Changelog

0.109.0 (2024-11-12)

🎁 Feature

• advisories: add Renovate EOL parser for Gradle (8935f34e)
• endoflifedate: add is_supported and is_eol columns (fe95db93)

📄 Documentation

• advisories: document Gradle EOL checking (e0979c46)

🚧 Chores

• backfill CHANGELOG.md (c327900c)

📦 Build

• automagically build the CHANGELOG.md (dd9fa13c)

0.108.0 (2024-10-30)

📣 Breaking Changes

• dependency-health: reduce concurrent calls to Ecosystems (b45f692c)

I've noticed that in some cases we're seeing HTTP 403s from Ecosystems,
which could be due to the sheer amount of traffic we're sending.

We should significantly reduce this number to avoid the risks of rate
limiting.

This is breaking, as it does introduce a significant increase in
processing time, albeit a very reasonable change to introduce.

Related to #459.

0.107.0 (2024-10-28)

🎁 Feature

• renovate: allow providing --platform for debug logs/report (83a72360)
• renovate: add support for Renovate Reports (1ef913bf)

📄 Documentation

• renovate: add Report documentation (85987100)
• sboms: correctly reference --db parameter (ff60ddb6)

🎨 Styles

• renovate-to-sbom: don't use global variable (3663be87)

0.106.1 (2024-10-19)

🐞 Bug Fixes

• ensure that long lines can be scrolled (88b38966)

📦 Build

• move to a sub-module for tools.go (b683862d)

0.106.0 (2024-09-03)

🎁 Feature

• reports: add a query for Hacktoberfest participation (7442622c)

0.105.0 (2024-09-01)

🎁 Feature

• dependency health: store repo URLs (d4523937)

0.104.2 (2024-08-31)

🐞 Bug Fixes

• deps: update opa (ffb7054f)

📄 Documentation

• policies: remove "messy" rules (941f1846)
• policies: correct example (bfe43daa)
• policies: align Bytedance example with example project (1cfe0a5f)
• policies: run regal fix (2e4256ea)
• policies: move examples to .rego files (ef75b88b)

🎨 Styles

• policies: run regal fix (2e97f42c)

📦 Build

• skip Mermaid in checklinks validation (82afb8f2)

0.104.1 (2024-08-25)

🐞 Bug Fixes

• policies: correct ordering of arguments (f66839c6)

0.104.0 (2024-08-24)

🎁 Feature

• policies: add endoflifedate_ functions for retrieval of dates (82f725e4)
• policies: allow storing supported_until and eol_from (bbdafbe5)

📄 Documentation

• policies: note the new endoflifedate_ functions for date retrieval (7a6f32f7)

0.103.0 (2024-07-28)

🎁 Feature

• advisories: surface Git-based NPM dependencies (406f1d1e)

0.102.0 (2024-07-27)

🎁 Feature

• policies: add builtins for interacting with EndOfLife.date (c2a54797)
• policies: allow pre-filtering data via comment directives (f110e8fc)
• policies: add a --no-progress (45cab3e0)
• policies: indicate when no policies (needed to be) written (5ef304ce)
• policies: output a progress bar for persisting data (d03aad48)

🐞 Bug Fixes

• policies: correctly filter report policy-violations (dca45b63)

📈 Performance Improvements

• advisories: only fetch required data for policies (015feb72)
• sboms: add an index for looking up package metadata (654bfc99)
• renovate: add an index for looking up package metadata (8be30c97)
• allow concurrent read/write to the database (41fb7c8e)

📄 Documentation

• examples: update generatePolicyViolations (c54019ee)
• examples: update evaluatePolicy (750c60aa)
• policies: document how to use endoflifedate_ functionality (3b0df20e)
• policies: document new pre-filtering behaviour (e0c8314c)

🔀 Code Refactoring

• policies: only prepare a single Module argument (0097570b)

🚧 Chores

• policies: log when missing Filter directives (7ea66c59)
• endoflifedate: add a Checker (34c23083)
• don't allow query parameters in database path (88fbfbde)

📦 Build

• remove extra v (462e4b3e)

0.101.0 (2024-07-14)

🎁 Feature

• rego: ensure we surface builtin errors (556e09ed)

📈 Performance Improvements

• opa: use a cache for inter-query performance (b74a8066)

📄 Documentation

• advisory: use official docs link (b8d9a86c)

📦 Build

• announce releases to Mastodon (66255c09)

0.100.6 (2024-07-11)

🐞 Bug Fixes

• don't run preflight checks multiple times (d14b732c)

📈 Performance Improvements

• renovate: import dependencies as we parse them (53fc5226)

📄 Documentation

• examples: update initAndImport (d53ee7a0)

🚧 Chores

• deps: pin golang docker tag to 8c9183f (5b4e6450)

🔁 CI

• downgrade footer-max-line-length to warning (79eae44c)

0.100.5 (2024-07-08)

🐞 Bug Fixes

• deps: update module github.com/xanzy/go-gitlab to v0.106.0 (38ccfb56)

0.100.4 (2024-07-08)

🐞 Bug Fixes

• deps: update module github.com/charmbracelet/log to v0.4.0 (f61742d7)

🚧 Chores

• deps: update goreleaser/goreleaser docker tag to v1.26.2 (e6ce0660)

0.100.3 (2024-07-08)

🐞 Bug Fixes

• deps: update module github.com/jedib0t/go-pretty/v6 to v6.5.9 (5be1f002)

🚧 Chores

• deps: group OPA dependencies (a7d1bc88)

0.100.2 (2024-07-08)

🐞 Bug Fixes

• deps: update module github.com/99designs/gqlgen to v0.17.49 (75d23229)

0.100.1 (2024-07-08)

🐞 Bug Fixes

• deps: update module modernc.org/sqlite to v1.30.1 (7ff998f0)

0.100.0 (2024-07-07)

📣 Breaking Changes

• sbom: remove the requirement for a Repo Key (71b685f9)

As part of #530, we want to make it possible to consume SBOMs without a
Repo Key, for instance if you've been provided an SBOM from a vendor, or
you're scanning a container image, which doesn't _necessarily_
correspond directly to a repository.

This performs a significant breakage, removing the Repo Key fields from
the `sboms` table, and instead requiring that the metadata be instead
stored in the `component_metadata` table and JOIN'd on the
`component_name` column.

This is a significant breaking change, so we mark this as a breaking
change, as well as bumping `compatible_since`.

This also:

- introduces a `path`, which provides a step towards #408 and better
  monorepo support
- involves fixing /a lot/ of queries that made assumptions about Repo
  Keys
- flags a number of places that will need to be improved in the future
  when we want to query for non-Repo Key results i.e. in advisories or
  other reports
- make it optional in `component_metadata`
- make it optional in `import sbom`
- introduce a better UX for Repo Key validation now it's optional when
  importing
- amending DB docs that reference the now-nonexistent `sboms.platform`
  (etc)
- making sure we pass through `sql.NullString`'s underlying `String` to
  `table.Row`s, otherwise we receive i.e. `{Example true}` which isn't
  helpful
- prioritise `component_metadata` over `owners` lookups, as the
  Component may have an owner but not a Repo Key (i.e. if it's vendor
  owned, or a Docker image)
- introduce a helper for UPSERTing, as it requires we check the row is
  already there (or so I think, I aimed to avoid #549)

Closes #530.

🎁 Feature

• sbom: allow providing vendor info on import (d6769678)
• sbom: allow marking SBOMs as vendor-sourced (f412b3b4)
• component: introduce Component metadata table (82db9b24)
• sbom: add --component-name override (f1133e13)
• sbom: add a component_name field (751be5e0)
• component: add a domain.Component type (169645d3)

📄 Documentation

• sbom: update Getting Started guide (03d27aa2)
• examples: add more SBOM examples (18930005)
• component: add a concept page (3c0642cc)

🚧 Chores

• domain: add a Valid method (0ad35680)
• db: return better error on db init failures (aea721ad)

🔁 CI

• downgrade body-max-line-length to warning (b87c5a88)
• reformat commitlint.config.js (bc3c15e4)

0.99.0 (2024-07-02)

🎁 Feature

• depsdev: generate advisories for deprecated packages (8ea67b55)

📈 Performance Improvements

• advisories: remove unnecessary case statement (6f8c1860)
• advisories: remove unnecessary lookup for ownership (6616b3a2)

📄 Documentation

• depsdev: correct description of update_at field (033db657)

🚧 Chores

• renovate: query for package_type for distinct packages (5dc62c09)

0.98.1 (2024-06-30)

🐞 Bug Fixes

• web: link to sql-studio in header, if enabled (4fca43ac)

0.98.0 (2024-06-28)

🎁 Feature

• web: allow using sql-studio as DB browser (e7e9c60d)

🚧 Chores

• web: capitalise the D in Datasette (684e5f53)

0.97.1 (2024-06-14)

🐞 Bug Fixes

• deps: update module github.com/sqlc-dev/sqlc to v1.26.0 (49b94f06)

0.97.0 (2024-06-14)

🎁 Feature

• web: add a --no-datasette flag (cda83824)
• web: implement a pure Go SQL browser (4941c970)

📄 Documentation

• web: document the inbuilt SQL browser (3426855c)

🚧 Chores

• web: log when we hit the Datasette fallback (dc2f6590)
• web: add debug logging for executed queries (ca7fadc2)
• web: allow debug logging (0165c5bf)
• web: create a central db.Open method (360c6517)

0.96.0 (2024-06-05)

🎁 Feature

• renovate: parse digest information (73963832)

🐞 Bug Fixes

• renovate: set digest as versions if no version found (2c670b45)

🚧 Chores

• deps: bump oapi-codegen (c3712e24)

0.95.0 (2024-05-14)

📣 Breaking Changes

• graphql: add pagination for advisories data (30471442)

Right now, we're returning all the results of a given repository's
advisories, which can be extremely large if targeting a monorepo, or
just a repo with a lot of dependencies.

