Releases: containerbuildsystem/cachito
Releases · containerbuildsystem/cachito
cachito-1.3.0
Minimum required Python version
- 3.10
API changes
- None
Bug Fixes
- Dependency version updates to address CVEs
- Bump jsonschema to 4.17.3
- Bump certifi to 2022.12.7
- Bump setuptools to 65.6.3
- Bump flask-migrate to 4.0.1
- Bump sqlalchemy to 1.4.46
- Bump pydantic to 1.10.4
- Bump pytest-asyncio to 0.20.3
- Gomod dependencies are no longer downloaded to deps/gomod when the gomod-vendor-check flag is set
- Git submodules are correctly updated when the submodule repository does not have a branch called "master"
- Added retries when attempting to download javascript dependencies
Incompatible changes
- None
Improvements
- None
cachito-1.2.0
Minimum required Python version
- 3.10
API changes
- None
Bug Fixes
- Bump cryptography version to address GHSA-39hc-v87j-747x
- Address CVE-2007-4559
- Dependency version updates to address CVEs:
- Bump prometheus-flask-exporter to 0.21.0
- Bump sqlalchemy to 1.4.44
- Bump flask-migrate to 4.0.0
- Bump jsonschema to 4.17.0
- Bump psycopg2-binary to 2.9.5
- Bump greenlet to 2.0.1
- Bump pytest to 7.2.0
Incompatible changes
- None
Improvements
- Download npm dependencies concurrently (concurrency level configurable, default 5)
- Finish implementation of rubygems support 💎
- Validate supported package managers before creating a request
- Use setuptools-scm for versioning the cachito package
- Enhancements to the cachito OpenAPI specification
cachito-1.1.0
Minimum required Python version
- 3.10
API changes
- Fail a request if a Go workspace exists in the repository
Bug Fixes
- Dependency version updates to address CVEs:
- Bump pytest-cov from 3.0.0 to 4.0.0
- Bump jsonschema from 4.2.1 to 4.16.0
- Bump pydantic from 1.9.1 to 1.10.2
- Bump sqlalchemy from 1.4.39 to 1.4.41
- Bump prometheus-flask-exporter from 0.20.2 to 0.20.3
- Bump greenlet from 1.1.2 to 1.1.3
- Bump flask-login from 0.6.1 to 0.6.2
- Bump pytest from 6.2.5 to 7.1.3
- Bump mako to version 1.2.2
Incompatible changes
- None
Improvements
- Remove Python 3.9 tests
- Bump Cachito base images to Fedora 36
- Runtime binary updates:
- Bump Go from 1.17 to 1.18
- Bump Npm from 8.0.0 to 8.3.1
- Bump Node from 16.11.0 to 16.14.0
- Bump Pip from 21.2.3 to 21.3.1
- Bump Python from 3.10.0 to 3.10.6
- Bump Git from 2.32.0 to 2.37.3
cachito-1.0.1
Minimum required Python version
- 3.9
API changes
- None
Bug Fixes
- Hotfix for UploadError/NetworkError exception handling
Incompatible changes
- None
Improvements
- Cachito should not fail on already uploaded package
cachito-1.0.0
Minimum required Python version
- 3.9
API changes
- Added error_origin and error_type parameters for /requests/id
- Added client/server error count to /requests-metrics/summary
Bug Fixes
- Pinned git to v2.32.0 to avoid ownership failures
Incompatible changes
- None
Improvements
- Added new table RequestError to database
- Added several error types and appropriate origins (client/server)
- Purl generation is moved to its own module
- Improved exception handling and its logs
sprint-36
Bump setuptools from 57.4.0 to 58.0.4 Bumps [setuptools](https://github.com/pypa/setuptools) from 57.4.0 to 58.0.4. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v57.4.0...v58.0.4) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
sprint-35
Bump sqlalchemy from 1.4.22 to 1.4.23 Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 1.4.22 to 1.4.23. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/master/CHANGES) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
sprint-34
Add ignore error flag for the go mod list command Due to some behavioral changes introduced in Go 1.16, this command would give errors in some specific requests. Signed-off-by: Bruno Pimentel <[email protected]>
sprint-32
Bump requests from 2.25.1 to 2.26.0 Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.26.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.25.1...v2.26.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>