merge branch 'chore/goreleaser' into 'main'
- f63b34c Merge branch 'chore/sbom-report' into 'main'
- e0a92ff Perform
goreleaser release
- 77ec618 Publish SBOMs as part of releases
- 5040e2e Remove configuration that doesn't match anything
- 102bff7 Remove deprecated Goreleaser flags
v0.52.4 (2023-11-07)
- 24530ef Fix: use correct advisory type for
UNMAINTAINED
- 4ffff7e Merge branch 'chore/advisory-count' into 'main'
- fdabcbf Replace
SummariseCountPackageAdvisoriesLike
with SQL-only lookup
v0.52.3 (2023-11-07)
- aa13726 Merge branch 'chore/charm' into 'main'
- 6c7481e Move back to Charm's
log
v0.52.2 (2023-11-07)
- 9e78bc1 Add
npm
SBOM article
- 39dbb32 Fix: Correctly perform filtering on CVE checks
- 47c9165 Merge branch 'defect/reports' into 'main'
v0.52.1 (2023-11-05)
- 892f5b4 Merge branch 'defect/spdx' into 'main'
- dbd46a9 Use separate parsers for SPDX
v0.52.0 (2023-11-03)
- da8fd34 Add
renovate-to-sbom
CLI
- 2453a2d Add
renovate-to-sbom
to gendoc
- 7e0508f Add explicit DB setup for SBOM getting started cookbook
- f35f26c Add explicit documentation for ORT
- 0fc105f Merge branch 'docs/ort' into 'main'
- 2246833 Merge branch 'feature/renovate-to-sbom' into 'main'
- 7e98039 Merge branch 'oapi-v2' into 'main'
- 0959629 Upgrade to oapi-codegen v2
v0.51.0 (2023-10-30)
- 4ff9b29 Add
CountPackageAdvisoriesLike
query
- cd3135e Add
latest release
badge
- d2d723d Add
report advisories --summary
- 7086da6 Add a
--summary
demo
- 85d1ca2 Add missing security advisories from duplicated queries
- 08f37a4 Fix typo in
AdvisoryTypeUnmaintained
- 6bbf748 Merge branch 'chore/sqlc-bump' into 'main'
- 91f1261 Merge branch 'chore/v2' into 'main'
- d485d32 Merge branch 'feature/graphql-more-queries' into 'main'
- 2429d15 Merge branch 'feature/report-summary' into 'main'
- f84e55f Quote the version in sqlc.yaml
- c00c9a6 Skip checking fonts' availability and validity
- 181304c Update
reportAdvisories
demo
- b41c6b6 Update module github.com/sqlc-dev/sqlc to v1.23.0
- c9a5ccb fixup! Skip checking fonts' availability and validity
v0.50.0 (2023-10-30)
- fb4273d Add demo for
--advisory-type
filtering
- 852ed46 Allow filtering advisories report by
advisory_type
- ddf19e9 Merge branch 'feature/like-advisory' into 'main'
- 817c75c Update
reportAdvisories
demo
v0.49.0 (2023-10-29)
- 05ed29e Add a cookbook for how to bootstrap the Git repo
- 06008bb Add support for CycloneDX XML format
- 4289761 Add support for CycloneDX v1.5 SBOMs
- a44f1b9 Add support for SPDX 2.2 SBOMs
- 7c3b718 Don't perform pre-flight checks if DB doesn't exist
- a156c7c Merge branch 'cookbook/bootstrap-repo' into 'main'
- 3570602 Merge branch 'defect/log' into 'main'
- ab3ade1 Merge branch 'feature/cyclone' into 'main'
- 3e2bcdb Remove YAML from CycloneDX support
- 35e0af4 Rename CycloneDX types to clarify JSON-only
- 7e284df Unmarshal SPDX SBOMs as YAML
v0.48.0 (2023-10-26)
- dd32c74 Add a central function for opening database
- ab3b7f8 Always add the
dmdVersion
to log messages
- 74897ae Correct log key for DB Version
- 1d5f26e Extract log keys to constants
- 7d02f4f Merge branch 'feature/warn-cli-db-dmd' into 'main'
- 9f42703 Warn when the CLI and DB CLI versions don't match
