v5.8.1

What's Changed

• feat: try DejaCode in GitHub Codespaces by @tdruez in #543
• feat: modernize Docker Compose setup and simplify installation docs by @tdruez in #544
• chore: optimize Codespaces startup by @tdruez in #545
• fix: improve performances and logging for SCIO importer by @tdruez in #546
• fix: add VULNERABLECODE_USER_AGENT by @tdruez in #548
• chore: update CI conf to run Docker tests in parallel by @tdruez in #547
• chore: bump version to 5.8.1 for release by @tdruez in #549

Full Changelog: v5.8.0...v5.8.1

v5.8.0

What's Changed

• feat: add a set_key method on AbstractAPIToken by @tdruez in #521
• feat: [five-c] Compliance dashboard export/report by @tdruez in #522
• feat: [five-c] Compliance extended report set by @tdruez in #523
• feat: [five-c] User experience (UX) enhancements by @tdruez in #524
• Fix REQUESTS_TIMEOUT by converting to int by @rogu-beta in #526
• feat: replace pip install by uv and lock file by @tdruez in #529
• chore: upgrade multiple dependencies by @tdruez in #530
• chore: upgrade django-registration to latest version by @tdruez in #531
• feat: [five-c] Compliance dashboards improved by @tdruez in #532
• 506 vulnerability analysis by @tdruez in #536
• feat: [five-c] Compliance dashboards extended by @tdruez in #537
• chore: upgrade dependencies by @tdruez in #538
• chore: remove the dependency on gitpython by @tdruez in #539
• feat: add create_dependencies option to all import forms by @tdruez in #540
• chore: update seed data and add instructions by @tdruez in #541
• chore: bump version to 5.8.0 for release by @tdruez in #542

Full Changelog: v5.7.1...v5.8.0

v5.7.1

What's Changed

• chore: upgrade tpp libraries to latest version by @tdruez in #505
• fix: case when fetching vulnerabilities for 0 packages by @tdruez in #503
• feat: refine package search to display the most recent versions first by @tdruez in #504
• feat: [five-c] Product compliance tab by @tdruez in #507
• chore: upgrade requests to latest version by @tdruez in #510
• chore: upgrade scancode-action to latest running docker image by @tdruez in #511
• feat: improve Docker image build and compose by @tdruez in #512
• feat: [five-c] Compliance control center dashboard by @tdruez in #513
• fix: product is_vulnerable filter on list view by @tdruez in #516
• chore: upgrade Django to latest 6.0.4 version by @tdruez in #515
• fix: increase the max_length to 255 for api key fields by @tdruez in #518
• chore: bump version to 5.7.1 for release by @tdruez in #519

Full Changelog: v5.7.0...v5.7.1

v5.7.0

What's Changed

• Update README.rst to restructure by @DennisClark in #455
• chore: upgrade thirdparty libraries to latest version by @tdruez in #464
• chore: upgrade Python version to 3.14 by @tdruez in #465
• fix: parsing of str into timezone aware dates in reporting by @tdruez in #461
• chore: update Django to version 6.x by @tdruez in #466
• feat: set usage policy from license profile by @tdruez in #463
• chore: upgrade django-axe, jsonfield, and model-bakery libraries by @tdruez in #470
• fix: refactor purldb data cleanup into a common method by @tdruez in #471
• chore: automatically closes low-quality and AI slop PRs by @tdruez in #477
• feat: add support for OpenDocument format in report export #363 by @tdruez in #478
• fix: form validation on permission protected fields by @tdruez in #479
• fix: stream scan results data instead of silencing timeouts by @tdruez in #481
• fix: upgrade RQ to fix a worker failure by @tdruez in #483
• feat!: replace plain-text DRF token with PBKDF2-hashed API token by @tdruez in #484
• fix: rendering of the burger menu as offcanvas by @tdruez in #486
• chore: add contributions policy by @tdruez in #487
• Update dataspace.rst regarding reference usage policies by @DennisClark in #489
• feat: add ability to revoke an API key from profile view by @tdruez in #491
• fix: rendering of modeladmin descriptions by @tdruez in #492
• chore: upgrade tpp dependencies to latest version by @tdruez in #493
• chore: set explicit workflow permissions and pin down actions by @tdruez in #495
• feat: rework the pagination with per-model setting by @tdruez in #494
• feat: add workflow and instructions to build and publish api_auth by @tdruez in #496
• chore: upgrade Django to latest v6.0.3 version by @tdruez in #497
• feat: add generic views for API key management in aboutcode.api_auth module by @tdruez in #500
• Release 5.7.0 by @tdruez in #501