To prevent potentially retrieving and then sending hundreds or thousands
of results to the caller, we can instead set up pagination.

This uses offset-based pagination, but with an encoded cursor, mentioned
in [0] and seen across other APIs. We use offset-based pagination as we
don't have a stable identifier for a given row, and so it's easier to
think of it in terms of an offset.

To do so, we need to change the structure of our GraphQL response, which
allows us to surface pagination information.

We can also add an explicit `pageSize` limit in our schema, so it's
clearer to the user what the default behavior is.

However, this is a breaking change as we're changing the structure of
the GraphQL response, which needs to be flagged appropriately with a
`compatible_since` bump.

This requires that we use a named variable for sqlc for `limit` and
`offset`, otherwise we get errors such as:

    missing argument with index ...

Due to the rest of the query having numbered indexes generated by sqlc.

Closes #564.

[0]: https://betterprogramming.pub/understanding-the-offset-and-cursor-pagination-8ddc54d10d98

📄 Documentation

• don't show reading time if 0 minutes (271101f1)
• add DMD w/ Dan Lorenc link (db075f2b)

🔀 Code Refactoring

• graphql: eagerly load total fields if needed (0dcbc764)

🚧 Chores

• remove reliance on loopvar semantics (775e4e26)

0.94.3 (2024-04-24)

🐞 Bug Fixes

• build: ensure we set the "short" version for Goreleaser builds (f2f35a98)
• build: prefix Goreleaser version with v (a7debc95)

0.94.2 (2024-04-24)

🐞 Bug Fixes

• build: correctly tag versions in built binaries (a57f8ee7)

📄 Documentation

• SQL: correct the header for sboms_endoflife (bbad0f69)

🔀 Code Refactoring

• sbom: pass around a RepoKey type (511a6ea1)
• domain: don't embed the RepoKey struct (905efff7)
• domain: introduce a separate RepoKey domain object (d8b9957b)

0.94.1 (2024-04-10)

🐞 Bug Fixes

• compatibility: upgrade compatible_since (f25ab912)

0.94.0 (2024-04-09)

📣 Breaking Changes

• scorecards: correctly override Renovate-driven results on import (06075fa0)

As noted in #525, if you have run:

    dmd [...] import renovate [...]
    dmd [...] db generate dependency-health

You will receive a single entry per dependency in `dependency_health`
i.e.:

    github.com/google/uuid    gomod     5.012345678903459    # stale

Then, if you were to manually scan the repo with `scorecard` and import
that data in with:

    dmd [...] import scorecard [...]

This then results in multiple entries in `dependency_health` i.e.:

    github.com/google/uuid    gomod     5.012345678903459    # stale
    github.com/google/uuid    golang    7.099999904632568    # newer

Then, when looking at the advisories that are present, or `JOIN`ing the
tables, we will receive the stale data.

To fix this, we can instead store, and solely use, the `package_type`,
which we've derived. This was already what we were doing, just without
the intermediate step of storing the `package_type` in the database.

One area this could cause concern is if the version of `dmd` used to
create the database + import data is different to the version then used
to generate dependency health / to import the scorecards, and there may
be a difference between the derived data in the database. However, this
is fairly non-standard.

This is a breaking change due to the definition in
https://dmd.tanna.dev/concepts/compatible-since/:

> Renaming of a column

In which we've renamed the `package_manager` to `package_type`, so need
to appropriately note that this is a breaking change.

Closes #525, and a step towards #446.

📄 Documentation

• compatibility: add more options for breaking table changes (81582e5c)

0.93.1 (2024-04-09)

🐞 Bug Fixes

• compatibility: downgrade compatible_since (d2b097ad)

0.93.0 (2024-04-09)

🎁 Feature

• renovate: derive package_type and package_url on imports (1bda10f0)

📄 Documentation

• compatibility: downgrade breaking change for datasources (99b8d2ba)

0.92.0 (2024-04-08)

📣 Breaking Changes

• sbom: add package_url on imports (ccb812f4)

When importing SBOMs, we consume the Package URL (pURL) and take the
parts of it that we want to keep, but then throw away the rest.

Instead of doing this, we should make it available in the database,
where it can then be retrieved and further processed.

This allows us to take more complex pURLs like:

    pkg:rpm/redhat/xz-libs@5.2.4-4.el8_6?arch=x86_64&distro=redhat-8.6

    pkg:deb/debian/login@1:4.8.1-1?arch=arm64

And then we're able to perform more complex processing on them.

This is a breaking change due to the definition in
https://dmd.tanna.dev/concepts/compatible-since/:

> Introducing a required column, which doesn't have a default

In which we've added the `package_url` field, so need to appropriately
note that this is a breaking change.

This also requires refactoring the parameter to
`newSBOMDependenciesQuery` as it's no longer getting a full SBOM row, as
we don't query the `package_url`.

Closes #528.

📄 Documentation

• correct version number for compatible_since (f19de7d7)

0.91.0 (2024-04-07)

🎁 Feature

• add IsCompatible method (adf8fa3e)
• introduce a compatible_since field into metadata table (f67a8cca)

🐞 Bug Fixes

• web: correctly allow turning off GraphQL playground (fe96edf1)

📄 Documentation

• document Compatible Since (a5bd5151)
• markdownify descriptions (bee1aa86)
• related: add xz article (63191291)
• remove references to paid options (b158e99c)

🚧 Chores

• use compatible_since to perform compatibility validation (825e0739)
• web: add version to logger (e9c566b8)
• remove other reliances on loopvar semantics (a5eff178)
• docs: update Hugo to use Rego syntax (3bece2ea)

0.90.1 (2024-03-21)

🐞 Bug Fixes

• sqlite: use single quotes for DDL (260db714)

📄 Documentation

• cookbook: update to latest recommended ORT Docker image (3bf28c0d)
• renovate-to-sbom: align --out-format (99c23f4b)

0.90.0 (2024-03-06)

🎁 Feature

• web: allow outputting logs as JSON (5d530656)

📄 Documentation

• web: document LOG_FORMAT (44a7d2bf)

0.89.3 (2024-03-06)

🐞 Bug Fixes

• web: correctly apply --datasette-extra-args (72440f49)

0.89.2 (2024-03-06)

🐞 Bug Fixes

• advisories: allow multiple entries for a given level (1661dd68)

0.89.1 (2024-03-05)

🐞 Bug Fixes

• lint: correct ineffectual assignment (9d44d113)

📄 Documentation

• features: add missing reports (020febd1)

🚧 Chores

• lint: address deprecated function calls (9ebe970b)

0.89.0 (2024-02-22)

🎁 Feature

• renovate: support multi-line Renovate debug log file (f3a6c702)

🐞 Bug Fixes

• only check if DB is finalised if it exists (09fc64b3)

📄 Documentation

• renovate: add link to new cookbook (662ce558)
• cookbooks: document how to use Renovate debug log files (f93ffb62)

🚧 Chores

• add pre-flight checks in write commands (6fd3ddb9)

0.88.0 (2024-02-21)

🎁 Feature

• reports: report the number of repos in Funding report (ff0fb719)

📄 Documentation

• examples: update reportFunding (2e5d36e6)

0.87.0 (2024-02-20)

🎁 Feature

• graphql: expose funding information (c7876224)
• reports: add report funding (883cca51)
• add the ability to source funding information from Ecosystems (84c32015)

📄 Documentation

• examples: add a report funding demo (ba252784)

🔀 Code Refactoring

• web: move templating into templates (e2d9a563)

🚧 Chores

• remove ability to filter policy violations by advisoryType (8dede055)
• report a better message when no libyear data is found (d1a4e388)

0.86.0 (2024-02-20)

📣 Breaking Changes

• remove database anonymisation (858bcfec)

As noted in #470, the anonymisation feature may have been useful, but
has not been used.

Although we could keep the feature in, it is regularly _not_ being
implemented when new repositories are being created, so a user expecting
the feature to be available will be lulled into a false sense of
security.

Instead, we should remove the feature.

In `repositorymetadata` we need to still retain a single query, as
`sqlc` requires at least one query per schema.

Closes #470, #471, #306, #283, #274, #221, #165.

📄 Documentation

• add OpenSSF Best Practices badge (d8c1a1a7)

0.85.0 (2024-02-19)

📣 Breaking Changes

• policies: remove policy_violations table (d0d62380)

We first introduced `policy_violations` as a means to store data for the
Policy evaluations, and at the time we took the opportunity to include
more data in the table than was present previously.

Over time, we've seen that the new `advisories` (which replaced
`custom_advisories`) table is necessary to follow the same shape of
data, including pulling in data from each of the tables to provide a
single view of all advisories.

However, since we've made `advisories` use the same shape of data, it's
unreasonable to have both tables, when there's no purpose and it leads
to confusion.

As part of this, we can also close off some subtle implementation bugs
that were due to the complexity of the two tables having a fair bit of
overlap.

This was largely due to the way that we were allowed to use non-`POLICY`
advisory types, so lookups across tables were a little awkward.

Closes #452, #298, #400, #340.

