Releases: sunnyyip/guac
Releases · sunnyyip/guac
v0.3.0-20231106-1
Changelog
- 8336525 1434-docker-compose - backend selection on startup (guacsec#1435)
- 8daf872 Add Guacone collect files json.bz2 capability (guacsec#1395)
- 2c19f25 Add License and CertifyLegal to Arango backend. (guacsec#1349)
- b7ff00e Add SECURITY-INSIGHTS (guacsec#1353)
- ffadd34 Add a developer readme to the cli commands. (guacsec#1324)
- c45498b Add log level configuration (guacsec#1422)
- a4faf80 Add support for OCI referrers (guacsec#1278)
- aa334f6 Bump actions/checkout from 4.1.0 to 4.1.1 (guacsec#1423)
- caebd0c Bump actions/create-github-app-token from 1.2.2 to 1.5.0 (guacsec#1372)
- bfd70a6 Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (guacsec#1443)
- baae9ca Bump entgo.io/ent from 0.12.4-0.20230918073025-797534a0d1ca to 0.12.4 (guacsec#1377)
- 9fd1846 Bump github.com/99designs/gqlgen from 0.17.37 to 0.17.39 (guacsec#1411)
- 583c478 Bump github.com/aws/aws-sdk-go from 1.45.20 to 1.45.24 (guacsec#1375)
- 64d2c5b Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 (guacsec#1412)
- 5cf6cbc Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.2 (guacsec#1425)
- c13e040 Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.2 (guacsec#1447)
- 4e83d90 Bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.19.1 (guacsec#1446)
- 25250e2 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.40.2 (guacsec#1445)
- 0ce585b Bump github.com/docker/docker (guacsec#1442)
- 1db53ed Bump github.com/fsouza/fake-gcs-server from 1.47.4 to 1.47.5 (guacsec#1376)
- 8ba3f39 Bump github.com/fsouza/fake-gcs-server from 1.47.5 to 1.47.6 (guacsec#1428)
- 1d48ca9 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (guacsec#1409)
- 00d978b Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (guacsec#1444)
- 63ebfe7 Bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.8 (guacsec#1429)
- 686fcad Bump github.com/nats-io/nats-server (guacsec#1352)
- 1e4157b Bump github.com/nats-io/nats-server/v2 from 2.10.1 to 2.10.2 (guacsec#1418)
- 778f2c6 Bump github.com/nats-io/nats-server/v2 from 2.10.2 to 2.10.3 (guacsec#1427)
- 02152b2 Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 (guacsec#1454)
- bac74b5 Bump github.com/nats-io/nats.go from 1.30.1 to 1.31.0 (guacsec#1408)
- 0689514 Bump github.com/nats-io/nkeys from 0.4.5 to 0.4.6 (guacsec#1455)
- 2f87865 Bump github.com/ossf/scorecard/v4 from 4.12.0 to 4.13.0 (guacsec#1374)
- a49449a Bump github.com/ossf/scorecard/v4 from 4.13.0 to 4.13.1 (guacsec#1464)
- 0b7c030 Bump github.com/regclient/regclient from 0.5.1 to 0.5.3 (guacsec#1410)
- d619162 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (guacsec#1426)
- ff8bcb9 Bump golang.org/x/net from 0.15.0 to 0.17.0 (guacsec#1389)
- 457ace8 Bump golang.org/x/sync from 0.3.0 to 0.4.0 (guacsec#1373)
- dc8d75a Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (guacsec#1371)
- e2b35ad Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (guacsec#1424)
- 7c3b1b9 Certifier OSV: fixed emit func when polling (guacsec#1396)
- fb58ab3 Define edges within software tries related nodes (guacsec#1450)
- c923aa6 Ent - HasMetadata (guacsec#1365)
- 2a9a787 Ent - HasMetadata: applied concurrent approach (guacsec#1458)
- 64850de Ent - HasMetadata: fix ingesting same twice (guacsec#1392)
- b178fcd Ent - PackageVersion: added index for improving IsDependency ingestion (guacsec#1439)
- d18327b Ent - PointOfContact (guacsec#1391)
- 1b4e681 Ent - VulnerabilityMetadata endpoints (guacsec#1416)
- a20dbc7 Ent: Package,IsDependency concurrent bulk ingestions (guacsec#1440)
- 7a4373b Feature/arango neighbors nouns query (guacsec#1419)
- 2ad8e2b Feature/arango neighbors verbs with tests (guacsec#1420)
- 9e65098 Feature/arango node query with updates to inmem unit tests (guacsec#1369)
- 24dc68f Fix lint errors and increase golangci-lint timeout (guacsec#1351)
- 9faa6de Fixed docker-compose down (guacsec#1451)
- 14a79d9 Fixed the incorrect tests for deps_dev (guacsec#1400)
- d681a8d Include Timestamps for Verbs (guacsec#1338)
- 2af1cc4 Included option to run integration tests locally (guacsec#1361)
- 165897d Issue 966: Extend HasSBOM to include references to included software … (guacsec#1367)
