Skip to content

Latest commit

 

History

History
2388 lines (1200 loc) · 96.3 KB

CHANGELOG.md

File metadata and controls

2388 lines (1200 loc) · 96.3 KB
Raw

CHANGELOG

v3.0.14 (2024-07-18)

Fix

  • fix: release script changes (6efcb5f)

v3.0.13 (2024-07-18)

Fix

  • fix: CVE-2024-5569 in setuptools 70.1.1 (4ceefb8)

Unknown

  • Get nightly build happy (#152)

  • fix: resolve CVE-2024-35195 in requests-2.31.0, via requests-2.32.3 which requires python 3.8

  • fix: requests-2.32.3 requires python 3.8

  • fix: CVE-2024-39689 in certifi@2024.6.2

  • tox.ini has another "lowest" setting (e246435)

v3.0.12 (2024-04-18)

Fix

  • fix: resolve CVE-2024-3651 in idna-3.6 (218ac49)

Unknown

  • CI internal - use new IQ [skip ci] (f064aa6)

  • remove githubStatusUpdate() calls from Jenkinsfile (remove empty stanza) (068de48)

  • remove githubStatusUpdate() calls from Jenkinsfile (3af7afc)

v3.0.11 (2023-12-08)

Fix

  • fix: bump toml version one ahead. this one goes to 11 (c3daeb8)

Unknown

  • semantic-release versioning configuration (#149) (08f6c2f)

v3.0.10 (2023-12-08)

Fix

  • fix: bump toml version one ahead of latest git tag for first new semantic-release with twine credentials (9a76fe1)

v3.0.9 (2023-12-08)

Fix

  • fix: bump toml version one ahead of latest git tag for first new semantic-release (52d459e)

v3.0.8 (2023-12-08)

Fix

  • fix: sync versions again manually for first new semantic-release (added git tag) (d096fc9)

v3.0.3 (2023-12-08)

Fix

  • fix: try to sync versions manually for first new semantic-release (e92ecee)

v3.0.2 (2023-12-08)

Fix

  • fix: Update circleci config.yml (#148) (1385908)

  • fix: more verbose semantic-release (3a87a37)

  • fix: verbose semantic-release (bump version) (b0d102d)

  • fix: verbose semantic-release (bf975f8)

  • fix: kick release harder, update lock file, bump release version, cross fingers. (474609f)

  • fix: trigger release of 3.0.2 (73ba63f)

  • fix: small change to trigger release to allow higher rich version (51cbfd6)

  • fix: resolve CVE-2023-45803 in urllib3 2.0.6 (4ffd06b)

  • fix: resolve CVE-2023-43804 in urllib3 2.0.2 (#144) (a39e9d2)

  • fix: trigger release for vulnerability fixed in dc52c76f (bcee8a2)

  • fix: resolve CVE-2023-37920 in certifi 2023.5.7 (821380a)

Unknown

  • Update pyproject.toml - allow higher rich version (#147)

  • Update pyproject.toml

  • Update jake-whitelist.json (a70bb1c)

  • update python version badge to 3.7+ (9b4e6cb)

  • remove trigger readme.md change (616bf71)

  • Fix cython_sources build error (#142)

  • upgrade lowest to ossindex-lib 1.1.1, which fixes cython_sources error when building PyYAML 5.4.1 (47371c8)

  • temporary revert of resolve CVE-2023-37920 (dc52c76)

  • resolve CVE-2023-37920 (9050ebc)

v3.0.1 (2023-05-30)

Documentation

  • docs: fix -f switch in the examples (#126)

Co-authored-by: Dan Rollo <danrollo@gmail.com> (80ac509)

Fix

  • fix: handle CWE name suffixed with 'noinfo' (#129)

@daviskirk suggestion

Co-authored-by: Davis Kirkendall <1049817+daviskirk@users.noreply.github.com> (a5d0f11)

  • fix: CVE-2022-23491 in transitive dependency certifi 2022.5.18.1 by upgrading the version in the lock file. (1815487)

  • fix: CVE-2022-23491 in certifi 2022.5.18.1 (d964732)

  • fix: more source file header cleanups (261a991)

  • fix: source file header cleanups (6ebf12d)

Unknown

  • Merge pull request #141 from sonatype-nexus-community/py7_ci

Drop python 3.6 support, CI fixes (4b5b4b7)

v3.0.0 (2022-12-02)

Breaking

  • feat: Support for all input formats when running jake ddt or jake iq (#125)

  • feat: Support for all input formats when running jake ddt or jake iq

closes #104

BREAKING CHANGE: changed iq -t switch to -st, use common -f argument for input file

Co-authored-by: Dan Rollo <danrollo@gmail.com> (9a597b5)

Fix

  • fix: restore running jake on jake (675b359)

Unknown

  • revert add agentLabel (9f0bd52)

  • add agentLabel: 'ubuntu-zion-legacy' to get build happy for now (ba16abe)

v2.1.1 (2022-06-09)

Ci

  • ci: temporarily removed running jake against jake as this is blocking release - likely due to OSS Index updates

Signed-off-by: Paul Horton <phorton@sonatype.com> (88d390c)

Fix

  • fix: removed typo from default value of --schema-version argument #117

Signed-off-by: Paul Horton <phorton@sonatype.com> (e9e4764)

Unknown

  • Merge pull request #120 from sonatype-nexus-community/fix/schema-version-argument-typo-117

fix: removed typo from default value of --schema-version argument #117 (738a00e)

v2.1.0 (2022-06-09)

Chore

  • chore: added unified license headers as per interal Sonatype check

Signed-off-by: Paul Horton <phorton@sonatype.com> (ccb927b)

Ci

  • ci: temporarily removed running jake against jake as this is blocking release - likely due to OSS Index updates

Signed-off-by: Paul Horton <phorton@sonatype.com> (1da3571)

Feature

  • feat: add support for vulnerability whitelist when running jake ddt - thanks @daviskirk! (80e1136)

Unknown

  • Add whitelisting support

  • Add argument to dtt to support whitelisting via json file similar to auditjs (c81be03)