v0.47.0 (2023-10-25)
- 02d775f Add Custom Advisories blog post
- 49f36ba Add Getting Started cookbook for SBOMs
- 3dbd02e Add
sensitive_packages
table to avoid external lookups
- 1c3fd5a Add cookbook for sensitive package names
- c78968d Add explicit content license for site
- 9e095c6 Add link to DMD+GitLab post
- 738274a Add link to talk video
- 5eace70 Add missing SBOM features
- 78ac0ab Add missing
licenses
report to /features/
- 8f46355 Bump demos to use Go 1.21
- 0027ca8 Centre-align feature ticks
- 373923b Check for broken internal links in the pipeline
- 8f17b7b Document supported SBOM formats
- e8bffc0 Fix: Concepts should be singular
- 01a1e47 Fix: Correctly reference URL
- 62f2f6f Fix: Lowercase report URLs
- cadb290 Log the usage of sensitive packages
- b175984 Make JSON-esq requirement clear for SBOMs
- c6f6a17 Make SBOM table headers less wide
- be7bf67 Make page intent (slightly) clearer
- fe9974f Merge branch 'chore/docs' into 'main'
- 253c98d Merge branch 'chore/docs' into 'main'
- b9b1aed Merge branch 'chore/htmltest' into 'main'
- 54a40cb Merge branch 'cookbook/sbom' into 'main'
- a37ae17 Merge branch 'feature/sensitive-packages' into 'main'
- 93d7ce6 Merge branch 'renovate/github.com-deepmap-oapi-codegen-1.x' into 'main'
- de5ee36 Merge branch 'renovate/github.com-saschagrunert-demo-digest' into 'main'
- 0caac3b Merge branch 'talk-video' into 'main'
- 850b8ee Overhaul + improve documentation site
- eb370d1 Remove deprecated calls to
ioutil
- ed55800 Update github.com/saschagrunert/demo digest to 5fce153baf4b
- 9e2df16 Update module github.com/deepmap/oapi-codegen to v1.16.2
- 0c75bac Use
sh
for demos
v0.46.0 (2023-09-24)
- b0f322f Add
db generate missing-data
command
- cef79b8 Add
missing-data
demo
- 478a284 Document support for
missing-data
- b4b10f2 Merge branch 'feature/generate-data' into 'main'
v0.45.0 (2023-09-23)
- 84222ba Add
report licenses
to demos
- 62e8db7 Add a
contrib sync
command
- c7e8ee3 Add a
licenses
report
- 3980805 Add demo for
report licenses
- 2e332e4 Document
advisories
support for SBOMs
- 1c0fb88 Merge branch 'feature/license-report' into 'main'
- ccc385d Merge branch 'feature/warn-init' into 'main'
v0.44.2 (2023-09-23)
- 0458a1c Merge branch 'feature/warn-init' into 'main'
- ef6c73c Warn if re-initialising the same database
v0.44.1 (2023-09-23)
- b8c9e05 Document why
Datasource
for depsdev
lookups
- 7dcbb45 Fix: Use correct Datasource for Cargo
- 38e9ea9 Merge branch 'defect/cargo' into 'main'
v0.44.0 (2023-09-23)
- 47f9ca2 Add CVE information into Advisories
- 11147c9 Add
RetrieveDistinctPackages
for SBOMs
- 0dd24cc Add supported depsdev functionality to /features/
- 4452fee Lookup SBOM data in deps.dev
- 256a795 Merge branch 'chore/alpine' into 'main'
- 5077df6 Merge branch 'chore/go-install' into 'main'
- 22d988b Merge branch 'feature/cves' into 'main'
- ca333ab Merge branch 'feature/depsdev-sbom' into 'main'
- cd45bab Migrate to Alpine-based images
- 7f94a59 Rename reference to
renovatedb
- 6a175e7 Update
reportAdvisories
demo
- 7ebe551
go install
on every main
build
v0.43.0 (2023-09-20)
- 4eb7975 Add Rails EOL checking for Renovate