- 44896fc Merge branch 'guacsec:main' into main
- 83b892c S3 collector implementation (guacsec#1308)
- 542f03f SPDX Parser: ingest CPE from externalRefs (guacsec#1347)
- b540d46 Support TLS for csub server and clients (guacsec#1390)
- 4652364 Support TLS for graphql server (guacsec#1380)
- a3299ca Update packages for slices import (guacsec#1356)
- 3b4bc8e Update query used in docs with new vuln structure. (guacsec#1385)
- 8829931 Updating Arango and Ent with KnownSince (guacsec#1399)
- e48e534 Wait for guac server to start before running tests (guacsec#1383)
- a9dc7af [feature] Unionize parsing for cdx SBOM and VEX data (guacsec#1247)
- c225a8e add flag to toggle getting deps.dev dependencies (guacsec#1382)
- b3b67db add missing index for arango collections (guacsec#1432)
- 9254f32 change package version list to a map and add tests (guacsec#1332)
- 4e01d67 docker-compose.yaml starts postgres but does not use it (guacsec#1430)
- 9caebd6 edit arangosearch view to exclude subpath search results (guacsec#1397)
- 85b587a feature/Arango - add path query for arango backend with unit tests (guacsec#1403)
- 5ecc2be fix contributor.md broken links to docs (guacsec#1393)
- d7daa07 fix noVuln type not showing up when querying for known (guacsec#1394)
- 23cdc26 fix: typo (guacsec#1379)
- 478e62e fix: use unique sbom identifier for the uri field (guacsec#1437)
- 09c5879 process
PACKAGE_OFrelationship in SPDX files (guacsec#1337) - 51e8fc6 refactor(depversion): avoid unnecessary byte/string conversion (guacsec#1384)
- 70a6fe2 remove gql-test-data as its no longer needed to test the backends (guacsec#1355)
v0-nightly
Changelog
- 2ad16fc Add support for additional checksums and lower tolerance for tests (guacsec#1297)
- d7e6cbc Bump actions/checkout from 4.0.0 to 4.1.0 (guacsec#1319)
- 9359ab2 Bump actions/create-github-app-token from 1.2.1 to 1.2.2 (guacsec#1339)
- cfab8e0 Bump actions/setup-python from 4.7.0 to 4.7.1 (guacsec#1340)
- f671c01 Bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 (guacsec#1341)
- 4012842 Bump github.com/aws/aws-sdk-go from 1.45.12 to 1.45.16 (guacsec#1317)
- 49859c6 Bump github.com/aws/aws-sdk-go from 1.45.16 to 1.45.20 (guacsec#1344)
- 0c24669 Bump github.com/go-git/go-git/v5 from 5.8.1 to 5.9.0 (guacsec#1314)
- 18fb385 Bump github.com/nats-io/nats.go from 1.28.0 to 1.30.1 (guacsec#1316)
- 0f17eb3 Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 (guacsec#1343)
- 1a996f3 Bump github.com/vektah/gqlparser/v2 from 2.5.9 to 2.5.10 (guacsec#1342)
- 42bdb66 Bump google.golang.org/grpc from 1.57.0 to 1.58.2 (guacsec#1318)
- 7519b37 Clarify vote needed for Reviewer promotion. (guacsec#1323)
- c46528b Confusing name of field in IsDependency GraphQL (guacsec#1305)
- 7680601 Ent - CertifyLegal endpoints implementation (guacsec#1321)
- 593ed00 Ent - CertifyVex implementation (guacsec#1334)
- ebb6442 Ent - IngestHasSourceAts implementation (guacsec#1299)
- 6b9617c Ent - IngestHashEquals implementation (guacsec#1304)
- 77475db Ent - IngestOccurrences implementation (guacsec#1328)
- ac266eb Ent - License management endpoints (guacsec#1312)
- cb3bb13 Ent - Packages: subpath query issue (guacsec#1330)
- 5ebbc66 Ent - upsertPackageIDDoNothing vs upsertPackageIDIgnore (guacsec#1270)
- f8b701e Feature/arango node query (guacsec#1301)
- 67371d7 Fixed Race Condition in ingestor/verifier Test (guacsec#1345)
- 8eb43c3 Fixed breaking change by bumping openVex to new release (guacsec#1306)
- fa772f7 Merge branch 'guacsec:main' into main
- 59398f5 Merge branch 'guacsec:main' into main
- 4650088 Merge branch 'guacsec:main' into main
- 493c117 OSV certifier: bulk ingest (guacsec#1309)
- 80108e8 Remove version name from compose tarball. (guacsec#1322)
- 4cd5ba3 Reviewers list - mrizzi (guacsec#1327)
- 17f51dd add NoVuln node to ingestion when a package isn't affected (guacsec#1274)
- 51100b7 add register for guesser, processor and parser. fix unknown status and justification (guacsec#1307)
- fa78489 fix bug in hasSLSA for arango (guacsec#1303)
- 3c29ffd psuedopause nightly release for now (guacsec#1311)
- 6392757 restore nightly release
- 3b1e4e0 update docker manifest name in nightly releases (guacsec#1302)
- 7e52b35 update go version (guacsec#1333)