  • verify internal CI build success w/out tox (f428002)

  • happyfy header checker (mostly newline after header, before import) - take 2 (84b4e11)

  • Revert "happyfy header checker (mostly newline after header, before import)"

This reverts commit 0afee0f145e0002817740e1345a98253794b251d. (9ee6125)

  • Revert "happyfy header checker (mostly newline after header, before import)"

This reverts commit 6a129a3acfb48c80732635a13f91d228de392fb2. (8f2a381)

  • Merge branch 'main' of github.com:sonatype-nexus-community/jake (8cfe403)

  • happyfy header checker (mostly newline after header, before import) (6a129a3)

  • happyfy header checker (mostly newline after header, before import) (0afee0f)

  • doc: added OSS authentication configuration to documentation

Signed-off-by: Paul Horton <phorton@sonatype.com> (1230079)

v2.0.0 (2022-03-10)

Unknown

  • Merge pull request #109 from sonatype-nexus-community/dev

BREAKING CHANGE: Feature Release (398e70d)

  • Merge branch 'main' into dev (e2702ae)

  • prevent manual_release job on non-main branches. partial fix for #108 (#115) (6a5fe46)

v1.4.5 (2022-02-15)

Breaking

  • chore: bump to latest cyclonedx-python

BREAKING CHANGE: Notion of default schema version has been removed by upstream library and replaced with latest supported schema version

Signed-off-by: Paul Horton <phorton@sonatype.com> (e437bb4)

Chore

  • chore: bumped dependencies (#107)

Signed-off-by: Paul Horton <phorton@sonatype.com> (2ee98fe)

Feature

  • feat: typing as per PEP-561 and other refactors (#114)

  • feat: typing of jake WIP

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • port of fix for #112

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • resolved a bunch of typing issues

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • ci: fixed parameter references

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • ci: fixed parameter references

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • ci: fixed mypy

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • fix: updated ossindex-lib to latest RC which now appears to properly resolve caching issues #100

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • defined lowest dependencies and aligned

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • defined lowest dependencies and aligned

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • defined lowest dependencies and aligned

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • defined lowest dependencies and aligned

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • WIP: JSON output updated to use JSON serialisation
  • All tests passing locally

Signed-off-by: Paul Horton <phorton@sonatype.com> (a0ab7ee)

  • feat: support for Python 3.10 (#110)

Signed-off-by: Paul Horton <phorton@sonatype.com> (671c8c4)

Fix

  • fix: pin some upstream dependencies to prevent #112 (#113)

Signed-off-by: Paul Horton <phorton@sonatype.com> (8a43e0a)

  • fix: resolve historic oss index caching issues

feat: support for oss index authentication Signed-off-by: Paul Horton <phorton@sonatype.com> (dc03aa9)

Unknown

  • doc: first pass at docs for RTD (#111)

Signed-off-by: Paul Horton <phorton@sonatype.com> (223978f)

v1.4.4 (2022-02-08)

Fix

  • fix: CWEs are int and needed to be stringified (#102)

fix: Vulnerability rating score now formatted to 1 decimal place

Signed-off-by: Paul Horton <phorton@sonatype.com> (3e15cb1)

v1.4.3 (2022-02-03)

Fix

  • fix: CWEs not passed as ints to CDX model (#97)

Signed-off-by: Paul Horton <phorton@sonatype.com> (6ec49a6)

v1.4.2 (2022-01-31)

Fix

  • fix: corrected data placement for Vulnerabilities returned from OSS Index when generating an SBOM (#94)

Signed-off-by: Paul Horton <phorton@sonatype.com> (eb12286)

v1.4.1 (2022-01-24)

Fix

  • fix: bom-ref will always now be populated for Component and Vulnerability - bump of cyclonedx-python-lib solves this (#92)

fix: complete affects for vulnerabilities received from OSS Index

Signed-off-by: Paul Horton <phorton@sonatype.com> (df2aad2)

Unknown

  • sooth license header check (4163708)

  • try to get a test running (#89)

  • try to get a test running.

  • change tox.ini testenv command to work with current layout (86afdb5)

  • [skip ci] add license header (newline after header) (4cde312)

  • [skip ci] add license header (fddd1a7)

v1.4.0 (2022-01-13)

Feature

  • feat: support CycloneDX 1.4 (#87)

  • fix: unified how current version of jake is collected

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • feat: adopted latest RC for CycloneDX libraries to enable 1.4 support

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • fixes

Signed-off-by: Paul Horton <phorton@sonatype.com>

  • chore: bumped to released versions of CyloneDX libraries`

Signed-off-by: Paul Horton <phorton@sonatype.com> (20c62fc)

Unknown

  • doc: updated to reflect first version with pre-commit config

Signed-off-by: Paul Horton <phorton@sonatype.com> (8360771)

v1.3.0 (2022-01-11)

Feature

  • feat(pre-commit): add pre-commit hooks (#85) (45f108e)

v1.2.3 (2021-12-22)

Fix

  • fix: resolved regression when running jake ddt where return code != 0 when vulnerabilities discovered

Signed-off-by: Paul Horton <phorton@sonatype.com> (8a10e70)

v1.2.2 (2021-12-15)

Fix

  • fix: removed a number of direct dependencies that are now transitives, or no longer required fix: relaxed version requirements for remaining dependencies

Signed-off-by: Paul Horton <phorton@sonatype.com> (bcb0a3d)

Unknown

  • Merge pull request #81 from sonatype-nexus-community/feat/relax-and-tidy-dependencies

fix: addressed dependency review #73 (dbe5d31)

v1.2.1 (2021-12-15)

Ci

  • ci: disabled GitHub Workflows as per #76

Signed-off-by: Paul Horton <phorton@sonatype.com> (08fd4a4)

Fix

  • fix: bumped dependencies to resolve wheel-only installation

Signed-off-by: Paul Horton <phorton@sonatype.com> (4ac980d)

Unknown

  • Merge pull request #80 from sonatype-nexus-community/fix/install-from-wheels-only

fix: bumped dependencies to resolve wheel-only installation (9458d3b)

