Skip to content

cachito-1.5.0
Compare
Choose a tag to compare
@taylormadore taylormadore released this 23 Feb 19:11
· 232 commits to master since this release
cachito-1.5.0
888df03

Minimum required Python version

  • 3.11

API changes

  • new /sbom?requests=id1,id2 endpoint with sbom in CycloneDX format, for requested request ids

Bug Fixes

  • Cachito now properly identifies NPM 'file:' dependencies that point to workspaces
    • previously, this only worked if the name of the dependency was exactly the same as the workspace path
    • Added additional integration test coverage
      not all the same
    • workspaces are still not supported for Yarn, only NPM
  • When processing gomod dependencies, all invocations of the "go list" command now use the "-e" flag to suppress erroneous errors
  • Dependency version updates to address CVEs:
    • Bump prometheus-flask-exporter to 0.22.0
    • Bump pydantic to 1.10.5
    • Bump werkzeug to 2.2.3

Incompatible changes

  • None

Improvements

  • Cachito images now use a fedora 37 base image, which includes go 1.19
Assets 2
Loading