Skip to content

v1.1.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 Apr 16:23
· 2 commits to main since this release
Immutable release. Only release title and notes can be modified.
v1.1.3
5ea29c5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Changelog for poutine v1.1.3 🎉

This release focuses on core engine improvements, stability fixes, and modernization of the toolchain. The biggest shift is the move away from exec-based Git operations toward a fully in-memory model using go-git, along with improved resiliency and observability during analysis.

Major Improvements 🌟🌟

  • In-Memory Git with go-git v6: Replaced exec-based Git operations with go-git using in-memory storage. This significantly improves performance, portability, and reduces reliance on system binaries, by @SUSTAPLE117.
    (#400)

  • 🛡️ Resilient Repository Batch Fetching: Improved robustness of repository batch fetching, reducing failures during large-scale analysis operations, by @SUSTAPLE117.
    (#399)

  • 📊 Analysis Progress Monitoring Improvements: Enhanced visibility into analysis progress, making long-running operations easier to track and debug, by @SUSTAPLE117.
    (#419)

Improvements 🔧

  • 🧪 Snapshot Testing Added: Introduced snapshot testing to improve regression detection and testing confidence, by @SUSTAPLE117.
    (#401)

  • ⚙️ Go 1.26 Upgrade + Dependency Refresh: Upgraded to Go 1.26 and refreshed dependencies for improved performance and compatibility, by @SUSTAPLE117.
    (#412)

  • 🔐 Improved Rule Handling for GitHub Actions: Configured skip actions to be ignored for the github_action_from_unverified_creator_used rule, improving rule accuracy, by @mbarbero.
    (#398)

  • 📦 Goreleaser Configuration Updates: Updated release configuration and tooling for improved build and distribution workflows, by @SUSTAPLE117.
    (#417), (#418)

Bug Fixes 🐛

  • 🐳 Docker Image Parsing Fixes: Fixed issues with Docker image parsing and purl generation, by @SUSTAPLE117.
    (#413)

  • 📄 YAML Parsing Fixes: Resolved YAML parsing errors affecting analysis reliability, by @SUSTAPLE117.
    (#414)

  • 🔑 GitHub Fine-Grained PAT Compatibility: Fixed organization repository listing failures when using fine-grained tokens without Issues:Read, by @fproulx-boostsecurity.
    (#415)

  • 🧾 SARIF Taxonomy GUID Fix: Corrected SARIF taxonomy GUID issues to ensure proper report compatibility, by @SUSTAPLE117.
    (#416)

Dependency Updates ⬆️

GitHub Actions

  • Updated github/codeql-action from 3.30.5 to 4.31.2. (#370)
  • Updated ossf/scorecard-action from 2.4.2 to 2.4.3. (#371)
  • Updated step-security/harden-runner from 2.13.0 to 2.13.1. (#375)
  • Updated actions/upload-artifact from 4.6.2 to 5.0.0. (#376)
  • Updated actions/setup-go from 5.5.0 to 6.4.0. (#403)
  • Updated goreleaser/goreleaser-action from 6.4.0 to 7.0.0. (#411)
  • Updated actions/deploy-pages from 4.0.5 to 5.0.0. (#410)
  • Updated actions/checkout from 5.0.0 to 6.0.2. (#408)
  • Updated sigstore/cosign-installer across versions 3.9.2 → 4.0.0 → 4.1.1. (#377), (#405)

Go Modules

  • Updated gitlab.com/gitlab-org/api/client-go from 0.151.0 to 0.157.1. (#369)
  • Updated github.com/open-policy-agent/opa from 1.9.0 to 1.10.0. (#372)
  • Updated github.com/mark3labs/mcp-go from 0.41.1 to 0.42.0. (#373)
  • Updated golang.org/x/oauth2 from 0.31.0 to 0.32.0. (#374)
  • Updated golang.org/x/crypto from 0.42.0 to 0.45.0. (#380)

Full Changelog 📜

For a detailed view of all changes, see the full changelog.

Contributors

mbarbero, SUSTAPLE117, and fproulx-boostsecurity
Assets 10
Loading