  • Merge pull request #79 from sonatype-nexus-community/feat/remove-github-actions

ci: disable GitHub Workflows as per #76 (d5af310)

v1.2.0 (2021-12-13)

Chore

  • chore: resolved merge in from master

Signed-off-by: Paul Horton <phorton@sonatype.com> (3ba93e3)

Feature

  • feat: replaced yaspin, termcolor and terminaltable with rich - see #72, #73, #77

Signed-off-by: Paul Horton <phorton@sonatype.com> (8534ad9)

Fix

  • fix: removed f-strings as not required

Signed-off-by: Paul Horton <phorton@sonatype.com> (b5b271e)

Unknown

  • Merge pull request #78 from sonatype-nexus-community/feat/replace-yaspin-with-rich

feat: removed yaspin and replaced with rich (eb69be0)

  • doc: updated README

Signed-off-by: Paul Horton <phorton@sonatype.com> (99c83ee)

  • removed unused improt

Signed-off-by: Paul Horton <phorton@sonatype.com> (d02fef3)

v1.1.5 (2021-12-09)

Feature

  • feat: removed terminaltables and replaced with richs table implementation

Signed-off-by: Paul Horton <phorton@sonatype.com> (416b03c)

  • feat: removed yaspin and replaced with rich

Signed-off-by: Paul Horton <phorton@sonatype.com> (76c4a54)

Fix

  • fix: bump required version of cyclonedx-python-lib to help lax transitive dependencies (f53407f)

  • fix: bump required version of cyclonedx-python-lib to help lax transitive dependencies

Signed-off-by: Paul Horton <phorton@sonatype.com> (34e501d)

v1.1.4 (2021-12-07)

Ci

  • ci: update CI to only install binary packages

Signed-off-by: Paul Horton <phorton@sonatype.com> (63acf2c)

Fix

  • fix: ensure dependencies can be installed from binary packages #72

Signed-off-by: Paul Horton <phorton@sonatype.com> (9e30ca8)

Unknown

  • Merge pull request #74 from sonatype-nexus-community/feat/wheel-only-installation

fix: ensure dependencies can be installed from binary packages #72 (55fd644)

  • revert CI changes as these fail (d82ff22)

  • doco typos (e11b560)

  • Merge branch 'main' of github.com:sonatype-nexus-community/jake (091b4e9)

v1.1.3 (2021-11-10)

Fix

  • fix: return exit code up the call stack (12caad2)

Unknown

  • add doco about required comment prefix for a release to be generated (839be7c)

  • return exit code up the call stack (193b2b4)

  • run IQ using 'release' stage to trigger policy failure actions (bc2d362)

v1.1.2 (2021-11-10)

Fix

  • fix: restore "stage" parameter for iq command, for realsies (f1d8c64)

Unknown

  • use iq.sonatype.dev, new server, new credentials (46c2979)

  • use iq.sonatype.dev (2eba0f9)

v1.1.1 (2021-11-09)

Fix

  • fix: restore "stage" parameter for iq command (01a41da)

Unknown

  • doco: manual release (0f65a10)

  • doco: restore "releasing" doco, will try it out momentarily. (fd2fba9)

  • doco: restore "stage" parameter for iq command (10c8efd)

  • restore "stage" parameter for iq command (a82aef2)

  • typo (d0faf4b)

  • chain commands (42b245d)

  • iq arg name change (1f5e6f5)

  • scan jake with jake (5b831bd)

  • scan jake with jake (fb892d2)

  • happy headers, now the build... (1120d8a)

  • header checker appeasement - wonder if this will work with .ini format... (521ff5d)

  • header checker appeasement (9d9d78e)

  • revert unused files - restore license-excludes.xml (43c73e7)

  • revert unused files - restore header.txt (560e516)

  • revert unused files - restore Jenkinsfile (719b914)

v1.1.0 (2021-10-22)

Feature

  • feat: add support for conda #66 fix: character encoding issues on Windows #67

Signed-off-by: Paul Horton <phorton@sonatype.com> (a3495cb)

Unknown

  • Merge pull request #70 from sonatype-nexus-community/feat/conda-support

FEATURE: conda support + fixes (93bc03d)

  • doc: typo resolved

Signed-off-by: Paul Horton <phorton@sonatype.com> (286ea27)

  • doc: update README to cover updated paramters and conda support

Signed-off-by: Paul Horton <phorton@sonatype.com> (7d9274f)

v1.0.1 (2021-10-20)

Fix

  • fix: update to support returning non-zero exit code when issues found (will return 1) fix: incorrect check for Nexus IQ policy Warnings remediated

Signed-off-by: Paul Horton <phorton@sonatype.com> (7667bac)

Unknown

  • Merge pull request #69 from sonatype-nexus-community/fix/issue-65-exit-code

FIX: Enable non-zero exit code + correct logic in determining Nexus IQ policy warnings (7b6122b)

v1.0.0 (2021-10-18)

Breaking

  • refactor: re-write to consume new cyclonedx-python-lib

BREAKING CHANGE: jake has been re-written in large part to consume two new external libraries:

  • cyclonedx-python-lib which gives jake ability to more easily consume your depenedencies in a variety of manners (environment, Pipfile.lock, poetry.lock, requirements.txt) and support output in both JSON and XML at different schema versions
  • ossindex-lib: most of the functionallity for talking to OSS Index that was in jake has been externalised to this library to allow others to consume it

Signed-off-by: Paul Horton <phorton@sonatype.com> (e11cb20)

Build

  • build: now using officially published version of ossindex-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> (5241427)

Ci

  • ci: attempt to get semantic-release running on CircleCI

Signed-off-by: Paul Horton <phorton@sonatype.com> (1e610e1)

  • ci: aligned to previous CircleCI context

Signed-off-by: Paul Horton <phorton@sonatype.com> (f8e9833)

  • ci: use CircleCI context for PYPI_TOKEN and re-introduced SSH key to attempt to resolve GitHub connectivity during release