0.84.0 (2024-02-19)

🎁 Feature

• add ability to import scorecard for Security Scorecards (4b7eae1c)

📄 Documentation

• cookbook: add a cookbook for import scorecard (0c62b336)
• add comment character to example (882f46ea)

0.83.0 (2024-02-16)

🎁 Feature

• web: show finalised_at date if present (4abeff53)
• log an error when trying to modify a finalised DB (da66c404)
• graphql: add support for querying finalisedAt (5cbd7529)
• add finalised_at metadata (a62ceecd)
• add ability to list the DB metadata on the CLI (f2ec4df3)

📈 Performance Improvements

• web: don't re-fetch database metadata (ca647120)

📄 Documentation

• demos: wire in demo for metadata (6e29791b)
• demos: add demo for metadata (c86477cc)
• cookbooks: add reference to dmd db meta finalise (c19302a3)
• sql: document metadata table (8c32b198)
• add SOOC24 talk (ad1a32a0)
• features: revamp /features/ page (df1bd299)
• warn users of the performance issues Ecosystems interactions may see (be914a3b)
• commands: correctly render examples (513aeb6f)
• add dependency health blog post to /related/ (77f5469b)
• link to Case Studies from /features/ (1bf31509)

🔀 Code Refactoring

• add openDatabaseForWrite (199a682f)
• warn when no dmd_version found in pre-flight checks (48b66236)
• tweak implementation of GetMetadata (90f36917)

🚧 Chores

• fix copylocks linting violation (0e51e6a0)
• remove incorrect comment (0e9813e9)

📦 Build

• run commitlint alongside integration (dcf9e40a)
• update + semantically pin hooks-goreleaser (5f3d704f)

0.82.2 (2024-02-08)

🐞 Bug Fixes

• increase maximum concurrency for Libyear generation (109c0070)

0.82.1 (2024-02-08)

🐞 Bug Fixes

• correct to generate libyear (3d2b501e)

0.82.0 (2024-02-08)

🎁 Feature

• graphql: add support for querying a repository's Libyears (9863e5c4)
• web: add report for Libyears (78c4367f)
• reports: add report for Libyears (28aee919)
• add support for generating Libyears (073114b6)

🐞 Bug Fixes

• correctly use transactions for Dependency Health (2bae2b72)

📄 Documentation

• demos: record reportLibyear (d1329358)
• demos: add reportLibyear (e0b2112c)

🔀 Code Refactoring

• extract baseURL to a shared constant (2a337c7b)

🚧 Chores

• add getRegistryPackageVersion for Ecosystems (ce6cbdb2)
• update ecosystems OpenAPI spec (f782b81e)
• web: fix rendering of Liberation Mono (Bold) (08e31524)

📦 Build

• allow Go toolchain downloads in CI (f4dd4988)

0.81.0 (2024-02-08)

📣 Breaking Changes

• require to Go 1.22 (1dafa890)

This is a breaking change as consumers who are pinning their versions of
Go will break.

📄 Documentation

• link to dmd CLI not README (e810a985)
• point to new talk writeup (5a0d4808)

🚧 Chores

• remove reliance on loopvar semantics (5a922253)

0.80.2 (2024-02-05)

🐞 Bug Fixes

• web: correctly filter reports by querystring (a971e0a5)

📄 Documentation

• update project description in README (74181cc4)
• make sure that pages under /commands/ have a middle breadcrumb (f6ec7fd7)
• fix rendering of Liberation Mono (Bold) (24d6c9e3)

🚧 Chores

• deps: pin dependencies (f124e596)

0.80.1 (2024-02-01)

🐞 Bug Fixes

• increment tracker on persisting (c72b6b62)

0.80.0 (2024-02-01)

📣 Breaking Changes

• web: require query parameter to load all data from reports (5cd68030)

As noted in #387, the advisories and policy violations reports are
likely to load a very large number of rows.

Instead of loading them by default, we can instead require a querystring
parameter to enforce this.

This allows us to still render the pages with all the data - at our own
risk - but the default nudges towards limiting this down.

This is a breaking change due to the expectation that a bookmarked URL
would still result in the same data.

Closes #387.

• move infrastructure advisories to their own report (377cccf0)

As noted in #199, it isn't the best experience if you don't have any (AWS)
infrastructure imported, and can be confusing.

This should be done for both the web and CLI reports.

This is a breaking change due to moving of data from where it was
previously expected.

Closes #199.

🎁 Feature

• web: add a filtering form to policy violations (3bf34c64)
• web: add a filtering form to advisories (56ce9c1f)

🐞 Bug Fixes

• web: show "you're filtering" when valid querystrings are provided (92bef416)

📄 Documentation

• add demo for reportInfrastructureAdvisories (97a20d32)
• add some related (external) projects (9937be34)
• tweak secondary tagline (2e9abad1)
• case study: how to look at different routers/frameworks (99f69e43)
• add breadcrumb navigation (a8b48750)
• reformat HTML (5ea22611)

🚧 Chores

• reformat HTML (0809ce5b)

📦 Build

• netlify: correctly set up environment variables (d46e6061)

0.79.0 (2024-01-31)

🎁 Feature

• add import bulk subcommand (a2d6b943)

📄 Documentation

• demos: update initAndImport recording (b75187f7)
• demos: add demo for import bulk (6a04afe4)
• SBOMs: add information on how to use import bulk (7308b2d7)
• sql: add notes about Repo Key (9cd6fafa)
• add the Repo Key concept (f0173d0a)

0.78.0 (2024-01-30)

🎁 Feature

• detect Jenkins plugins as maven pURLs (691ca7a9)
• add ability to modify derived Renovate pURLs (e21ef23b)
• detect Docker images in GitLab CI as pURL type docker (374bf055)
• detect Clojure pURL type as clojars (819853e9)

0.77.0 (2024-01-30)

🎁 Feature

• detect Gradle pURL type as maven (cc1a07ee)

📄 Documentation

• correct log message (d3e90a47)
• add WIP to /features/ (2a04336f)

0.76.0 (2024-01-27)

🎁 Feature

• OPA: add dependency_health data to OPA (4ede6a71)
• graphql: add support for DependencyHealth data (ac297797)
• generate advisories from dependency_health data (0efee5c2)
• add ability to source data into dependency_health (0d842053)

📄 Documentation

• OPA: add input data for dependency_health (15c22878)
• correct command invocation (637d5e1a)

🔀 Code Refactoring

• move ToPurl to renovate package (5b5f83a0)

🚧 Chores

• deps: update oapi-codegen (c7084db8)

0.75.2 (2024-01-26)

🐞 Bug Fixes

• perf: manually construct ast.Values for Rego (cdbf3c93)

📈 Performance Improvements

• revert introduction of cache for policy evaluations (3decd0b6)
• introduce cache for policy evaluations (30e45569)
• don't re-query for policy evaluation inputs (28490b9c)
• construct all Rego queries up-front (654ebd5e)

📄 Documentation

• correct where missing-data generates from (33958fb6)
• remove outdated reference to osv.dev (839890fe)
• typo (851a4884)

🔀 Code Refactoring

• remove unnecessary logging (1f6742b0)

🚧 Chores

• add sharing metadata (a0903b28)
• add DMD logo + icons (dc444421)

0.75.1 (2024-01-23)

🐞 Bug Fixes

• use Liberation Mono as font (b8fef45a)

📦 Build

• remove extra newlines in Slack release notes output (bbd4086d)
• ensure we go install all tools in CI (bcb2d779)

0.75.0 (2024-01-22)

🎁 Feature

• allow marking custom advisories' level (5b209e75)

📄 Documentation

• case study: add OPA example for Log4shell (073fba46)
• case study: remove non-Log4shell version number (2fe5867f)
• remove unnecessary tmp/ (3c63cbec)
• correct visibility (e3511c51)
• align indentation for versions (3f03a581)
• case study: rename file (eb763a29)

0.74.0 (2024-01-21)

🎁 Feature

• reports: show package (current) version in dependenton (4645f49c)

📄 Documentation

• case study: add Log4Shell (0327fbe6)
• correct placement of Getting Started (SBOM) link (5f3bf9d4)
• improve the "where can I learn more?" on / (042f91a2)
• case study: add Case Studies to the home page (a56d1fca)
• reformat long lines (abd67e23)
• case study: add example of seeing oapi-codegen version distribution (f8dc7d61)
• case study: add Docker examples (163ebb76)
• case study: add Gorilla Toolkit example (7a9b9f24)
• case study: add Deliveroo Kafka example (3fcdc11e)
• case study: add Case Studies content type (764434d2)
• remove deprecated builtins from OPA examples (db1bb0db)

0.73.0 (2024-01-18)

📣 Breaking Changes

• remove Dependabot tables (23d8fb1f)

The Dependabot-specific tables have been deprecated for some time, so we
should remove them to clean things up.

This could be a breaking change for anyone still relying on them, but
there's been no data imported into these tables since before v0.38.0, so
I'd be surprised if it did break anything.

Closes #168.

📄 Documentation

• examples: update reportDependenton (6392ee21)
• examples: update generatePolicyViolations (3fbb4212)
• examples: update evaluatePolicy (e26eb6a0)
• examples: update reportLicenses (fbd1adb4)
• examples: update reportAdvisories (ce58f342)
• examples: update generateAdvisoryAndList (56fd680c)
• examples: update mostPopularPackageManagers (aa718a58)
• examples: update mostPopularDockerImages (0d1926dc)
• examples: update reportGolangCILint (f6818ab5)
• examples: update setOwners (967f4df8)
• examples: update initAndImport (21512894)

🔀 Code Refactoring

• examples: rename generateAdvisory (2782cbe7)

🚧 Chores

• examples: add steps to add GDS ownership (0dd74089)

📦 Build

• remove erroneous quote sign (6c4cef00)

0.72.0 (2024-01-18)

📣 Breaking Changes

• remove osvdev data (55d4572b)

It's been deprecated officially for a week or so, but hasn't been
actually wired into Advisories, as we've had deps.dev's data which is
superior.

