Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: create a new release #927

Merged
merged 35 commits into from
Nov 26, 2024
Merged

chore: create a new release #927

merged 35 commits into from
Nov 26, 2024

Conversation

behnazh-w
Copy link
Member

No description provided.

tromai and others added 30 commits September 16, 2024 16:33
@tromai
refactor!: remove --config-path from CLI (#844)
dc6f276 
Signed-off-by: Trong Nhan Mai <[email protected]>
@benmss
chore: move pom parser to parsers module (#863)
2af40f2 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@behnazh-w
chore: disable too-many-positional-arguments check in Pylint (#868)
70bad94 
Pylint version 3.3.0 has added a new check too-many-positional-arguments, which is causing our linter checks to fail. This PR disables this check similar to other opinionated too-many-* checks.

Signed-off-by: behnazh-w <[email protected]>
@behnazh-w
docs: add project links to pyproject.toml (#867)
c4dbe46 
Signed-off-by: behnazh-w <[email protected]>
@tromai
feat!: allow specifying the dependency depth resolution through CLI a…
38387e4 
…nd make dependency resolution off by default (#840)

Signed-off-by: Trong Nhan Mai <[email protected]>
@benmss
chore: improve commit finder accuracy (#862)
5c490f9 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
fix: prevent endless loop on 403 GitHub response (#866)
718c085 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@behnazh-w
chore: improve the indentation consistency of souffle Makefile goal (#…
e11be2d 
…878)

Signed-off-by: behnazh-w <[email protected]>
@behnazh-w
chore(deps): update SLSA verifier to version 2.6.0 (#879)
569f3f7 
Signed-off-by: behnazh-w <[email protected]>
@jenstroeger
chore: fix Makefile goal gnu-sed to handle brew, port, and GNU sed …
6ef2447 
…on macOS gracefully (#877)

Signed-off-by: Jens Troeger <[email protected]>
@dependabot
chore(deps): bump actions/setup-java from 4.2.1 to 4.4.0 (#884)
07d0a14
@dependabot
chore(deps): bump actions/checkout from 4.1.0 to 4.2.0 (#883)
0df909f
@behnazh-w
test: remove unnecessary integration tests for micronaut-test-junit5 (#…
4d3e4ad 
…880)

Signed-off-by: behnazh-w <[email protected]>
@jenstroeger
chore: add suggestion mode to pylint settings, and silence the “too m…
94504d4 
…any try statements” checker (#890)

Signed-off-by: Jens Troeger <[email protected]>
@jenstroeger
chore: fix pylint message consider-using-any-or-all (#881)
6b9742d 
Signed-off-by: Jens Troeger <[email protected]>
@jenstroeger
chore: fix pylint message use-set-for-membership (#882)
b23fab1 
Signed-off-by: Jens Troeger <[email protected]>
@jenstroeger
chore: fix pylint message overlapping-except (#886)
aebf879 
Signed-off-by: Jens Troeger <[email protected]>
@jenstroeger
chore: fix pylint message deprecated-typing-alias (#887)
bc89fe9 
Signed-off-by: Jens Troeger <[email protected]>
@jenstroeger
chore: fix pylint message else-if-used (#888)
7bb23d8 
Signed-off-by: Jens Troeger <[email protected]>
@behnazh-w
fix: fix a bug in GitHub Actions matrix variable resolution (#896)
6a210f4 
Signed-off-by: behnazh-w <[email protected]>
@behnazh-w
chore(deps): Update Go to v1.23 and golangci-lint to v1.61.0 (#905)
9ef9d50 
Signed-off-by: behnazh-w <[email protected]>
@mabdollahpour-ol
feat: verify whether the reported repository can be linked back to th…
3854a85 
…e artifact (#873)

Signed-off-by: Mohammad Abdollahpour <[email protected]>
@mabdollahpour-ol @behnazh-w
chore: address comments from PR#873 (#913)
7d3c63e 
This PR aims to address the remaining comments from PR#873.

- Generate API documents for modified and new code.
- Make the repository verification check generic.
- Fix repo verification fact parameter docs.

Signed-off-by: Mohammad Abdollahpour <[email protected]>
Co-authored-by: Behnaz Hassanshahi <[email protected]>
@behnazh-w
feat: add a new check to report the build tool (#914)
f39784a 
This pull request adds a new check that identifies whether a supported build tool configuration exists in the associated source code repository of a software component.

Signed-off-by: behnazh-w <[email protected]>
@benmss
feat: add command to run repo and commit finder without analysis (#827)
2d4582f 
This PR adds a new command, find-source, that runs the commit finder and repo finder on a given PURL whilst skipping analysis. It also optionally accepts a repo path, in which case only the commit finder will be called. The results of the operation show up in the logs, and are written to a file in a JSON report format.

Signed-off-by: Ben Selwyn-Smith <[email protected]>
@tromai
chore: update 3rd party license on deps.dev (#919)
16e28e6 
Signed-off-by: Trong Nhan Mai <[email protected]>
@benmss
docs: add tutorial for find source command (#920)
ab0dd3e 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
fix: block terminal prompts in find source (#918)
b65f0db 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@behnazh-w
refactor: accept provenance data in artifact pipeline check (#872)
4235041 
This PR renames `mcn_infer_artifact_pipeline_1` to `mcn_find_artifact_pipeline_1`. This check can support all the package registries now. When a verifiable provenance is found for an artifact, we use it to obtain the pipeline trigger. Otherwise, we use heuristics to find the triggering pipeline.

Signed-off-by: behnazh-w <[email protected]>
@behnazh-w
test(integration): handle missing steps info in GitHub API response (#…
baaff5f 
…923)

The GitHub API for some reason does not anymore return the steps information of the job that has published pkg:maven/io.micronaut.test/[email protected] even though it was published in Aug 2024, which is much earlier than the 400 retention policy. This PR raises a new exception to handle this case and allows the corresponding integration test to fail.

Signed-off-by: behnazh-w <[email protected]>
behnazh-w and others added 4 commits November 22, 2024 16:40
@behnazh-w
feat: report known malware for all ecosystems (#922)
b5afe0d 
If a package is already known to be malicious, this PR reports it as part of the mcn_detect_malicious_metadata_1 check. Additionally, two new integration tests for known Python and npm malware have been added.

Signed-off-by: behnazh-w <[email protected]>
@behnazh-w
docs: fix issues and improve the source finder tutorial (#924)
0720311 
Signed-off-by: behnazh-w <[email protected]>
@dependabot
chore(deps): bump mvdan.cc/sh/v3 from 3.7.0 to 3.10.0 (#903)
dca0365
@dependabot
chore(deps): update mypy requirement from <1.12,>=1.0.0 to >=1.0.0,<1…
72b1985 
….14 (#906)
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Nov 26, 2024
tromai
tromai previously approved these changes Nov 26, 2024
View reviewed changes
@behnazh-w behnazh-w merged commit 3dce3ce into main Nov 26, 2024
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tromai tromai tromai approved these changes

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@behnazh-w @tromai @benmss @jenstroeger @mabdollahpour-ol