Signed-off-by: Paul Horton <phorton@sonatype.com> (26621ac)

  • ci: disable Release Job on CircleCI and move back to GitHub Action

Signed-off-by: Paul Horton <phorton@sonatype.com> (6ebb6df)

  • ci: alternative attempt to set Git Author

Signed-off-by: Paul Horton <phorton@sonatype.com> (5773199)

  • ci: alternative attempt to set Git Author

Signed-off-by: Paul Horton <phorton@sonatype.com> (bdc0931)

  • ci: defined commit_author for semantic-release

Signed-off-by: Paul Horton <phorton@sonatype.com> (d0dcf15)

  • ci: fix cache key for release CircleCI job

Signed-off-by: Paul Horton <phorton@sonatype.com> (a730e9e)

  • ci: update CircleCI release to run on every commit to main

Signed-off-by: Paul Horton <phorton@sonatype.com> (a5fc8b8)

  • ci: disabled GitHub Action for deployment

Signed-off-by: Paul Horton <phorton@sonatype.com> (daebf39)

  • ci: remove --noop from semantic-release

Signed-off-by: Paul Horton <phorton@sonatype.com> (e41a7a2)

  • ci: further work on CircleCI config

Signed-off-by: Paul Horton <phorton@sonatype.com> (bc42408)

  • ci: re-introduce CircleCI with updated implementation

Signed-off-by: Paul Horton <phorton@sonatype.com> (59c6b62)

  • ci: move from CircleCI to GitHub actions

Signed-off-by: Paul Horton <phorton@sonatype.com> (6d73b10)

Feature

  • feat: Sonatype Nexus IQ Lifecycle analysis is now migrated to using cyclonedx-python-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> (214d182)

  • feat: support Poetry for gleaning packages within the current environment to generate an SBOM

Signed-off-by: Paul Horton <phorton@sonatype.com> (b9a1e5d)

  • feat: jake's OSS calls now utilising ossindex-lib and cyclonedx-python-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> (ec83583)

Fix

  • fix: additional whitespace removed

Signed-off-by: Paul Horton <phorton@sonatype.com> (709f7a2)

  • fix: runtime tweaks to make it more robust

Signed-off-by: Paul Horton <phorton@sonatype.com> (13c9028)

  • fix: typos noted as updating documentation

Signed-off-by: Paul Horton <phorton@sonatype.com> (0d65116)

Refactor

  • refactor: removed unused files

Signed-off-by: Paul Horton <phorton@sonatype.com> (82492b3)

  • refactor: removing old Jake code superseded by cyclonedx-python-lib and ossindex-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> (d8941f5)

Unknown

  • revert patch arg (58b3aa0)

  • make publish a manual process for now. update circleci docs. (f5b2d42)

  • try patch publish (28dd92f)

  • Merge pull request #64 from madpah/feature/update-to-use-cyclonedx-python-lib

Migrate jake to utilise external CycloneDX and OSSIndex libraries (2fff773)

  • doc: README updated to cater for refactorings

Signed-off-by: Paul Horton <phorton@sonatype.com> (7ed4f4e)

  • wip: migrating Jake to use cyclonedx-python-lib and ossindex-lib

Signed-off-by: Paul Horton <phorton@sonatype.com> (23f6412)

v0.2.77 (2021-07-06)

Fix

  • fix: CVE-2021-33503 in urllib3 == 1.26.4 (#62) (9dfbb1c)

Unknown

  • 0.2.77

[skip ci] (fc2ecb1)

v0.2.76 (2021-06-29)

Fix

  • fix: "ModuleNotFoundError: No module named 'typing_extensions'", occurring in 'python3.7/site-packages/tinydb/queries.py", line 28' on Jenkins CI (#61) (a747750)

Unknown

  • 0.2.76

[skip ci] (029cbb4)

  • Revert "attempt to fix: ModuleNotFoundError: No module named 'typing_extensions', occurring in 'python3.7/site-packages/tinydb/queries.py", line 28' on Jenkins CI [skip ci]"

This reverts commit e867ec78 (135b675)

  • attempt to fix: ModuleNotFoundError: No module named 'typing_extensions', occurring in 'python3.7/site-packages/tinydb/queries.py", line 28' on Jenkins CI [skip ci] (e867ec7)

  • Revert "attempt to fix: ModuleNotFoundError: No module named 'typing_extensions', occurring in 'python3.7/site-packages/tinydb/queries.py", line 28' on Jenkins CI [skip ci]"

This reverts commit 1e25b8ea (83d948f)

  • attempt to fix: ModuleNotFoundError: No module named 'typing_extensions', occurring in 'python3.7/site-packages/tinydb/queries.py", line 28' on Jenkins CI [skip ci] (1e25b8e)

v0.2.75 (2021-05-25)

Unknown

  • 0.2.75

[skip ci] (fcdfe57)

  • call ci-setup.sh before publishing to ensure non-dev virtual env exists. (1e1c6b0)

  • move dev dependencies out of requirements.txt (#59)

  • move more dev requirements (171e440)

v0.2.74 (2021-05-25)

Unknown

  • 0.2.74

[skip ci] (d9849b6)

  • Add json output format for ddt command (#56)

  • add support for reading dependecies from pip requirements file (aa36e9f)

v0.2.73 (2021-05-25)

Unknown

  • 0.2.73

[skip ci] (e73d9eb)

  • Add support for reading dependecies from pip requirements file (#55)

  • add support for reading dependecies from pip requirements file (542d94a)

v0.2.72 (2021-05-13)

Fix

  • fix: Inline targets help changes (#58)

  • added example to readme of site-packages target list generation in-line to the flag argument

  • added site-packages one-liner to -t help description and updated readme to include an example invocation (c146a7d)

Unknown

  • 0.2.72

[skip ci] (6f833ba)

v0.2.71 (2021-05-13)

Fix

  • fix: #49 allow newer version of dependencies (#57)

  • fix: #49 allow newer version of dependencies, click lib had issues. fix db call.