By removing this, we'll also hopefully reduce the time it takes folks to
build their databases, as osv.dev lookups were fairly slow.

📄 Documentation

• make RG_INCLUDE_UPDATES recommended, not optional (1bffc274)
• note when table deprecation isn't first table (b540e639)

📦 Build

• announce when breaking changes are introduced (c11fe129)

0.71.1 (2024-01-17)

🐞 Bug Fixes

• deps: update module github.com/styrainc/regal to v0.15.0 (877d643c)
• deps: update module github.com/99designs/gqlgen to v0.17.42 (c5225893)
• deps: update module github.com/oapi-codegen/runtime to v1.1.1 (68fb7a55)
• deps: update module github.com/jedib0t/go-pretty/v6 to v6.5.3 (3d0d37d5)
• deps: update module github.com/open-policy-agent/opa to v0.60.0 (a7c1de36)
• deps: update module golang.org/x/sync to v0.6.0 (5a2b5a25)
• deps: update module github.com/google/uuid to v1.5.0 (09bd7ea0)

🚧 Chores

• deps: update goreleaser/goreleaser docker tag to v1.23.0 (25ffaa13)

📦 Build

• make sure we pull the given commit for go install ...@HEAD (eb959b78)
• add Slack announcements on releases (3403a4ae)
• ensure that renovate-to-sbom installs correctly (811ad8d2)
• ensure that dmd-graph installs correctly (29e6b17a)

0.71.0 (2024-01-16)

📣 Breaking Changes

• rename advisories to custom_advisories (fe328384)

BREAKING CHANGE:

For some time, I've regretted the naming choice, as it can be a little
confusing because the `advisories` table doesn't include all the
advisories present in the dependency trees.

This now makes it more explicit by using the new name
`custom_advisories`.

🎁 Feature

• add advisories table for all advisories data (fe4efc69)

📄 Documentation

• note that the policy_violations table is self-sufficient (f55b7472)
• add linebreak between NOTE and text (3a53dc45)

🔀 Code Refactoring

• remove unused type (6c1066de)

0.70.0 (2024-01-16)

📣 Breaking Changes

• use UNMAINTAINED for unsupported dependencies (decfc404)

This has been accidentally misaligned for some time, and will cause some
confusion when querying the data.

To keep this more consistent, we should make sure we return a known
`advisory_type`.

📄 Documentation

• graphql: correct documentation for field (a77e1010)
• remove trailing spacing after database schemas (c9c8d19a)

0.69.0 (2024-01-16)

🎁 Feature

• renovate-to-sbom: map pURL type for bun (aa796b03)
• renovate-to-sbom: map pURL type for Python managers (abfa47f5)
• renovate-to-sbom: map pURL type for sbt (92731fa3)
• renovate-to-sbom: map pURL type for helm datasource (6fae909f)
• renovate-to-sbom: map pURL type for bundler (64bfc9e8)
• renovate-to-sbom: map pURL type for dockerfile and docker-compose (8df6d3ab)
• renovate-to-sbom: map pURL type for hex and mix (6bf2d680)

0.68.0 (2024-01-16)

🎁 Feature

• renovate-to-sbom: add only-include-known-purl-types flag (8851d651)

📄 Documentation

• remove trailing spacing after examples (fc576ad1)
• renovate-to-sbom: use Example for command documentation (2240cdec)
• OPA: link to policies.EvaluationInput (0a3cd5e2)

0.67.1 (2024-01-15)

🐞 Bug Fixes

• deps: update module golang.org/x/crypto to v0.18.0 (78018c73)

0.67.0 (2024-01-12)

🎁 Feature

• OPA: expose Repository Metadata in policies (5ea741ee)
• graphql: expose RepositoryMetadata in GraphQL (83b899a7)
• datasource: add ability to track repository metadata (75587a70)

🐞 Bug Fixes

• OPA: correctly set DepTypes on policy input (c4754d70)

📄 Documentation

• update evaluatePolicy (4b670340)
• OPA: add docs around using repository metadata (55d3d5c4)
• OPA: add missing licenses to example inputs (a908539a)
• sql: correct owners SQL docs (091ef808)

0.66.0 (2024-01-09)

📣 Breaking Changes

• graphql: make owner an object (35c8e0c5)

To allow for us to make it possible to expose both the owner's name and
notes, we should refactor this into an `Owner` object, rather than a
plain string.

This requires a bit of wiring in for the different queries that use the
field, as well as making sure it gets resolved.

0.65.2 (2024-01-08)

🐞 Bug Fixes

• web: add initial-scale (6ef1f451)

📄 Documentation

• policies: add in-depth documentation for EvaluationInput (30b455f8)
• graphql: correct description for field (92237085)
• graphql: add in-depth documentation for GraphQL (065aa38e)
• sql: add missing ends of sentences (81699e4e)
• graphql: line-wrap long GraphQL docs lines (2fe52729)
• add initial-scale (7553a3ed)
• correct case for broken link (5da9f9f8)
• note that you can still inner join (658c25e7)
• sql: add initial "understanding the data model" cookbook (d159d9fb)
• move to magenta for emphasis colour (681ef310)
• remove TODO note (660a724e)
• sql: indicate that the /schema/ page may not match yours (87e76d98)
• add design decisions (b3442626)
• finish sentence (a1db791f)

🔀 Code Refactoring

• extract an EvaluationInput type (9f02db4b)

🚧 Chores

• web: move to magenta for emphasis colour (7ce401d0)
• don't break long line (ca1906b5)

0.65.1 (2024-01-04)

🐞 Bug Fixes

• sql: remove accidentally duplicated policy_violations table definition (4f57344b)

📄 Documentation

• sql: add significant documentation to database tables (d009d11f)
• sql: deprecate dependabot_endoflife (facad645)
• sql: deprecate osv.dev tables (76d3bb45)
• sql: only generate schema docs from internal (2a05d022)
• sql: correct table name for Dependabot replacement (c503f757)
• add package data header to datasources page (279daa95)
• concepts: link to internal docs for custom Advisories (28c2f29e)
• add deprecation warning to /schemas/ (390a9cbd)

📦 Build

• force coloured output for diffs (07a5d28f)
• add dmd-graph to release builds (991fad90)

0.65.0 (2023-12-22)

🎁 Feature

• reports: treat _ as library (5de4c989)
• reports: implement golangCILint for SBOMs (0e4d136d)
• reports: implement mostPopularDockerImages for SBOMs (d33b45fe)
• reports: implement mostPopularPackageManagers for SBOMs (c57dd309)

📄 Documentation

• update reportGolangCILint demo (fe9950ab)
• update mostPopularPackageManagers demo (95019818)
• update mostPopularDockerImages demo (95348901)

0.64.1 (2023-12-22)

🐞 Bug Fixes

• retract v1.0.0 (ac95e509)

📦 Build

• allow initial development version (159ca6fe)
• remove goreleaser snapshots (9c49f932)
• migrate to semantic-release (f0f4cab0)

v0.64.0 (2023-12-22)

• c3c4229 Add a page for /commands/
• 99d5d96 Add categorisation for cookbooks
• b45926b Add explanation for flags in import sbom
• 7538887 Add more context to owners set
• a331b4e Add redirects for /cmd/*
• a4accde Build the gendoc command correctly
• f2e5d28 Complete documentation for db anonymise --orgs
• 03a7578 Document flags that were missing a usage
• aaa63ee Generate custom CLI documentation
• dc5b271 Merge branch 'chore/redirects' into 'main'
• da62b39 Merge branch 'docs/categorise' into 'main'
• 350b3bb Merge branch 'feature/gendoc' into 'main'
• aa2cece Merge branch 'feature/report-registries' into 'main'
• 56f8bfc Merge branch 'feature/srcery' into 'main'
• a514710 Migrate to srcery colour scheme
• a00b178 Reformat CSS
• cd258d3 Remove unnecessary full stop
• 9ad0d2c Report most popular registries in mostPopularDockerImages
• 148ea74 Revert "Migrate to GitLab-backed changelog generation"
• 32e7b5a Update mostPopularDockerImages demo
• 5152fc5 Use Example properly for CLI documentation

v0.63.1 (2023-12-19)

• 1a5eec64: Migrate to GitLab-backed changelog generation (Jamie Tanna jamie.tanna@elastic.co)

v0.63.0 (2023-12-17)

