v0.12.0
- endoflife collector
- Collect additional metadata for vulnerabilities from OSV
- OCI registry collector updates
- Add CertifyLegal to query known package
- Fix: jsonl files are rejected
- plumbing to enable deps.dev on ingest
- Export getGraphqlServer and accept initialized backend
- Fix PURL to Coord conversion for Go
- Update workflow permissions
- Decouple backend specific config from guacgql cmd
- Various bug fixes and improvements
Contributors
- @robert-cronin
- @ANIRUDH-333 made their first contribution in #2307
- @hown3d made their first contribution in #2219
- @semmet95
- @pxp928
- @jeffmendoza
- @nathannaveen
- @lumjjb
What's Changed
- Feat/endoflife collector by @robert-cronin in #2215
- Feat/oci registry collector by @robert-cronin in #2185
- Bump arigaio/atlas from
5eac9e3toa3b29b4in /pkg/assembler/backends/ent/migrate by @dependabot in #2259 - Bump google.golang.org/api from 0.203.0 to 0.204.0 by @dependabot in #2255
- Bump anchore/sbom-action from 0.17.5 to 0.17.6 by @dependabot in #2260
- Bump cloud.google.com/go/storage from 1.45.0 to 1.46.0 by @dependabot in #2256
- Bump github.com/go-chi/chi/v5 from 5.0.12 to 5.1.0 by @dependabot in #2257
- Bump gocloud.dev/pubsub/kafkapubsub from 0.37.0 to 0.40.0 by @dependabot in #2258
- Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #2261
- Add CertifyLegal to query known package by @robert-cronin in #2254
- Fix: jsonl files are rejected by @robert-cronin in #2266
- Bump arigaio/atlas from
a3b29b4to9e0d9f9in /pkg/assembler/backends/ent/migrate by @dependabot in #2263 - Updated GraphQL Testing by @nathannaveen in #2216
- plumbing to enable deps.dev on ingest by @lumjjb in #2265
- Bump arigaio/atlas from
9e0d9f9toe6b4461in /pkg/assembler/backends/ent/migrate by @dependabot in #2283 - Bump google.golang.org/grpc from 1.67.1 to 1.68.0 by @dependabot in #2287
- Bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #2281
- Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot in #2282
- Bump github.com/nats-io/nats-server/v2 from 2.10.20 to 2.10.22 by @dependabot in #2284
- Bump github.com/regclient/regclient from 0.7.1 to 0.7.2 by @dependabot in #2285
- Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 by @dependabot in #2286
- Bump anchore/sbom-action from 0.17.6 to 0.17.7 by @dependabot in #2280
- Attempt to fix tilt-ci flakiness by @lumjjb in #2279
- Bump arigaio/atlas from
e6b4461toabe7313in /pkg/assembler/backends/ent/migrate by @dependabot in #2289 - skip clearly defined tests for now because of flake by @lumjjb in #2291
- Bump arigaio/atlas from
abe7313to062cd81in /pkg/assembler/backends/ent/migrate by @dependabot in #2292 - Bump arigaio/atlas from
062cd81to404e6b4in /pkg/assembler/backends/ent/migrate by @dependabot in #2293 - Export getGraphqlServer and accept initialized backend by @robert-cronin in #2243
- Bump arigaio/atlas from
404e6b4tof672115in /pkg/assembler/backends/ent/migrate by @dependabot in #2295 - Fix zizmor audits by @funnelfiasco in #2276
- Don't persist credentials in actions/checkout by @funnelfiasco in #2268
- Add depsdev guac client as a stepping stone to split up depsdev functionality by @lumjjb in #2278
- skip scanner cd test due to service timeout by @pxp928 in #2297
- Bump arigaio/atlas from
f672115to0cabbd9in /pkg/assembler/backends/ent/migrate by @dependabot in #2303 - Bump arigaio/atlas from
0cabbd9toeaa219cin /pkg/assembler/backends/ent/migrate by @dependabot in #2304 - Feat/registry collector cli additions by @robert-cronin in #2241
- Fix/overwrite collector registration by @robert-cronin in #2288
- Bump arigaio/atlas from
eaa219cto66caa34in /pkg/assembler/backends/ent/migrate by @dependabot in #2308 - bugfix: fixes service-poll env variable bug in s3 by @ANIRUDH-333 in #2307
- Bump github/codeql-action from 3.27.1 to 3.27.4 by @dependabot in #2298
- Bump github.com/google/osv-scanner from 1.9.0 to 1.9.1 by @dependabot in #2300
- Bump github.com/99designs/gqlgen from 0.17.55 to 0.17.56 by @dependabot in #2302
- Bump arigaio/atlas from