  • lockdown development dependency versions (15553d4)

Unknown

  • 0.2.71

[skip ci] (92c9917)

v0.2.70 (2021-04-07)

Fix

  • fix: CVE-2020-14343 in PyYAML==5.3.1 (11dc3c9)

Unknown

  • 0.2.70

[skip ci] (f60f251)

v0.2.69 (2021-03-25)

Fix

  • fix: CVE-2021-28957 in lxml==4.6.2 (6d4373c)

Unknown

  • 0.2.69

[skip ci] (c2c9004)

v0.2.68 (2021-03-23)

Unknown

  • 0.2.68

[skip ci] (9505ed2)

  • extract common executor (a671abd)

v0.2.67 (2021-03-18)

Unknown

  • 0.2.67

[skip ci] (62be893)

  • upgrade urllib3 to fix CVE-2021-28363 (#52) (eb2fead)

v0.2.66 (2021-02-11)

Unknown

  • 0.2.66

[skip ci] (49550f2)

v0.2.65 (2021-01-27)

Unknown

  • 0.2.65

[skip ci] (3b7f2d0)

  • use an absolute report url (handle IQ 104+) (#48)

  • use an absolute report url (handle IQ 104+) (2cac53e)

v0.2.64 (2020-12-17)

Unknown

  • 0.2.64

[skip ci] (5377f24)

  • use link to raw logo file - avoid 302, 304 redirect (3b9a2df)

v0.2.63 (2020-12-17)

Unknown

  • 0.2.63

[skip ci] (29b8ef1)

v0.2.62 (2020-12-17)

Unknown

  • 0.2.62

[skip ci] (4737676)

  • show logo on pypi.org pages (#46)

  • simplify logo markdown so it will show on pypi.org pages

  • use smaller Jake logo (67d460b)

v0.2.61 (2020-12-17)

Unknown

  • 0.2.61

[skip ci] (ce6dc87)

  • exclude SECURITY.md from license check in internal build (87e8662)

v0.2.60 (2020-12-16)

Unknown

  • 0.2.60

[skip ci] (6a3ac80)

v0.2.59 (2020-12-09)

Fix

  • fix: Resolve vulnerability: CVE-2020-27783 in lxml (7526728)

Unknown

  • 0.2.59

[skip ci] (49d1693)

  • [skip ci] fix pep violation (383ec1b)

  • [skip ci] doc pip3 (7a6880b)

  • [skip ci] do not print "Non-Vulnerable Dependencies" header when running in quiet mode (3d95ba9)

  • [skip ci] use iq appId 'sandbox-application' in example (87d5019)

  • [skip ci] fix usage text (31034a0)

  • [skip ci] provide alt attribute (e41806c)

  • [skip ci] doc release process (33c9dd0)

  • [skip ci] typo (ec96fa4)

v0.2.58 (2020-12-07)

Unknown

  • 0.2.58

[skip ci] (4da1866)

  • revert "quiet" by default, avoid disabling std.out (614f762)

  • "quiet" by default, fix verbose error message hint (e946ef9)

v0.2.57 (2020-11-12)

Unknown

  • 0.2.57

[skip ci] (0812781)

v0.2.56 (2020-11-12)

Unknown

  • 0.2.56

[skip ci] (cbd9223)

  • resolve issue: sonatype-2020-1076 via updated lxml, and friends. (007d671)

  • Document internal build files. (0303c41)

v0.2.55 (2020-11-12)

Unknown

  • 0.2.55

[skip ci] (ddef852)

  • yes, do the dev-requirements uninstall (42a41a7)

v0.2.54 (2020-11-12)

Unknown

  • 0.2.54

[skip ci] (98ac471)

  • Merge branch 'main' of github.com:sonatype-nexus-community/jake into main (076baa3)

v0.2.53 (2020-11-12)

Unknown

  • 0.2.53

[skip ci] (e167375)

  • try removing dev requirements before self-scan (fd6cc30)

  • Merge branch 'main' of github.com:sonatype-nexus-community/jake into main (5ef66bb)

v0.2.52 (2020-11-12)

Unknown

  • 0.2.52

[skip ci] (286d9c7)

  • internal build: don't scan semantic version release log for headers. invisible infrastructure (9011de2)

  • internal build: don't scan semantic version release log for headers. (aaab301)

v0.2.51 (2020-11-11)

Unknown

  • 0.2.51

[skip ci] (7f16d72)

  • create separate 'development only' requirements file (#40)

  • create separate 'development only' requirements file (7c1cd85)

v0.2.50 (2020-11-09)

Unknown

  • 0.2.50

[skip ci] (656b856)

  • remove extension parameter suffix from sbom 'version' tag. (#44)

  • remove extension parameter suffix from sbom 'version' tag. fixes #43 (8b6ddef)

v0.2.49 (2020-09-25)

Unknown

  • 0.2.49

[skip ci] (86967b8)

  • switch semantic release to branch: main (26f215d)

  • switch internal build to branch: main (0a28d41)

  • switch image reference to branch: main (3bfb57e)

  • switch CircleCi release config to main (1694241)

v0.2.48 (2020-09-22)

Unknown

  • 0.2.48

[skip ci] (921e271)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (88b4c68)

v0.2.47 (2020-09-22)

Unknown

  • 0.2.47

[skip ci] (ff317a7)

  • doh! stage-release (54f0d41)

  • scan at stage stage to trigger policy failures (instead of warnings). (a5e289e)

v0.2.46 (2020-09-22)

Unknown

  • 0.2.46

[skip ci] (43a8581)

  • Handle IQ warning (#39)

  • handle 'Warning' from IQ policy (cdfd806)

v0.2.45 (2020-09-21)

Unknown

  • 0.2.45

[skip ci] (4a2d196)

  • appease linter (2f61675)

  • let status code do its thang (ea76fed)

  • show response action value in message (7487d16)

  • try always cat log (210b7e3)

v0.2.44 (2020-09-21)

Unknown

  • 0.2.44

[skip ci] (a9029cc)

v0.2.43 (2020-09-21)

Unknown

  • 0.2.43

[skip ci] (2bea418)

v0.2.42 (2020-09-21)

