Releases: containerbuildsystem/cachito
Releases · containerbuildsystem/cachito
cachito-1.6.0
Minimum required Python version
- 3.11
API changes
- Connexion is now used to validate API input according to the OpenAPI spec
Bug Fixes
- Dependency version updates to address CVEs:
- Bump cryptography to address GHSA-x4qr-2fvf-3mr5 and GHSA-w7pp-m8wf-vj6r
- Bump prometheus-flask-exporter to 0.22.3
- Bump pytest to 7.2.2
Incompatible changes
- None
Improvements
- None
cachito-1.5.0
Minimum required Python version
- 3.11
API changes
- new
/sbom?requests=id1,id2endpoint with sbom in CycloneDX format, for requested request ids
Bug Fixes
- Cachito now properly identifies NPM 'file:' dependencies that point to workspaces
- previously, this only worked if the name of the dependency was exactly the same as the workspace path
- Added additional integration test coverage
not all the same - workspaces are still not supported for Yarn, only NPM
- When processing gomod dependencies, all invocations of the "go list" command now use the "-e" flag to suppress erroneous errors
- Dependency version updates to address CVEs:
- Bump prometheus-flask-exporter to 0.22.0
- Bump pydantic to 1.10.5
- Bump werkzeug to 2.2.3
Incompatible changes
- None
Improvements
- Cachito images now use a fedora 37 base image, which includes go 1.19
cachito-1.4.0
Minimum required Python version
- 3.10
API changes
- None
Bug Fixes
- pip uses PEP 517 in pip_find_builddeps script
- Updated integration test data for go 1.18.9 stdlib additions
- Dependency version updates to address CVEs:
- Bump flask to 2.2.2
- Bump flask-migrate to 4.0.4
- Bump gitpython to address CVE GHSA-hcpj-qp55-gfph
- Bump greenlet to 2.0.2
- Bump pytest to 7.2.1
Incompatible changes
- None
Improvements
- Allowed gomod local replacements from parent directories
cachito-1.3.0
Minimum required Python version
- 3.10
API changes
- None
Bug Fixes
- Dependency version updates to address CVEs
- Bump jsonschema to 4.17.3
- Bump certifi to 2022.12.7
- Bump setuptools to 65.6.3
- Bump flask-migrate to 4.0.1
- Bump sqlalchemy to 1.4.46
- Bump pydantic to 1.10.4
- Bump pytest-asyncio to 0.20.3
- Gomod dependencies are no longer downloaded to deps/gomod when the gomod-vendor-check flag is set
- Git submodules are correctly updated when the submodule repository does not have a branch called "master"
- Added retries when attempting to download javascript dependencies
Incompatible changes
- None
Improvements
- None
cachito-1.2.0
Minimum required Python version
- 3.10
API changes
- None
Bug Fixes
- Bump cryptography version to address GHSA-39hc-v87j-747x
- Address CVE-2007-4559
- Dependency version updates to address CVEs:
- Bump prometheus-flask-exporter to 0.21.0
- Bump sqlalchemy to 1.4.44
- Bump flask-migrate to 4.0.0
- Bump jsonschema to 4.17.0
- Bump psycopg2-binary to 2.9.5
- Bump greenlet to 2.0.1
- Bump pytest to 7.2.0
Incompatible changes
- None
Improvements
- Download npm dependencies concurrently (concurrency level configurable, default 5)
- Finish implementation of rubygems support 💎
- Validate supported package managers before creating a request
- Use setuptools-scm for versioning the cachito package
- Enhancements to the cachito OpenAPI specification
cachito-1.1.0
Minimum required Python version
- 3.10
API changes
- Fail a request if a Go workspace exists in the repository
Bug Fixes
- Dependency version updates to address CVEs:
- Bump pytest-cov from 3.0.0 to 4.0.0
- Bump jsonschema from 4.2.1 to 4.16.0
- Bump pydantic from 1.9.1 to 1.10.2
- Bump sqlalchemy from 1.4.39 to 1.4.41
- Bump prometheus-flask-exporter from 0.20.2 to 0.20.3
- Bump greenlet from 1.1.2 to 1.1.3
- Bump flask-login from 0.6.1 to 0.6.2
- Bump pytest from 6.2.5 to 7.1.3
- Bump mako to version 1.2.2
Incompatible changes
- None
Improvements
- Remove Python 3.9 tests
- Bump Cachito base images to Fedora 36
- Runtime binary updates:
- Bump Go from 1.17 to 1.18
- Bump Npm from 8.0.0 to 8.3.1
- Bump Node from 16.11.0 to 16.14.0
- Bump Pip from 21.2.3 to 21.3.1
- Bump Python from 3.10.0 to 3.10.6
- Bump Git from 2.32.0 to 2.37.3
cachito-1.0.1
Minimum required Python version
- 3.9
API changes
- None
Bug Fixes
- Hotfix for UploadError/NetworkError exception handling
Incompatible changes
- None
Improvements
- Cachito should not fail on already uploaded package
cachito-1.0.0
Minimum required Python version
- 3.9
API changes
- Added error_origin and error_type parameters for /requests/id
- Added client/server error count to /requests-metrics/summary
Bug Fixes
- Pinned git to v2.32.0 to avoid ownership failures
Incompatible changes
- None
Improvements
- Added new table RequestError to database
- Added several error types and appropriate origins (client/server)
- Purl generation is moved to its own module
- Improved exception handling and its logs
sprint-36
Bump setuptools from 57.4.0 to 58.0.4 Bumps [setuptools](https://github.com/pypa/setuptools) from 57.4.0 to 58.0.4. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v57.4.0...v58.0.4) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
sprint-35
Bump sqlalchemy from 1.4.22 to 1.4.23 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.22 to 1.4.23. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>