• 95e474b Add Webmention support
• 7a5e24d Add rel=me email link
• 2d1b67f Add link to SBOM getting started on /
• 1d5cf7f Add missing <p> tag
• b26cd5b Merge branch 'renovate/github.com-99designs-gqlgen-0.x' into 'main'
• 405810c Merge branch 'renovate/github.com-charmbracelet-log-0.x' into 'main'
• 93a7c8c Merge branch 'renovate/github.com-cyclonedx-cyclonedx-go-0.x' into 'main'
• f55aa08 Merge branch 'renovate/github.com-hashicorp-go-retryablehttp-0.x' into 'main'
• c1ff070 Merge branch 'renovate/github.com-jedib0t-go-pretty-v6-6.x' into 'main'
• 3aa7d15 Merge branch 'renovate/github.com-oapi-codegen-runtime-1.x' into 'main'
• 03d9a9a Merge branch 'renovate/github.com-package-url-packageurl-go-0.x' into 'main'
• 2912800 Merge branch 'renovate/github.com-xanzy-go-gitlab-0.x' into 'main'
• 1674c74 Merge branch 'renovate/golang.org-x-sync-0.x' into 'main'
• ff72868 Merge branch 'renovate/goreleaser-goreleaser-1.x' into 'main'
• bcc0b95 Merge branch 'renovate/modernc.org-sqlite-1.x' into 'main'
• 0316b27 Update goreleaser/goreleaser Docker tag to v1.22.1
• 460c801 Update module github.com/99designs/gqlgen to v0.17.41
• cd75f9c Update module github.com/CycloneDX/cyclonedx-go to v0.8.0
• 2c4e94b Update module github.com/charmbracelet/log to v0.3.1
• 49aa97a Update module github.com/hashicorp/go-retryablehttp to v0.7.5
• 4fa906a Update module github.com/jedib0t/go-pretty/v6 to v6.4.9
• a5ceb08 Update module github.com/oapi-codegen/runtime to v1.1.0
• 313461e Update module github.com/package-url/packageurl-go to v0.1.2
• b6461bb Update module github.com/xanzy/go-gitlab to v0.95.2
• 138c95b Update module golang.org/x/sync to v0.5.0
• e1afe43 Update module modernc.org/sqlite to v1.28.0
• c10132d fixup! Add Webmention support

v0.62.0 (2023-12-11)

• 1492f03 Default advisory_type to POLICY if not specified
• 90d5d0a Fix: Allow multiple policy violations per dependency
• f489637 Merge branch 'chore/default-policy' into 'main'
• 62d01ef Merge branch 'defect/multi-violation' into 'main'

v0.61.0 (2023-12-07)

• 5f2e647 Add dmd-graph to gendoc
• 400b139 Add a dependenton report
• 9726416 Add core GraphQL schema types
• 7abcbd7 Add demo for report dependenton
• 45f29c3 Add policy to advisory summary output
• 6f36e7a Add recording for reportDependenton
• 74f1b05 Bootstrap GraphQL endpoint
• a1130e1 Bump Regal
• e882861 Implement dependentOn query
• da588b2 Implement repositoriesIn query
• 7a755bc Implement repositoriesLike query
• 245d7a6 Implement repository query
• 0c6b2ae Merge branch 'defect/summary-pol' into 'main'
• 1857f7c Merge branch 'deps/regal' into 'main'
• 0693314 Merge branch 'feature/dependent-on' into 'main'
• d60b4eb Merge branch 'feature/graphql-fresh' into 'main'

v0.60.0 (2023-11-29)

• 8ec66df Add ability to warn in policies
• d308958 Document warn for policies
• e5605f4 Improve "starting point" for OPA policies
• e2cff94 Improve error messages after refactoring policy interface
• 5318472 Introduce the level concept for policies
• a312054 Merge branch 'feature/policy-warn' into 'main'
• e5c311f More safely reference deny
• 3476497 Update generatePolicyViolations demo

v0.59.0 (2023-11-29)

• a97561c Consume licensing data from SBOMs, if present
• 0a7e024 Fix: Correctly construct package names from CycloneDX SBOMs
• 985b7b2 Introduce the external_licenses table
• 7c15ce8 Make flatten generic
• 26574a1 Merge branch 'chore/fs' into 'main'
• f5cf5d2 Merge branch 'defect/cyclone-sbom-name' into 'main'
• df24487 Merge branch 'feature/external-licenses' into 'main'
• 1a994e0 Prefer external_licenses over depsdev_licenses
• 8cdb349 Remove workaround for regal's missing fs.FS support

v0.58.0 (2023-11-28)

• 34ac6a8 Add an unknown license if deps.dev can't determine one
• ddd3100 De-duplicate error arrays
• b8f41db Merge branch 'chore/errors' into 'main'
• 81f1815 Merge branch 'defect/sbom-ver' into 'main'
• f338318 Merge branch 'feature/default-license' into 'main'
• f9f31b7 Merge branch 'feature/web-prefix' into 'main'
• 35a6e49 Prefix Datasette output in dmd-web
• af442de Prioritise current_version for SBOM deps.dev lookups

v0.57.0 (2023-11-27)

• 920f3c4 Add missing dep_types for input example
• 84fdea7 Merge branch 'feature/policy-licenses' into 'main'
• fded60a Provide licensing data to OPA policies
• 2b3e823 Remove accidental comment

Breaking change

• 1ecad15 Simplify variables required to write a policy

v0.56.0 (2023-11-27)

• 29cf6b8 Add policy-violations report to docs
• 9c1769a Correct title of section
• dc3a5ab Disable opa-fmt in policy evaluate
• bd18c25 Document policy violations
• c9e5abd Document requirement for advisory_type to be a string
• 00b512f Fix: Correctly return dep_types in policy evaluations
• 117d214 Merge branch 'feature/improve-msg' into 'main'
• 7437fa5 Remove debug logging
• 527d2ae Remove nesting
• a3a18dc Return early when erroring.
• 1ecad15 Simplify variables required to write a policy
• 0d125b2 fixup! Add the POLICY advisory type

v0.55.0 (2023-11-25)

• 13b2b03 Add policy lint via regal
• 1acf625 Merge branch 'feature/policy-lint' into 'main'

v0.54.0 (2023-11-24)

• a6b1103 Add CLI to write policy violations to the DB
• 5969375 Add Policy violations into Advisories report
• df99b73 Add a report for policy violations
• 07ee044 Add cookbook for custom advisories
• 5de75cb Add demos for policies
• 674ddc6 Add support for evaluating OPA policies
• e7a940c Add the POLICY advisory type
• c26c82e Allow checklinks to warn when DMD links fail
• 7d43760 Document how to use OPA Policies
• e836c2d Document the Policy concept
• 2324080 Don't perform pre-flight checks for temporary DBs
• ea92483 Fix: Correctly wire in out for advisories CSV output
• d6c28c1 Merge branch 'feature/opa' into 'main'

Breaking changes

• b54b914 Make dmd-web a full Cobra CLI

v0.53.0 (2023-11-20)

• 21dac76 Generate documentation for dmd-web as part of docs
• b54b914 Make dmd-web a full Cobra CLI
• bcba7b4 Merge branch 'feature/web-cli' into 'main'
• 9e5ccc6 Provide a URL for dmd-web

v0.52.9 (2023-11-19)

• 5c1b687 fixup! fixup! Fix: Correctly generate Goreleaser SBOMs

v0.52.8 (2023-11-19)

• 208760d fixup! Fix: Correctly generate Goreleaser SBOMs

v0.52.7 (2023-11-16)

• 1579c6d Fix: Correctly generate Goreleaser SBOMs

v0.52.6 (2023-11-16)

• 0968c8a Add dmd-web to release builds
• 55bd2c9 Remove explicit reference to builds

v0.52.5 (2023-11-15)

• 6664107 Merge branch 'chore/goreleaser' into 'main'
• f63b34c Merge branch 'chore/sbom-report' into 'main'
• e0a92ff Perform goreleaser release
• 77ec618 Publish SBOMs as part of releases
• 5040e2e Remove configuration that doesn't match anything
• 102bff7 Remove deprecated Goreleaser flags

v0.52.4 (2023-11-07)

• 24530ef Fix: use correct advisory type for UNMAINTAINED
• 4ffff7e Merge branch 'chore/advisory-count' into 'main'
• fdabcbf Replace SummariseCountPackageAdvisoriesLike with SQL-only lookup

v0.52.3 (2023-11-07)

• aa13726 Merge branch 'chore/charm' into 'main'
• 6c7481e Move back to Charm's log

v0.52.2 (2023-11-07)

• 9e78bc1 Add npm SBOM article
• 39dbb32 Fix: Correctly perform filtering on CVE checks
• 47c9165 Merge branch 'defect/reports' into 'main'

v0.52.1 (2023-11-05)

• 892f5b4 Merge branch 'defect/spdx' into 'main'
• dbd46a9 Use separate parsers for SPDX

v0.52.0 (2023-11-03)

• da8fd34 Add renovate-to-sbom CLI
• 2453a2d Add renovate-to-sbom to gendoc
• 7e0508f Add explicit DB setup for SBOM getting started cookbook
• f35f26c Add explicit documentation for ORT
• 0fc105f Merge branch 'docs/ort' into 'main'
• 2246833 Merge branch 'feature/renovate-to-sbom' into 'main'
• 7e98039 Merge branch 'oapi-v2' into 'main'
• 0959629 Upgrade to oapi-codegen v2

v0.51.0 (2023-10-30)

• 4ff9b29 Add CountPackageAdvisoriesLike query
• cd3135e Add latest release badge
• d2d723d Add report advisories --summary
• 7086da6 Add a --summary demo
• 85d1ca2 Add missing security advisories from duplicated queries
• 08f37a4 Fix typo in AdvisoryTypeUnmaintained
• 6bbf748 Merge branch 'chore/sqlc-bump' into 'main'
• 91f1261 Merge branch 'chore/v2' into 'main'
• d485d32 Merge branch 'feature/graphql-more-queries' into 'main'
• 2429d15 Merge branch 'feature/report-summary' into 'main'
• f84e55f Quote the version in sqlc.yaml
• c00c9a6 Skip checking fonts' availability and validity
• 181304c Update reportAdvisories demo
• b41c6b6 Update module github.com/sqlc-dev/sqlc to v1.23.0
• c9a5ccb fixup! Skip checking fonts' availability and validity

v0.50.0 (2023-10-30)