Unknown

  • 0.2.42

[skip ci] (753ae2f)

v0.2.41 (2020-09-21)

Unknown

  • 0.2.41

[skip ci] (86603bb)

  • cat log if failure occurs (595863d)

v0.2.40 (2020-09-21)

Unknown

  • 0.2.40

[skip ci] (efa3fcf)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (99fb149)

v0.2.39 (2020-09-21)

Unknown

  • 0.2.39

[skip ci] (e2adefd)

v0.2.38 (2020-09-21)

Unknown

  • 0.2.38

[skip ci] (0f49e44)

v0.2.37 (2020-09-21)

Unknown

  • 0.2.37

[skip ci] (849f2fd)

  • print logfile location if verbose (64fd5ff)

v0.2.36 (2020-09-21)

Unknown

  • 0.2.36

[skip ci] (66e9ac1)

v0.2.35 (2020-09-21)

Unknown

  • 0.2.35

[skip ci] (59768d0)

v0.2.34 (2020-09-21)

Unknown

  • 0.2.34

[skip ci] (c705c73)

  • archive will not work if run before the scan (144e51f)

v0.2.33 (2020-09-21)

Unknown

  • 0.2.33

[skip ci] (01daa1a)

  • try to capture log in Jenkins (b7fb9ca)

v0.2.32 (2020-09-21)

Unknown

  • 0.2.32

[skip ci] (6652e2a)

  • archive Jake log from Jenkins CI build, outside method call (624ef60)

v0.2.31 (2020-09-21)

Unknown

  • 0.2.31

[skip ci] (f279d1e)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (06cf758)

v0.2.30 (2020-09-21)

Unknown

  • 0.2.30

[skip ci] (16b1258)

  • archive Jake log from Jenkins CI build (43703fb)

  • err msg typo (3fa5744)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (7017f6a)

v0.2.29 (2020-09-21)

Unknown

  • 0.2.29

[skip ci] (0b1127f)

  • increase verbosity of Jenkins build (024eb3a)

  • add responses testing dependency to Jenkinsfile (3272ea9)

v0.2.28 (2020-09-18)

Unknown

  • 0.2.28

[skip ci] (69defb7)

  • Unit tests for IQ (#38)

💥 (2b52a19)

v0.2.27 (2020-09-11)

Unknown

  • 0.2.27

[skip ci] (834e8a0)

  • Add failure notification to internal CI (ea1e3bd)

v0.2.26 (2020-09-10)

Unknown

  • 0.2.26

[skip ci] (0af0e1a)

  • Allow insecure requests (#35)

  • Allow insecure for IQ (0775797)

v0.2.25 (2020-09-03)

Unknown

  • 0.2.25

[skip ci] (03a7037)

  • Drop six as a dependency (#33)

  • Drop stuff that includes six

  • Drop line length

  • Whitespace and line length

  • Errant print

  • removed six as a direct dep

  • removed six as a direct dep

Co-authored-by: glenn <Glenn Mohre> (ef053a8)

v0.2.24 (2020-06-05)

Unknown

  • 0.2.24

[skip ci] (a1dd340)

  • Group good 'n' bad vulnerabilities and output them in tables (#30)

Co-authored-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Co-authored-by: michelkazi <michel.m.kazi@gmail.com> (2de93b4)

v0.2.23 (2020-05-29)

Unknown

  • 0.2.23

[skip ci] (89513a2)

v0.2.22 (2020-05-29)

Unknown

  • 0.2.22

[skip ci] (7600809)

v0.2.21 (2020-05-29)

Unknown

  • 0.2.21

[skip ci] (3c2713e)

v0.2.20 (2020-05-29)

Unknown

  • 0.2.20

[skip ci] (395a007)

v0.2.19 (2020-05-29)

Unknown

  • 0.2.19

[skip ci] (f956b58)

v0.2.18 (2020-05-29)

Unknown

  • 0.2.18

[skip ci] (d43a067)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (af4f461)

v0.2.17 (2020-05-29)

Unknown

  • 0.2.17

[skip ci] (bf08469)

v0.2.16 (2020-05-29)

Unknown

  • 0.2.16

[skip ci] (06c7767)

v0.2.15 (2020-05-28)

Unknown

  • 0.2.15

[skip ci] (7b7f2ac)

  • Skip alpine due to missing gcc (58a1460)

v0.2.14 (2020-05-28)

Unknown

  • 0.2.14

[skip ci] (bb751e1)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (bf0b831)

v0.2.13 (2020-05-28)

Unknown

  • 0.2.13

[skip ci] (3fb506b)

  • Docker and then run tests (f512a94)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (ba819f5)

v0.2.12 (2020-05-28)

Unknown

  • 0.2.12

[skip ci] (302184e)

  • Run them scripts (90634ec)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (fcf0d48)

v0.2.11 (2020-05-28)

Unknown

  • 0.2.11

[skip ci] (8b0d70e)

  • Plz (d3ef5d7)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (fb5836a)

v0.2.10 (2020-05-28)

Unknown

  • 0.2.10

[skip ci] (3545e3c)

  • HEADAHZ (6c1160d)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (54db0f2)

v0.2.9 (2020-05-28)

Unknown

  • 0.2.9

[skip ci] (1a8fcfd)

v0.2.8 (2020-05-28)

Unknown

  • 0.2.8

[skip ci] (ce60314)

v0.2.7 (2020-05-28)

Unknown

  • 0.2.7

[skip ci] (f13456f)

v0.2.6 (2020-05-28)

Unknown

  • 0.2.6

[skip ci] (8d70958)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (8897017)

v0.2.5 (2020-05-28)

Unknown

  • 0.2.5

[skip ci] (9bc23dd)

  • Change header, setup excludes (3df0940)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (0c199df)

v0.2.4 (2020-05-28)

Unknown

  • 0.2.4

[skip ci] (82205f2)

v0.2.3 (2020-05-21)

Unknown

  • 0.2.3

[skip ci] (f4f2150)

v0.2.2 (2020-05-20)

Unknown

  • 0.2.2

[skip ci] (322d367)

  • Update README to mention support (1044d28)

v0.2.1 (2020-05-12)

Unknown

  • 0.2.1

[skip ci] (3669fae)

  • simplified IQ service and handled authentication errors with the command line (d1331e5)

  • [skip ci] reset semver to patch (6dd4454)

v0.2.0 (2020-05-12)

Unknown

  • 0.2.0

[skip ci] (429dfa0)

  • Sbom mkdir if it doesn't exist and error handling (#24)

Fixes #23 and #25

Releases a major version

  • added line to create the directory specified in the output file if it doesn't exist

  • added error handling for some directory making conditions

  • removed random logger assignment i did. Should we be printing error messages through the logger or...?

