Skip to content

Releases: spdx/tools-golang

v0.5.5

25 Jun 19:22
9db247b
Compare
Choose a tag to compare

What's Changed

  • fix: properly normalize Windows paths, add windows test runner by @kzantow in #242
  • fix: panic if JSON relationship array contains null by @kzantow in #239
  • chore: provide a clearer error when using an invalid Originator by @LaurentGoderre in #246

New Contributors

Full Changelog: v0.5.4...v0.5.5

v0.5.4

17 Apr 16:31
aa7bfad
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.5.3...v0.5.4

v0.5.3

27 Jul 17:46
6a271aa
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.5.2...v0.5.3

v0.5.2

06 Jun 14:06
4b477e8
Compare
Choose a tag to compare

What's Changed

  • fix duplicate shorthand relationships for opposite case by @lumjjb in #220

Full Changelog: v0.5.1...v0.5.2

v0.5.1

26 May 17:33
e939624
Compare
Choose a tag to compare

What's Changed

  • Add ability to specify JSON output options by @DmitriyLewen in #213
  • Fix some optional params: copyrightText, licenseListVersion, packageVerificationCode by @lumjjb in #215
  • Properly output and read the filesAnalyzed field in JSON/YAML by @kzantow in #210
  • Ensure no duplicates in relationships when shortcut fields are used. by @lumjjb in #218

New Contributors

Full Changelog: v0.5.0...v0.5.1

v0.5.0

03 Apr 17:42
ee0b98b
Compare
Choose a tag to compare

This is the first release which includes a significant refactoring of this library and includes the ability to convert between SPDX document versions (2.1 - 2.3).

NOTE: This version has a major refactoring how to use the library. This is now much more streamlined. Prior to this change, it was required to import things like spdx/v2_2 and directly reference those version files. This refactoring moves usage to have a "common model", which ends up being the latest SPDX version, available at the same package across releases: github.com/spdx/tools-golang/spdx. This means when upgrading versions of tools-golang, you can always get the latest version supported by the library and support reading older versions due to the automatic conversions that the reading functions provide.

To get an idea of what is involved (it really isn't a lot of work), you can have a look at the Syft PR that upgraded to use the new interfaces: anchore/syft#1503

After upgrading to this usage pattern, subsequent updates of the tools-golang library will only require changes to your code if the latest model changes (for example, when 3.0 is implemented -- but your older 2.x files will still work fine to read in and export).

What's new

  • Refactor: maintain the latest SPDX model and provide conversions from previous by @kzantow in #172
  • Added more const for external reference to external.go by @neilnaveen in #188

Bug fixes

  • Fixed Bug For DocumentComment by @neilnaveen in #185 and #187
  • Improve SPDX document validation by @neilnaveen in #200
  • Read shortcut fields: documentDescribes and hasFiles by @kzantow in #201
  • JSON reading/writing sets appropriate PACKAGE-MANAGER enum based on version by @lumjjb in #204

New Contributors

Full Changelog: v0.4.0...v0.5.0

v0.5.0-rc1

20 Jan 21:32
908a516
Compare
Choose a tag to compare
v0.5.0-rc1 Pre-release
Pre-release

This is the first release candidate which is a significant refactoring of this library and includes the ability to convert between SPDX document versions (2.1 - 2.3).

Full Changelog: v0.4.0...v0.5.0-rc1

v0.4.0

12 Jan 18:40
843bc98
Compare
Choose a tag to compare

0.4.0

New Features and Enhancements

  • SPDX v2.3 support #164
  • YAML support #134
  • Add reference types enumerables to SPDX pkg definition #162 #163
  • Expand hash algorithm support to include all valid SPDX 2.2 and 2.3 algorithms #173

Bug fixes

  • JSON encoding and decoding not properly handling SPDXRef- prefixes #170

Documentation and Cleanup

  • Overhaul structs, refactor JSON parser and saver #133
  • YAML documentation and JSON documentation fixes #141
  • Convert SPDX structs to versioned pkgs #146
  • Ensure consistency between JSON struct tags across different SPDX versions #174
  • Add Security.md for handling of security issues #154
  • Update build workflow to go 1.18 #148

Contributors

v0.3.0

03 Apr 14:25
94b44ab
Compare
Choose a tag to compare

New Features and Enhancements

  • Add support for saving SPDX JSON: #92, #94, #97, #98, #104, #106, #113
  • Begin OpenSSF Best Practices process and add initial badge: #111
    • also enabled branch protection for main branch

Bug fixes

  • tvsaver: Fix incorrect tag for Snippet IDs: #95
  • GitHub Actions: Fix incorrect branch for code coverage: #112
  • builder: Fix file paths to be relative rather than absolute: #114
  • builder: Add missing mandatory field LicenseInfoInFile: #119

Documentation and Cleanup

  • Fix link to release notes: #91
  • Language fixes for JSON documentation: #108
  • Add badges and links for releases and documentation: #109
  • Update documentation for release: #121, #122
  • Fixes for examples and sample run commands: #123, #125, #126, #127

Contributors

v0.3.0-rc1

27 Mar 16:24
d93d09f
Compare
Choose a tag to compare

Release Candidate 1 for v0.3.0

See draft release notes for v0.3.0 in RELEASE-NOTES.md