• fb4273d Add demo for --advisory-type filtering
• 852ed46 Allow filtering advisories report by advisory_type
• ddf19e9 Merge branch 'feature/like-advisory' into 'main'
• 817c75c Update reportAdvisories demo

v0.49.0 (2023-10-29)

• 05ed29e Add a cookbook for how to bootstrap the Git repo
• 06008bb Add support for CycloneDX XML format
• 4289761 Add support for CycloneDX v1.5 SBOMs
• a44f1b9 Add support for SPDX 2.2 SBOMs
• 7c3b718 Don't perform pre-flight checks if DB doesn't exist
• a156c7c Merge branch 'cookbook/bootstrap-repo' into 'main'
• 3570602 Merge branch 'defect/log' into 'main'
• ab3ade1 Merge branch 'feature/cyclone' into 'main'
• 3e2bcdb Remove YAML from CycloneDX support
• 35e0af4 Rename CycloneDX types to clarify JSON-only
• 7e284df Unmarshal SPDX SBOMs as YAML

v0.48.0 (2023-10-26)

• dd32c74 Add a central function for opening database
• ab3b7f8 Always add the dmdVersion to log messages
• 74897ae Correct log key for DB Version
• 1d5f26e Extract log keys to constants
• 7d02f4f Merge branch 'feature/warn-cli-db-dmd' into 'main'
• 9f42703 Warn when the CLI and DB CLI versions don't match

v0.47.0 (2023-10-25)

• 02d775f Add Custom Advisories blog post
• 49f36ba Add Getting Started cookbook for SBOMs
• 3dbd02e Add sensitive_packages table to avoid external lookups
• 1c3fd5a Add cookbook for sensitive package names
• c78968d Add explicit content license for site
• 9e095c6 Add link to DMD+GitLab post
• 738274a Add link to talk video
• 5eace70 Add missing SBOM features
• 78ac0ab Add missing licenses report to /features/
• 8f46355 Bump demos to use Go 1.21
• 0027ca8 Centre-align feature ticks
• 373923b Check for broken internal links in the pipeline
• 8f17b7b Document supported SBOM formats
• e8bffc0 Fix: Concepts should be singular
• 01a1e47 Fix: Correctly reference URL
• 62f2f6f Fix: Lowercase report URLs
• cadb290 Log the usage of sensitive packages
• b175984 Make JSON-esq requirement clear for SBOMs
• c6f6a17 Make SBOM table headers less wide
• be7bf67 Make page intent (slightly) clearer
• fe9974f Merge branch 'chore/docs' into 'main'
• 253c98d Merge branch 'chore/docs' into 'main'
• b9b1aed Merge branch 'chore/htmltest' into 'main'
• 54a40cb Merge branch 'cookbook/sbom' into 'main'
• a37ae17 Merge branch 'feature/sensitive-packages' into 'main'
• 93d7ce6 Merge branch 'renovate/github.com-deepmap-oapi-codegen-1.x' into 'main'
• de5ee36 Merge branch 'renovate/github.com-saschagrunert-demo-digest' into 'main'
• 0caac3b Merge branch 'talk-video' into 'main'
• 850b8ee Overhaul + improve documentation site
• eb370d1 Remove deprecated calls to ioutil
• ed55800 Update github.com/saschagrunert/demo digest to 5fce153baf4b
• 9e2df16 Update module github.com/deepmap/oapi-codegen to v1.16.2
• 0c75bac Use sh for demos

v0.46.0 (2023-09-24)

• b0f322f Add db generate missing-data command
• cef79b8 Add missing-data demo
• 478a284 Document support for missing-data
• b4b10f2 Merge branch 'feature/generate-data' into 'main'

v0.45.0 (2023-09-23)

• 84222ba Add report licenses to demos
• 62e8db7 Add a contrib sync command
• c7e8ee3 Add a licenses report
• 3980805 Add demo for report licenses
• 2e332e4 Documentadvisories support for SBOMs
• 1c0fb88 Merge branch 'feature/license-report' into 'main'
• ccc385d Merge branch 'feature/warn-init' into 'main'

v0.44.2 (2023-09-23)

• 0458a1c Merge branch 'feature/warn-init' into 'main'
• ef6c73c Warn if re-initialising the same database

v0.44.1 (2023-09-23)

• b8c9e05 Document why Datasource for depsdev lookups
• 7dcbb45 Fix: Use correct Datasource for Cargo
• 38e9ea9 Merge branch 'defect/cargo' into 'main'

v0.44.0 (2023-09-23)

• 47f9ca2 Add CVE information into Advisories
• 11147c9 Add RetrieveDistinctPackages for SBOMs
• 0dd24cc Add supported depsdev functionality to /features/
• 4452fee Lookup SBOM data in deps.dev
• 256a795 Merge branch 'chore/alpine' into 'main'
• 5077df6 Merge branch 'chore/go-install' into 'main'
• 22d988b Merge branch 'feature/cves' into 'main'
• ca333ab Merge branch 'feature/depsdev-sbom' into 'main'
• cd45bab Migrate to Alpine-based images
• 7f94a59 Rename reference to renovatedb
• 6a175e7 Update reportAdvisories demo
• 7ebe551 go install on every main build

v0.43.0 (2023-09-20)

• 4eb7975 Add Rails EOL checking for Renovate
• 10e5b7b Add end-of-life checking for SBOMs
• 4ba3fe1 Add generator for SBOM EOL parser
• db7f58d Add message to tracker
• 863326e Add missing call to anonymisation function
• ad4d977 Add schema for SBOM end-of-life checking
• 0e98a0c Add support for Rails SBOM EOL checking
• 34d0086 Document Rails EOL checking
• f161741 Merge branch 'feature/sbom-endoflife' into 'main'
• 40054b0 Remove TODO
• f98e17e Remove impossible query
• 02f5c93 Rename query

v0.42.2 (2023-09-20)

• d7dbeb4 Correct ordering of versions in dmd-web footer

v0.42.1 (2023-09-20)

• b670241 Add snapshot goreleaser builds on main
• 8cf32f0 Correctly point to my fork of charmbracelet/log
• aea9745 Merge branch 'defect/charm-fork' into 'main'
• fb8c4f6 Merge branch 'renovate/goreleaser-goreleaser-1.x' into 'main'
• cc2572a Update goreleaser/goreleaser Docker tag to v1.20.0

v0.42.0 (2023-09-19)

• 5a97613 Merge branch 'chore/at-sign' into 'main'
• 3e91397 Decode escaped @-signs in package names
• 1c2a099 Merge branch 'feature/report-advisories-like' into 'main'
• 3ebd8ff Update reportAdvisories demo
• f588265 Add demos for advisories filtering
• df56b9e Allow filtering advisories report by fields
• a41946d Merge branch 'chore/joiner' into 'main'
• eb99d17 Remove extra whitespace between tables in table-joiner output
• a141d0f Remove deprecated function call
• 3959bd8 Merge branch 'feature/advisories-like' into 'main'
• 08a8af9 Add RetrievePackageAdvisoriesLike
• 4eb1929 Merge branch 'chore/eol' into 'main'
• 9092ce7 Merge branch 'chore/web-reports' into 'main'
• c47149b Remove hardcoded references to Renovate in gen-endoflifedate-parser
• 49eae00 Add all reports to dmd-web
• d296aff Merge branch 'feature/custom-advisory-sboms' into 'main'
• 857c318 Update demos
• 3f7c7f2 Surface ownership information in advisories report
• c96d719 Add ownership information to report golangCILint
• 4a6065f Remove missed code for Gorilla Toolkit report
• 2edd360 Add package_file_path to Advisories
• 7fb698f Merge branch 'defect/aws' into 'main'
• 55927e4 Update initAndImport demo
• fc886a9 Fix: Generate correct type for AWS runtimes
• 115d880 Add AWS infrastructure to demos
• 54715ad Merge branch 'chore/sqlc' into 'main'
• 5b165d3 Remove sqlc fork pinning
• 8f40a56 Merge branch 'renovate/github.com-kyleconroy-sqlc-1.x' into 'main'
• 1cb2223 Remove hacks to workaround sqlc issues with UNIONs
• b3d792f Update module github.com/sqlc-dev/sqlc to v1.21.0
• 2e8a220 Merge branch 'feature/slog' into 'main'
• d5836bb fixup! Require Go 1.21 for Netlify
• 9503963 Migrate logging interface to slog
• 3a202f8 Require Go 1.21 for Netlify
• 90d8107 Gitignore IntelliJ Idea directory
• b172025 Gitignore DMD Web config
• f28acf7 Merge branch 'renovate/github.com-charmbracelet-log-0.x' into 'main'
• ee462b2 Update module github.com/charmbracelet/log to v0.2.4

v0.41.0 (2023-09-12)

• b5d2e89 Merge branch 'chore/go-121' into 'main'
• 2a9bd06 Update to Go 1.21

v0.40.0 (2023-09-11)

• 18ae4e8 Merge branch 'feature/metadata' into 'main'
• ebee3af Provide Short version to SetVersionInfo
• 55ff858 Report in dmd-web if dmd version differs
• 37e4c36 Set the dmd version in the metadata table

v0.39.0 (2023-09-10)

• ec7def5 Add missing features section for EOL lookups
• fc7fa54 Add support for Custom Advisories for SBOMs
• f7ae6b5 Merge branch 'feature/custom-advisory-sboms-impl' into 'main'
• 4c992ea Rename RetrievePackageAdvisories
• 796c12c Update reportAdvisories cast

v0.38.0 (2023-09-10)

