From e8602f702592aaf705778c820dae40b0a747a4fc Mon Sep 17 00:00:00 2001 From: Rose Judge Date: Thu, 18 Feb 2021 20:25:48 -0800 Subject: [PATCH] Prep for Release 2.4.0 - Added release notes and freeze file. - Updated the README with the new Release number and changed the list of releases to Previous Releases. - Bumped the dependency versions. - Updated release_checklist.md to reflect the fact that the master branch was renamed to main - Moved 2020 project roadmap information to project-roadmap-archive.md - Updated 2021 project roadmap Signed-off-by: Rose Judge --- README.md | 3 +- docs/project-roadmap-archive.md | 17 +++ docs/project-roadmap.md | 19 ++-- docs/releases/release_checklist.md | 14 +-- docs/releases/v2_4_0-requirements.txt | 146 ++++++++++++++++++++++++++ docs/releases/v2_4_0.md | 90 ++++++++++++++++ requirements.txt | 6 +- 7 files changed, 276 insertions(+), 19 deletions(-) create mode 100644 docs/releases/v2_4_0-requirements.txt create mode 100644 docs/releases/v2_4_0.md diff --git a/README.md b/README.md index adc64a53..bd95f20b 100644 --- a/README.md +++ b/README.md @@ -296,11 +296,12 @@ $ python tests/.py ``` ## Project Status -Release 2.3.0 is out! See the [release notes](docs/releases/v2_3_0.md) for more information. +Release 2.4.0 is out! See the [release notes](docs/releases/v2_4_0.md) for more information. We try to keep the [project roadmap](./docs/project-roadmap.md) as up to date as possible. We are currently working on Release 3.0.0. ## Previous Releases +* [v2.3.0](docs/releases/v2_3_0.md) * [v2.2.0](docs/releases/v2_2_0.md) * [v2.1.0](docs/releases/v2_1_0.md) * [v2.0.0](docs/releases/v2_0_0.md) diff --git a/docs/project-roadmap-archive.md b/docs/project-roadmap-archive.md index f3898212..78f6865d 100644 --- a/docs/project-roadmap-archive.md +++ b/docs/project-roadmap-archive.md @@ -1,3 +1,20 @@ +## 2021-02-18 +### 2020 + +We are getting very close to a beta release. The requirements for this release are: +1. Support for language package managers. +2. Ability to run on Mac and Windows using Docker. + +Our goal is to meet these requirements by the end of the year +- We will work towards enabling language package managers like `pip`, `npm` and `gem` including support for golang which will be available in future releases slated for this year. +- We will try to move away from using overlayfs to "debug" container images. This will allow us to move away from using a volume mount to a host linux system to make Tern work on Windows and Mac. However, this will not help towards running Tern in an unprivileged container (at least in the default environment). + +We will also continue to work on the following: +- We will continue to support the SPDX format for container images. To that end, we will make changes to update the format of the document as the [spec](https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf) evolves. +- We will be working with the [Conan](https://github.com/nexB/conan) project to integrate some of the functionality needed by their use cases. +- As usual, we will continue to work on our technical debt and bug fixes. + + ## 2020-04-15 ### 2019 diff --git a/docs/project-roadmap.md b/docs/project-roadmap.md index e3b89dce..80111c12 100644 --- a/docs/project-roadmap.md +++ b/docs/project-roadmap.md @@ -1,17 +1,20 @@ # Project Road Map -## 2020 -We are getting very close to a beta release. The requirements for this release are: -1. Support for language package managers. -2. Ability to run on Mac and Windows using Docker. +## 2021 +We are getting very close to a beta release. Our beta release is targeted for the March-April timeframe. + +Our goal is to meet these requirements by the end of the year. +- We are working towards enabling "live" analysis