Skip to content

27.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Jul 09:37
· 1154 commits to main since this release
27.0.0
f7ff51a

What's Changed

Breaking Changes 🛠

  • 192736f refactor(model)!: Inline AdvisorRecord with AdvisorRun

Bug Fixes 🐞

  • 89fe68d SpdxDocumentFile: Add created issues to the PackageReference
  • c8eb52a SpdxDocumentFile: Ensure to collect issues from external doc refs
  • d686957 cyclonedx: Avoid a NPE when clearing extensibleTypes
  • 023dfb6 cyclonedx: Only set licenses at all if they are not empty
  • b0b1f7c downloader: Support Git URLs with '.git' in domain
  • fb1f601 gradle: Ignore dependencySources configurations during resolution
  • 90226f2 sbt: Filter out garbage from sbt projects command

New Features 🎉

  • 2d3847e analyzer: Add option to skip setup.py analysis of PIP dependencies
  • 57911fe helper-cli: Add a command to show insights into scan issues
  • b37ac5e helper-cli: Allow to omit the version when listing packages
  • ed44b6a model: Add a constant for an empty AdvisorRun

Build 🐘 & CI ⚙️

  • b3ae3d0 gradle: Add a "detektAll" convenience task
  • 67c4807 gradle: Prepare for eventually using atlassian.io artifacts
  • 82396bd github: Move Scorecard analysis to a separate workflow
  • 113a44d github: Run OpenSSF Scorecard analysis
  • d881059 renovate: Automatically pin GitHub action digests

Chores 🔧

  • 3e2eb12 cocoapods: Add a bit fault tolerance for PODS / DEPENDENCIES
  • 28c53b9 cocoapods: Fix-up an unnecessary mapNotNull
  • dfb014d cocoapods: Generalize mapping IDs to packages
  • f7ff51a conan: Replace a get() with an indexing operator
  • 4aad014 cyclonedx: Remove an unneeded cast to Any
  • 262d966 cyclonedx: Say for which file extension creation failed
  • e93de8a pub: Improve function names

Dependency Updates 🚀

  • 824cc38 pin dependencies
  • 25f07db update dependency com.github.ajalt.mordant:mordant to v2.7.1
  • 6229972 update dependency gradle to v8.9
  • 0e47316 update dependency io.mockk:mockk to v1.13.12
  • 639a454 update docker/build-push-action digest to 1ca370b
  • 88084c1 update docker/build-push-action digest to a254f8c
  • 2651da9 update github/codeql-action digest to 4fa2a79
  • 0139c25 update gradle/actions digest to d9c87d4
  • 0ac569e update graphqlplugin to v6.8.1
  • 3f69531 update graphqlplugin to v6.8.2
  • 144588e update graphqlplugin to v6.8.4

Documentation 📖

  • f545e5e README: Add an OpenSSF Scorecard badge
  • da70ac4 cyclonedx: Remove an obsolete TODO comment
  • bdaf216 github: Ensure that all static analysis steps have names
  • 1ae222a github: Explain what security-events: write is needed for
  • 22cd864 pip: Correctly state the default Python version to analyze for
  • efed39f pip: Refer to option constants instead of repeating their values

Refactorings 🚜

  • 2df46c6 cocoapods: Decompose a MapEntry
  • 7e776e3 cocoapods: Factor out YamlNode.toPod()
  • 26c31cf cocoapods: Factor out parsePodspec()
  • 7115b14 cocoapods: Move Podspec to a dedicated file
  • 35e048f cocoapods: Move an orEmpty() a couple of lines upwards
  • ebc4b63 cocoapods: Port the Podspec parsing to KxS
  • d4f0b5a cocoapods: Port the lockfile parsing from Jackson to KxS
  • 41c5bca cocoapods: Remove a minor code redundancy
  • ed9ce11 cocoapods: Separate parsing the lockfile
  • 8978ee4 cocoapods: Turn resolveDependencies() into an expression
  • b3f6311 cocoapods: Use a data class for the source property
  • 5d6827c cocoapods: Use a more speaking name for externalSources
  • af02a8c conan: Extract the variable hashValue
  • 3181191 conan: Inline a function
  • 86d6ff7 conan: Port parsing package info from Jackson to KxS
  • 802dfa8 conan: Port the remaining Jackson based code to KxS
  • a942c7e conan: Remove a code redundancy
  • 5dbe633 conan: Slightly simplify the code for obtaining the URL
  • 5c6322a conan: Turn parseSourceArtifact() into an expression
  • bbdbf10 conan: Use a data class for parsing the package infos
  • d0ed6ca cyclonedx: Avoid exceptions to be swallowed
  • 5503c68 cyclonedx: Continue with remaining formats even if one failed
  • 229a76e cyclonedx: Extract generating the BOM string to a function

Tests ✅

  • 2d9e67f SpdxDocumentFile: Add test for missing issues for external refs
  • 9117279 SpdxDocumentFile: Use correct checksumValue for external document
  • fe46f21 osv: Update expected results
  • e4aa9e9 pub: Update expected results
  • b590ad2 2f133e8 pub: Update expected results
  • 1756495 python: Update expected results
Assets 10
Loading