• 46617bc Add "built with"
• 4b8297c Add Dependabot + SBOMs to initAndImport
• b5d8b25 Add a /features/ page
• de572e2 Add a footer
• 6912a9d Add additional header
• ac26982 Add missing DB anonymisation for Dependabot
• 452a591 Add support for CycloneDX-1.4 SBOMs
• 2f0fd19 Add support for importing SPDX-2.3 SBOMs
• 14b661d Add table of contents to all pages
• 7f4f84c Add trailing slash for URL
• 728238c Add underlying data model for SBOMs
• 3b664bd Be explicit that the "where can I learn more" are blog posts
• 60cfbaa Document SBOM functionality
• 4858a97 Make /related/ more than just "related tooling"
• 62c219b Merge branch 'chore/advisories' into 'main'
• cd675cb Merge branch 'chore/docs' into 'main'
• 4b7d1d3 Merge branch 'chore/oapi' into 'main'
• ec36165 Merge branch 'feature/sbom' into 'main'
• 04eb30e Migrate Dependabot to use SBOM API
• 1f4d2d5 Revert "wip-wrap-reports"
• 74db6d2 Split report advisories into its own example
• 729e086 Update examples
• 6bac3ee Upgrade oapi-codegen
• cb3e618 Various updates to the homepage
• d93511b Wrap "what is it" in a card
• df535f5 Wrap output from advisories
• ac705f5 wip-wrap-reports

v0.37.0 (2023-08-29)

• 9db6028 Add links to blog posts
• 764e0be Merge branch 'renovate/github.com-deepmap-oapi-codegen-1.x' into 'main'
• 6731f78 Merge branch 'renovate/github.com-hashicorp-go-retryablehttp-0.x' into 'main'
• ff93b05 Merge branch 'renovate/github.com-jedib0t-go-pretty-v6-6.x' into 'main'
• e29c25a Merge branch 'renovate/github.com-saschagrunert-demo-digest' into 'main'
• 72b0a3b Merge branch 'renovate/github.com-spf13-cobra-1.x' into 'main'
• 02eac75 Merge branch 'renovate/github.com-xanzy-go-gitlab-0.x' into 'main'
• 6ee9e2b Merge branch 'renovate/gitlab.com-tanna.dev-endoflife-checker-0.x' into 'main'
• cc1fea2 Merge branch 'renovate/golang.org-x-text-0.x' into 'main'
• c4ca19a Provide a bit more of a README
• c5ebffa Update github.com/saschagrunert/demo digest to 44d0d25
• 08b6ba3 Update module github.com/carlmjohnson/versioninfo to v0.22.5
• 8b3fca3 Update module github.com/deepmap/oapi-codegen to v1.13.4
• 589f0d0 Update module github.com/hashicorp/go-retryablehttp to v0.7.4
• 3195ed3 Update module github.com/jedib0t/go-pretty/v6 to v6.4.7
• 634460a Update module github.com/spf13/cobra to v1.7.0
• 5f242c7 Update module github.com/stretchr/testify to v1.8.4
• 6e59771 Update module github.com/xanzy/go-gitlab to v0.90.0
• 6c2ac0b Update module gitlab.com/tanna.dev/endoflife-checker to v0.7.0
• 33163a8 Update module golang.org/x/crypto to v0.12.0
• 74a2333 Update module golang.org/x/sync to v0.3.0
• 27cb2e1 Update module golang.org/x/text to v0.12.0
• 4dd3700 Update module modernc.org/sqlite to v1.25.0

v0.36.2 (2023-07-29)

• bba273f Add boilerplate generator for EndOfLife.Date parsing
• 5b6be05 Merge branch 'feature/eol-parser-generation' into 'main'
• 1d06c56 Migrate parsers to multi-file approach
• 6f8c9cc Rename golang parser for EndOfLife

v0.36.1 (2023-07-24)

• 9c67e73 Add missing UNIQUE index for package_manager
• 8dd8f4a Merge branch 'defect/package-manager' into 'main'

v0.36.0 (2023-07-21)

• 1564161 Add retryable HTTP client for advisories
• 37ae6d4 Centrally configure the HTTP client
• dddcd4d Merge branch 'feature/retry' into 'main'

v0.35.0 (2023-07-21)

• 2387c93 Add a 404 page
• 3876b11 Merge branch 'chore/404' into 'main'
• 95d7ae0 Merge branch 'chore/remove-deprecated' into 'main'
• 1bcbe8f Remove deprecated commands

v0.34.0 (2023-07-18)

• 03ff625 Make it possible to provide extra arguments to Datasette
• f93241f Merge branch 'feature/datasette-config' into 'main'

v0.33.0 (2023-07-15)

• 1b01069 Add and render user-provided configuration for dmd-web
• 772a137 Document the userconfig configuration
• 9161572 Merge branch 'feature/banner' into 'main'

v0.32.0 (2023-07-13)

• f3652fe Merge branch 'feature/contrib' into 'main'
• 648c846 Migrate advisories' generation code to pull from -contrib
• 20e18e4 Update generateAdvisoryAndList for dmd contrib

v0.31.1 (2023-07-09)

• 8a89057 Merge branch 'defect/100' into 'main'
• a58c97e Remove unnecessary higher bound

v0.31.0 (2023-07-08)

• 8703876 Document the web application is a thing
• 1ae30d7 Introduce a dmd-web CLI
• a9ff925 Merge branch 'feature/web' into 'main'

v0.30.1 (2023-07-03)

• d852692 Ignore multi-line PackageNames

v0.30.0 (2023-06-29)

• d033e28 Merge branch 'chore/aws' into 'main'
• 8f95c37 Update endoflife-checker for latest AWS lambda data

v0.29.0 (2023-06-21)

• 9d7376a Add CSV reporting for advisories
• 92e0946 Merge branch 'feature/csv' into 'main'

v0.28.0 (2023-06-21)

• eb5453e Delete removed demos
• 876c61b Merge branch 'feature/advisory-eol' into 'main'
• 00f3e0b Remove unused report helpers
• 1c71689 Rename file
• 1949ae6 Report AWS Advisories together
• d8442c2 Report custom and EndOfLife advisories together
• e1c987a Update generateAdvisoryAndList demo

v0.27.0 (2023-06-18)

• 38ff8cb Add report advisories subcommand
• 8f07e7a Add a table-joiner utility
• b6717d5 Consolidate generation commands into Advisories
• a431c20 Fix: Rename generate advisories command
• d0cbaa6 Merge branch 'chore/currentversion' into 'main'
• 49e1569 Merge branch 'feature/joiner' into 'main'
• 3998914 Merge branch 'feature/report-advisories' into 'main'
• 33c5440 Note that pkg/errors is also unmaintained
• 344aaf3 Onboard to Renovate
• 56cd9f8 Refactor EOL processing to use table-joiner
• 0bb60f7 Use Renovate current_version if present for EOL checking

v0.26.0 (2023-06-16)

• 174cddd Add CLI to make recording demos easier
• 4ce8ebc Add a demo for advisory subcommand
• c66e8c7 Consolidate multiple advisory-related commands into one
• 8b4cf4a Correct broken link
• 6084722 Introduce Advisories to track arbitrary package advisories
• bbe57f0 Merge branch 'chore/update-demos' into 'main'
• 2c6d7b6 Merge branch 'feature/advisory' into 'main'
• 03ea510 Update demos

v0.25.1 (2023-06-07)

• e0bc547 Correct example usage for owners import

v0.23.1 (2023-06-07)

• e0bc547 Correct example usage for owners import

v0.25.0 (2023-06-07)

• 16de10c Add ability to import via CSV
• 684882e Add closing parenthesis
• 97d831f Bump endoflife-checker
• 4468c0c Disable "smart" quotes
• 9d29a6d Merge branch 'chore/aurora' into 'main'
• 13c07f7 Merge branch 'feature/csv-bulk' into 'main'

v0.24.0 (2023-05-29)

• 8e6ba1f Merge branch 'feature/sqlite-speed' into 'main'
• ee4f2f6 Remove unused method
• def9666 Wrap all INSERTs with transactions

v0.23.0 (2023-05-29)

• d047358 Fix: Ensure UNIQUEs work on renovate
• 17cbbbb Merge branch 'feature/no-null-deptypes' into 'main'

v0.22.1 (2023-05-27)

• e53cd1b Merge branch 'feature/versioninfo' into 'main'
• 3beacbf Use versioninfo to pick up binary versions

v0.22.0 (2023-05-21)

• 0892f95 Add a helper for reports
• 085499c Add report for ElastiCache End-of-Life
• ae4f258 Add report for Lambda End-of-Life
• ee0746e Add report for RDS End-of-Life
• f5201d5 Merge branch 'feature/endoflife-checker' into 'main'
• 1dedce0 Update reportEol cast

v0.21.0 (2023-05-20)

• 78ffebc Add more details to "related tools"
• 89f49dd Add support for importing/EOL checking aws-elasticache-endoflife
• 551fe91 Add support for importing/EOL checking aws-lambda-endoflife
• e39940b Add support for importing/EOL checking aws-rds-endoflife
• 5710154 Merge branch 'feature/endoflife-checker' into 'main'

v0.20.3 (2023-05-15)

• 0a2adc5 Add rlcp support
• 7c53757 Merge branch 'chore/order' into 'main'
• 401fa0e Reorder GoReleaser configuration

v0.20.2 (2023-05-15)

• ae2abb6 Fix: Ensure correct artifacts are included in releases

v0.20.1 (2023-05-09)