- 10e5b7b Add end-of-life checking for SBOMs
- 4ba3fe1 Add generator for SBOM EOL parser
- db7f58d Add message to tracker
- 863326e Add missing call to anonymisation function
- ad4d977 Add schema for SBOM end-of-life checking
- 0e98a0c Add support for Rails SBOM EOL checking
- 34d0086 Document Rails EOL checking
- f161741 Merge branch 'feature/sbom-endoflife' into 'main'
- 40054b0 Remove TODO
- f98e17e Remove impossible query
- 02f5c93 Rename query
v0.42.2 (2023-09-20)
- d7dbeb4 Correct ordering of versions in
dmd-web
footer
v0.42.1 (2023-09-20)
- b670241 Add snapshot goreleaser builds on
main
- 8cf32f0 Correctly point to my fork of charmbracelet/log
- aea9745 Merge branch 'defect/charm-fork' into 'main'
- fb8c4f6 Merge branch 'renovate/goreleaser-goreleaser-1.x' into 'main'
- cc2572a Update goreleaser/goreleaser Docker tag to v1.20.0
v0.42.0 (2023-09-19)
- 5a97613 Merge branch 'chore/at-sign' into 'main'
- 3e91397 Decode escaped @-signs in package names
- 1c2a099 Merge branch 'feature/report-advisories-like' into 'main'
- 3ebd8ff Update
reportAdvisories
demo
- f588265 Add demos for advisories filtering
- df56b9e Allow filtering advisories report by fields
- a41946d Merge branch 'chore/joiner' into 'main'
- eb99d17 Remove extra whitespace between tables in
table-joiner
output
- a141d0f Remove deprecated function call
- 3959bd8 Merge branch 'feature/advisories-like' into 'main'
- 08a8af9 Add
RetrievePackageAdvisoriesLike
- 4eb1929 Merge branch 'chore/eol' into 'main'
- 9092ce7 Merge branch 'chore/web-reports' into 'main'
- c47149b Remove hardcoded references to Renovate in
gen-endoflifedate-parser
- 49eae00 Add all reports to
dmd-web
- d296aff Merge branch 'feature/custom-advisory-sboms' into 'main'
- 857c318 Update demos
- 3f7c7f2 Surface ownership information in advisories report
- c96d719 Add ownership information to
report golangCILint
- 4a6065f Remove missed code for Gorilla Toolkit report
- 2edd360 Add
package_file_path
to Advisories
- 7fb698f Merge branch 'defect/aws' into 'main'
- 55927e4 Update initAndImport demo
- fc886a9 Fix: Generate correct type for AWS runtimes
- 115d880 Add AWS infrastructure to demos
- 54715ad Merge branch 'chore/sqlc' into 'main'
- 5b165d3 Remove sqlc fork pinning
- 8f40a56 Merge branch 'renovate/github.com-kyleconroy-sqlc-1.x' into 'main'
- 1cb2223 Remove hacks to workaround sqlc issues with
UNION
s
- b3d792f Update module github.com/sqlc-dev/sqlc to v1.21.0
- 2e8a220 Merge branch 'feature/slog' into 'main'
- d5836bb fixup! Require Go 1.21 for Netlify
- 9503963 Migrate logging interface to slog
- 3a202f8 Require Go 1.21 for Netlify
- 90d8107 Gitignore IntelliJ Idea directory
- b172025 Gitignore DMD Web config
- f28acf7 Merge branch 'renovate/github.com-charmbracelet-log-0.x' into 'main'
- ee462b2 Update module github.com/charmbracelet/log to v0.2.4
v0.41.0 (2023-09-12)
- b5d2e89 Merge branch 'chore/go-121' into 'main'
- 2a9bd06 Update to Go 1.21
v0.40.0 (2023-09-11)
- 18ae4e8 Merge branch 'feature/metadata' into 'main'
- ebee3af Provide
Short
version to SetVersionInfo
- 55ff858 Report in
dmd-web
if dmd
version differs
- 37e4c36 Set the
dmd
version in the metadata
table
