Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prepare release 0.2.1 #1193

Merged
merged 41 commits into from
Jan 23, 2025
Merged

Prepare release 0.2.1 #1193

merged 41 commits into from
Jan 23, 2025
+8,905 −3,027

Conversation

ctron
Copy link
Contributor

@ctron ctron commented Jan 23, 2025

This includes:

  • Back porting main branch to release branch
  • Update Rust (due to dependencies)
  • Update code to make newer clippy happy
  • Fix an issue due to the new trait resolver
  • Update dependencies

ctron and others added 30 commits January 17, 2025 14:24
@ctron
feat: allow locating by CPE
0693b5c
@ctron
feat: add a way to find related SBOMs by CPE
52fce44 
Also, get rid of the central analysis graph instance.
@ctron
chore: cleanup
3f16a24
@ctron
test: add or amend some test for CPE
75e5190
@ctron
chore: add purl and cpe identity ingestion for cdx
280ad9e
@ctron
chore: rework cdx ingestion to also ingest some pedigree information
7233612 
This main motivation was to have multiple purls/cpes available. I guess
this also fixed other issues.
@ctron
test: add test for aliases on ancestor
99002aa
@ctron
chore: relax urlencoding on purl qualifier values
3f0d86a
@ctron
test: enable one more test after not having a global instance
c7be980
@JimFuller-RedHat
allow more relationships in analysis graph
2d16653
@mrizzi @dejanb
OSV loader: set properly VersionScheme in version_range
e3783b2 
Signed-off-by: mrizzi <[email protected]>
@jcrossley3
fix: /api/v2/purl/{purl} now honors qualifiers, or lack thereof
a4b12cd 
Fixes trustification#1158

Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
Refactor the purl_by's a bit
9573043 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3 @ctron
Add unit test affirming TC-2051
38740d1 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3 @JimFuller-RedHat
feat: create VariantOf relationship from cdx pedigree/variants
63f9ada 
Fixes trustification#1147

Only analysis endpoints affected, no change to /api/v2/purl endpoint.

Signed-off-by: Jim Crossley <[email protected]>
@ctron
refactor: re-use some code, add endpoint for single component
7d39379
@ctron
chore: regenerate api spec
31acd1f
@jcrossley3
feat: create AncestorOf relationship from cdx pedigree/ancestors
532a12a 
Fixes trustification#1151

Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
Clarify the parent and child purl's in the unit test
a532dd8 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
Add unit test affirming TC-2053
009295b 
See https://issues.redhat.com/browse/TC-2053

This doesn't include relationships in the response of /api/v2/purl as
there's a pending request to remove that requirement.

Signed-off-by: Jim Crossley <[email protected]>
@ctron
test: add test for load performance
3096472
@ctron
chore: start working on performance
843b26b
@ctron
chore: work on graph loading performance
40d1c42
@ctron
chore: fix up tests after graph load changes
e0c5ba7
@ctron
chore: make clippy happy
cd155b7
@jcrossley3
Revert exposing relationships via /api/v2/purl endpoint
3e46969 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
Rename tests to reflect their use instead of downstream issue #'s
4c4e8be 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
Update openapi.yaml after removing relationships from purl endpoint
372228f 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
clippiness
6470938 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
fix: infinite loop when invalid file passed to Format::from_bytes
c9b7fe4 
At present, only our test fixtures call `Format::from_bytes` and we
obviously don't currently pass invalid docs to our tests. But if we
expose this behavior to users, we'll want to prevent infinite loops
attempting to ingest invalid docs of an unknown format.

Signed-off-by: Jim Crossley <[email protected]>
jcrossley3 and others added 10 commits January 21, 2025 19:54
@jcrossley3
clipilicious
1c1f900 
Signed-off-by: Jim Crossley <[email protected]>
@chirino
Add support for spdx "relationshipType": "PACKAGE_OF"
ca799fa 
Part of issue trustification#1140

Signed-off-by: Hiram Chirino <[email protected]>
@chirino @jcrossley3
Apply suggestions from code review
f54d171 
Co-authored-by: Jim Crossley <[email protected]>
@dejanb
fix: sbom license migration to update nulls
b048e4b
@ctron
fix: report CPE parsing as "bad request"
efc14da 
Right now, it is being reported as an internal server error.
@jcrossley3
Affirm AncestorOf relationship for SPDX files
cdb4d9d 
Fixes trustification#1178

Signed-off-by: Jim Crossley <[email protected]>
@helio-frota @ctron
feat: Seeing OTEL traces at development time
27e5482 
* Adds a compose with Jaeger and OTELCOL
* Fixes a problem with actix-web tracing
@ctron
fix(analysis): aggregate in way that we don't have duplicate purls/cpes
feb530a 
Also, add a test for aliases with SPDX
@ctron
chore: update Rust to 1.84
616bbf0 
This is required be dependencies.
@ctron
chore: prepare release 0.2.1
3ba71e4
@ctron ctron requested a review from helio-frota January 23, 2025 16:29
@ctron ctron merged commit 21b70d3 into trustification:release/0.2.z Jan 23, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@helio-frota helio-frota helio-frota approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ctron @helio-frota @JimFuller-RedHat @mrizzi @jcrossley3 @chirino @dejanb