0.44.0
New Features
- Add per-test repository URL override functionality by @shokakucarrier in #1185
- enhancement: allow relative paths for generic lockfiles by @derasdf in #1184
- Use pydantic-settings to manage Hermeto app config by @taylormadore in #981
- Prepare SBOM for permissive mode annotations by @slimreaper35 in #1201
Internal
- tests: Update the base image for generic_e2e_maven tests by @sswguo in #1180
- .github: dependabot: Ignore updates to Golang/Node images via config by @eskultety in #1194
- chore(gemini): add style guide rules by @MartinBasti in #1182
- gomod: Add frozen=True to _ParsedModel to enable set-based test comparisons by @sswguo in #1186
- Delete historic runtime.txt dependabot file by @slimreaper35 in #1197
- gomod: Add a clarifying commentary on the matching toolchain selection by @eskultety in #1199
- design: Adding proxy support to Hermeto by @a-ovchinnikov in #1170
- chore(errors): drop docs URLs from pip and gomod messages by @derasdf in #1218
- chore: Drop unused .from_package_dict() from SBOMs by @a-ovchinnikov in #1226
Bug Fixes
- fix: prefer strongest hash when parsing SRI strings by @derasdf in #1200
- fix: merge SBOM components when deduping by @derasdf in #1210
- Fix externalReferences field serialization in SBOM by @slimreaper35 in #1216
- tests: unit: go: Fix test_select_toolchain taking too long to execute by @eskultety in #1225
Full Changelog: 0.43.0...0.44.0
Contributors
sswguo, a-ovchinnikov, and 6 other contributors