for a container. The idea is that if Tern could generate an SBoM at build time, the SBoM would then be available to package and distribute with the container image without the need for post scanning. +- We are very close to enabling inventory for a single container layer which will be available in the next 3.0.0 release. +- We will continue investigating how we can run Tern without root privileges. +- We want to enable Tern to pull image digests and images using registry HTTP(s) APIs so that we can pull images from registries other than Dockerhub. +- Enable analysis for OCI images. +- Create a database backend with an associated API. We are hoping to have a GSoC intern help us tackle this issue. +- Enable inventory of a Distroless image using some sort of custom script. -Our goal is to meet these requirements by the end of the year -- We will work towards enabling language package managers like `pip`, `npm` and `gem` including support for golang which will be available in future releases slated for this year. -- We will try to move away from using overlayfs to "debug" container images. This will allow us to move away from using a volume mount to a host linux system to make Tern work on Windows and Mac. However, this will not help towards running Tern in an unprivileged container (at least in the default environment). We will also continue to work on the following: - We will continue to support the SPDX format for container images. To that end, we will make changes to update the format of the document as the [spec](https://spdx.org/sites/cpstandard/files/pages/files/spdxversion2.1.pdf) evolves. -- We will be working with the [Conan](https://github.com/nexB/conan) project to integrate some of the functionality needed by their use cases. - As usual, we will continue to work on our technical debt and bug fixes. This timetable is based on time, resources and feedback from you and will change accordingly. diff --git a/docs/releases/release_checklist.md b/docs/releases/release_checklist.md index b674d083..8ddc0d89 100644 --- a/docs/releases/release_checklist.md +++ b/docs/releases/release_checklist.md @@ -3,11 +3,11 @@ This is a checklist for cutting a release - [ ] Prepare Release PR. - * Freeze development on master. - * Prepare your local development environment by committing or stashing your changes. Work at the tip of master. + * Freeze development on main. + * Prepare your local development environment by committing or stashing your changes. Work at the tip of main. * Create a branch for the release: `git checkout -b `. * In a separate folder, create a fresh environment and activate it. - * Clone the `tern/master` repository by running `git clone --single-branch git@github.com:tern-tools/tern.git` and `cd` into it. + * Clone the `tern/main` repository by running `git clone --single-branch git@github.com:tern-tools/tern.git` and `cd` into it. - [ ] Update direct dependencies and run tests. * In the fresh environment, run `pip install wheel pip-tools twine`. @@ -34,8 +34,8 @@ This is a checklist for cutting a release - Future Work - Changelog * "Note: This changelog will not include these release notes" - * "Changelog produced by command: `git log --pretty=format:"%h %s" v..master`" - - Contributors (look at Authors in the changelog `git log --pretty=format:"%an %ae" v..master | sort | uniq`). Remove the maintainers name from the contributor list. + * "Changelog produced by command: `git log --pretty=format:"%h %s" v..main`" + - Contributors (look at Authors in the changelog `git log --pretty=format:"%an %ae" v..main | sort | uniq`). Remove the maintainers name from the contributor list. - Contact the Maintainers * Update the Project Status part of the README.md to reflect this release