Skip to content

v0.1.11

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Jun 11:46
· 36 commits to main since this release
v0.1.11
This tag was signed with the committer’s verified signature.
mstykow Maxim Stykow
GPG key ID: F5C02B1B8770FC21
Verified
Learn about vigilant mode.
06e24f4
This commit was signed with the committer’s verified signature.
mstykow Maxim Stykow
GPG key ID: F5C02B1B8770FC21
Verified
Learn about vigilant mode.

What's Changed

  • docs(notice): indicate CC-BY-4.0 data modifications and third-party omission by @mstykow in #984
  • feat(notice): reproduce upstream notices verbatim and add a drift check by @mstykow in #985
  • docs(notice): trim Provenant preamble and make headings consistent by @mstykow in #986
  • docs(security): document serve API no-auth posture and deployment guidance by @mstykow in #1001
  • security(cache): verify payload integrity, use checked deserialization, restrict permissions by @mstykow in #1004
  • security(scanner): bound scans and stop following out-of-tree symlinks by @mstykow in #1003
  • security(serve): harden repository/URL ingestion against git-transport RCE and SSRF by @mstykow in #1002
  • enhancement(license-detection): avoid full embedded-artifact decode on warm startup by @mstykow in #1006
  • enhancement(parsers): malformed Cargo.toml fallback row and diagnostic by @mstykow in #1005
  • enhancement(parsers): central post-extraction declared-license and holder population by @mstykow in #1007
  • fix(parsers): correct post-extraction fallback referenced-filenames, CRLF holders, and slash guard by @mstykow in #1008
  • enhancement(compare): add package declared-license/holder content comparison axis by @mstykow in #1009
  • enhancement(xtask): surface package field-content axis in compare-outputs summary by @mstykow in #1010
  • fix(parsers): make declared-license derivation conservative for version-range idioms, bare URLs, and file pointers by @mstykow in #1011
  • fix(parsers): do not rewrite version-range idiom when other license operands follow by @mstykow in #1012
  • perf(copyright): guard HTML-entity decode chains on '&' presence by @mstykow in #1015
  • feat(xtask): add perf-ab A/B benchmarking helper and benchmark-perf-change skill by @mstykow in #1016
  • fix(license-detection): deterministic candidate iteration so deadline-truncated scans are reproducible by @mstykow in #1018
  • enhancement(parsers): npm lockfile per-package licenses by @mstykow in #1020
  • enhancement(copyright): fix residual holder over-capture and continuation/author mis-parses by @mstykow in #1019
  • enhancement(license-detection): rule-overmatch classifier and verified overlay additions by @mstykow in #1021
  • fix(deps): update rust crate allsorts to 0.17.0 by @renovate[bot] in #1023
  • enhancement(parsers): introspect JAR/WAR/AAR manifests and parse ivy.xml by @mstykow in #1025
  • enhancement(cache): add opt-in trust-mtime mode for incremental scans by @mstykow in #1024

Full Changelog: v0.1.10...v0.1.11

Contributors

renovate and mstykow
Assets 12
Loading