Skip to content

v0.1.0 — first tagged release

Choose a tag to compare

View all tags
@sharkyger sharkyger released this 26 Apr 13:20
· 56 commits to main since this release
v0.1.0
cfc0e44
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

First tagged release.

Highlights

  • Transitive dependency CVE checking for brew safe-install and brew safe-upgrade — every new dependency version coming in with the operation is checked against OSV.dev, GitHub Advisory, and NIST NVD before brew touches your system. Default-on. Already-installed deps that aren't changing are deliberately skipped (that's brew-vulns' job).
  • --no-deps flag and BREW_SAFE_NO_DEPS={1,true,yes} env var — per-invocation opt-out for power users. No persistent config file.
  • --min-age N — hold packages published less than N days ago, with CVE-aware bypass for the explicitly-named package.
  • --verify-sha — verify bottle SHA against formulae.brew.sh before upgrading.
  • Cask support for both wrappers.
  • macOS bash 3.2 compatible.

Pre-tag history

Several rounds of fixes and hardening landed before this first tag — see CHANGELOG.md for the grouped backfill.

Known follow-ups

Six items from the pre-merge multi-agent review have been filed as issues #19#24. None are blockers; each is a worthwhile improvement.

Assets 2
Loading