v0.39.0 (2023-09-10)
- ec7def5 Add missing features section for EOL lookups
- fc7fa54 Add support for Custom Advisories for SBOMs
- f7ae6b5 Merge branch 'feature/custom-advisory-sboms-impl' into 'main'
- 4c992ea Rename
RetrievePackageAdvisories
- 796c12c Update
reportAdvisories
cast
v0.38.0 (2023-09-10)
- 46617bc Add "built with"
- 4b8297c Add Dependabot + SBOMs to
initAndImport
- b5d8b25 Add a /features/ page
- de572e2 Add a footer
- 6912a9d Add additional header
- ac26982 Add missing DB anonymisation for Dependabot
- 452a591 Add support for CycloneDX-1.4 SBOMs
- 2f0fd19 Add support for importing SPDX-2.3 SBOMs
- 14b661d Add table of contents to all pages
- 7f4f84c Add trailing slash for URL
- 728238c Add underlying data model for SBOMs
- 3b664bd Be explicit that the "where can I learn more" are blog posts
- 60cfbaa Document SBOM functionality
- 4858a97 Make /related/ more than just "related tooling"
- 62c219b Merge branch 'chore/advisories' into 'main'
- cd675cb Merge branch 'chore/docs' into 'main'
- 4b7d1d3 Merge branch 'chore/oapi' into 'main'
- ec36165 Merge branch 'feature/sbom' into 'main'
- 04eb30e Migrate Dependabot to use SBOM API
- 1f4d2d5 Revert "wip-wrap-reports"
- 74db6d2 Split
report advisories
into its own example
- 729e086 Update examples
- 6bac3ee Upgrade oapi-codegen
- cb3e618 Various updates to the homepage
- d93511b Wrap "what is it" in a card
- df535f5 Wrap output from advisories
- ac705f5 wip-wrap-reports
v0.37.0 (2023-08-29)
- 9db6028 Add links to blog posts
- 764e0be Merge branch 'renovate/github.com-deepmap-oapi-codegen-1.x' into 'main'
- 6731f78 Merge branch 'renovate/github.com-hashicorp-go-retryablehttp-0.x' into 'main'
- ff93b05 Merge branch 'renovate/github.com-jedib0t-go-pretty-v6-6.x' into 'main'
- e29c25a Merge branch 'renovate/github.com-saschagrunert-demo-digest' into 'main'
- 72b0a3b Merge branch 'renovate/github.com-spf13-cobra-1.x' into 'main'
- 02eac75 Merge branch 'renovate/github.com-xanzy-go-gitlab-0.x' into 'main'
- 6ee9e2b Merge branch 'renovate/gitlab.com-tanna.dev-endoflife-checker-0.x' into 'main'
- cc1fea2 Merge branch 'renovate/golang.org-x-text-0.x' into 'main'
- c4ca19a Provide a bit more of a README
- c5ebffa Update github.com/saschagrunert/demo digest to 44d0d25
- 08b6ba3 Update module github.com/carlmjohnson/versioninfo to v0.22.5
- 8b3fca3 Update module github.com/deepmap/oapi-codegen to v1.13.4
- 589f0d0 Update module github.com/hashicorp/go-retryablehttp to v0.7.4
- 3195ed3 Update module github.com/jedib0t/go-pretty/v6 to v6.4.7
- 634460a Update module github.com/spf13/cobra to v1.7.0
- 5f242c7 Update module github.com/stretchr/testify to v1.8.4
- 6e59771 Update module github.com/xanzy/go-gitlab to v0.90.0
- 6c2ac0b Update module gitlab.com/tanna.dev/endoflife-checker to v0.7.0
- 33163a8 Update module golang.org/x/crypto to v0.12.0
- 74a2333 Update module golang.org/x/sync to v0.3.0
- 27cb2e1 Update module golang.org/x/text to v0.12.0
- 4dd3700 Update module modernc.org/sqlite to v1.25.0
v0.36.2 (2023-07-29)
- bba273f Add boilerplate generator for EndOfLife.Date parsing
- 5b6be05 Merge branch 'feature/eol-parser-generation' into 'main'
