Skip to content

Commit c5a464c

Browse files
authored
Merge branch 'main' into fix/reference-id-length
2 parents 0d3b984 + 7cdf304 commit c5a464c

223 files changed

Lines changed: 17652 additions & 8240 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/pypi-release-aboutcode-federated.yml

Lines changed: 0 additions & 34 deletions
This file was deleted.

.github/workflows/pypi-release.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,3 +85,5 @@ jobs:
8585
- name: Publish to PyPI
8686
if: startsWith(github.ref, 'refs/tags/')
8787
uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
88+
with:
89+
verbose: true

CHANGELOG.rst

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,91 @@
11
Release notes
22
=============
33

4+
Version v40.0.1
5+
---------------------
6+
7+
- Add throttling info in API docs, remove V1 and V2 API docs.
8+
- Avoid converting None to "None" in AdvisorySeverity.
9+
- Refine package curation workflow.
10+
11+
12+
Version v40.0.0
13+
---------------------
14+
15+
- Fix malformed CVSS severity scores.
16+
- Disable v1 API, UI & pipelines.
17+
18+
19+
Version v39.0.0
20+
---------------------
21+
22+
- WARNING: Vulnerablecode V1 API and UI has stopped supporting Ubuntu OVAL advisories, please shift to V3 API for new Ubuntu advisories.
23+
- WARNING: We will deprecate improver pipelines for calculating package version rank and grouping advisories for packages.
24+
- Add attribute ``pipeline_id`` to AdvisoryV2 to track the pipeline that created the advisory, also rename existing ``datasource_id`` and AVIDs.
25+
- We will group advisories for packages and calculate package risk score and advisory risk score only when an advisory is completely unfurled,
26+
this will improve consistency of the data. In future if we change our grouping approach we have to make a migration to mark all advisories
27+
as not unfurled, so they can be goruped again with the new algo.
28+
- Create a pipeline to continuously collect various URLs and archive them #2233.
29+
- Add GitHub PoC collector #2024.
30+
- Collect existing fix commits for Linux Kernel #1989.
31+
- Add support for Reference Fix Commits improver #2163.
32+
- Add support for glib importer #2118.
33+
- Update federated library to work with the latest federation config #2310.
34+
- Add datasource ID #2309.
35+
- feat: add UI to expose curation queue
36+
- Add support for parsing Git commit messages
37+
- Add curation dashboard to resolve conflicting package version range
38+
- Change architecture to import and marking advisories as usable
39+
- Correct logic for non vuln versions
40+
- Fix exploit ehancement pipelines
41+
- Add a user agent with documentation
42+
- Increase frequency and priority for critical pipelines
43+
- Add ALTCHA verification in UI
44+
- Add API/ UI support for Patch/PackageCommitPatch
45+
- Fix failing V2 pipelinea
46+
- Improve altcha challenge flow and reduce session timeout (https://github.com/aboutcode-org/vulnerablecode/pull/2348)
47+
48+
49+
Version v38.6.0
50+
---------------------
51+
52+
- fix: add missing clean_downloads step for alpine_linux v2 importer (https://github.com/aboutcode-org/vulnerablecode/pull/2282)
53+
- fix: fix AdvisoryDataV2 deserialization and validate version ranges correctly (https://github.com/aboutcode-org/vulnerablecode/pull/2285)
54+
- fix: ignore conflicts while bulk creating v2 packages (https://github.com/aboutcode-org/vulnerablecode/pull/2289)
55+
- fix: use shared cache backend across WSGI workers (https://github.com/aboutcode-org/vulnerablecode/pull/2290)
56+
- fix: delete AdvisorySet associated with malformed aliases (https://github.com/aboutcode-org/vulnerablecode/pull/2291)
57+
58+
59+
Version v38.5.0
60+
---------------------
61+
62+
- fix: Make package_url field unique for PackageV2
63+
64+
Version v38.4.0
65+
---------------------
66+
67+
- fix: run pipeline scheduling jobs in respective queues (https://github.com/aboutcode-org/vulnerablecode/pull/2263)
68+
- feat: show queue load factors on the pipeline dashboard (https://github.com/aboutcode-org/vulnerablecode/pull/2264)
69+
70+
Version v38.3.0
71+
---------------------
72+
73+
- feat: add high priority queue and run version range unfurling pipeline more frequently (https://github.com/aboutcode-org/vulnerablecode/pull/2256)
74+
75+
Version v38.1.0
76+
---------------------
77+
78+
- Throttle UI to 15 requests per minute to avoid abuse and improve performance.
79+
- Handle errors in unfurl_version_range pipeline.
80+
- Remove Todo pipeline from v1 pipelines.
81+
- Add openAPI documentation for Package and Advisory viewset.
82+
83+
Version v38.0.0
84+
---------------------
85+
86+
- This is a major version, we have changed our V3 API, refer to ``api_v3_usage.rst`` for details.
87+
- We have started grouping advisories which have aliases or identifiers in common and also affect same set of packages together.
88+
489
Version v37.0.0
590
---------------------
691

PIPELINES-AVID.rst

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,13 @@
1-
.. list-table:: Pipeline AVID Mapping
1+
.. list-table:: Pipeline Advisory UID Mapping
22
:header-rows: 1
33
:widths: 35 65
44

55
* - pipeline name
6-
- AVID
6+
- Advisory UID
7+
- datasource name
78
* - alpine_linux_importer_v2
89
- {package_name}/{distroversion}/{version}/{vulnerability_id}
10+
- alpine_linux
911
* - aosp_dataset_fix_commits
1012
- CVE ID of the record
1113
* - apache_httpd_importer_v2
@@ -55,7 +57,7 @@
5557
* - project-kb-statements_v2
5658
- Vulnerability ID of the record
5759
* - pypa_importer_v2
58-
- ID of the OSV record
60+
- {package_name}/{ID of the OSV record}
5961
* - pysec_importer_v2
6062
- ID of the OSV record
6163
* - redhat_importer_v2

aboutcode/federated/CHANGELOG.rst

Lines changed: 0 additions & 9 deletions
This file was deleted.

aboutcode/federated/README.rst

Lines changed: 0 additions & 69 deletions
This file was deleted.

0 commit comments

Comments
 (0)