Merge branch 'main' into add-rockylinux-advisories

.github/workflows/docs.yml

@@ -9,7 +9,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [3.8]
+        python-version: [3.9]
 
     steps:
       - name: Checkout code

.github/workflows/main.yml

@@ -29,7 +29,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: ["3.8", "3.9", "3.10"]
+        python-version: ["3.9", "3.10", "3.11"]
 
     steps:
       - name: Checkout code

.github/workflows/pypi-release.yml

@@ -37,7 +37,7 @@ jobs:
         run: python -m build --sdist --wheel --outdir dist/
 
       - name: Upload built archives
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: pypi_archives
           path: dist/*
@@ -51,7 +51,7 @@ jobs:
 
     steps:
       - name: Download built archives
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: pypi_archives
           path: dist
@@ -71,7 +71,7 @@ jobs:
 
     steps:
       - name: Download built archives
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: pypi_archives
           path: dist

CHANGELOG.rst

@@ -1,6 +1,36 @@
 Release notes
 =============
 
+Version (next)
+-------------------
+
+
+Version v34.0.2
+-------------------
+
+- Add management command to commit exported vulnerability data (#1600)
+- Fix API 500 error (#1603)
+
+
+Version v34.0.1
+-------------------
+
+- Add Pipeline to flag ghost packages (#1533)
+- Add logging configuration (#1533)
+- Drop support for python 3.8 (#1533)
+- Drop using docker-compose and use the built-in "docker compose" instead
+- Upgrade core dependencies including Django and Rest Framework
+- Fix typo in KEV improver (#1594)
+
+
+Version v34.0.0
+-------------------
+
+- Improve API performance.
+- Add severity range score in API.
+- Refactor GitlabDataSource to work with browser extension
+
+
 Version v34.0.0rc5
 -------------------
 

Makefile

@@ -129,9 +129,9 @@ docs:
 
 docker-images:
 	@echo "-> Build Docker services"
-	docker-compose build
+	docker compose build
 	@echo "-> Pull service images"
-	docker-compose pull
+	docker compose pull
 	@echo "-> Save the service images to a compressed tar archive in the dist/ directory"
 	@mkdir -p dist/
 	@docker save postgres vulnerablecode_vulnerablecode nginx | gzip > dist/vulnerablecode-images-`git describe --tags`.tar.gz

README.rst

@@ -66,18 +66,18 @@ Getting started
 Run with Docker
 ^^^^^^^^^^^^^^^^
 
-First install docker and docker-compose, then run::
+First install docker, then run::
 
     git clone https://github.com/nexB/vulnerablecode.git && cd vulnerablecode
     make envfile
-    docker-compose build
-    docker-compose up -d
-    docker-compose run vulnerablecode ./manage.py import --list
+    docker compose build
+    docker compose up -d
+    docker compose run vulnerablecode ./manage.py import --list
 
 Then run an importer for nginx advisories (which is small)::
 
-    docker-compose exec vulnerablecode ./manage.py import vulnerabilities.importers.nginx.NginxImporter
-    docker-compose exec vulnerablecode ./manage.py improve --all
+    docker compose exec vulnerablecode ./manage.py import vulnerabilities.importers.nginx.NginxImporter
+    docker compose exec vulnerablecode ./manage.py improve --all
 
 At this point, the VulnerableCode app and API should be up and running with
 some data at http://localhost

aboutcode/hashid/README.rst

@@ -0,0 +1,15 @@
+aboutcode.hashid
+==================
+
+This is a library of utilities to compute ids and file paths for AboutCode  using VCID and PURLs.
+
+License
+-------
+
+Copyright (c) nexB Inc. and others. All rights reserved.
+
+SPDX-License-Identifier: Apache-2.0
+
+See https://github.com/aboutcode-org/vulnerablecode for support or download.
+
+See https://aboutcode.org for more information about AboutCode OSS projects.