- 1d06c56 Migrate parsers to multi-file approach
- 6f8c9cc Rename
golang
parser for EndOfLife
v0.36.1 (2023-07-24)
- 9c67e73 Add missing UNIQUE index for
package_manager
- 8dd8f4a Merge branch 'defect/package-manager' into 'main'
v0.36.0 (2023-07-21)
- 1564161 Add retryable HTTP client for advisories
- 37ae6d4 Centrally configure the HTTP client
- dddcd4d Merge branch 'feature/retry' into 'main'
v0.35.0 (2023-07-21)
- 2387c93 Add a 404 page
- 3876b11 Merge branch 'chore/404' into 'main'
- 95d7ae0 Merge branch 'chore/remove-deprecated' into 'main'
- 1bcbe8f Remove deprecated commands
v0.34.0 (2023-07-18)
- 03ff625 Make it possible to provide extra arguments to Datasette
- f93241f Merge branch 'feature/datasette-config' into 'main'
v0.33.0 (2023-07-15)
- 1b01069 Add and render user-provided configuration for dmd-web
- 772a137 Document the
userconfig
configuration
- 9161572 Merge branch 'feature/banner' into 'main'
v0.32.0 (2023-07-13)
- f3652fe Merge branch 'feature/contrib' into 'main'
- 648c846 Migrate advisories' generation code to pull from -contrib
- 20e18e4 Update
generateAdvisoryAndList
for dmd contrib
v0.31.1 (2023-07-09)
- 8a89057 Merge branch 'defect/100' into 'main'
- a58c97e Remove unnecessary higher bound
v0.31.0 (2023-07-08)
- 8703876 Document the web application is a thing
- 1ae30d7 Introduce a
dmd-web
CLI
- a9ff925 Merge branch 'feature/web' into 'main'
v0.30.1 (2023-07-03)
- d852692 Ignore multi-line
PackageName
s
v0.30.0 (2023-06-29)
- d033e28 Merge branch 'chore/aws' into 'main'
- 8f95c37 Update endoflife-checker for latest AWS lambda data
v0.29.0 (2023-06-21)
- 9d7376a Add CSV reporting for advisories
- 92e0946 Merge branch 'feature/csv' into 'main'
v0.28.0 (2023-06-21)
- eb5453e Delete removed demos
- 876c61b Merge branch 'feature/advisory-eol' into 'main'
- 00f3e0b Remove unused report helpers
- 1c71689 Rename file
- 1949ae6 Report AWS Advisories together
- d8442c2 Report custom and EndOfLife advisories together
- e1c987a Update
generateAdvisoryAndList
demo
v0.27.0 (2023-06-18)
- 38ff8cb Add
report advisories
subcommand
- 8f07e7a Add a
table-joiner
utility
- b6717d5 Consolidate generation commands into Advisories
- a431c20 Fix: Rename
generate advisories
command
- d0cbaa6 Merge branch 'chore/currentversion' into 'main'
- 49e1569 Merge branch 'feature/joiner' into 'main'
- 3998914 Merge branch 'feature/report-advisories' into 'main'
- 33c5440 Note that
pkg/errors
is also unmaintained
- 344aaf3 Onboard to Renovate
- 56cd9f8 Refactor EOL processing to use
table-joiner
- 0bb60f7 Use Renovate
current_version
if present for EOL checking
v0.26.0 (2023-06-16)
- 174cddd Add CLI to make recording demos easier
- 4ce8ebc Add a demo for
advisory
subcommand
- c66e8c7 Consolidate multiple advisory-related commands into one
- 8b4cf4a Correct broken link
- 6084722 Introduce Advisories to track arbitrary package advisories
- bbe57f0 Merge branch 'chore/update-demos' into 'main'
- 2c6d7b6 Merge branch 'feature/advisory' into 'main'
- 03ea510 Update demos
v0.25.1 (2023-06-07)
- e0bc547 Correct example usage for
owners import
v0.23.1 (2023-06-07)
- e0bc547 Correct example usage for
owners import
v0.25.0 (2023-06-07)
