Releases: spdx/tools-golang
v0.5.5
What's Changed
- fix: properly normalize Windows paths, add windows test runner by @kzantow in #242
- fix: panic if JSON relationship array contains null by @kzantow in #239
- chore: provide a clearer error when using an invalid Originator by @LaurentGoderre in #246
New Contributors
- @LaurentGoderre made their first contribution in #246
Full Changelog: v0.5.4...v0.5.5
v0.5.4
What's Changed
- Stop escaping HTML by @kzantow in #224
- Don't create empty
ExcludedFiles
array by @DmitriyLewen in #230 - Add external reference category
OTHER
by @mcombuechen in #229 - Remove empty packageVerificationCode in 2.2 JSON by @kzantow in #223
New Contributors
- @mcombuechen made their first contribution in #229
Full Changelog: v0.5.3...v0.5.4
v0.5.3
v0.5.2
v0.5.1
What's Changed
- Add ability to specify JSON output options by @DmitriyLewen in #213
- Fix some optional params:
copyrightText
,licenseListVersion
,packageVerificationCode
by @lumjjb in #215 - Properly output and read the
filesAnalyzed
field in JSON/YAML by @kzantow in #210 - Ensure no duplicates in relationships when shortcut fields are used. by @lumjjb in #218
New Contributors
- @testwill made their first contribution in #212
- @DmitriyLewen made their first contribution in #213
Full Changelog: v0.5.0...v0.5.1
v0.5.0
This is the first release which includes a significant refactoring of this library and includes the ability to convert between SPDX document versions (2.1 - 2.3).
NOTE: This version has a major refactoring how to use the library. This is now much more streamlined. Prior to this change, it was required to import things like spdx/v2_2
and directly reference those version files. This refactoring moves usage to have a "common model", which ends up being the latest SPDX version, available at the same package across releases: github.com/spdx/tools-golang/spdx
. This means when upgrading versions of tools-golang, you can always get the latest version supported by the library and support reading older versions due to the automatic conversions that the reading functions provide.
To get an idea of what is involved (it really isn't a lot of work), you can have a look at the Syft PR that upgraded to use the new interfaces: anchore/syft#1503
After upgrading to this usage pattern, subsequent updates of the tools-golang library will only require changes to your code if the latest model changes (for example, when 3.0 is implemented -- but your older 2.x files will still work fine to read in and export).
What's new
- Refactor: maintain the latest SPDX model and provide conversions from previous by @kzantow in #172
- Added more const for external reference to external.go by @neilnaveen in #188
Bug fixes
- Fixed Bug For DocumentComment by @neilnaveen in #185 and #187
- Improve SPDX document validation by @neilnaveen in #200
- Read shortcut fields: documentDescribes and hasFiles by @kzantow in #201
- JSON reading/writing sets appropriate PACKAGE-MANAGER enum based on version by @lumjjb in #204
New Contributors
- @jspeed-meyers made their first contribution in #181
- @neilnaveen made their first contribution in #185
Full Changelog: v0.4.0...v0.5.0
v0.5.0-rc1
This is the first release candidate which is a significant refactoring of this library and includes the ability to convert between SPDX document versions (2.1 - 2.3).
Full Changelog: v0.4.0...v0.5.0-rc1
v0.4.0
0.4.0
New Features and Enhancements
- SPDX v2.3 support #164
- YAML support #134
- Add reference types enumerables to SPDX pkg definition #162 #163
- Expand hash algorithm support to include all valid SPDX 2.2 and 2.3 algorithms #173
Bug fixes
- JSON encoding and decoding not properly handling SPDXRef- prefixes #170
Documentation and Cleanup
- Overhaul structs, refactor JSON parser and saver #133
- YAML documentation and JSON documentation fixes #141
- Convert SPDX structs to versioned pkgs #146
- Ensure consistency between JSON struct tags across different SPDX versions #174
- Add Security.md for handling of security issues #154
- Update build workflow to go 1.18 #148
Contributors
v0.3.0
New Features and Enhancements
- Add support for saving SPDX JSON: #92, #94, #97, #98, #104, #106, #113
- Begin OpenSSF Best Practices process and add initial badge: #111
- also enabled branch protection for main branch
Bug fixes
- tvsaver: Fix incorrect tag for Snippet IDs: #95
- GitHub Actions: Fix incorrect branch for code coverage: #112
- builder: Fix file paths to be relative rather than absolute: #114
- builder: Add missing mandatory field LicenseInfoInFile: #119
Documentation and Cleanup
- Fix link to release notes: #91
- Language fixes for JSON documentation: #108
- Add badges and links for releases and documentation: #109
- Update documentation for release: #121, #122
- Fixes for examples and sample run commands: #123, #125, #126, #127
Contributors
v0.3.0-rc1
Release Candidate 1 for v0.3.0
See draft release notes for v0.3.0 in RELEASE-NOTES.md