New Contributors

• @DennisClark made their first contribution in #455

Full Changelog: v5.6.0...v5.7.0

v5.6.0

What's Changed

• fix: update the readthedocs.yml config to fix the build by @tdruez in #447
• feat: ability to assign and manage vulnerabilities on products by @tdruez in #439
• Import vulnerability data from ScanCode.io by @tdruez in #448
• chore: upgrade altcha and django_altcha to latest versions by @tdruez in #450
• Upgrade Django and related libraries to latest version by @tdruez in #451
• Add package_content PurlDB field on Package model by @tdruez in #434
• Fix PURL comparison in get_purldb_entries by @tdruez in #453
• chore: bump version to 5.6.0 by @tdruez in #454

Full Changelog: v5.5.0...v5.6.0

v5.5.0

What's Changed

• Upgrade pip, django-altcha, bleach, and charset_normalizer by @tdruez in #398
• Refactor LDAP test to remove dependency on mockldap by @tdruez in #419
• Update ProductPackage license unknown during Scan all Packages by @tdruez in #420
• Allow "Scan all packages" availability to "change_product" users by @tdruez in #421
• Refine UI and consistency around Scan actions by @tdruez in #425
• Move the user id from project name to a label #387 by @tdruez in #426
• Upgrade Django to latest security release v5.2.8 by @tdruez in #427
• Add Dataspace FK validation on Dataspace and DejacodeUser models by @tdruez in #431
• Packaging for Debian by @chinyeungli in #424
• Packaging for Fedora by @chinyeungli in #422
• Fix a bug with the scan_status_fields on empty runs by @tdruez in #433
• Prioritize hashes and download URL for PurlDB mapping by @rogu-beta in #430
• Update weighted_risk_score on updating the relationship by @tdruez in #436
• Packaging for Nix by @chinyeungli in #391
• Upgrade django-grappelli to latest version by @tdruez in #437
• Migrate from rq-scheduler to new built-in CronScheduler by @tdruez in #435
• Export OpenVEX VEX document by @tdruez in #442
• feat: add support for PyPI purls in purl resolution by @tdruez in #443
• feat: add option to infer_download_urls on product importers by @tdruez in #444
• fix: update "add_to" javascript selector by @tdruez in #445

New Contributors

• @chinyeungli made their first contribution in #424
• @rogu-beta made their first contribution in #430

Full Changelog: v5.4.1...v5.5.0

v5.4.1

What's Changed

• Upgrade Django to latest security release 5.2.7 by @tdruez in #389
• Bump version for release v5.4.1 by @tdruez in #390

Full Changelog: v5.4.0...v5.4.1

v5.4.0

What's Changed

• Add is_locked field on the Product model #310 by @tdruez in #311
• Django 5.2.x version and related dependencies upgrade by @tdruez in #312
• Replace deprecated coreapi with drf-yasg for API documentation by @tdruez in #314
• Upgrade to Python 3.13 by @tdruez in #315
• Add a download_scan_data action in REST API packages endpoint by @tdruez in #316
• Django upgrade to latest security release 5.2.2 by @tdruez in #320
• Add support for more fields in ScanCode.io scan results to package #255 by @tdruez in #319
• Replace the hardcoded /var/www/html by named volume #157 by @tdruez in #322
• Upgrade Django to latest security release 5.2.3 by @tdruez in #324
• Upgrade django-altcha to latest version by @tdruez in #326
• Add a REST API "action" endpoint to track product imports #273 by @tdruez in #327
• Add the ability to list the current scheduled cron jobs #199 by @tdruez in #328
• Replace the setup.py/setup.cfg by pyproject.toml by @tdruez in #329
• Refine the find-vulnerabilities to use latest scancode-action features by @tdruez in #330
• Upgrade Django to latest version by @tdruez in #338
• Upgrade Requests and urllib to latest releases by @tdruez in #371
• CRAVEX GitHub workflow integration by @tdruez in #362
• CRAVEX GitLab workflow integration #346 by @tdruez in #374
• CRAVEX Jira workflow integration #350 by @tdruez in #375
• CRAVEX Forgejo workflow integration by @tdruez in #376
• CRAVEX SourceHut workflow integration #348 by @tdruez in #377
• Return full field lookup string in hint display #348 by @tdruez in #379
• Upgrade Django to latest 5.2.5 version by @tdruez in #380
• CRAVEX Update Jira documentation to suggest the use of "Blank" template #348 by @tdruez in #378
• CRAVEX Generic workflow integration #345 by @tdruez in #381
• Release 5.4.0 by @tdruez in #382