- 16de10c Add ability to import via CSV
- 684882e Add closing parenthesis
- 97d831f Bump endoflife-checker
- 4468c0c Disable "smart" quotes
- 9d29a6d Merge branch 'chore/aurora' into 'main'
- 13c07f7 Merge branch 'feature/csv-bulk' into 'main'
v0.24.0 (2023-05-29)
- 8e6ba1f Merge branch 'feature/sqlite-speed' into 'main'
- ee4f2f6 Remove unused method
- def9666 Wrap all
INSERT
s with transactions
v0.23.0 (2023-05-29)
- d047358 Fix: Ensure
UNIQUE
s work on renovate
- 17cbbbb Merge branch 'feature/no-null-deptypes' into 'main'
v0.22.1 (2023-05-27)
- e53cd1b Merge branch 'feature/versioninfo' into 'main'
- 3beacbf Use
versioninfo
to pick up binary versions
v0.22.0 (2023-05-21)
- 0892f95 Add a helper for reports
- 085499c Add report for ElastiCache End-of-Life
- ae4f258 Add report for Lambda End-of-Life
- ee0746e Add report for RDS End-of-Life
- f5201d5 Merge branch 'feature/endoflife-checker' into 'main'
- 1dedce0 Update
reportEol
cast
v0.21.0 (2023-05-20)
- 78ffebc Add more details to "related tools"
- 89f49dd Add support for importing/EOL checking aws-elasticache-endoflife
- 551fe91 Add support for importing/EOL checking aws-lambda-endoflife
- e39940b Add support for importing/EOL checking aws-rds-endoflife
- 5710154 Merge branch 'feature/endoflife-checker' into 'main'
v0.20.3 (2023-05-15)
- 0a2adc5 Add
rlcp
support
- 7c53757 Merge branch 'chore/order' into 'main'
- 401fa0e Reorder GoReleaser configuration
v0.20.2 (2023-05-15)
- ae2abb6 Fix: Ensure correct artifacts are included in releases
v0.20.1 (2023-05-09)
- 1ba2db5 Add number of dependency updates to the message
- fcff878 Fix: Refine
struct
s in loops
- 123a208 Include relative path in markdown rendering
- df50e47 Merge branch 'defect/docs' into 'main'
- e411365 Merge branch 'defect/loop-reuse' into 'main'
v0.20.0 (2023-04-18)
- 832ff8d Allow importing Renovate debug logs
- 7195570 Merge branch 'feature/renovate-debug' into 'main'
v0.19.0 (2023-04-14)
- d807717 Add
CurrentVersion
to DependencyDetails
- bd58219 Add demo for
depsdev
- a4885d7 Integrate with
deps.dev
- 9c679eb Introduce a smaller Renovate DB query for generating data
- ccdf268 Make
CurrentVersion
nilable
- a06c9a7 Merge branch 'feature/depsdev' into 'main'
- bb74fd5 Merge branch 'refactor/retrieveall' into 'main'
- 01583c0 Remove incomplete package documentation
v0.18.1 (2023-04-11)
- 64256e5 Fix: Ignore multi-line package names
- 59dc816 Merge branch 'defect/newline' into 'main'
v0.18.0 (2023-04-10)
- d30b503 Add ability to bulk set
owners
on the command-line
- f0cd113 Add cache for endoflife.date calls
- 1c0e3da Add demo for
owners set
- b432f2b Fix: Don't use
public
as Netlify base directory
- 34bc4be Merge branch 'defect/netlify' into 'main'
- c87af6a Merge branch 'feature/ownership-bulk' into 'main'
- 2938b90 Merge branch 'feature/parallel-eol' into 'main'
v0.17.0 (2023-04-08)
- d3308c9 Add Example page
- 11aebd0 Add Related Tooling page
- 438b272 Add code for demos
- 5b5566d Add demos to website
- 9542cc1 Add links out to GitLab repo + issues
- c58633d Add schemas to documentation site
- aa92306 Gitignore Hugo lock file
- 1ccc2e9 Increase width of page
- 9b84a1d Make text monospace
