Prepare for Release 2.8.0

- Added release notes and freeze file - Bumped the dependency versions - Updated the README with the new Release number Signed-off-by: Rose Judge <[email protected]>
tern-tools · Sep 29, 2021 · 19c7e51 · 19c7e51
1 parent 5927427
commit 19c7e51
Show file tree

Hide file tree

Showing 5 changed files with 240 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -320,25 +320,17 @@ $ python tests/<test file>.py
 ```
 
 ## Project Status<a name="project-status"/>
-Release 2.7.0 is out! See the [release notes](docs/releases/v2_7_0.md) for more information.
+Release 2.8.0 is out! See the [release notes](docs/releases/v2_8_0.md) for more information.
 
-We try to keep the [project roadmap](./docs/project-roadmap.md) as up to date as possible. We are currently working on Release 2.8.0.
+We try to keep the [project roadmap](./docs/project-roadmap.md) as up to date as possible. We are currently working on Release 2.9.0.
 
-## Previous Releases
+## Recent Past Releases
 Be advised: version 2.4.0 and below contain a high-severity security vulnerability (CVE-2021-28363). Please update to version 2.5.0 or later.
+* [v2.7.0](docs/releases/v2_7_0.md)
 * [v2.6.1](docs/releases/v2_6_1.md)
 * [v2.5.0](docs/releases/v2_5_0.md)
 * [v2.4.0](docs/releases/v2_4_0.md)
 * [v2.3.0](docs/releases/v2_3_0.md)
-* [v2.2.0](docs/releases/v2_2_0.md)
-* [v2.1.0](docs/releases/v2_1_0.md)
-* [v2.0.0](docs/releases/v2_0_0.md)
-* [v1.0.1](docs/releases/v1_0_1.md)
-* [v0.5.4](docs/releases/v0_5_4.md)
-* [v0.4.0](docs/releases/v0_4_0.md)
-* [v0.3.0](docs/releases/v0_3_0.md)
-* [v0.2.0](docs/releases/v0_2_0.md)
-* [v0.1.0](docs/releases/v0_1_0.md)
 
 ## Documentation
 Architecture, function blocks, code descriptions and the project roadmap are located in the docs folder. Contributions to the documentation are welcome! See the [contributing guide](/CONTRIBUTING.md) to find out how to submit changes.

diff --git a/docs/releases/v2_8_0-requirements.txt b/docs/releases/v2_8_0-requirements.txt
@@ -0,0 +1,169 @@
+#
+# This file is autogenerated by pip-compile with python 3.8
+# To update, run:
+#
+#    pip-compile --generate-hashes --output-file=v2_8_0-requirements.txt
+#
+attrs==21.2.0 \
+    --hash=sha256:149e90d6d8ac20db7a955ad60cf0e6881a3f20d37096140088356da6c716b0b1 \
+    --hash=sha256:ef6aaac3ca6cd92904cdd0d83f629a15f18053ec84e6432106f7a4d04ae4f5fb
+    # via debian-inspector
+certifi==2021.5.30 \
+    --hash=sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee \
+    --hash=sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8
+    # via requests
+chardet==4.0.0 \
+    --hash=sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa \
+    --hash=sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5
+    # via debian-inspector
+charset-normalizer==2.0.6 \
+    --hash=sha256:5d209c0a931f215cee683b6445e2d77677e7e75e159f78def0db09d68fafcaa6 \
+    --hash=sha256:5ec46d183433dcbd0ab716f2d7f29d8dee50505b3fdb40c6b985c7c4f5a3591f
+    # via requests
+debian-inspector==30.0.0 \
+    --hash=sha256:d0f4f9b13e9a75aaa0610b568e4b35db2b34cf50b79f5d7a69e25a10a47f5b18 \
+    --hash=sha256:f6b706be9c8087521fdd0226c92433f2405182cb16949fe3455805754e19b6ef
+    # via -r requirements.in
+docker==5.0.2 \
+    --hash=sha256:21ec4998e90dff7a7aaaa098ca8d839c7de412b89e6f6c30908372d58fecf663 \
