diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 781db139..2c38095d 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -8,7 +8,7 @@ jobs: - uses: actions/checkout@v1 #equivlent to running git fetch and git checkout latest - uses: actions/setup-python@v1 # setup python3 environment with: - python-version: '3.7' + python-version: '3.8' - name: Setup run: | sudo apt-get install -y attr @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: - python-version: '3.7' + python-version: '3.8' - name: Setup run: | sudo apt-get install -y attr @@ -39,7 +39,7 @@ jobs: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: - python-version: '3.7' + python-version: '3.8' - name: Setup run: | sudo apt-get install -y attr @@ -55,7 +55,7 @@ jobs: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: - python-version: '3.7' + python-version: '3.8' - name: Setup run: | sudo apt-get update && sudo apt-get install -y attr openjdk-8-jdk-headless maven @@ -74,7 +74,7 @@ jobs: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: - python-version: '3.7' + python-version: '3.8' - name: Setup run: | sudo apt-get install -y attr diff --git a/README.md b/README.md index 0ffd1012..2e5718eb 100644 --- a/README.md +++ b/README.md @@ -394,17 +394,16 @@ $ python tests/.py ``` ## Project Status -Release 2.10.1 is out! See the [release notes](docs/releases/v2_10_1.md) for more information. +Release 2.11.0 is out! See the [release notes](docs/releases/v2_11_0.md) for more information. -We try to keep the [project roadmap](./docs/project-roadmap.md) as up to date as possible. We are currently working on Release 2.11.0. +We try to keep the [project roadmap](./docs/project-roadmap.md) as up to date as possible. ## Recent Past Releases -Be advised: version 2.4.0 and below contain a high-severity security vulnerability (CVE-2021-28363). Please update to version 2.5.0 or later. +* [v2.10.1](docs/releases/v2_10_1.md) * [v2.9.1](docs/releases/v2_9_1.md) * [v2.8.0](docs/releases/v2_8_0.md) * [v2.7.0](docs/releases/v2_7_0.md) * [v2.6.1](docs/releases/v2_6_1.md) -* [v2.5.0](docs/releases/v2_5_0.md) ## Documentation Architecture, function blocks, code descriptions and the project roadmap are located in the docs folder. Contributions to the documentation are welcome! See the [contributing guide](/CONTRIBUTING.md) to find out how to submit changes. diff --git a/docs/project-roadmap-archive.md b/docs/project-roadmap-archive.md index 4dad7644..e1b8b3ae 100644 --- a/docs/project-roadmap-archive.md +++ b/docs/project-roadmap-archive.md @@ -1,5 +1,10 @@ +## 2022-12-16 +### 2022 +- [Create an API to run Tern as a service in Kubernetes](https://github.com/tern-tools/tern/issues/1112): This work has been tabled due to lack of maintainer resources. +- Improve test report validation + ## 2021-12-15 -###2021 +### 2021 Our goal is to meet these requirements by the end of the year. - We will continue investigating how we can run Tern without root privileges. - We want to transition away from using the Docker Python library to pull container images from Dockerhub. For motivation and context, see the Kubernetes [announcement](https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/) and past [discussion](https://github.com/tern-tools/meetings/blob/main/minutes/04-13-2021.md) on