Full Changelog: v5.3.0...v5.4.0

v5.3.0

What's Changed

• Rename ProductDependency is_resolved to is_pinned #189 by @tdruez in #190
• Upgrade the RQ stack to latest version by @tdruez in #197
• Upgrade HTMX to version 2.0.3 by @tdruez in #198
• Store and display new Package.risk_score field in the UI by @tdruez in #194
• Add ProductVulnerabilityAnalysis model implementation #98 by @tdruez in #187
• Add ability to select affected products for analysis data propagation by @tdruez in #201
• Add ldap as requirements for dev install doc by @pombredanne in #204
• Update makefile and docs for dev setup by @pombredanne in #205
• Add vulnerabilities REST API endpoint #104 by @tdruez in #203
• Add is_reachable field on the VulnerabilityAnalysis model #103 by @tdruez in #206
• Refine the available settings for RQ_QUEUES #103 by @tdruez in #208
• Add override_unknown option in update_from_data method #202 by @tdruez in #209
• Update "unknown" ProductPackage.license_expression from Package #202 by @tdruez in #211
• Add vulnerabilities_risk_threshold fields #97 by @tdruez in #210
• Add reference documentation about Vulnerability Management #109 by @tdruez in #212
• Implement the CSAF VEX output view #107 by @tdruez in #213
• 110 tutorial vulnerabilities by @tdruez in #217
• Add exposure_factor field to the ProductItemPurpose model #102 by @tdruez in #218
• Add vulnerabilities notification #106 by @tdruez in #220
• Fix error when Request comment contains curly braces by @tdruez in #224
• Fix minor typo in SBOM load form by @pombredanne in #228
• Add a new "Working with SBOMs in a Product" tutorial #225 by @tdruez in #231
• Add a new "Create a Product Vulnerability Report" tutorial #226 by @tdruez in #232
• Dependencies upgrade by @tdruez in #246
• Use the "disable" label in place of "delete" in User admin #245 by @tdruez in #247
• Truncate the display of very long PURLs #227 by @tdruez in #248
• Enable the delete_selected action on RequestTemplateAdmin #243 by @tdruez in #259
• Add user time zone and use consistent rendering of date across the app #240 by @tdruez in #260
• Django 5.1.x by @tdruez in #261
• Fix package usage policy not getting set automatically from the license #200 by @tdruez in #262
• Upgrade multiple dependencies to their latest versions by @tdruez in #265
• Create missing Owner from the Product/Component form #239 by @tdruez in #264
• Add "Find vulnerabilities" workflow based on scancode-action by @tdruez in #267
• Refine the consistency of Product import actions #241 by @tdruez in #268
• Refine the GitHub workflows by @tdruez in #269
• Use deterministic UID/GID in Dockerfile #230 by @tdruez in #270
• Improve Evaluation Sign Up UX #233 by @tdruez in #274
• Add "CRAVEX support in DejaCode" reference documentation #242 by @tdruez in #277
• Fix the ProductDependencyAdmin form by @tdruez in #287
• Add PURL fragment search in ProductDependencyAdmin #286 by @tdruez in #288
• Fix an issue with urlize_target_blank when the URL contains curly braces by @tdruez in #292
• Replace hCaptcha with Altcha #235 by @tdruez in #278
• Upgrade Django to latest 5.1.8 security release by @tdruez in #294
• Add the ability to download Product "Imports" input file by @tdruez in #296
• Fix the unique_together_lookups in import_package #295 by @tdruez in #298
• Prevent the creation of duplicated "resolved" dependencies during imp… by @tdruez in #299
• Refactor the package lookups into a function #295 by @tdruez in #300
• Improve exception support in improve_packages_from_purldb task #303 by @tdruez in #304
• Add a new "Package Set" tab to the Package details view #276 by @tdruez in #305
• Add the ability to delete a Scan from Product inventory #222 by @tdruez in #281
• Refine get_purldb_entries to compare on plain PURL #307 by @tdruez in #308
• Release v5.3.0 by @tdruez in #309

Full Changelog: v5.2.1...v5.3.0

v5.2.1

What's Changed

• Fix the models documentation navigation #182 by @tdruez in #183
• Upgrade multiple dependencies to their latest version by @tdruez in #184
• Fix the validity of SPDX outputs #180 by @tdruez in #186

Full Changelog: v5.2.0...v5.2.1