+    --hash=sha256:9b17f0723d83c1f3418d2aa17bf90b24dbe97deda06208dd4262fa30a6ee87eb
+    # via -r requirements.in
+dockerfile-parse==1.2.0 \
+    --hash=sha256:07e65eec313978e877da819855870b3ae47f3fac94a40a965b9ede10484dacc5 \
+    --hash=sha256:c3fc8f491e1af8cb5f9e23ea6437a2913467b88a4be143095f150330b090be7e
+    # via -r requirements.in
+gitdb==4.0.7 \
+    --hash=sha256:6c4cc71933456991da20917998acbe6cf4fb41eeaab7d6d67fbc05ecd4c865b0 \
+    --hash=sha256:96bf5c08b157a666fec41129e6d327235284cca4c81e92109260f353ba138005
+    # via gitpython
+gitpython==3.1.24 \
+    --hash=sha256:dc0a7f2f697657acc8d7f89033e8b1ea94dd90356b2983bca89dc8d2ab3cc647 \
+    --hash=sha256:df83fdf5e684fef7c6ee2c02fc68a5ceb7e7e759d08b694088d0cacb4eba59e5
+    # via -r requirements.in
+idna==3.2 \
+    --hash=sha256:14475042e284991034cb48e06f6851428fb14c4dc953acd9be9a5e95c7b6dd7a \
+    --hash=sha256:467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3
+    # via requests
+packageurl-python==0.9.4 \
+    --hash=sha256:65f1eade0f3f412bdc77401e76725e9fc21d0c742ba0f2d066113cb19ccd8b61 \
+    --hash=sha256:bd0e829260baff12055c47e1898e0f4014469d09bdb380ddcb102b5d2392fb56
+    # via -r requirements.in
+pbr==5.6.0 \
+    --hash=sha256:42df03e7797b796625b1029c0400279c7c34fd7df24a7d7818a1abb5b38710dd \
+    --hash=sha256:c68c661ac5cc81058ac94247278eeda6d2e6aecb3e227b0387c30d277e7ef8d4
+    # via
+    #   -r requirements.in
+    #   stevedore
+prettytable==2.2.1 \
+    --hash=sha256:09fb2c7f93e4f93e0235f05ae199ac3f16da3a251b2cfa1c7108b34ede298fa3 \
+    --hash=sha256:6d465005573a5c058d4ca343449a5b28c21252b86afcdfa168cdc6a440f0b24c
+    # via -r requirements.in
+pyyaml==5.4.1 \
+    --hash=sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf \
+    --hash=sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696 \
+    --hash=sha256:129def1b7c1bf22faffd67b8f3724645203b79d8f4cc81f674654d9902cb4393 \
+    --hash=sha256:294db365efa064d00b8d1ef65d8ea2c3426ac366c0c4368d930bf1c5fb497f77 \
+    --hash=sha256:3b2b1824fe7112845700f815ff6a489360226a5609b96ec2190a45e62a9fc922 \
+    --hash=sha256:3bd0e463264cf257d1ffd2e40223b197271046d09dadf73a0fe82b9c1fc385a5 \
+    --hash=sha256:4465124ef1b18d9ace298060f4eccc64b0850899ac4ac53294547536533800c8 \
+    --hash=sha256:49d4cdd9065b9b6e206d0595fee27a96b5dd22618e7520c33204a4a3239d5b10 \
+    --hash=sha256:4e0583d24c881e14342eaf4ec5fbc97f934b999a6828693a99157fde912540cc \
+    --hash=sha256:5accb17103e43963b80e6f837831f38d314a0495500067cb25afab2e8d7a4018 \
+    --hash=sha256:607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e \
+    --hash=sha256:6c78645d400265a062508ae399b60b8c167bf003db364ecb26dcab2bda048253 \
+    --hash=sha256:72a01f726a9c7851ca9bfad6fd09ca4e090a023c00945ea05ba1638c09dc3347 \
+    --hash=sha256:74c1485f7707cf707a7aef42ef6322b8f97921bd89be2ab6317fd782c2d53183 \
+    --hash=sha256:895f61ef02e8fed38159bb70f7e100e00f471eae2bc838cd0f4ebb21e28f8541 \
+    --hash=sha256:8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb \
+    --hash=sha256:bb4191dfc9306777bc594117aee052446b3fa88737cd13b7188d0e7aa8162185 \
+    --hash=sha256:bfb51918d4ff3d77c1c856a9699f8492c612cde32fd3bcd344af9be34999bfdc \
+    --hash=sha256:c20cfa2d49991c8b4147af39859b167664f2ad4561704ee74c1de03318e898db \
+    --hash=sha256:cb333c16912324fd5f769fff6bc5de372e9e7a202247b48870bc251ed40239aa \