• 1ba2db5 Add number of dependency updates to the message
• fcff878 Fix: Refine structs in loops
• 123a208 Include relative path in markdown rendering
• df50e47 Merge branch 'defect/docs' into 'main'
• e411365 Merge branch 'defect/loop-reuse' into 'main'

v0.20.0 (2023-04-18)

• 832ff8d Allow importing Renovate debug logs
• 7195570 Merge branch 'feature/renovate-debug' into 'main'

v0.19.0 (2023-04-14)

• d807717 Add CurrentVersion to DependencyDetails
• bd58219 Add demo for depsdev
• a4885d7 Integrate with deps.dev
• 9c679eb Introduce a smaller Renovate DB query for generating data
• ccdf268 Make CurrentVersion nilable
• a06c9a7 Merge branch 'feature/depsdev' into 'main'
• bb74fd5 Merge branch 'refactor/retrieveall' into 'main'
• 01583c0 Remove incomplete package documentation

v0.18.1 (2023-04-11)

• 64256e5 Fix: Ignore multi-line package names
• 59dc816 Merge branch 'defect/newline' into 'main'

v0.18.0 (2023-04-10)

• d30b503 Add ability to bulk set owners on the command-line
• f0cd113 Add cache for endoflife.date calls
• 1c0e3da Add demo for owners set
• b432f2b Fix: Don't use public as Netlify base directory
• 34bc4be Merge branch 'defect/netlify' into 'main'
• c87af6a Merge branch 'feature/ownership-bulk' into 'main'
• 2938b90 Merge branch 'feature/parallel-eol' into 'main'

v0.17.0 (2023-04-08)

• d3308c9 Add Example page
• 11aebd0 Add Related Tooling page
• 438b272 Add code for demos
• 5b5566d Add demos to website
• 9542cc1 Add links out to GitLab repo + issues
• c58633d Add schemas to documentation site
• aa92306 Gitignore Hugo lock file
• 1ccc2e9 Increase width of page
• 9b84a1d Make text monospace
• 4a615f4 Merge branch 'defect/current-version' into 'main'
• 785bd2f Merge branch 'doc/features' into 'main'
• d2641dc Merge branch 'docs/schema' into 'main'
• 9df8887 Merge branch 'docs/schema' into 'main'
• 7fed1f9 Merge branch 'feature/demo' into 'main'
• d3b4845 Merge branch 'feature/hugo' into 'main'
• 8f46b94 Migrate public site to Hugo, with auto-generating docs
• bfe8c28 Migrate to built-in Classless theme
• 9c0f35d Parse CurrentVersion better
• c528479 Rename LockedVersion to CurrentVersion
• 625cf63 Revamp home page
• fc3e396 Run demos in the pipeline
• 859e5fb Update example queries
• 0a26466 Update weighting for /example/

v0.16.0 (2023-04-05)

• b63bbe8 Add CVE checking functionality
• 08e0c50 Merge branch 'feature/osv-vulnerabilities' into 'main'

v0.15.1 (2023-04-04)

• 316767f Add anonymisation for owners table
• 890aee8 Add documentation for new datasources and repositories
• 4e1a88e Create an anonymiser interface
• 1bc3296 Improve progress message
• 702aae2 Introduce a common interface for datasources
• 7c0f6b9 Make queries interfaces
• 0e37ba6 Merge branch 'refactor/datasources' into 'main'
• 5872f6e Move queries to separate file
• 825258e Pass context.Context around
• 22fa33f Remove datasource-specific implementation
• 61d382b Split datasource and repository definitions
• 2033a7a Warn if no results returned from queries

v0.15.0 (2023-04-03)

• ab877ac Introduce owners table
• 2fefdde Merge branch 'feature/owner' into 'main'

v0.14.0 (2023-04-02)

• 00eb3b9 Add support for parsing updates from renovate-graph
• decc3b3 Allow anonymising the renovate_updates table
• 12ca04c Merge branch 'feature/import-updates' into 'main'

v0.13.0 (2023-03-27)

• dbdd7d2 Add ability to anonymise data
• cbf6178 Merge branch 'feature/anonymise' into 'main'

v0.12.0 (2023-03-21)

• f196ffa Merge branch 'refactor/eol-report' into 'main'
• a443331 Replace logging with table output

v0.11.1 (2023-03-20)

• 60b1d99 Add missing no-progress flags
• 927d9c2 Don't mark as "done" when error occurs
• e7f9ae2 Merge branch 'defect/increment' into 'main'
• a53a831 Move Increment calls to after inserting a package

v0.11.0 (2023-03-19)

• 13e8a5a Add --no-progress flag
• 5c51642 Add progress bar for EOL generation
• a8916eb Add progress bar for importing
• 007fe18 Create helper to build a progress.Writer
• d8c70a0 Merge tools.gos into a single file
• 429c705 Merge branch 'feature/import-progress' into 'main'
• 85aec03 Merge branch 'feature/progress' into 'main'

v0.10.0 (2023-03-18)

• d6a0692 Introduce file for common definitions
• 1ee1d79 Introduce query for golangci-lint usage
• db2eb76 Merge branch 'query/golangci-lint' into 'main'

v0.9.0 (2023-03-18)

• e6bdbcd Introduce platform metadata to dependencies
• aab39f3 Merge branch 'feature/platform' into 'main'

v0.8.0 (2023-03-18)

• 6e20bc5 Merge branch 'feature/split-gorilla' into 'main'
• 8a3b1d0 Split direct and indirect dependencies for reportGorillaToolkit

v0.7.0 (2023-03-16)

• 0596ce2 Merge branch 'feature/gorilla-toolkit' into 'main'
• 027e99c Report usages of the Gorilla Toolkit

v0.6.2 (2023-03-16)

• 984ab77 Fix: Use correct database driver name
• ff19e3e Merge branch 'defect/sqlite' into 'main'

v0.6.1 (2023-03-16)

• cce032c Merge branch 'chore/cgo' into 'main'
• 363bed0 Migrate SQLite library to remove CGO requirement
• 348d4fc Remove universal Mac binaries

v0.6.0 (2023-03-15)

• 8b69856 Add report for top Docker namespaces and images
• fd1138f Merge branch 'feature/docker-registry' into 'main'

v0.5.0 (2023-03-15)

• 5b8317d Add Matomo tracking analytics
• 5bc5e22 Add basic guide to adding a new parser
• 13ea507 Add query for most popular use of package managers
• 0c040c9 Correct incomplete description of command
• 01e55f9 Merge branch 'feature/doc-parser' into 'main'
• 0fd6ae2 Merge branch 'feature/query-most-popular' into 'main'

v0.4.1 (2023-03-05)

• 1123c9b Add packageFilePath to EOL reporting
• 9af1da8 Ignore NodeJS orb from EOL checking
• 76d6ad6 Merge branch 'defect/node-orb' into 'main'
• 4f89377 Merge branch 'feature/warn-upcoming-eol' into 'main'
• 9407e65 Warn if we're approaching EOL/unsupported periods

v0.4.0 (2023-03-04)

• 1ba0710 Add OpenAPI spec from endoflife.date
• b371f4c Add Renovate bindings for endoflifedate lookups
• 3ff3758 Add generate eol command
• 7bfc96b Add report eol command
• cb1b13d Add a GitLab test stage for go test
• 11e27cf Add a RetrieveAll query
• a3b077f Add helper method to format a dependency
• 379e453 Autogenerate client for endoflife.date
• 99d4abb Correct command description
• 3203a62 Introduce centralised logging for CLI
• 9db0ca6 Make command variables less likely to clash
• 3e8889d Massage into OpenAPI 3.0.2
• 9a7c4be Merge branch 'feature/endoflife-date-db' into 'main'
• b9f9a14 Merge branch 'feature/multi-value-versions' into 'main'
• 9ea7e98 Move to tidied
• ce4d630 Parse multi-line versions
• 55d9809 Rename cmd files for readability
• 851ef0f Use IF NOT EXISTS

v0.3.3 (2023-02-27)

• 2516d69 Add --version flag information
• aba4cd5 Merge branch 'feature/version-cmd' into 'main'

v0.3.2 (2023-02-25)

• d21b35a Add link to example project
• 28c3548 Fix: Correctly mark required flags as required
• 606f9fe Merge branch 'defect/flags' into 'main'

v0.3.1 (2023-02-21)

• 20e61be Document the datasources
• 034a8fe Error if no files match the glob
• c17c0f2 Merge branch 'feature/parallel' into 'main'
• 8316c35 Migrate datasources to their own sub-package
• 04f64c7 Parallelise parsing of files

v0.3.0 (2023-02-20)

• ba30d54 Correct the built binary name
• 6cbe138 Merge branch 'defect/x-compile' into 'main'
• 45254e5 Merge branch 'feature/go-1.20' into 'main'
• 9561446 Set up cross-compilation for goreleaser
• 8ab02d6 Update to Go 1.20

v0.2.0 (2023-02-20)

• c65738e Add link out to dmd
• e8d6f93 Add pinning for go install
• 0c55783 Add support for importing from Dependabot
• ed4d391 Correct go-source link
• 553bcb3 Correct install instructions
• 8657e89 Merge branch 'feature/dependabot' into 'main'
• e6ea4d8 Only conditionally mark as not-null
• 1288343 Remove accidentally added comments
• 0215b4d Revert "Correct install instructions"

v0.1.0 (2023-02-16)

• 7dd9f75 Add HTML metadata for go install et al
• bede96d Add dmd db init and dmd import renovate commands
• 73a9961 Initialise project
• b7380a2 Merge branch 'feature/cli' into 'main'