  • added support for windows OS

  • publishing a minor release with these fixes since we added the sbom export recently

Co-authored-by: Ben Foltz <ben.h.foltz@gmail.com> (a68ef01)

v0.1.7 (2020-05-01)

Unknown

  • 0.1.7

[skip ci] (6288fb2)

  • modified sbom subcommand to output to std_out by default, and to a file with the -o <file> arg. Also implemented an std_out toggle and made the -q flag suppress all unnecessary output for each subcommand (f833717)

v0.1.6 (2020-04-30)

Unknown

  • 0.1.6

[skip ci] (f90dcda)

  • hotfix to make the sbom output command work with the new targets argument (a737043)

v0.1.5 (2020-04-30)

Unknown

  • 0.1.5

[skip ci] (4b25da5)

  • Decoupled IQ from OSSI, output cyclonedx sbom to file, added arg to scan site/dist package directories (#22)

  • updated dependencies

  • added some return types and handled empty list on get internal id response

  • fixed tests

  • actually fixed linter failures

  • changed all the module imports to be relative

  • moved the conda flag into shared opts and the clear cache flag to an eager callback

  • suppressed non-vulnerable oss index output with the quiet param

  • error handling for conda flag when there is no stdin

  • BAM! IQ is decoupled from ossi completely. Just added a function to the generator class to take in a list of purls to generate the xml from

  • fixed spinners and tests

  • changed IQ messages for final result output

  • added subcommand to output the cyclonedx sbom to a file on the system

  • clean up, name changes, comments

  • more cleanup

  • added some return types

  • figured it out, can export the site-packages into a variable and then pass it in as a command line target. Now the --target param will allow you to evaluate any site package including those in virtual environment. Will update readme with instructions

  • updated readme and fixed the argument names

  • more readme stuff and fixed the pylint warnings

  • hehehehehe...

  • more readme changes (5b0a595)

v0.1.4 (2020-04-24)

Unknown

  • 0.1.4

[skip ci] (86ab80c)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (fdb3a80)

v0.1.3 (2020-04-24)

Unknown

  • 0.1.3

[skip ci] (a659251)

  • Ok xsd files (f1c1c09)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (a848a74)

v0.1.2 (2020-04-23)

Unknown

  • 0.1.2

[skip ci] (cddc7b7)

  • Include xsd files (4016127)

  • Artie is a nice person but do not delete init.py plz (f617d2d)

v0.1.1 (2020-04-23)

Unknown

  • 0.1.1

[skip ci] (2acbadb)

v0.1.0 (2020-04-23)

Unknown

  • 0.1.0

[skip ci] (b852d7f)

  • Follow a tip from my buddy @bhamail, use a shell script, and setup a venv, etc..., and see if this works without sudo (ad603ab)

  • PIP IN JAKE (#21)

  • PIP IN JAKE

  • Get away from urllib3 1.25.6

  • HYBRIDIZED RESULTS FOR CONDA BABY

  • pulled some logic related to constructing purls into the Coordinates object to allow for easier combines between sets of coordinates

  • added changed to conda parsing to use new Coordinates type

  • more conversions and added a join function to Coordinates. For a conda iq scan it is currently overlaying both results with no deduping. Should be easy to prune the joined dict to remove any dupes

  • commented out the stuff for the hybridized conda results, cleaned up formatting and added comments

  • Added stage specification for the IQ scan

  • fixed unit tests that broke when Coordinate was refactored

  • fixed all the import statements that pylint was screaming about by removing the init file in the same directory as the main entrypoint

  • changed the pip parser to generate the dependency list as coordinates on init and added a getter function to fix the pylint error

  • modified pylint to ignore two trvial cases failing the build

  • fixed the disables, vals don't need quotes or semicolons

  • disabling warnings because they are failing the circle-ci build

  • added scaffolding for an argparser with subcommands that directly calls functions in the class. haven't wired it up yet

  • refactored command line and argument parsing to include subparsers

  • removed some code and fixed some issues

  • added some comments, readability

  • docstring for a thing

  • changed a couple things to pass tests

  • changed the config so that if non-none params are passed in for auth or IQ endpoint it gets it from confog. still have to figure out the best place to inject default config params, probably if a file config does not exist

  • added the host and auth params for iq to the command line and routed them to the IQ request service. it now checks if a config exists on the IQ request service side, and if it does, use that unless there are command line params. If it doesn't, user the default params unless there are command line params. Logger doesn't go into the IQ service for some reason, gotta figure that one out.

  • made it so its just passing the args namespace from argparse down all the way to the iq request service so its only one variable. Still not sure how logs are working, should figure out how to make it unified across all classes and set the level in the command line.

  • some comments, removed a line or two

  • initial pass at tearing out argparse and putting in click, working out well so far. It also has the potential to clean up the code significantly

  • threw in the rest of the arguments, just need to consolidate the rest of the logic into the functions that run under each subcommand

  • removing old argparse code

  • all wired up and good to go for ddt conda/pypi and IQ pypi. completely messed up the logging output, although it looks like click can output various messages to the console. No need to have a logger if click can log as well no?

  • WOOOOOOOOHHHEEEEEEE we got ourselves a banging wiring job now

  • some linting fixes. Not sure what to do about the iq function names as it map to the sub-command in click. or does it? will add docstrings later

  • one last thing, just had to add a BOMB-ASS BANNERgit add *!

