Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/major-opa
  • advisory/tj
  • main default protected
  • defect/telem
  • docs/pattern
  • spike/go-tools-124-gql
  • spike/go-tools-124
  • chore/deepmap
  • docs/mas
  • build/notify
  • fix/du
  • defect/diff
  • defect/json
  • chore/schema
  • feat/diff-json
  • chore/typo
  • build/binaries
  • build/changelog-
  • defect/otel
  • chore/otel
  • v0.116.2 protected
  • v0.116.1 protected
  • v0.116.0 protected
  • v0.115.3 protected
  • v0.115.2 protected
  • v0.115.1 protected
  • v0.115.0 protected
  • v0.114.0 protected
  • v0.113.5 protected
  • v0.113.4 protected
  • v0.113.3 protected
  • v0.113.2 protected
  • v0.113.1 protected
  • v0.113.0 protected
  • v0.112.0 protected
  • v0.111.1 protected
  • v0.111.0 protected
  • v0.110.2 protected
  • v0.110.1 protected
  • v0.110.0 protected
40 results

root.go

  • Jamie Tanna's avatar
    c3c412f8
    feat(renovate-to-sbom)!: ignore dependencies without a `CurrentVersion` · c3c412f8
    Jamie Tanna authored and Hao Hu's avatar Hao Hu committed
    When using the SBOM exported by `renovate-to-sbom` with other tools,
    some pieces of data are not useful when they are i.e. a range of
    versions.
    
    Instead of this, we can - by default - ignore anything that doesn't have
    a resolved `CurrentVersion` as it's likely that the exact version will
    not be present.
    
    This is a breaking change as we change the behaviour of the command.
    
    We can introduce a flag to re-enable the functionality, as well as
    document the fact that this may cause false positives.
    
    As this is not a breaking change in dependency-management-data itself,
    we will not bump `compatible_since`.
    c3c412f8
    History
    feat(renovate-to-sbom)!: ignore dependencies without a `CurrentVersion`
    Jamie Tanna authored and Hao Hu's avatar Hao Hu committed
    When using the SBOM exported by `renovate-to-sbom` with other tools,
    some pieces of data are not useful when they are i.e. a range of
    versions.
    
    Instead of this, we can - by default - ignore anything that doesn't have
    a resolved `CurrentVersion` as it's likely that the exact version will
    not be present.
    
    This is a breaking change as we change the behaviour of the command.
    
    We can introduce a flag to re-enable the functionality, as well as
    document the fact that this may cause false positives.
    
    As this is not a breaking change in dependency-management-data itself,
    we will not bump `compatible_since`.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.