Skip to content

Latest commit

 

History

History
601 lines (317 loc) · 32.6 KB

CHANGELOG.md

File metadata and controls

601 lines (317 loc) · 32.6 KB
Raw

Changelog

1.56.1 (2023-10-24)

Bug Fixes

  • crash when skipping tree svg output (c4097d5)
  • limit pathfinding to depth 9 (a7fecbc)

1.56.0 (2023-10-09)

Features

  • composer install script detection (c814178)

1.55.2 (2023-09-28)

Bug Fixes

  • graph gen for version-less packages (bce6293)

1.55.1 (2023-09-28)

Bug Fixes

  • support x.y packagist semver format (3aefc78)

1.55.0 (2023-09-26)

Features

  • better license expression issue titles (3f3aad9)

1.54.1 (2023-09-26)

Bug Fixes

  • support license string arrays (f01c7cf)

1.54.0 (2023-09-26)

Features

  • package type target config for resolve cli (fd651c3)

Bug Fixes

  • package type selection for mixed directories (84ce307)

1.53.1 (2023-09-15)

Bug Fixes

  • composer audit issue (912148f)
  • only scan root vulns when name&version exist (6d89eee)

1.53.0 (2023-09-15)

Features

  • detect php deprecated packages (2ef385b)

1.52.0 (2023-09-08)

Features

  • package type config for multi-package dirs (4e2828a)

1.51.1 (2023-09-08)

Bug Fixes

  • load composer root packages with no version (65dad8e)

1.51.0 (2023-09-08)

Features

  • experimental Composer support (93c9e4b)

1.50.0 (2023-09-04)

Features

  • better registry api fetch (d60866b)

1.49.0 (2023-09-04)

Features

  • better package metadata retrieval (3cce2e7)

1.48.3 (2023-09-02)

Bug Fixes

  • load locally installed workspace module data (ba02ea9)

1.48.2 (2023-09-02)

Bug Fixes

  • support yarn alternative workspaces object (448e3d3), closes #131

1.48.1 (2023-09-01)

Bug Fixes

  • workspace additional data issue (2b1c6f3)

1.48.0 (2023-08-31)

Features

  • skip missing repo check for workspace (01db288)
  • use workspace packages metadata (eb98635)

1.47.0 (2023-08-31)

Features

  • configurable build for large trees (5a7623b)

1.46.0 (2023-08-25)

Features

  • label dependency relations in charts (98fc1e8)
  • support npm v1 lockfiles (f5da842)

1.45.0 (2023-08-23)

Features

  • support pnpm workspaces (d22b946)

1.44.0 (2023-08-23)

Features

  • basic support for workspaces (2e0868e)

1.43.1 (2023-07-27)

Bug Fixes

1.43.0 (2023-07-27)

Features

1.42.1 (2023-07-22)

Bug Fixes

  • add type to vulnerability report json (1f5a84e)

1.42.0 (2023-05-12)

Features

  • root project vulnerability scan now optional (ffc121d)

1.41.0 (2023-05-10)

Features

  • include stack details in error logging (d910d2a)

1.40.0 (2023-05-10)

Features

  • better vulnerability report retrieval errors (2ce3e10)

1.39.2 (2023-05-05)

Bug Fixes

  • using fetch without loading it (d65aa9d)

1.39.1 (2023-05-05)

Bug Fixes

  • normalizeLicense('null') crash (96e1afc)

1.39.0 (2023-05-03)

Features

  • add audit configuration info to json report (9faf902)
  • configs to skip license/meta issue checks (eb5064c)

1.38.1 (2023-04-27)

Bug Fixes

1.38.0 (2023-04-26)

Features

  • cli args license&fail policy valid json check (6a0592d)
  • enforce min node version (7560c64)

1.37.0 (2023-04-25)

Features

  • improve type validations (38b7bac)

1.36.2 (2023-04-25)

Bug Fixes

  • tips display crash in non-tty envs (afd121c)

1.36.1 (2023-04-24)