  • alright not to scoop honey out my own pot but this is looking righteous AF

  • added some comments and fixed the version prompt never working by making it hit a callback that exits the script

  • Ternaries and clean up

  • 2 spaces

  • UGH

  • Improve jake ddt --help

  • Disable pylint for arguments and name

  • more comments, got rid of linter errors this one should pass

  • mas

  • Share them args

  • Output that ding ol version

  • YA SPIN YA, plus color

  • removed line that pip freeze throws onto requirements.txt, i've been manually updating since there aren't that many deps anyway

  • Some more improvements to outputting results

  • fixed

  • Fix

  • Setup logger

  • LOGGER

  • Logging level

  • Commands and banner

  • Logger

  • MAX SCORE

  • Fix pylint or disable

  • some readme and help text changes

  • more readme changes

  • small fixes to readme and adjusting circleci config to do a minor release rather than a path for merge to master

Co-authored-by: ButterB0wl <ajurgenson@sonatype.com> (28cc553)

v0.0.21 (2020-01-11)

Unknown

  • 0.0.21

[skip ci] (f5df45d)

  • refactor to use explicit validate_xml_vulnerabilities() method (#18) (abf2d18)

v0.0.20 (2020-01-08)

Unknown

  • 0.0.20

[skip ci] (5c1580b)

  • add 'Nexus IQ Server' example to doco (70c133b)

v0.0.19 (2020-01-08)

Unknown

  • 0.0.19

[skip ci] (5114dcc)

  • Yaml for Config (#16)

💥 (689b765)

v0.0.18 (2020-01-06)

Unknown

  • 0.0.18

[skip ci] (1752d59)

v0.0.17 (2020-01-03)

Unknown

  • 0.0.17

[skip ci] (c1a015e)

  • Make Jake work with IQ Server (#15)

💥

Co-authored-by: Allen Hsieh <10136383+allenhsieh@users.noreply.github.com> (e6f7a63)

v0.0.16 (2019-11-13)

Unknown

  • 0.0.16

[skip ci] (69fc132)

  • add some test results to CI (#14)

  • add some test results to CI (e0f5949)

v0.0.15 (2019-11-11)

Unknown

  • 0.0.15

[skip ci] (71ed6dc)

  • remove unused cache commands ("Pipfile.lock" didn't even exists, so all cache commands errored out). (476666d)

v0.0.14 (2019-11-08)

Unknown

  • 0.0.14

[skip ci] (66b3e6f)

  • Make CI scripts fail on any error (#13) (de9485f)

v0.0.13 (2019-11-06)

Unknown

  • 0.0.13

[skip ci] (2fa6454)

v0.0.12 (2019-11-06)

Unknown

  • 0.0.12

[skip ci] (73c4baa)

  • Give it a twirl (3a3031f)

  • attempting to publish with new permissions (99f438f)

  • 0.0.11

[skip ci] (d5df7e1)

  • attempting to fix logger (2e60c3d)

v0.0.10 (2019-11-06)

Unknown

  • 0.0.10

[skip ci] (8f5b48a)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (f2b23d0)

v0.0.9 (2019-11-06)

Unknown

  • 0.0.9

[skip ci] (5a0afed)

  • Welp (7bce551)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (5a98a6b)

v0.0.8 (2019-11-06)

Unknown

  • 0.0.8

[skip ci] (cf46555)

  • Find packages again (391e7bc)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (17b931c)

v0.0.7 (2019-11-06)

Unknown

  • 0.0.7

[skip ci] (fabd311)

  • Find packages (e9c4ed2)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (b69125a)

v0.0.6 (2019-11-06)

Unknown

  • 0.0.6

[skip ci] (d8fe9fd)

v0.0.5 (2019-11-05)

Unknown

  • 0.0.5

[skip ci] (a7b8bbe)

v0.0.4 (2019-11-05)

Unknown

  • 0.0.4

[skip ci] (0b76c43)

v0.0.3 (2019-11-05)

Unknown

  • 0.0.3

[skip ci] (e882d2f)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (67d0e61)

v0.0.2 (2019-11-05)

Unknown

  • 0.0.2

[skip ci] (dfc81da)

v0.0.1 (2019-11-05)

Unknown

  • 0.0.1

[skip ci] (ca95475)

[skip ci] (3fe0e5e)

[skip ci] (2f34d02)

  • remove obsolete ssh key voodoo (8aa6a46)

  • 0.0.1

[skip ci] (32cb9bf)

[skip ci] (4c1da65)

[skip-ci] (fcec96e)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (33d0aa9)

  • 0.0.3

"[skip-ci]" (aca79e3)

  • Extra yolo (04b6f47)

  • YOLO (d3daa1a)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (248b962)

  • Merge branch 'master' of github.com:sonatype-nexus-community/jake (c2a81c7)

  • ssh funness (12a79ac)

  • Skip ci for commit message (1e75251)

  • Extra YOLO (1d1495b)

  • YOLO (065bd14)

  • Semantic release (#12)

Semantic Release fun stuff (005d0c6)

v0.0.0 (2019-11-05)

Unknown

  • Added the ability to use OSSIndex account to prevent rate limiting (#10)

💥 (b15ac01)

  • fix typo in pip install command. link back to build instructions (hopefully). (34f49a7)

  • Move (6ddc21a)

  • More templates (f3a82f8)

  • Update issue templates (235d042)

  • Implemented caching in jake (#7)

  • Implemented caching in jake (a5a31cc)

  • Chunking requests and fixing tests (#5)

  • Chunking requests to OSSIndex and fixing tests (7cdf0f5)

  • Allow jake to use stdin (#4)

  • changed to using stdin instead of run_command (de2c2c9)

  • we need badges - ci badge - fixes #2 (e25ccae)

  • happy pep (b3f9155)

  • minor cleanup (6573616)

  • yolo - tests, weeee (54dba6b)

  • refactor to use argparse (cf0242b)

  • handle empty list (4f2204f)

  • Ok more progress (d19db5c)

  • Initial WIP (c25d15b)