|
2 | 2 |
|
3 | 3 | All notable changes to this project will be documented in this file. |
4 | 4 |
|
| 5 | +## [v1.5.0] - 2026-05-28 |
| 6 | + |
| 7 | +### Added |
| 8 | + |
| 9 | +- Packagist integration — DevGuard now queries Packagist to enrich PHP package metadata and licensing information |
| 10 | +- Single artifact sync endpoint re-added — the per-artifact sync endpoint was restored along with a missing trailing slash in the Swagger docs |
| 11 | +- QuickFix direct dependency support — an `if` statement guard ensures the quickfix path applies correctly to direct dependencies |
| 12 | +- Programmatic CI support — DevGuard CI workflows now use reusable `devguard-ci-components` / `github-v1` workflow references |
| 13 | + |
| 14 | +### Changed |
| 15 | + |
| 16 | +- Component dependencies table overhauled — composite primary key replaces the surrogate `id` column; obsolete indexes and columns removed; SBOM graph normalisation updated accordingly |
| 17 | +- All dependencies updated; reusable GitHub Actions workflow references updated to `github-v1` |
| 18 | +- Content-Length header is now forwarded through the OCI proxy |
| 19 | + |
| 20 | +### Fixed |
| 21 | + |
| 22 | +- License risks not being closed correctly; Packagist DTO parsing fixed |
| 23 | +- Open source insight service: incorrect variable declaration in `getVersion` default case |
| 24 | +- Go license version prefix — versions without the `v` prefix are now retried with it |
| 25 | +- VulnDB: `lastAffected` ranges in OSV transformation were not respected |
| 26 | +- Migration retry — opens a new connection pool after closing the migrator to avoid `sql: database is closed` errors |
| 27 | +- Maven vulnerability fixed-version resolution |
| 28 | +- Sitemap `listIDsByCreationDate` endpoint column mismatch |
| 29 | + |
| 30 | +### Web |
| 31 | + |
| 32 | +#### Added |
| 33 | + |
| 34 | +- Theme toggler — light/dark mode toggle on sign-in and sign-up pages |
| 35 | +- Star/GitHub banner |
| 36 | +- CVSS badge shown in risk handling view (users were confused by the absence of CVSS highlighting) |
| 37 | +- Guided tour hints — contextual hints added to existing first-access tours |
| 38 | + |
| 39 | +#### Changed |
| 40 | + |
| 41 | +- QuickFix: fallback to direct dependency removed (handled in backend); hidden when there are too many paths |
| 42 | +- Risk badge reworked |
| 43 | +- `RiskGroup`: "across other branches" suffix removed |
| 44 | +- Link colours made consistent across components; drawer button link uses `--link` CSS variable |
| 45 | +- Code colour fixed to black in light mode |
| 46 | + |
| 47 | +#### Fixed |
| 48 | + |
| 49 | +- Filter button styling |
| 50 | +- Link colour inconsistency across the application |
| 51 | +- Description/code colour in Markdown component |
| 52 | +- Gitleaks config editor now uses TOML format |
| 53 | +- Member invitation dialog: improved contextual descriptions and sub-project support |
| 54 | +- Package URL qualifiers truncated to prevent display overflow |
| 55 | +- Invalid package URLs now return `null` instead of throwing |
| 56 | + |
| 57 | +### Contributors |
| 58 | + |
| 59 | +[@iccccccccccccc](https://github.com/iccccccccccccc) — Go license v-prefix fix, Gitleaks TOML fix; [@resolvicomai](https://github.com/resolvicomai) — truncate PURL qualifiers |
| 60 | + |
5 | 61 | ## [v1.4.2] - 2026-05-20 |
6 | 62 |
|
7 | 63 | ### Fixed |
|
0 commit comments