Bug Fixes

  • crash on non-string npmrc configs (ab49e97)

1.36.0 (2023-04-13)

Features

  • accept wildcard version in resolved issue id (1565943)
  • support custom license categories (68b7791)
  • support editing default license categories (0f473cc)
  • support private registries (b36cba0)

1.35.1 (2023-04-07)

Bug Fixes

1.35.0 (2023-03-25)

Features

  • show tips while building dep graph (a4f1b32)

1.34.0 (2023-03-24)

Features

  • audit output now configurable (77e0099)
  • more efficient registry queries (166c2fd)

1.33.0 (2023-03-22)

Features

  • more permissive normalizeLicense (28dd24a)

Bug Fixes

  • crash for apps with no manifest name (4e97c8c)

1.32.1 (2023-03-20)

Bug Fixes

  • normalizing null licenses (9de645d)

1.32.0 (2023-03-20)

Features

  • export normalizeLicense method (acd5c6f)

1.31.0 (2023-03-17)

Features

  • notify about very large trees (d9e5f8c)
  • opt-in crash reports (84c90c5)

Bug Fixes

  • file name undefined version (0fba979)
  • yarn audit warnings treated as errors (f187ce7)

1.30.0 (2023-03-15)

Features

  • -v option now outputs current version (1b72ff1)
  • display dependency graph progress (69d9975)
  • support marking issues as resolved (e9b6208)

1.29.1 (2023-03-10)

Bug Fixes

  • false audit issues with root shell config (1dbc0a5)

1.29.0 (2023-03-10)

Features

  • outdated check now runs parallel to audit (e501a97)

Bug Fixes

  • all packages array bug for shell root setup (5da5001)
  • support empty csv output (8e69060)

1.28.0 (2023-03-08)

Features

  • notification on new version available (8ddf36d)

Bug Fixes

  • better lockfile parsing errors (a9bb92e)
  • manifest engine requirements (61d00a3)

1.27.0 (2023-03-07)

Features

  • generate ids for Sandworm issues (ccaf8ea)

Bug Fixes

  • better error for no lockfile found (4c430d9)

1.26.0 (2023-02-28)

Features

  • better install script issues (7c9fd4d)
  • support root shell project (bb484df)

Bug Fixes

  • additional pnpm semver parsing issue (3f4fa77)
  • get registry data for dev deps (103af11)
  • getting paths for dev dep issues (03adb07)
  • issue sources for root vulnerabilities (a85d54b)
  • parsing pnpm package version from lockfile (4667cde)

1.25.0 (2023-02-26)

Features

  • output audit summary in console (4240198)

Bug Fixes

  • issue paths for non-prod deps (ad1049a)
  • properly encode csv quotes (772793f)
  • specify required node version (4ef5b8a)

1.24.0 (2023-02-23)

Features

  • more info available in the csv output (d0d95b5)
  • update default output dir name to sandworm (90eef86)

1.23.0 (2023-02-21)

Features

  • cli now outputs issue counts (9cc2d1f)
  • fail on specific issue type and/or severity (e19f48a)

1.22.0 (2023-02-19)

Features

  • api now supports custom license policies (b890b92)
  • graph metadata soure now configurable in api (a4e09ee)
  • include graph gen errors in error output (8deb50f)
  • support configuration file (39b84c8)

Bug Fixes

  • invalid extra registry call (6ec0ede)

1.21.1 (2023-02-17)

Bug Fixes

  • labeling nodes in cyclic dep graph (1b4b90e)

1.21.0 (2023-02-14)

Features

  • better license and meta issue titles (e118686)

1.20.2 (2023-02-14)

Bug Fixes

  • infinte recursion when getting dep paths (e5d2c70)

1.20.1 (2023-02-14)

Bug Fixes

1.20.0 (2023-02-14)

Features

  • better error aggregation (7a200fd)
  • scan for metadata issues (6bc8a4a)

Bug Fixes

  • scoped package output filename (6878e82)
  • update utils module name (6710f13)