- 4a615f4 Merge branch 'defect/current-version' into 'main'
- 785bd2f Merge branch 'doc/features' into 'main'
- d2641dc Merge branch 'docs/schema' into 'main'
- 9df8887 Merge branch 'docs/schema' into 'main'
- 7fed1f9 Merge branch 'feature/demo' into 'main'
- d3b4845 Merge branch 'feature/hugo' into 'main'
- 8f46b94 Migrate public site to Hugo, with auto-generating docs
- bfe8c28 Migrate to built-in Classless theme
- 9c0f35d Parse
CurrentVersion
better
- c528479 Rename
LockedVersion
to CurrentVersion
- 625cf63 Revamp home page
- fc3e396 Run demos in the pipeline
- 859e5fb Update example queries
- 0a26466 Update weighting for /example/
v0.16.0 (2023-04-05)
- b63bbe8 Add CVE checking functionality
- 08e0c50 Merge branch 'feature/osv-vulnerabilities' into 'main'
v0.15.1 (2023-04-04)
- 316767f Add anonymisation for
owners
table
- 890aee8 Add documentation for new datasources and repositories
- 4e1a88e Create an
anonymiser
interface
- 1bc3296 Improve progress message
- 702aae2 Introduce a common interface for datasources
- 7c0f6b9 Make queries interfaces
- 0e37ba6 Merge branch 'refactor/datasources' into 'main'
- 5872f6e Move queries to separate file
- 825258e Pass
context.Context
around
- 22fa33f Remove datasource-specific implementation
- 61d382b Split
datasource
and repository
definitions
- 2033a7a Warn if no results returned from queries
v0.15.0 (2023-04-03)
- ab877ac Introduce
owners
table
- 2fefdde Merge branch 'feature/owner' into 'main'
v0.14.0 (2023-04-02)
- 00eb3b9 Add support for parsing
updates
from renovate-graph
- decc3b3 Allow anonymising the
renovate_updates
table
- 12ca04c Merge branch 'feature/import-updates' into 'main'
v0.13.0 (2023-03-27)
- dbdd7d2 Add ability to anonymise data
- cbf6178 Merge branch 'feature/anonymise' into 'main'
v0.12.0 (2023-03-21)
- f196ffa Merge branch 'refactor/eol-report' into 'main'
- a443331 Replace logging with table output
v0.11.1 (2023-03-20)
- 60b1d99 Add missing
no-progress
flags
- 927d9c2 Don't mark as "done" when error occurs
- e7f9ae2 Merge branch 'defect/increment' into 'main'
- a53a831 Move
Increment
calls to after inserting a package
v0.11.0 (2023-03-19)
- 13e8a5a Add
--no-progress
flag
- 5c51642 Add progress bar for EOL generation
- a8916eb Add progress bar for
import
ing
- 007fe18 Create helper to build a
progress.Writer
- d8c70a0 Merge
tools.go
s into a single file
- 429c705 Merge branch 'feature/import-progress' into 'main'
- 85aec03 Merge branch 'feature/progress' into 'main'
v0.10.0 (2023-03-18)
- d6a0692 Introduce file for common definitions
- 1ee1d79 Introduce query for
golangci-lint
usage
- db2eb76 Merge branch 'query/golangci-lint' into 'main'
v0.9.0 (2023-03-18)
- e6bdbcd Introduce
platform
metadata to dependencies
- aab39f3 Merge branch 'feature/platform' into 'main'
v0.8.0 (2023-03-18)
- 6e20bc5 Merge branch 'feature/split-gorilla' into 'main'
- 8a3b1d0 Split direct and indirect dependencies for
reportGorillaToolkit
v0.7.0 (2023-03-16)
- 0596ce2 Merge branch 'feature/gorilla-toolkit' into 'main'
- 027e99c Report usages of the Gorilla Toolkit
v0.6.2 (2023-03-16)
- 984ab77 Fix: Use correct database driver name