the topic from Tern's community meeting. diff --git a/docs/project-roadmap.md b/docs/project-roadmap.md index fb08e113..ac5f8315 100644 --- a/docs/project-roadmap.md +++ b/docs/project-roadmap.md @@ -1,14 +1,8 @@ # Project Road Map -## 2022 -- [Create an API to run Tern as a service in Kubernetes](https://github.com/tern-tools/tern/issues/1112) -- Improve test report validation -- The usual bug fixing/technical debt cleanup +Tern is an open source project with limited resources. In 2023 we will primarily focus on bug fixing and step back from active feature development. - -We will also continue to work on the following: -- We will continue to support the SPDX format for container images. To that end, we will make changes to update the format of the document as the [spec](https://spdx.github.io/spdx-spec/) evolves. -- As usual, we will continue to work on our technical debt and bug fixes. +We will continue to support the SPDX format for container images. To that end, we will make changes to update the format of the document as the [spec](https://spdx.github.io/spdx-spec/) evolves. This timetable is based on time, resources and feedback from you and will change accordingly. diff --git a/docs/releases/v2_11_0-requirements.txt b/docs/releases/v2_11_0-requirements.txt new file mode 100644 index 00000000..e83e1188 --- /dev/null +++ b/docs/releases/v2_11_0-requirements.txt @@ -0,0 +1,232 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --generate-hashes --output-file=v2_11_0-requirements.txt +# +attrs==22.1.0 \ + --hash=sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6 \ + --hash=sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c + # via debian-inspector +boolean-py==4.0 \ + --hash=sha256:17b9a181630e43dde1851d42bef546d616d5d9b4480357514597e78b203d06e4 \ + --hash=sha256:2876f2051d7d6394a531d82dc6eb407faa0b01a0a0b3083817ccd7323b8d96bd + # via license-expression +certifi==2022.12.7 \ + --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \ + --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18 + # via requests +chardet==5.1.0 \ + --hash=sha256:0d62712b956bc154f85fb0a266e2a3c5913c2967e00348701b32411d6def31e5 \ + --hash=sha256:362777fb014af596ad31334fde1e8c327dfdb076e1960d1694662d46a6917ab9 + # via debian-inspector +charset-normalizer==2.1.1 \ + --hash=sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845 \ + --hash=sha256:83e9a75d1911279afd89352c68b45348559d1fc0506b054b346651b5e7fee29f + # via requests +debian-inspector==31.0.0 \ + --hash=sha256:46094f953464b269bb09855eadeee3c92cb6b487a0bfa26eba537b52cc3d6b47 \ + --hash=sha256:db477fd2da64f832ad0d24797052055c44d530c79fa3df417b18cb00d26cfddc + # via -r requirements.in +docker==6.0.1 \ + --hash=sha256:896c4282e5c7af5c45e8b683b0b0c33932974fe6e50fc6906a0a83616ab3da97 \ + --hash=sha256:dbcb3bd2fa80dca0788ed908218bf43972772009b881ed1e20dfc29a65e49782 + # via -r requirements.in +dockerfile-parse==2.0.0 \ + --hash=sha256:21fe7d510642f2b61a999d45c3d9745f950e11fe6ba2497555b8f63782b78e45 \ + --hash=sha256:d8d9100f8255914378bc0524ffaad68ef043885b0fb40a6936b1bba458f40c3f + # via -r requirements.in +gitdb==4.0.10 \ + --hash=sha256:6eb990b69df4e15bad899ea868dc46572c3f75339735663b81de79b06f17eb9a \ + --hash=sha256:c286cf298426064079ed96a9e4a9d39e7f3e9bf15ba60701e95f5492f28415c7 + # via gitpython +gitpython==3.1.29 \ + --hash=sha256:41eea0deec2deea139b459ac03656f0dd28fc4a3387240ec1d3c259a2c47850f \ + --hash=sha256:cc36bfc4a3f913e66805a28e84703e419d9c264c1077e537b54f0e1af85dbefd + # via -r requirements.in +idna==3.4 \ + --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \ + --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2 + # via requests +license-expression==30.0.0 \ + --hash=sha256:ad638292aa8493f84354909b517922cb823582c2ce2c4d880e42544a86bea8dd \ + --hash=sha256:e95325110110eb2b7539ee7773b97a0724d5371ec563cc718c8cac0e38cc40cc + # via -r requirements.in +packageurl-python==0.10.4 \ + --hash=sha256:5c91334f942cd55d45eb0c67dd339a535ef90e25f05b9ec016ad188ed0ef9048 \ + --hash=sha256:bf8a1ffe755634776f6563904d792fb0aa13b377fc86115c36fe17f69b6e59db + # via -r requirements.in +packaging==22.0 \ + --hash=sha256:2198ec20bd4c017b8f9717e00f0c8714076fc2fd93816750ab48e2c41de2cfd3 \ + --hash=sha256:957e2148ba0e1a3b282772e791ef1d8083648bc131c8ab0c1feba110ce1146c3 + # via docker +pbr==5.11.0 \ + --hash=sha256:b97bc6695b2aff02144133c2e7399d5885223d42b7912ffaec2ca3898e673bfe \ + --hash=sha256:db2317ff07c84c4c63648c9064a79fe9d9f5c7ce85a9099d4b6258b3db83225a + # via + # -r requirements.in + # stevedore +prettytable==3.5.0 \ + --hash=sha256:52f682ba4efe29dccb38ff0fe5bac8a23007d0780ff92a8b85af64bc4fc74d72 \ + --hash=sha256:fe391c3b545800028edf5dbb6a5360893feb398367fcc1cf8d7a5b29ce5c59a1 + # via -r requirements.in +pyyaml==6.0 \ + --hash=sha256:01b45c0191e6d66c470b6cf1b9531a771a83c1c4208272ead47a3ae4f2f603bf \ + --hash=sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293 \ + --hash=sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b \ + --hash=sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57 \ + --hash=sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b \ + --hash=sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4 \ + --hash=sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07 \ + --hash=sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba \ + --hash=sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9 \ + --hash=sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287 \ + --hash=sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513 \ + --hash=sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0 \ + --hash=sha256:432557aa2c09802be39460360ddffd48156e30721f5e8d917f01d31694216782 \ + --hash=sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0 \ + --hash=sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92 \ + --hash=sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f \ + --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 \ + --hash=sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc \ + --hash=sha256:81957921f441d50af23654aa6c5e5eaf9b06aba7f0a19c18a538dc7ef291c5a1 \ + --hash=sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c \ + --hash=sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86 \ + --hash=sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4 \ + --hash=sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c \ + --hash=sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34 \ + --hash=sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b \ + --hash=sha256:afa17f5bc4d1b10afd4466fd3a44dc0e245382deca5b3c353d8b757f9e3ecb8d \ + --hash=sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c \ + --hash=sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb \ + --hash=sha256:bfaef573a63ba8923503d27530362590ff4f576c626d86a9fed95822a8255fd7 \ + --hash=sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737 \ + --hash=sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3 \ + --hash=sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d \ + --hash=sha256:d4b0ba9512519522b118090257be113b9468d804b19d63c71dbcf4a48fa32358 \ + --hash=sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53 \ + --hash=sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78 \ + --hash=sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803 \ + --hash=sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a \ + --hash=sha256:dbad0e9d368bb989f4515da330b88a057617d16b6a8245084f1b05400f24609f \ + --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \ + --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5 + # via -r requirements.in +regex==2022.10.31 \ + --hash=sha256:052b670fafbe30966bbe5d025e90b2a491f85dfe5b2583a163b5e60a85a321ad \ + --hash=sha256:0653d012b3bf45f194e5e6a41df9258811ac8fc395579fa82958a8b76286bea4 \ + --hash=sha256:0a069c8483466806ab94ea9068c34b200b8bfc66b6762f45a831c4baaa9e8cdd \ + --hash=sha256:0cf0da36a212978be2c2e2e2d04bdff46f850108fccc1851332bcae51c8907cc \ + --hash=sha256:131d4be09bea7ce2577f9623e415cab287a3c8e0624f778c1d955ec7c281bd4d \ + --hash=sha256:144486e029793a733e43b2e37df16a16df4ceb62102636ff3db6033994711066 \ + --hash=sha256:1ddf14031a3882f684b8642cb74eea3af93a2be68893901b2b387c5fd92a03ec \ + --hash=sha256:1eba476b1b242620c266edf6325b443a2e22b633217a9835a52d8da2b5c051f9 \ + --hash=sha256:20f61c9944f0be2dc2b75689ba409938c14876c19d02f7585af4460b6a21403e \ + --hash=sha256:22960019a842777a9fa5134c2364efaed5fbf9610ddc5c904bd3a400973b0eb8 \ + --hash=sha256:22e7ebc231d28393dfdc19b185d97e14a0f178bedd78e85aad660e93b646604e \ + --hash=sha256:23cbb932cc53a86ebde0fb72e7e645f9a5eec1a5af7aa9ce333e46286caef783 \ + --hash=sha256:29c04741b9ae13d1e94cf93fca257730b97ce6ea64cfe1eba11cf9ac4e85afb6 \ + --hash=sha256:2bde29cc44fa81c0a0c8686992c3080b37c488df167a371500b2a43ce9f026d1 \ + --hash=sha256:2cdc55ca07b4e70dda898d2ab7150ecf17c990076d3acd7a5f3b25cb23a69f1c \ + --hash=sha256:370f6e97d02bf2dd20d7468ce4f38e173a124e769762d00beadec3bc2f4b3bc4 \ + --hash=sha256:395161bbdbd04a8333b9ff9763a05e9ceb4fe210e3c7690f5e68cedd3d65d8e1 \ + --hash=sha256:44136355e2f5e06bf6b23d337a75386371ba742ffa771440b85bed367c1318d1 \ + --hash=sha256:44a6c2f6374e0033873e9ed577a54a3602b4f609867794c1a3ebba65e4c93ee7 \ + --hash=sha256:4919899577ba37f505aaebdf6e7dc812d55e8f097331312db7f1aab18767cce8 \ + --hash=sha256:4b4b1fe58cd102d75ef0552cf17242705ce0759f9695334a56644ad2d83903fe \ + --hash=sha256:4bdd56ee719a8f751cf5a593476a441c4e56c9b64dc1f0f30902858c4ef8771d \ + --hash=sha256:4bf41b8b0a80708f7e0384519795e80dcb44d7199a35d52c15cc674d10b3081b \ + --hash=sha256:4cac3405d8dda8bc6ed499557625585544dd5cbf32072dcc72b5a176cb1271c8 \ + --hash=sha256:4fe7fda2fe7c8890d454f2cbc91d6c01baf206fbc96d89a80241a02985118c0c \ + --hash=sha256:50921c140561d3db2ab9f5b11c5184846cde686bb5a9dc64cae442926e86f3af \ + --hash=sha256:5217c25229b6a85049416a5c1e6451e9060a1edcf988641e309dbe3ab26d3e49 \ + --hash=sha256:5352bea8a8f84b89d45ccc503f390a6be77917932b1c98c4cdc3565137acc714 \ + --hash=sha256:542e3e306d1669b25936b64917285cdffcd4f5c6f0247636fec037187bd93542 \ + --hash=sha256:543883e3496c8b6d58bd036c99486c3c8387c2fc01f7a342b760c1ea3158a318 \ + --hash=sha256:586b36ebda81e6c1a9c5a5d0bfdc236399ba6595e1397842fd4a45648c30f35e \ + --hash=sha256:597f899f4ed42a38df7b0e46714880fb4e19a25c2f66e5c908805466721760f5 \ + --hash=sha256:5a260758454580f11dd8743fa98319bb046037dfab4f7828008909d0aa5292bc \ + --hash=sha256:5aefb84a301327ad115e9d346c8e2760009131d9d4b4c6b213648d02e2abe144 \ + --hash=sha256:5e6a5567078b3eaed93558842346c9d678e116ab0135e22eb72db8325e90b453 \ + --hash=sha256:5ff525698de226c0ca743bfa71fc6b378cda2ddcf0d22d7c37b1cc925c9650a5 \ + --hash=sha256:61edbca89aa3f5ef7ecac8c23d975fe7261c12665f1d90a6b1af527bba86ce61 \ + --hash=sha256:659175b2144d199560d99a8d13b2228b85e6019b6e09e556209dfb8c37b78a11 \ + --hash=sha256:6a9a19bea8495bb419dc5d38c4519567781cd8d571c72efc6aa959473d10221a \ + --hash=sha256:6b30bddd61d2a3261f025ad0f9ee2586988c6a00c780a2fb0a92cea2aa702c54 \ + --hash=sha256:6ffd55b5aedc6f25fd8d9f905c9376ca44fcf768673ffb9d160dd6f409bfda73 \ + --hash=sha256:702d8fc6f25bbf412ee706bd73019da5e44a8400861dfff7ff31eb5b4a1276dc \ + --hash=sha256:74bcab50a13960f2a610cdcd066e25f1fd59e23b69637c92ad470784a51b1347 \ + --hash=sha256:75f591b2055523fc02a4bbe598aa867df9e953255f0b7f7715d2a36a9c30065c \ + --hash=sha256:763b64853b0a8f4f9cfb41a76a4a85a9bcda7fdda5cb057016e7706fde928e66 \ + --hash=sha256:76c598ca73ec73a2f568e2a72ba46c3b6c8690ad9a07092b18e48ceb936e9f0c \ + --hash=sha256:78d680ef3e4d405f36f0d6d1ea54e740366f061645930072d39bca16a10d8c93 \ + --hash=sha256:7b280948d00bd3973c1998f92e22aa3ecb76682e3a4255f33e1020bd32adf443 \ + --hash=sha256:7db345956ecce0c99b97b042b4ca7326feeec6b75facd8390af73b18e2650ffc \ + --hash=sha256:7dbdce0c534bbf52274b94768b3498abdf675a691fec5f751b6057b3030f34c1 \ + --hash=sha256:7ef6b5942e6bfc5706301a18a62300c60db9af7f6368042227ccb7eeb22d0892 \ + --hash=sha256:7f5a3ffc731494f1a57bd91c47dc483a1e10048131ffb52d901bfe2beb6102e8 \ + --hash=sha256:8a45b6514861916c429e6059a55cf7db74670eaed2052a648e3e4d04f070e001 \ + --hash=sha256:8ad241da7fac963d7573cc67a064c57c58766b62a9a20c452ca1f21050868dfa \ + --hash=sha256:8b0886885f7323beea6f552c28bff62cbe0983b9fbb94126531693ea6c5ebb90 \ + --hash=sha256:8ca88da1bd78990b536c4a7765f719803eb4f8f9971cc22d6ca965c10a7f2c4c \ + --hash=sha256:8e0caeff18b96ea90fc0eb6e3bdb2b10ab5b01a95128dfeccb64a7238decf5f0 \ + --hash=sha256:957403a978e10fb3ca42572a23e6f7badff39aa1ce2f4ade68ee452dc6807692 \ + --hash=sha256:9af69f6746120998cd9c355e9c3c6aec7dff70d47247188feb4f829502be8ab4 \ + --hash=sha256:9c94f7cc91ab16b36ba5ce476f1904c91d6c92441f01cd61a8e2729442d6fcf5 \ + --hash=sha256:a37d51fa9a00d265cf73f3de3930fa9c41548177ba4f0faf76e61d512c774690 \ + --hash=sha256:a3a98921da9a1bf8457aeee6a551948a83601689e5ecdd736894ea9bbec77e83 \ + --hash=sha256:a3c1ebd4ed8e76e886507c9eddb1a891673686c813adf889b864a17fafcf6d66 \ + --hash=sha256:a5f9505efd574d1e5b4a76ac9dd92a12acb2b309551e9aa874c13c11caefbe4f \ + --hash=sha256:a8ff454ef0bb061e37df03557afda9d785c905dab15584860f982e88be73015f \ + --hash=sha256:a9d0b68ac1743964755ae2d89772c7e6fb0118acd4d0b7464eaf3921c6b49dd4 \ + --hash=sha256:aa62a07ac93b7cb6b7d0389d8ef57ffc321d78f60c037b19dfa78d6b17c928ee \ + --hash=sha256:ac741bf78b9bb432e2d314439275235f41656e189856b11fb4e774d9f7246d81 \ + --hash=sha256:ae1e96785696b543394a4e3f15f3f225d44f3c55dafe3f206493031419fedf95 \ + --hash=sha256:b683e5fd7f74fb66e89a1ed16076dbab3f8e9f34c18b1979ded614fe10cdc4d9 \ + --hash=sha256:b7a8b43ee64ca8f4befa2bea4083f7c52c92864d8518244bfa6e88c751fa8fff \ + --hash=sha256:b8e38472739028e5f2c3a4aded0ab7eadc447f0d84f310c7a8bb697ec417229e \ + --hash=sha256:bfff48c7bd23c6e2aec6454aaf6edc44444b229e94743b34bdcdda2e35126cf5 \ + --hash=sha256:c14b63c9d7bab795d17392c7c1f9aaabbffd4cf4387725a0ac69109fb3b550c6 \ + --hash=sha256:c27cc1e4b197092e50ddbf0118c788d9977f3f8f35bfbbd3e76c1846a3443df7 \ + --hash=sha256:c28d3309ebd6d6b2cf82969b5179bed5fefe6142c70f354ece94324fa11bf6a1 \ + --hash=sha256:c670f4773f2f6f1957ff8a3962c7dd12e4be54d05839b216cb7fd70b5a1df394 \ + --hash=sha256:ce6910b56b700bea7be82c54ddf2e0ed792a577dfaa4a76b9af07d550af435c6 \ + --hash=sha256:d0213671691e341f6849bf33cd9fad21f7b1cb88b89e024f33370733fec58742 \ + --hash=sha256:d03fe67b2325cb3f09be029fd5da8df9e6974f0cde2c2ac6a79d2634e791dd57 \ + --hash=sha256:d0e5af9a9effb88535a472e19169e09ce750c3d442fb222254a276d77808620b \ + --hash=sha256:d243b36fbf3d73c25e48014961e83c19c9cc92530516ce3c43050ea6276a2ab7 \ + --hash=sha256:d26166acf62f731f50bdd885b04b38828436d74e8e362bfcb8df221d868b5d9b \ + --hash=sha256:d403d781b0e06d2922435ce3b8d2376579f0c217ae491e273bab8d092727d244 \ + --hash=sha256:d8716f82502997b3d0895d1c64c3b834181b1eaca28f3f6336a71777e437c2af \ + --hash=sha256:e4f781ffedd17b0b834c8731b75cce2639d5a8afe961c1e58ee7f1f20b3af185 \ + --hash=sha256:e613a98ead2005c4ce037c7b061f2409a1a4e45099edb0ef3200ee26ed2a69a8 \ + --hash=sha256:ef4163770525257876f10e8ece1cf25b71468316f61451ded1a6f44273eedeb5 + # via -r requirements.in +requests==2.28.1 \ + --hash=sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983 \ + --hash=sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349 + # via + # -r requirements.in + # docker +smmap==5.0.0 \ + --hash=sha256:2aba19d6a040e78d8b09de5c57e96207b09ed71d8e55ce0959eeee6c8e190d94 \ + --hash=sha256:c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936 + # via gitdb +stevedore==4.1.1 \ + --hash=sha256:7f8aeb6e3f90f96832c301bff21a7eb5eefbe894c88c506483d355565d88cc1a \ + --hash=sha256:aa6436565c069b2946fe4ebff07f5041e0c8bf18c7376dd29edf80cf7d524e4e + # via -r requirements.in +urllib3==1.26.13 \ + --hash=sha256:47cc05d99aaa09c9e72ed5809b60e7ba354e64b59c9c173ac3018642d8bb41fc \ + --hash=sha256:c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8 + # via + # docker + # requests +wcwidth==0.2.5 \ + --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \ + --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83 + # via prettytable +websocket-client==1.4.2 \ + --hash=sha256:d6b06432f184438d99ac1f456eaf22fe1ade524c3dd16e661142dc54e9cba574 \ + --hash=sha256:d6e8f90ca8e2dd4e8027c4561adeb9456b54044312dba655e7cae652ceb9ae59 + # via docker diff --git a/docs/releases/v2_11_0.md b/docs/releases/v2_11_0.md new file mode 100644 index 00000000..dc0b3e86 --- /dev/null +++ b/docs/releases/v2_11_0.md @@ -0,0 +1,51 @@ +# Release 2.11.0 + +## Summary +This is a small but mighty release with several important bug fixes and much needed updates to dependencies. Specifically, this release adds functionality to pull local images using Skopeo. Previously, Tern would always pull the image provided using the `report -i` option from a registry. Additionally, this release updates the SPDX reports to include license information from Debian packages. Previously, Tern omitted this information as it was not provided by a package manager but, rather, abstracted from copyright text. Tern will now use the license text found in Debian copyright files and list it as the declared package license as either an SPDX license identifier (if applicable), or, as an SPDX LicenseRef. + +**NOTE**: At the time this release was cut there was an open CVE for GitPython ([CVE-2022-24439](https://nvd.nist.gov/vuln/detail/CVE-2022-24439)) with no fix available. As soon as a fix is available, Tern will publish a patched release to include an updated version of GitPython. + +## New Features +* [Add functionality to pull local images with skopeo](https://github.com/tern-tools/tern/pull/1198): In order to analyze local images with Tern, prefix your local image with `docker-daemon:` when generating a report. +* [Include license info for deb pkgs in SPDX reports](https://github.com/tern-tools/tern/issues/1188) + +## Bug Fixes +* [Replace invalid license key characters](https://github.com/tern-tools/tern/issues/1199) + +## Technical Debt +* [Update debian-inspector requirement](https://github.com/tern-tools/tern/issues/1185) +* [Update SPDX license list to 3.19](https://github.com/tern-tools/tern/pull/1192) + +## Changelog +Note: This changelog will not include these release notes + +Changelog generated by command: `git log --pretty=format:"%h %s" v2.10.1..HEAD` + +``` +48e22cf Replace inalid license key characters +40b981c Add functionality to pull local images with skopeo +c5919fa Include license info for deb pkgs in SPDX reports +8a1a75c Update debian-inspector requirement +23aec2f Update LicenseListVersion to 3.19 +3e7ee23 Fix complaints from Prospector +38f20a6 Update LicenseListVersion to 3.19 +2dd3599 Update LicenseListVersion: 3.17 +d916d77 Updates maintainers affiliation +0bb0e90 LicenseListVersion: 3.17 +f7003e7 Update README.md: SPDX is now an ISO standard +385f2e6 LicenseListVersion: 3.17 +3b737fb LicenseListVersion: 3.17 +``` + +## Contributors +``` +Ivana Atanasova iyovcheva@vmware.com +Marc-Etienne Vargenau marc-etienne.vargenau@nokia.com +Rui Valim ruivalim@protonmail.com +``` + +## Contact the Maintainers + +Nisha Kumar: nishak@vmware.com +Rose Judge: rjudge@vmware.com + diff --git a/requirements.txt b/requirements.txt index 773055cd..89fa6157 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,14 +7,14 @@ # what should be updated. PyYAML>=6.0 -docker~=5.0 -dockerfile-parse~=1.2 +docker~=6.0 +dockerfile-parse~=2.0 requests~=2.28 -stevedore>=3.5 -pbr>=5.9 +stevedore>=4.1 +pbr>=5.11 debian-inspector>=31.0 -regex>=2022.6 +regex>=2022.10 GitPython~=3.1 -prettytable~=3.3 -packageurl-python>=0.9.9 +prettytable~=3.5 +packageurl-python>=0.10.4 license-expression>=30.0