blob: ec50c5aa196b8bbc8af0da4c8b3db93b7c490261 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
Version 0.12.0
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.12.0] - 2020-04-14
### Added
- Add `--format csv` option to scan command.
- Add `--format table` option to scan command.
- Add `--index` option to `build` command.
- Add pypi index.
- Add maven index.
- Add support for parsing `yarn.lock` files.
- Add support for parsing `package-lock.json` files.
- Add `--pull` option to fetch latest cache before scan.
- Add support for parsing `composer.lock` files.
- Add support for loading custom plugins via the `--require` option.
### Changed
- Change the default `--format` to `table` for the scan command.
## [0.11.0] - 2020-03-20
### Added
- Add `--format` option to scan command.
- Read from offline `nuget` cache.
## [0.10.1] - 2020-03-16
### Fixed
- Update location of `rubygems` index data
## [0.10.0] - 2020-03-16
### Added
- Include additional ruby gem spec metadata.
- Install `spandx-index` as an index source
## [0.9.0] - 2020-03-12
### Added
- Add `--airgap` option to disable network traffic during scan.
- Add `--logfile` option to redirect logger output to a file.
### Fixed
- Switch to directory of `Gemfile.lock` to bypass error with `Bundler.root`.
## [0.8.0] - 2020-03-11
### Added
- Allow scanning a directory.
- Allow recursive scanning of a directory.
## [0.7.0] - 2020-03-11
### Changed
- Improve how the `nuget` index is built.
## [0.6.0] - 2020-03-03
### Added
- Add `spandx index update` command to fetch the latest `spandx-rubygems` index.
### Removed
- Drop `spandx-rubygems` dependency.
### Changed
- Pull latest `spandx-rubygems` index via git.
- Perform binary search on CSV index.
## [0.5.0] - 2020-02-13
### Added
- Add jaro winkler string similarity support.
- Attempt to resolve rubygems dependencies via `spandx-rubygems` index.
### Changed
- Make `text` and `jaro_winkler` gems a soft dependency.
## [0.4.1] - 2020-02-02
### Fixed
- Save license expression as string instead of array.
## [0.4.0] - 2020-02-02
### Added
- Add command to build offline index of nuget packages and their licenses.
## [0.3.0] - 2020-01-29
### Added
- Add `pom.xml` parser
### Changed
- Change minimum ruby from 2.5 to 2.4
## [0.2.0] - 2020-01-28
### Added
- Parse .NET `sln` files
- Add ability to choose Levenshtein algorithm
## [0.1.7] - 2020-01-28
### Added
- Handle `nil` licenses from rubygems.org API response
## [0.1.6] - 2020-01-27
### Added
- Scan csproj files that depend on other project files
- Replace licensee dependency with simple tokenizer
- Fetch license data from git clone of SPDX license list data
## [0.1.5] - 2020-01-23
### Added
- Exclude `nil` licenses from report
## [0.1.4] - 2020-01-23
### Added
- Add dependency on bundler
- Scan nuget `packages.config` files
- Scan dotnet `*.csproj` files
- Pull ruby gem license info from rubygems.org API V2.
## [0.1.3] - 2020-01-16
### Added
- Require `pathname`
## [0.1.2] - 2020-01-16
### Added
- Add CLI for `spandx scan <LOCKER>`
- Parse Gemfile.lock for dependencies.
- Parse Pipfile.lock for dependencies.
- Allow lookup for a specific license by id
## [0.1.1] - 2019-10-05
### Added
- Provide ruby API to the latest SPDX catalogue.
[Unreleased]: https://github.com/mokhan/spandx/compare/v0.12.0...HEAD
[0.12.0]: https://github.com/mokhan/spandx/compare/v0.11.0...v0.12.0
[0.11.0]: https://github.com/mokhan/spandx/compare/v0.10.1...v0.11.0
[0.10.1]: https://github.com/mokhan/spandx/compare/v0.10.0...v0.10.1
[0.10.0]: https://github.com/mokhan/spandx/compare/v0.9.0...v0.10.0
[0.9.0]: https://github.com/mokhan/spandx/compare/v0.8.0...v0.9.0
[0.8.0]: https://github.com/mokhan/spandx/compare/v0.7.0...v0.8.0
[0.7.0]: https://github.com/mokhan/spandx/compare/v0.6.0...v0.7.0
[0.6.0]: https://github.com/mokhan/spandx/compare/v0.5.0...v0.6.0
[0.5.0]: https://github.com/mokhan/spandx/compare/v0.4.1...v0.5.0
[0.4.1]: https://github.com/mokhan/spandx/compare/v0.4.0...v0.4.1
[0.4.0]: https://github.com/mokhan/spandx/compare/v0.3.0...v0.4.0
[0.3.0]: https://github.com/mokhan/spandx/compare/v0.2.0...v0.3.0
[0.2.0]: https://github.com/mokhan/spandx/compare/v0.1.7...v0.2.0
[0.1.7]: https://github.com/mokhan/spandx/compare/v0.1.6...v0.1.7
[0.1.6]: https://github.com/mokhan/spandx/compare/v0.1.5...v0.1.6
[0.1.5]: https://github.com/mokhan/spandx/compare/v0.1.4...v0.1.5
[0.1.4]: https://github.com/mokhan/spandx/compare/v0.1.3...v0.1.4
[0.1.3]: https://github.com/mokhan/spandx/compare/v0.1.2...v0.1.3
[0.1.2]: https://github.com/mokhan/spandx/compare/v0.1.1...v0.1.2
[0.1.1]: https://github.com/mokhan/spandx/compare/v0.1.0...v0.1.1
|