+    --hash=sha256:d2d9808ea7b4af864f35ea216be506ecec180628aced0704e34aca0b040ffe46 \
+    --hash=sha256:d483ad4e639292c90170eb6f7783ad19490e7a8defb3e46f97dfe4bacae89122 \
+    --hash=sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b \
+    --hash=sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63 \
+    --hash=sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df \
+    --hash=sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc \
+    --hash=sha256:fd7f6999a8070df521b6384004ef42833b9bd62cfee11a09bda1079b4b704247 \
+    --hash=sha256:fdc842473cd33f45ff6bce46aea678a54e3d21f1b61a7750ce3c498eedfe25d6 \
+    --hash=sha256:fe69978f3f768926cfa37b867e3843918e012cf83f680806599ddce33c2c68b0
+    # via -r requirements.in
+regex==2021.9.24 \
+    --hash=sha256:0628ed7d6334e8f896f882a5c1240de8c4d9b0dd7c7fb8e9f4692f5684b7d656 \
+    --hash=sha256:09eb62654030f39f3ba46bc6726bea464069c29d00a9709e28c9ee9623a8da4a \
+    --hash=sha256:0bba1f6df4eafe79db2ecf38835c2626dbd47911e0516f6962c806f83e7a99ae \
+    --hash=sha256:10a7a9cbe30bd90b7d9a1b4749ef20e13a3528e4215a2852be35784b6bd070f0 \
+    --hash=sha256:17310b181902e0bb42b29c700e2c2346b8d81f26e900b1328f642e225c88bce1 \
+    --hash=sha256:1e8d1898d4fb817120a5f684363b30108d7b0b46c7261264b100d14ec90a70e7 \
+    --hash=sha256:2054dea683f1bda3a804fcfdb0c1c74821acb968093d0be16233873190d459e3 \
+    --hash=sha256:29385c4dbb3f8b3a55ce13de6a97a3d21bd00de66acd7cdfc0b49cb2f08c906c \
+    --hash=sha256:295bc8a13554a25ad31e44c4bedabd3c3e28bba027e4feeb9bb157647a2344a7 \
+    --hash=sha256:2cdb3789736f91d0b3333ac54d12a7e4f9efbc98f53cb905d3496259a893a8b3 \
+    --hash=sha256:3baf3eaa41044d4ced2463fd5d23bf7bd4b03d68739c6c99a59ce1f95599a673 \
+    --hash=sha256:4e61100200fa6ab7c99b61476f9f9653962ae71b931391d0264acfb4d9527d9c \
+    --hash=sha256:6266fde576e12357b25096351aac2b4b880b0066263e7bc7a9a1b4307991bb0e \
+    --hash=sha256:650c4f1fc4273f4e783e1d8e8b51a3e2311c2488ba0fcae6425b1e2c248a189d \
+    --hash=sha256:658e3477676009083422042c4bac2bdad77b696e932a3de001c42cc046f8eda2 \
+    --hash=sha256:6adc1bd68f81968c9d249aab8c09cdc2cbe384bf2d2cb7f190f56875000cdc72 \
+    --hash=sha256:6c4d83d21d23dd854ffbc8154cf293f4e43ba630aa9bd2539c899343d7f59da3 \
+    --hash=sha256:6f74b6d8f59f3cfb8237e25c532b11f794b96f5c89a6f4a25857d85f84fbef11 \
+    --hash=sha256:7783d89bd5413d183a38761fbc68279b984b9afcfbb39fa89d91f63763fbfb90 \
+    --hash=sha256:7e3536f305f42ad6d31fc86636c54c7dafce8d634e56fef790fbacb59d499dd5 \
+    --hash=sha256:821e10b73e0898544807a0692a276e539e5bafe0a055506a6882814b6a02c3ec \
+    --hash=sha256:835962f432bce92dc9bf22903d46c50003c8d11b1dc64084c8fae63bca98564a \
+    --hash=sha256:85c61bee5957e2d7be390392feac7e1d7abd3a49cbaed0c8cee1541b784c8561 \
+    --hash=sha256:86f9931eb92e521809d4b64ec8514f18faa8e11e97d6c2d1afa1bcf6c20a8eab \
+    --hash=sha256:8a5c2250c0a74428fd5507ae8853706fdde0f23bfb62ee1ec9418eeacf216078 \
+    --hash=sha256:8aec4b4da165c4a64ea80443c16e49e3b15df0f56c124ac5f2f8708a65a0eddc \
+    --hash=sha256:8c268e78d175798cd71d29114b0a1f1391c7d011995267d3b62319ec1a4ecaa1 \
+    --hash=sha256:8d80087320632457aefc73f686f66139801959bf5b066b4419b92be85be3543c \
+    --hash=sha256:95e89a8558c8c48626dcffdf9c8abac26b7c251d352688e7ab9baf351e1c7da6 \
+    --hash=sha256:9c371dd326289d85906c27ec2bc1dcdedd9d0be12b543d16e37bad35754bde48 \