66caa34toda62231in /pkg/assembler/backends/ent/migrate by @dependabot in #2311 - Bump arigaio/atlas from
da62231to4295312in /pkg/assembler/backends/ent/migrate by @dependabot in #2312 - Address Flakiness in ClearlyDefined API by @robert-cronin in #2306
- Fix PURL to Coord conversion for Go by @jeffmendoza in #2305
- Collect additional metadata for vulnerabilities from OSV by @hown3d in #2219
- Improve test output formatting by @robert-cronin in #2310
- clearly defined url encode/add hyphen for namespace by @pxp928 in #2262
- Decouple backend specific config from guacgql cmd by @robert-cronin in #2247
- Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 by @dependabot in #2301
- Bump entgo.io/ent from 0.14.0 to 0.14.1 by @dependabot in #2233
- Bump arigaio/atlas from
4295312to1a13b85in /pkg/assembler/backends/ent/migrate by @dependabot in #2322 - Bump github.com/oapi-codegen/oapi-codegen/v2 from 2.3.1-0.20240823215434-d232e9efa9f5 to 2.4.1 by @dependabot in #2299
- Bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 by @dependabot in #2321
- Bump github.com/aws/aws-sdk-go-v2 from 1.32.2 to 1.32.5 by @dependabot in #2318
- Bump golang.org/x/time from 0.7.0 to 0.8.0 by @dependabot in #2316
- Bump anchore/sbom-action from 0.17.7 to 0.17.8 by @dependabot in #2320
- Bump github/codeql-action from 3.27.4 to 3.27.5 by @dependabot in #2319
- Bump github.com/aws/aws-sdk-go-v2/config from 1.27.39 to 1.28.5 by @dependabot in #2317
- Bump arigaio/atlas from
1a13b85tod448aabin /pkg/assembler/backends/ent/migrate by @dependabot in #2323 - Bump arigaio/atlas from
d448aabto5c465fdin /pkg/assembler/backends/ent/migrate by @dependabot in #2324 - Bump arigaio/atlas from
5c465fdtoa0d43a6in /pkg/assembler/backends/ent/migrate by @dependabot in #2325 - Bump arigaio/atlas from
a0d43a6to96753abin /pkg/assembler/backends/ent/migrate by @dependabot in #2327 - Bump google.golang.org/api from 0.204.0 to 0.209.0 by @dependabot in #2336
- Bump github.com/fsnotify/fsnotify from 1.7.0 to 1.8.0 by @dependabot in #2333
- Bump docker/build-push-action from 6.9.0 to 6.10.0 by @dependabot in #2331
- Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.63.3 to 1.70.0 by @dependabot in #2332
- Bump cloud.google.com/go/storage from 1.46.0 to 1.47.0 by @dependabot in #2335
- Bump arigaio/atlas from
96753abtodc46240in /pkg/assembler/backends/ent/migrate by @dependabot in #2337 - Adjust workflow permissions for signing and publishing by @funnelfiasco in #2338
- Bump arigaio/atlas from
dc46240to73374c5in /pkg/assembler/backends/ent/migrate by @dependabot in #2340 - Bump arigaio/atlas from
73374c5to2ac9ef1in /pkg/assembler/backends/ent/migrate by @dependabot in #2342 - fix: handles the case where empty pkgIDs slice is passed by @semmet95 in #2339
- Really fix the permissions this time by @funnelfiasco in #2341
- Reduce scorecard workflow permissions scope by @robert-cronin in #2326
- Bump arigaio/atlas from
2ac9ef1toeb12317in /pkg/assembler/backends/ent/migrate by @dependabot in #2343 - Bump arigaio/atlas from
eb12317to6c4f0b3in /pkg/assembler/backends/ent/migrate by @dependabot in #2346 - Give SLSA generator necessary permission by @funnelfiasco in #2344
- add package write to slsa workflow for release by @pxp928 in #2347
- Bump arigaio/atlas from
6c4f0b3to0bb766din /pkg/assembler/backends/ent/migrate by @dependabot in #2355 - Bump google.golang.org/grpc from 1.68.0 to 1.68.1 by @dependabot in #2354
- Bump github.com/aws/aws-sdk-go-v2/config from 1.28.5 to 1.28.6 by @dependabot in #2353
- Bump actions/cache from 4.1.2 to 4.2.0 by @dependabot in #2349
- Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot in #2348
- Bump cloud.google.com/go/storage from 1.47.0 to 1.48.0 by @dependabot in #2350
- Fix flag defaults not registered in guacrest binary by @robert-cronin in #2356
- Bump go.uber.org/mock from 0.4.0 to 0.5.0 by @dependabot in #2352
- add contents write permission for goreleaser workflow by @pxp928 in #2357
Contributors
funnelfiasco, jeffmendoza, and 8 other contributors