1.3.0
What's Changed
- Improve GHSA graph client error handling when rate-limited
- Show error message card when SPDX artifacts cannot be loaded
- Don't throw error when SVG artifact cannot be loaded
- Don't include SVG artifact when downloading the SPDX document
- Align security advisory severity colours with the Azure DevOps theme
- Condense the security advisories column width in the packages tables
- Increase the SPDX version to 2.3 if security advisories are added
- Add "Upload SPDX" menu option to quickly test different .spdx.json files; Only enabled in localhost environment
- Add the full GHSA security vulnerability data as "security url" external reference to packages
- Add task input option
enableManifestSpreadsheetGenerationfor XLSX spreadsheet generation - Add affected/patched versions to security advisory tab
- Add licenses tab
- Add suppliers tab
- Add vulnerability count columns to XLSX packages sheet
- Add more info to XLSX security advisories sheet
- Add XLSX licenses sheet
- Add XLSX suppliers sheet
- Add XLSX "fix available" column to security advisories sheet
- Order XLSX rows to match default sort order of UI
- Use wider columns in XLSX
- Parse SPDX license expressions in to individual license references rather than displaying the raw expression
- Parse PURL package manager name and url
- Use webpack to build and package the task files
- Use more verbose logging for XLSX and SVG generation
- When publishing the localhost package, always increment the task patch version to a higher number than previous package
Dependency Changes
- Bump husky from 9.1.6 to 9.1.7 by @dependabot in #9
- Bump @types/node from 22.9.0 to 22.9.1 by @dependabot in #10
- Bump @types/mocha from 10.0.9 to 10.0.10 by @dependabot in #8
- Bump prettier from 3.3.3 to 3.4.1 by @dependabot in #13
- Bump @types/node from 22.9.1 to 22.10.1 by @dependabot in #14
Full Changelog: 1.2.1...1.3.0
Contributors
dependabot