+    --hash=sha256:9c7cb25adba814d5f419733fe565f3289d6fa629ab9e0b78f6dff5fa94ab0456 \
+    --hash=sha256:a731552729ee8ae9c546fb1c651c97bf5f759018fdd40d0e9b4d129e1e3a44c8 \
+    --hash=sha256:aea4006b73b555fc5bdb650a8b92cf486d678afa168cf9b38402bb60bf0f9c18 \
+    --hash=sha256:b0e3f59d3c772f2c3baaef2db425e6fc4149d35a052d874bb95ccfca10a1b9f4 \
+    --hash=sha256:b15dc34273aefe522df25096d5d087abc626e388a28a28ac75a4404bb7668736 \
+    --hash=sha256:c000635fd78400a558bd7a3c2981bb2a430005ebaa909d31e6e300719739a949 \
+    --hash=sha256:c31f35a984caffb75f00a86852951a337540b44e4a22171354fb760cefa09346 \
+    --hash=sha256:c50a6379763c733562b1fee877372234d271e5c78cd13ade5f25978aa06744db \
+    --hash=sha256:c94722bf403b8da744b7d0bb87e1f2529383003ceec92e754f768ef9323f69ad \
+    --hash=sha256:dcbbc9cfa147d55a577d285fd479b43103188855074552708df7acc31a476dd9 \
+    --hash=sha256:fb9f5844db480e2ef9fce3a72e71122dd010ab7b2920f777966ba25f7eb63819
+    # via -r requirements.in
+requests==2.26.0 \
+    --hash=sha256:6c1246513ecd5ecd4528a0906f910e8f0f9c6b8ec72030dc9fd154dc1a6efd24 \
+    --hash=sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7
+    # via
+    #   -r requirements.in
+    #   docker
+six==1.16.0 \
+    --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
+    --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
+    # via dockerfile-parse
+smmap==4.0.0 \
+    --hash=sha256:7e65386bd122d45405ddf795637b7f7d2b532e7e401d46bbe3fb49b9986d5182 \
+    --hash=sha256:a9a7479e4c572e2e775c404dcd3080c8dc49f39918c2cf74913d30c4c478e3c2
+    # via gitdb
+stevedore==3.4.0 \
+    --hash=sha256:59b58edb7f57b11897f150475e7bc0c39c5381f0b8e3fa9f5c20ce6c89ec4aa1 \
+    --hash=sha256:920ce6259f0b2498aaa4545989536a27e4e4607b8318802d7ddc3a533d3d069e
+    # via -r requirements.in
+typing-extensions==3.10.0.2 \
+    --hash=sha256:49f75d16ff11f1cd258e1b988ccff82a3ca5570217d7ad8c5f48205dd99a677e \
+    --hash=sha256:d8226d10bc02a29bcc81df19a26e56a9647f8b0a6d4a83924139f4a8b01f17b7 \
+    --hash=sha256:f1d25edafde516b146ecd0613dabcc61409817af4766fbbcfb8d1ad4ec441a34
+    # via gitpython
+urllib3==1.26.7 \
+    --hash=sha256:4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece \
+    --hash=sha256:c4fdf4019605b6e5423637e01bc9fe4daef873709a7973e195ceba0a62bbc844
+    # via requests
+wcwidth==0.2.5 \
+    --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \
+    --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83
+    # via prettytable
+websocket-client==1.2.1 \
+    --hash=sha256:0133d2f784858e59959ce82ddac316634229da55b498aac311f1620567a710ec \
+    --hash=sha256:8dfb715d8a992f5712fff8c843adae94e22b22a99b2c5e6b0ec4a1a981cc4e0d
+    # via docker
diff --git a/docs/releases/v2_8_0.md b/docs/releases/v2_8_0.md
@@ -0,0 +1,60 @@
+# Release 2.8.0
+
+## Summary
+This release contains a new feature and several bug fixes. Tern now supports a CycloneDX JSON reporting format. This capability now gives users the option between two SBOM standards for output reports -- SPDX or CycloneDX. There were several Scancode related fixes that were resolved in this release. Additionally, a fix for the situation where Tern was yielding different results with the `-c` and `-r` command line options, which in theory should produce the same results. Lastly, six new contributors were a part of this release, many of whom were completely new to open source.
