Skip to content

38.0.0 (Halloween edition 🎃)
Compare
Choose a tag to compare
@github-actions github-actions released this 31 Oct 08:35
· 906 commits to main since this release
38.0.0
01340ed

What's Changed

Breaking Changes 🛠

  • e01a1f2 refactor(node)!: Move Pnpm into its own dedicated package

Bug Fixes 🐞

  • a1652ea dos: Edit downloading the source to be scanned
  • 3a8812d model: Correctly map Identifier namespaces to purl namespaces
  • b1740ef model: Rework purl conversion according to the specs
  • 42f0f33 spdx-reporter: Also check LicenseRef exceptions of snippets
  • fe7d1ef spdx-reporter: Remove a conflicting license validity check
  • f1a49b5 utils: Support deleting read-only files on Windows
  • 41d1c6f yarn: Fix up the error handling in getRemotePackageDetails()

New Features 🎉

  • c9d2a49 spdx: Deal with cycles in dependency relations
  • 2161ffd yarn: Also log warnings output by yarn info

Chores 🔧

  • d2dd061 model: Nest purl tests in preparation for adding more tests
  • 2c79d17 model: Remove a few redundant purl tests
  • 24f44d8 osv: Remove the work-around for Swift
  • 51f5ec6 spdx-reporter: Map to a Set for distinct entries
  • 7cd95a4 spdx-reporter: Remove a default strictness argument
  • 4814301 Align on "purl" spelling for Package URLs

Dependency Updates 🚀

  • e39a48c Update the dependency-analysis-gradle-plugin to version 2.3.0
  • b3c1124 Update the dependency-analysis-gradle-plugin to version 2.4.0
  • d2cfce1 update actions/checkout digest to 11bd719
  • bc94e33 update actions/setup-java digest to 8df1039
  • 17767fb update actions/setup-node digest to 39370e3
  • d0cf5be update dependency ch.qos.logback:logback-classic to v1.5.12
  • f38c1f4 update dependency com.charleskorn.kaml:kaml to v0.62.0
  • 2b4e7fb update dependency com.charleskorn.kaml:kaml to v0.62.1
  • 52162c5 update dependency software.amazon.awssdk:s3 to v2.29.0
  • 01340ed update exposed to v0.56.0
  • cee8a78 update github/codeql-action digest to 6624720
  • 69fcc36 update jackson to v2.18.1
  • 31edf71 update jetbrains/qodana-action action to v2024.2.5
  • 8f00ece update jetbrains/qodana-action action to v2024.2.6

Documentation 📖

  • 1219605 model: Clarify in a test what a "clean" purl is supposed to be
  • b4d9313 spdx-utils: Clarify that licenseInfoFromFiles contains license IDs
  • 6f3aaa5 spdx-utils: Document each main class with a link to the spec
  • 0460948 yarn: Add information about the mentioned network issue
  • 02192a3 yarn: Re-align the docs with the function

Refactorings 🚜

  • 7f07648 model: Move purl-related tests to PurlExtensionsTest
  • 49c654a model: Turn purl test data assertions into sanity checks
  • 771a6a5 npm: Allow getRemotePackageDetails() to return null
  • 6f802f8 npm: Make getRemotePackageDetails() handle unsuccessful runs
  • 1394274 npm: Move parsePackage() outside of the Npm class
  • 5bff7a2 npm: Move parseProject() out of the class
  • 6999a12 npm: Remove a now unnecessary runCatching()
  • 0223e40 osv: Simplify queries with purls
  • 0eb1eea pnpm: Make Pnpm separate from Npm
  • 26703f9 yarn: Extract extractDataNodes()
  • 8e90a79 yarn: Use a more speaking name for output

Tests ✅

  • a265d38 model: Add name(space) specific purl tests
  • 419b42b model: Test against the official purl test suite data
  • bfa893b npm: Re-create the lockfile for the babel project
  • f63b068 osv: Update expected results
  • 61c4721 pnpm: Add some more functional test coverage
  • db0ec55 python: Update expected results
  • b688a9c python: Update expected results
  • c535f61 vulnerable-code: Test lookup for a Go package
  • 507ee30 yarn: Add some more functional test coverage
  • d59b609 yarn2: Move the functional test into the yarn2 package
Assets 10
Loading