- ff19e3e Merge branch 'defect/sqlite' into 'main'
v0.6.1 (2023-03-16)
- cce032c Merge branch 'chore/cgo' into 'main'
- 363bed0 Migrate SQLite library to remove CGO requirement
- 348d4fc Remove universal Mac binaries
v0.6.0 (2023-03-15)
- 8b69856 Add report for top Docker namespaces and images
- fd1138f Merge branch 'feature/docker-registry' into 'main'
v0.5.0 (2023-03-15)
- 5b8317d Add Matomo tracking analytics
- 5bc5e22 Add basic guide to adding a new parser
- 13ea507 Add query for most popular use of package managers
- 0c040c9 Correct incomplete description of command
- 01e55f9 Merge branch 'feature/doc-parser' into 'main'
- 0fd6ae2 Merge branch 'feature/query-most-popular' into 'main'
v0.4.1 (2023-03-05)
- 1123c9b Add
packageFilePath
to EOL reporting
- 9af1da8 Ignore NodeJS orb from EOL checking
- 76d6ad6 Merge branch 'defect/node-orb' into 'main'
- 4f89377 Merge branch 'feature/warn-upcoming-eol' into 'main'
- 9407e65 Warn if we're approaching EOL/unsupported periods
v0.4.0 (2023-03-04)
- 1ba0710 Add OpenAPI spec from endoflife.date
- b371f4c Add Renovate bindings for endoflifedate lookups
- 3ff3758 Add
generate eol
command
- 7bfc96b Add
report eol
command
- cb1b13d Add a GitLab test stage for
go test
- 11e27cf Add a
RetrieveAll
query
- a3b077f Add helper method to format a dependency
- 379e453 Autogenerate client for endoflife.date
- 99d4abb Correct command description
- 3203a62 Introduce centralised logging for CLI
- 9db0ca6 Make command variables less likely to clash
- 3e8889d Massage into OpenAPI 3.0.2
- 9a7c4be Merge branch 'feature/endoflife-date-db' into 'main'
- b9f9a14 Merge branch 'feature/multi-value-versions' into 'main'
- 9ea7e98 Move to
tidied
- ce4d630 Parse multi-line versions
- 55d9809 Rename cmd files for readability
- 851ef0f Use
IF NOT EXISTS
v0.3.3 (2023-02-27)
- 2516d69 Add
--version
flag information
- aba4cd5 Merge branch 'feature/version-cmd' into 'main'
v0.3.2 (2023-02-25)
- d21b35a Add link to example project
- 28c3548 Fix: Correctly mark required flags as required
- 606f9fe Merge branch 'defect/flags' into 'main'
v0.3.1 (2023-02-21)
- 20e61be Document the datasources
- 034a8fe Error if no files match the glob
- c17c0f2 Merge branch 'feature/parallel' into 'main'
- 8316c35 Migrate datasources to their own sub-package
- 04f64c7 Parallelise parsing of files
v0.3.0 (2023-02-20)
- ba30d54 Correct the built
binary
name
- 6cbe138 Merge branch 'defect/x-compile' into 'main'
- 45254e5 Merge branch 'feature/go-1.20' into 'main'
- 9561446 Set up cross-compilation for goreleaser
- 8ab02d6 Update to Go 1.20
v0.2.0 (2023-02-20)
- c65738e Add link out to
dmd
- e8d6f93 Add pinning for
go install
- 0c55783 Add support for importing from Dependabot
- ed4d391 Correct
go-source
link
- 553bcb3 Correct install instructions
- 8657e89 Merge branch 'feature/dependabot' into 'main'
- e6ea4d8 Only conditionally mark as not-null
- 1288343 Remove accidentally added comments
- 0215b4d Revert "Correct install instructions"
v0.1.0 (2023-02-16)
- 7dd9f75 Add HTML metadata for
go install
et al
- bede96d Add
dmd db init
and dmd import renovate
commands
- 73a9961 Initialise project
- b7380a2 Merge branch 'feature/cli' into 'main'