- 8882edb update maintainers (-rgreinho) (guacsec#1325)
v0.1.1
Changelog
- 06fec9c Bump actions/checkout from 3.5.2 to 3.5.3 (guacsec#951)
- bd619a7 Bump actions/setup-python from 4.6.0 to 4.6.1 (guacsec#890)
- 4bb77e7 Bump anchore/sbom-action from 0.7.0 to 0.14.2 (guacsec#933)
- f58d03b Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 (guacsec#912)
- 6fdf14c Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (guacsec#952)
- 92b5a2e Bump docker/login-action from 2.1.0 to 2.2.0 (guacsec#932)
- 2629e6c Bump github.com/99designs/gqlgen from 0.17.32 to 0.17.33 (guacsec#953)
- 484051c Bump github.com/fsouza/fake-gcs-server from 1.45.1 to 1.45.2 (guacsec#938)
- 7a87726 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (guacsec#893)
- 8a37528 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 (guacsec#936)
- 6eb39e9 Bump github.com/nats-io/nats-server/v2 from 2.9.17 to 2.9.18 (guacsec#956)
- 5a4182b Bump github.com/nats-io/nats.go from 1.25.0 to 1.26.0 (guacsec#892)
- d49e868 Bump github.com/nats-io/nats.go from 1.26.0 to 1.27.0 (guacsec#934)
- c90a50a Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (guacsec#916)
- bbe27f7 Bump github.com/spf13/viper from 1.15.0 to 1.16.0 (guacsec#917)
- 529dadf Bump github/codeql-action from 2.3.3 to 2.3.5 (guacsec#889)
- 4dec012 Bump github/codeql-action from 2.3.5 to 2.3.6 (guacsec#914)
- f25d7f4 Bump github/codeql-action from 2.3.6 to 2.13.4 (guacsec#931)
- 4e84729 Bump golang.org/x/sync from 0.2.0 to 0.3.0 (guacsec#957)
- 366a649 Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (guacsec#913)
- e0898dd Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (guacsec#950)
- d4b73fd Bump google.golang.org/api from 0.123.0 to 0.124.0 (guacsec#891)
- d182921 Bump google.golang.org/api from 0.124.0 to 0.125.0 (guacsec#915)
- 6598766 Bump google.golang.org/api from 0.125.0 to 0.128.0 (guacsec#954)
- 4f965f1 Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (guacsec#955)
- b439054 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (guacsec#929)
- b912fa2 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (guacsec#930)
- 8a03729 Changed build tag to separate scorecardRunner_test.go to run only on Merge (guacsec#927)
- 0d557cb DoesRangeInclude function (guacsec#886)
- 41d4ee8 Enable tracing of GraphQL requests (guacsec#940)
- 08bbd69 Fix parallel ingest when guacgql is in docker. (guacsec#900)
- e1c36ff Fixed Stackoverflow for simpledoc (guacsec#958)
- 131eeab Fixed issue with Github client tests timing out (guacsec#906)
- a3d96a8 Fixed: Stackoverflow in internal/testing/dochelper (guacsec#946)
- 2360f60 Included tests and handled stack overflow error for parser (guacsec#907)
- e9063d4 Make ingestion from guacone parallel (guacsec#884)
- dad342b Remove DoesRangeInclude error testing (guacsec#926)
- a2d5192 Update spdx and osv libraries. (guacsec#908)
- 7d625e7 add docker context for snapshot and release build (guacsec#960)
- 1e89b83 add guac links to past presentations (guacsec#885)
- 1bf5d5e add support for 'githubactions' package types (guacsec#924)
- 7247869 build with goreleaser (guacsec#918)
- 4afe4f6 feat: add environment file for configuring docker compose (guacsec#901)
- e784f0e fix deps.dev unit test (guacsec#928)
- dcbfc56 fix docker build and check for goreleaser (guacsec#947)
- d46cbbd fix time equal check bug in certifyVuln and ensure that other match in the inmem database (guacsec#923)
- 6adc09e fix: logging typo (guacsec#961)
- 7b3c00b update gqlgen and gqlparser (guacsec#939)
- 2dff95e use POSIX compliant way to redirect file descriptor (guacsec#919)
- a67b116 use current docker context of host for buildx (guacsec#959)
- 81e180b use docker compose healthcheck (guacsec#944)
- 48579aa use goreleaser for local builds (guacsec#945)
v0.0.8
v0.0.7
Changelog
- 58fc9f9 add platform flag for multi arch build
- e3d2917 generate provenance for container image
- e57cd46 generate provenance for container image
- 4b5b77c generate provenance for container image
- ee76c23 generate sbom for all type
- 070929d generate sbom from fs
- 98deaa3 generate sbom from fs
- b805143 install ca-certs in container image
- 45851d4 install ca-certs in container image
v0.0.6
v0.0.5
Release Notes v0.0.5
- item 1
- item 2
- item 3