and add it to the list of releases. @@ -50,7 +50,7 @@ This is a checklist for cutting a release * Provide a link to the release notes. - [ ] Deploy to PyPI - * Run the following steps in the fresh environment where you first cloned tern/master. + * Run the following steps in the fresh environment where you first cloned tern/main. * Run `git fetch --tags` to get the release tag. * Run `git checkout -b release `. * Run `pip-compile`. @@ -69,4 +69,4 @@ This is a checklist for cutting a release * Run `tar cvzf tern--vendor.tar.gz vendor/`. * Upload the vendor tarball to the GitHub release page. -- [ ] Upload the wheel package to the GitHub release page. The wheel package can be found under the `dist/` directory in the environment where you first cloned tern/master or it can be downloaded for the PyPI release page. +- [ ] Upload the wheel package to the GitHub release page. The wheel package can be found under the `dist/` directory in the environment where you first cloned tern/main or it can be downloaded for the PyPI release page. diff --git a/docs/releases/v2_4_0-requirements.txt b/docs/releases/v2_4_0-requirements.txt new file mode 100644 index 00000000..5196961f --- /dev/null +++ b/docs/releases/v2_4_0-requirements.txt @@ -0,0 +1,146 @@ +# +# This file is autogenerated by pip-compile +# To update, run: +# +# pip-compile --generate-hashes --output-file=v2_4_0-requirements.txt +# +attrs==20.3.0 \ + --hash=sha256:31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6 \ + --hash=sha256:832aa3cde19744e49938b91fea06d69ecb9e649c93ba974535d08ad92164f700 + # via debut +certifi==2020.12.5 \ + --hash=sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c \ + --hash=sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830 + # via requests +chardet==4.0.0 \ + --hash=sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa \ + --hash=sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 + # via + # debut + # requests +debut==0.9.9 \ + --hash=sha256:3cc75b01fbdf553376d566027d54af4c957844cf4fc2456a426e658ea7b68588 \ + --hash=sha256:a3a71e475295f4cf4292440c9c7303ebca0309d395536d2a7f86a5f4d7465dc1 + # via -r requirements.in +docker==4.4.3 \ + --hash=sha256:d4625e70e3d5a12d7cbf1fd68cef2e081ac86b83889e00e5466d975f90e50dad \ + --hash=sha256:de5753b7f6486dd541a98393e423e387579b8974a5068748b83f852cc76a89d6 + # via -r requirements.in +dockerfile-parse==1.1.0 \ + --hash=sha256:80ea4b88694ab014001e39e62335aa2f4feb695b80de751377e994a344fa5952 \ + --hash=sha256:f37bfa327fada7fad6833aebfaac4a3aaf705e4cf813b737175feded306109e8 + # via -r requirements.in +idna==2.10 \ + --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 \ + --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 + # via requests +importlib-metadata==3.4.0 \ + --hash=sha256:ace61d5fc652dc280e7b6b4ff732a9c2d40db2c0f92bc6cb74e07b73d53a1771 \ + --hash=sha256:fa5daa4477a7414ae34e95942e4dd07f62adf589143c875c133c1e53c4eff38d + # via stevedore +pbr==5.5.1 \ + --hash=sha256:5fad80b613c402d5b7df7bd84812548b2a61e9977387a80a5fc5c396492b13c9 \ + --hash=sha256:b236cde0ac9a6aedd5e3c34517b423cd4fd97ef723849da6b0d2231142d89c00 + # via + # -r requirements.in + # stevedore +pyyaml==5.4.1 \ + --hash=sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf \ + --hash=sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696 \ + --hash=sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393 \ + --hash=sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77 \ + --hash=sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922 \ + --hash=sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5 \ + --hash=sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8 \ + --hash=sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10 \ + --hash=sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc \ + --hash=sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018 \ + --hash=sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e \ + --hash=sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253 \ + --hash=sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183 \ + --hash=sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb \ + --hash=sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185 \ + --hash=sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db \ + --hash=sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46 \ + --hash=sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b \ + --hash=sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63 \ + --hash=sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df \ + --hash=sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc + # via -r requirements.in +regex==2020.11.13 \ + --hash=sha256:02951b7dacb123d8ea6da44fe45ddd084aa6777d4b2454fa0da61d569c6fa538 \ + --hash=sha256:0d08e71e70c0237883d0bef12cad5145b84c3705e9c6a588b2a9c7080e5af2a4 \ + --hash=sha256:1862a9d9194fae76a7aaf0150d5f2a8ec1da89e8b55890b1786b8f88a0f619dc \ + --hash=sha256:1ab79fcb02b930de09c76d024d279686ec5d532eb814fd0ed1e0051eb8bd2daa \ + --hash=sha256:1fa7ee9c2a0e30405e21031d07d7ba8617bc590d391adfc2b7f1e8b99f46f444 \ + --hash=sha256:262c6825b309e6485ec2493ffc7e62a13cf13fb2a8b6d212f72bd53ad34118f1 \ + --hash=sha256:2a11a3e90bd9901d70a5b31d7dd85114755a581a5da3fc996abfefa48aee78af \ + --hash=sha256:2c99e97d388cd0a8d30f7c514d67887d8021541b875baf09791a3baad48bb4f8 \ + --hash=sha256:3128e30d83f2e70b0bed9b2a34e92707d0877e460b402faca908c6667092ada9 \ + --hash=sha256:38c8fd190db64f513fe4e1baa59fed086ae71fa45083b6936b52d34df8f86a88 \ + --hash=sha256:3bddc701bdd1efa0d5264d2649588cbfda549b2899dc8d50417e47a82e1387ba \ + --hash=sha256:4902e6aa086cbb224241adbc2f06235927d5cdacffb2425c73e6570e8d862364 \ + --hash=sha256:49cae022fa13f09be91b2c880e58e14b6da5d10639ed45ca69b85faf039f7a4e \ + --hash=sha256:56e01daca75eae420bce184edd8bb341c8eebb19dd3bce7266332258f9fb9dd7 \ + --hash=sha256:5862975b45d451b6db51c2e654990c1820523a5b07100fc6903e9c86575202a0 \ + --hash=sha256:6a8ce43923c518c24a2579fda49f093f1397dad5d18346211e46f134fc624e31 \ + --hash=sha256:6c54ce4b5d61a7129bad5c5dc279e222afd00e721bf92f9ef09e4fae28755683 \ + --hash=sha256:6e4b08c6f8daca7d8f07c8d24e4331ae7953333dbd09c648ed6ebd24db5a10ee \ + --hash=sha256:717881211f46de3ab130b58ec0908267961fadc06e44f974466d1887f865bd5b \ + --hash=sha256:749078d1eb89484db5f34b4012092ad14b327944ee7f1c4f74d6279a6e4d1884 \ + --hash=sha256:7913bd25f4ab274ba37bc97ad0e21c31004224ccb02765ad984eef43e04acc6c \ + --hash=sha256:7a25fcbeae08f96a754b45bdc050e1fb94b95cab046bf56b016c25e9ab127b3e \ + --hash=sha256:83d6b356e116ca119db8e7c6fc2983289d87b27b3fac238cfe5dca529d884562 \ + --hash=sha256:8b882a78c320478b12ff024e81dc7d43c1462aa4a3341c754ee65d857a521f85 \ + --hash=sha256:8f6a2229e8ad946e36815f2a03386bb8353d4bde368fdf8ca5f0cb97264d3b5c \ + --hash=sha256:9801c4c1d9ae6a70aeb2128e5b4b68c45d4f0af0d1535500884d644fa9b768c6 \ + --hash=sha256:a15f64ae3a027b64496a71ab1f722355e570c3fac5ba2801cafce846bf5af01d \ + --hash=sha256:a3d748383762e56337c39ab35c6ed4deb88df5326f97a38946ddd19028ecce6b \ + --hash=sha256:a63f1a07932c9686d2d416fb295ec2c01ab246e89b4d58e5fa468089cab44b70 \ + --hash=sha256:b2b1a5ddae3677d89b686e5c625fc5547c6e492bd755b520de5332773a8af06b \ + --hash=sha256:b2f4007bff007c96a173e24dcda236e5e83bde4358a557f9ccf5e014439eae4b \ + --hash=sha256:baf378ba6151f6e272824b86a774326f692bc2ef4cc5ce8d5bc76e38c813a55f \ + --hash=sha256:bafb01b4688833e099d79e7efd23f99172f501a15c44f21ea2118681473fdba0 \ + --hash=sha256:bba349276b126947b014e50ab3316c027cac1495992f10e5682dc677b3dfa0c5 \ + --hash=sha256:c084582d4215593f2f1d28b65d2a2f3aceff8342aa85afd7be23a9cad74a0de5 \ + --hash=sha256:d1ebb090a426db66dd80df8ca85adc4abfcbad8a7c2e9a5ec7513ede522e0a8f \ + --hash=sha256:d2d8ce12b7c12c87e41123997ebaf1a5767a5be3ec545f64675388970f415e2e \ + --hash=sha256:e32f5f3d1b1c663af7f9c4c1e72e6ffe9a78c03a31e149259f531e0fed826512 \ + --hash=sha256:e3faaf10a0d1e8e23a9b51d1900b72e1635c2d5b0e1bea1c18022486a8e2e52d \ + --hash=sha256:f7d29a6fc4760300f86ae329e3b6ca28ea9c20823df123a2ea8693e967b29917 \ + --hash=sha256:f8f295db00ef5f8bae530fc39af0b40486ca6068733fb860b42115052206466f + # via -r requirements.in +requests==2.25.1 \ + --hash=sha256:27973dd4a904a4f13b263a19c866c13b92a39ed1c964655f025f3f8d3d75b804 \ + --hash=sha256:c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e + # via + # -r requirements.in + # docker +six==1.15.0 \ + --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 \ + --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced + # via + # docker + # dockerfile-parse + # websocket-client +stevedore==3.3.0 \ + --hash=sha256:3a5bbd0652bf552748871eaa73a4a8dc2899786bc497a2aa1fcb4dcdb0debeee \ + --hash=sha256:50d7b78fbaf0d04cd62411188fa7eedcb03eb7f4c4b37005615ceebe582aa82a + # via -r requirements.in +typing-extensions==3.7.4.3 \ + --hash=sha256:7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918 \ + --hash=sha256:99d4073b617d30288f569d3f13d2bd7548c3a7e4c8de87db09a9d29bb3a4a60c \ + --hash=sha256:dafc7639cde7f1b6e1acc0f457842a83e722ccca8eef5270af2d74792619a89f + # via importlib-metadata +urllib3==1.26.3 \ + --hash=sha256:1b465e494e3e0d8939b50680403e3aedaa2bc434b7d5af64dfd3c958d7f5ae80 \ + --hash=sha256:de3eedaad74a2683334e282005cd8d7f22f4d55fa690a2a1020a416cb0a47e73 + # via requests +websocket-client==0.57.0 \ + --hash=sha256:0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549 \ + --hash=sha256:d735b91d6d1692a6a181f2a8c9e0238e5f6373356f561bb9dc4c7af36f452010 + # via docker +zipp==3.4.0 \ + --hash=sha256:102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108 \ + --hash=sha256:ed5eee1974372595f9e416cc7bbeeb12335201d8081ca8a0743c954d4446e5cb + # via importlib-metadata diff --git a/docs/releases/v2_4_0.md b/docs/releases/v2_4_0.md new file mode 100644 index 00000000..59f8e3e1 --- /dev/null +++ b/docs/releases/v2_4_0.md @@ -0,0 +1,90 @@ +# Release 2.4.0 + +## Summary +This mini release contains a small mix of features, bug fixes, refactors and technical debt cleanup. It adds support for an SPDX JSON format and adds a new `debug` subcommand that makes debugging issues related to package reporting easier. Most importantly, this release fixes a bug where Tern was failing to scan images that didn't have repository or tag metadata associated with them. Other notable bug fixes include a patch for missing notices in the cache and incorrect package reporting in alpine images when package names had non-alphanumeric characters. + +As always, we would like to thank our community for contributing to this release. + +## New Features +* [Support for SPDX JSON format](https://github.com/tern-tools/tern/issues/839): Tern now can generate valid SPDX JSON documents for container images and Dockerfiles. +* [Addition of 'debug' subcommand](https://github.com/tern-tools/tern/issues/660): This new `debug` CLI option enables users to test out scripts in `base.yml` and to inspect the filesystem at a given layer index. Previously, this functionality was only available in the `verify_invoke.py` and `container_debug.py` scripts. + +## Bug Fixes +* [Bug fix for images that don't have repos or tags](https://github.com/tern-tools/tern/issues/874) +* [Fix for not retrieving cached notices](https://github.com/tern-tools/tern/issues/875) +* [Fix duplicate package reporting for alpine images](https://github.com/tern-tools/tern/issues/881) +* [Fix "Invalid element reference in relationship" error for spdxtagvalue reports](https://github.com/tern-tools/tern/issues/867) +* [Fix "Invalid download location" error for spdxtagvalue reports](https://github.com/tern-tools/tern/issues/855) + +## Resolved Technical Debt +* [Enable SPDX document validation for CI checks](https://github.com/tern-tools/tern/issues/713) +* [Remove repotag:PackageDownloadLocation mapping for SPDX formats](https://github.com/tern-tools/tern/issues/855) +* Small refactor of shared code for SPDX formatting +* Refactor `get_os_style()` to set the right properties +* `master` branch renamed to `main` + +## Future Work +* "Live" analysis of a container image. +* Generating output reports by layer. +* Analysis for OCI style images. +* Continuing code cleanup. + +The next release is targeted to be a Beta release 3.0.0 in March or April. Watch the [Beta Release Milestone](https://github.com/tern-tools/tern/milestone/13) for progress. We're really excited about this release! + +## Changelog +Note: This changelog will not include these release notes + +Changelog generated by command: `git log --pretty=format:"%h %s" v2.3.0..main` + +``` +1c8d031 Fix duplicate package reporting for alpine images +52b4e29 Enabled SPDX document validation for CI +e1d00f8 Bug fix for images that don't have repos or tags +73af8ba Added run_extension_layer for ImageLayer object +523bdfb Fix for not retrieving cached notices +d1996b7 Load notices from cache for each layer +8137ffc Refactor get_os_style to set the right properties +683ba98 Fix tests for human readable id creation +4a820cf Fix image human readable id formatting +3ffe9f0 Update tests to refer to the main branch +8d98d41 Add community meeting info to README +b649f4c Make scancode use more processes +d6ca178 Set SPDX PackageDownloadLocation to valid value +61fae79 Remove repotag:PackageDownloadLocation mapping +07b868f Set spdxtagvalue PackageDownloadLocation to NONE +2762e30 Set spdxjson image downloadLocation to NOASSERTION +3ee14a8 Add File support for JSON SPDX Documents +d443caf Only include fileType if it exists +8b316d2 Add extractedText licenseRef info to spdxjson docs +bf53a5a Add new function get_extracted_text_dict() +b76d74b Use LicenseRef for spdxjson File licenses +5fe5561 Update spdxtagvalue file-related functions +fb8dfa3 Add spdxjson information to README +6ceee2e Add support for SPDX JSON format +bca41a2 Add support for SPDX JSON format +87f1c29 Refactor: move common functions to spdx_common.py +e51d361 Create spdx_common.py for common functions +64064c0 Move spdx/formats.py to spdxtagvalue directory +a54c71f Add spdxjson command line format option +ca74c3e main: Fix formatting for -wd option +9b498c8 Change vagrant box to generic/ubuntu1804 +d591676 Add libvirt provider support to Vagrantfile +30c993a Change Vagrant box to generic/ubuntu1804 +7ed5a02 Add info about Discussions in CONTRIBUTING.md +4107298 Introduce debug subcommand +f09fa05 Updated documentation with tern debug instructions +01618a0 Move container_debug script into debug subcommand +2c7efbf Add subcommand debug to replace verify_invoke +``` + +## Contributors + +``` +Alexander Mazuruk a.mazuruk@samsung.com +m1-key shubhamtiwari.tiwari84@gmail.com +``` + +## Contact the Maintainers + +Nisha Kumar: nishak@vmware.com +Rose Judge: rjudge@vmware.com diff --git a/requirements.txt b/requirements.txt index 9f5502c1..47dac70c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,11 +6,11 @@ # transitive dependencies listed make it more difficult to figure out # what should be updated. -PyYAML>=5.3 -docker~=4.3 +PyYAML>=5.4 +docker~=4.4 dockerfile-parse~=1.1 requests~=2.25 -stevedore>=3.2 +stevedore>=3.3 pbr>=5.5 debut>=0.9 regex>=2020.11