+
+## New Features
+* [Add CycloneDX JSON Format](https://github.com/tern-tools/tern/issues/987): Tern can now generate [CycloneDX](https://cyclonedx.org/) JSON reports.
+
+## Bug Fixes
+* [Duplicate scancode files being reported when cache is empty](https://github.com/tern-tools/tern/issues/1000)
+* [Running Tern with -r and -c gives different results](https://github.com/tern-tools/tern/issues/999)
+* [Add pkg_format values for missing package managers in base.yml](https://github.com/tern-tools/tern/issues/994)
+* [Remove `/` from image SPDX Identifier Reference](https://github.com/tern-tools/tern/commit/f5eb1abdbc637005bbfb429127b056876c2d52c8)
+
+## Future Work
+* Enable Tern to run without root privileges
+
+## Changelog
+Note: This changelog will not include these release notes
+
+Changelog generated by command: `git log --pretty=format:"%h %s" v2.7.0..main`
+
+```
+5927427 Cleanup unecessary files
+b32745e Add cyclonedxjson to help menu
+c90cf6e Fix: duplicate scancode files being reported
+6a2abfe Add Maintainer and Governance Info
+5dbb44b Update docs around getting started in VS Code
+2186c1a Suppress some pylint warnings
+6855f1e Force prospector version 1.5.1 to be installed
+dfc84d5 fix: Pass the redo flag to the executor
+f5eb1ab Remove `/` from image SPDX Identifier Reference
+4c4b2a8 Prospector 1.4.1 fixes
+9bbb5dd Add CycloneDX JSON output support
+a0c08ba Fix: Ignore newlines in os_release file
+75bd6ac Explain commit message guidelines better
+4719f62 Fix duplicate line in Dockerfile.scancode
+e1ba6a5 formats: Add spdxjson consumer
+3dce966 Remove requirements.scancode.txt
+c6d26fa Add pkg_format values to base.yml
+c8817fd Identify Distroless version in os-release file
+fc4a876 Added test for the pkg_format property
+2828ec7 Created a functional test suite for releases
+0fd02ec Deprecate run_on_image()
+```
+
+## Contributors
+```
+Daneshwari K. [email protected]
+Jamila Ritter [email protected]
+Kerin Pithawala [email protected]
+Patrick Dwyer [email protected]
+Sayantani Saha [email protected]
+Trang [email protected]
+```
+
+## Contact the Maintainers
+
+Nisha Kumar: [email protected]
+Rose Judge: [email protected]
diff --git a/requirements.in b/requirements.in
@@ -16,3 +16,4 @@ debian-inspector
 regex
 GitPython
 prettytable
+packageurl-python
diff --git a/requirements.txt b/requirements.txt
@@ -9,11 +9,11 @@
 PyYAML>=5.4
 docker~=5.0
 dockerfile-parse~=1.2
-requests~=2.25
-stevedore>=3.3
+requests~=2.26
+stevedore>=3.4
 pbr>=5.6
-debian-inspector>=21.5
-regex>=2021.7
+debian-inspector>=30.0
+regex>=2021.9
 GitPython~=3.1
-prettytable~=2.1
-packageurl-python>=0.9.4
+prettytable~=2.2
+packageurl-python>=0.9.4