Skip to content

v0.5.0

Compare
Choose a tag to compare
@kzantow kzantow released this 03 Apr 17:42
· 32 commits to main since this release
ee0b98b

This is the first release which includes a significant refactoring of this library and includes the ability to convert between SPDX document versions (2.1 - 2.3).

NOTE: This version has a major refactoring how to use the library. This is now much more streamlined. Prior to this change, it was required to import things like spdx/v2_2 and directly reference those version files. This refactoring moves usage to have a "common model", which ends up being the latest SPDX version, available at the same package across releases: github.com/spdx/tools-golang/spdx. This means when upgrading versions of tools-golang, you can always get the latest version supported by the library and support reading older versions due to the automatic conversions that the reading functions provide.

To get an idea of what is involved (it really isn't a lot of work), you can have a look at the Syft PR that upgraded to use the new interfaces: anchore/syft#1503

After upgrading to this usage pattern, subsequent updates of the tools-golang library will only require changes to your code if the latest model changes (for example, when 3.0 is implemented -- but your older 2.x files will still work fine to read in and export).

What's new

  • Refactor: maintain the latest SPDX model and provide conversions from previous by @kzantow in #172
  • Added more const for external reference to external.go by @neilnaveen in #188

Bug fixes

  • Fixed Bug For DocumentComment by @neilnaveen in #185 and #187
  • Improve SPDX document validation by @neilnaveen in #200
  • Read shortcut fields: documentDescribes and hasFiles by @kzantow in #201
  • JSON reading/writing sets appropriate PACKAGE-MANAGER enum based on version by @lumjjb in #204

New Contributors

Full Changelog: v0.4.0...v0.5.0