1.19.1 (2023-02-10)

Bug Fixes

  • ci pipeline config to trigger deploys (5b89679)

1.19.0 (2023-02-10)

Features

  • add config to disable size scanning (88dda72)
  • add license info to tooltip, when available (291991c)
  • allow providing custom dep graphs (e3b4a77)
  • better license usage data structure (3e373fa)
  • better package size estimation (c98752f)
  • better treemap package labeling (3bfadd7)
  • better vulnerability reporting (e33941e)
  • better vulnerability reporting (976dad6)
  • build all charts by default (a1db19a)
  • charts now display license issues (9b38f08)
  • cli now displays licence scanning phase (b5467f8)
  • cli now generates json report in output dir (d1c5283)
  • configurable min severity level for charts (2950408)
  • expose array with processed dependency data (557cfe4)
  • icon now represents severity in node tooltip (8ccfb97)
  • include license issue recommendations (f2af2f4)
  • include vulnerabilities in exported data (2528072)
  • initial commit (f46ae74)
  • output all dependency data as csv (eb92647)
  • output license usage and issues (99aa988)
  • remove svg width and height attributes (b9e3d45)
  • support all js package managers (bc2c2e2)
  • support json stringified licence data (fff0585)
  • support yarn audit (5c701b1)
  • universal support for license info (6b8817f)
  • update max depth arg type (aac673a)
  • update package name (baa9281)

Bug Fixes

  • crash for undefined dependencyVulnerabilities (1214155)
  • crash when audit returns empty (996c5b8)
  • crash when post-processing empty graphs (9bddc17)
  • crash when using pnpm with no dependencies (dc4696b)
  • generate multiple charts in the same session (552f446)
  • include recommendations in license issue output (c23b5ee)
  • json license data parsing (c625d06)
  • long license strings now truncated in tooltip (50b0403)
  • parsing vulnerabilities from empty response (813ceba)
  • remove package lock (98bbdf5)
  • represent non-prod dependencies (5e04c15)
  • root vulnerabilities access (1c39fab)
  • treemap now represents root module sizes (958e7b0)

1.18.0 (2023-02-10)

Features

  • add config to disable size scanning (88dda72)
  • add license info to tooltip, when available (291991c)
  • allow providing custom dep graphs (e3b4a77)
  • better license usage data structure (3e373fa)
  • better package size estimation (c98752f)
  • better treemap package labeling (3bfadd7)
  • better vulnerability reporting (e33941e)
  • better vulnerability reporting (976dad6)
  • build all charts by default (a1db19a)
  • charts now display license issues (9b38f08)
  • cli now displays licence scanning phase (b5467f8)
  • configurable min severity level for charts (2950408)
  • expose array with processed dependency data (557cfe4)
  • icon now represents severity in node tooltip (8ccfb97)
  • include license issue recommendations (f2af2f4)
  • include vulnerabilities in exported data (2528072)
  • initial commit (f46ae74)
  • output all dependency data as csv (eb92647)
  • output license usage and issues (99aa988)
  • remove svg width and height attributes (b9e3d45)
  • support all js package managers (bc2c2e2)
  • support json stringified licence data (fff0585)
  • support yarn audit (5c701b1)
  • universal support for license info (6b8817f)
  • update max depth arg type (aac673a)
  • update package name (baa9281)

Bug Fixes

  • crash for undefined dependencyVulnerabilities (1214155)
  • crash when audit returns empty (996c5b8)
  • crash when post-processing empty graphs (9bddc17)
  • crash when using pnpm with no dependencies (dc4696b)
  • generate multiple charts in the same session (552f446)
  • include recommendations in license issue output (c23b5ee)
  • json license data parsing (c625d06)
  • long license strings now truncated in tooltip (50b0403)
  • parsing vulnerabilities from empty response (813ceba)
  • remove package lock (98bbdf5)
  • represent non-prod dependencies (5e04c15)
  • root vulnerabilities access (1c39fab)
  • treemap now represents root module sizes (958e7b0)