From 6a73b4db8a7d7f2a8c18a7f98010bf23d09ceaad Mon Sep 17 00:00:00 2001 From: Rose Judge Date: Fri, 21 Jan 2022 14:51:05 -0800 Subject: [PATCH] Prepare for patched release 2.9.1 - Added release notes and freeze file - Bump updated dependency versions Signed-off-by: Rose Judge --- docs/releases/v2_9_1-requirements.txt | 201 ++++++++++++++++++++++++++ docs/releases/v2_9_1.md | 17 +++ requirements.txt | 6 +- 3 files changed, 221 insertions(+), 3 deletions(-) create mode 100644 docs/releases/v2_9_1-requirements.txt create mode 100644 docs/releases/v2_9_1.md diff --git a/docs/releases/v2_9_1-requirements.txt b/docs/releases/v2_9_1-requirements.txt new file mode 100644 index 00000000..8e59bf22 --- /dev/null +++ b/docs/releases/v2_9_1-requirements.txt @@ -0,0 +1,201 @@ +# +# This file is autogenerated by pip-compile with python 3.8 +# To update, run: +# +# pip-compile --generate-hashes --output-file=v2_9_1-requirements.txt +# +attrs==21.4.0 \ + --hash=sha256:2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4 \ + --hash=sha256:626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd + # via debian-inspector +certifi==2021.10.8 \ + --hash=sha256:78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872 \ + --hash=sha256:d62a0163eb4c2344ac042ab2bdf75399a71a2d8c7d47eac2e2ee91b9d6339569 + # via requests +chardet==4.0.0 \ + --hash=sha256:0d6f53a15db4120f2b08c94f11e7d93d2c911ee118b6b30a04ec3ee8310179fa \ + --hash=sha256:f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5 + # via debian-inspector +charset-normalizer==2.0.10 \ + --hash=sha256:876d180e9d7432c5d1dfd4c5d26b72f099d503e8fcc0feb7532c9289be60fcbd \ + --hash=sha256:cb957888737fc0bbcd78e3df769addb41fd1ff8cf950dc9e7ad7793f1bf44455 + # via requests +debian-inspector==30.0.0 \ + --hash=sha256:d0f4f9b13e9a75aaa0610b568e4b35db2b34cf50b79f5d7a69e25a10a47f5b18 \ + --hash=sha256:f6b706be9c8087521fdd0226c92433f2405182cb16949fe3455805754e19b6ef + # via -r requirements.in +docker==5.0.3 \ + --hash=sha256:7a79bb439e3df59d0a72621775d600bc8bc8b422d285824cb37103eab91d1ce0 \ + --hash=sha256:d916a26b62970e7c2f554110ed6af04c7ccff8e9f81ad17d0d40c75637e227fb + # via -r requirements.in +dockerfile-parse==1.2.0 \ + --hash=sha256:07e65eec313978e877da819855870b3ae47f3fac94a40a965b9ede10484dacc5 \ + --hash=sha256:c3fc8f491e1af8cb5f9e23ea6437a2913467b88a4be143095f150330b090be7e + # via -r requirements.in +gitdb==4.0.9 \ + --hash=sha256:8033ad4e853066ba6ca92050b9df2f89301b8fc8bf7e9324d412a63f8bf1a8fd \ + --hash=sha256:bac2fd45c0a1c9cf619e63a90d62bdc63892ef92387424b855792a6cabe789aa + # via gitpython +gitpython==3.1.26 \ + --hash=sha256:26ac35c212d1f7b16036361ca5cff3ec66e11753a0d677fb6c48fa4e1a9dd8d6 \ + --hash=sha256:fc8868f63a2e6d268fb25f481995ba185a85a66fcad126f039323ff6635669ee + # via -r requirements.in +idna==3.3 \ + --hash=sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff \ + --hash=sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d + # via requests +packageurl-python==0.9.6 \ + --hash=sha256:676dcb8278721df952e2444bfcd8d7bf3518894498050f0c6a5faddbe0860cd0 \ + --hash=sha256:c01fbaf62ad2eb791e97158d1f30349e830bee2dd3e9503a87f6c3ffae8d1cf0 + # via -r requirements.in +pbr==5.8.0 \ + --hash=sha256:176e8560eaf61e127817ef93d8a844803abb27a4d4637f0ff3bb783129be2e0a \ + --hash=sha256:672d8ebee84921862110f23fcec2acea191ef58543d34dfe9ef3d9f13c31cddf + # via + # -r requirements.in + # stevedore +prettytable==3.0.0 \ + --hash=sha256:69fe75d78ac8651e16dd61265b9e19626df5d630ae294fc31687aa6037b97a58 \ + --hash=sha256:d55bc2547611bd8c40f1c69bbb8daf1b6b2c326214a265d211ec9c57fc252093 + # via -r requirements.in +pyyaml==6.0 \ + --hash=sha256:0283c35a6a9fbf047493e3a0ce8d79ef5030852c51e9d911a27badfde0605293 \ + --hash=sha256:055d937d65826939cb044fc8c9b08889e8c743fdc6a32b33e2390f66013e449b \ + --hash=sha256:07751360502caac1c067a8132d150cf3d61339af5691fe9e87803040dbc5db57 \ + --hash=sha256:0b4624f379dab24d3725ffde76559cff63d9ec94e1736b556dacdfebe5ab6d4b \ + --hash=sha256:0ce82d761c532fe4ec3f87fc45688bdd3a4c1dc5e0b4a19814b9009a29baefd4 \ + --hash=sha256:1e4747bc279b4f613a09eb64bba2ba602d8a6664c6ce6396a4d0cd413a50ce07 \ + --hash=sha256:213c60cd50106436cc818accf5baa1aba61c0189ff610f64f4a3e8c6726218ba \ + --hash=sha256:231710d57adfd809ef5d34183b8ed1eeae3f76459c18fb4a0b373ad56bedcdd9 \ + --hash=sha256:277a0ef2981ca40581a47093e9e2d13b3f1fbbeffae064c1d21bfceba2030287 \ + --hash=sha256:2cd5df3de48857ed0544b34e2d40e9fac445930039f3cfe4bcc592a1f836d513 \ + --hash=sha256:40527857252b61eacd1d9af500c3337ba8deb8fc298940291486c465c8b46ec0 \ + --hash=sha256:473f9edb243cb1935ab5a084eb238d842fb8f404ed2193a915d1784b5a6b5fc0 \ + --hash=sha256:48c346915c114f5fdb3ead70312bd042a953a8ce5c7106d5bfb1a5254e47da92 \ + --hash=sha256:50602afada6d6cbfad699b0c7bb50d5ccffa7e46a3d738092afddc1f9758427f \ + --hash=sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 \ + --hash=sha256:77f396e6ef4c73fdc33a9157446466f1cff553d979bd00ecb64385760c6babdc \ + --hash=sha256:819b3830a1543db06c4d4b865e70ded25be52a2e0631ccd2f6a47a2822f2fd7c \ + --hash=sha256:897b80890765f037df3403d22bab41627ca8811ae55e9a722fd0392850ec4d86 \ + --hash=sha256:98c4d36e99714e55cfbaaee6dd5badbc9a1ec339ebfc3b1f52e293aee6bb71a4 \ + --hash=sha256:9df7ed3b3d2e0ecfe09e14741b857df43adb5a3ddadc919a2d94fbdf78fea53c \ + --hash=sha256:9fa600030013c4de8165339db93d182b9431076eb98eb40ee068700c9c813e34 \ + --hash=sha256:a80a78046a72361de73f8f395f1f1e49f956c6be882eed58505a15f3e430962b \ + --hash=sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c \ + --hash=sha256:b5b9eccad747aabaaffbc6064800670f0c297e52c12754eb1d976c57e4f74dcb \ + --hash=sha256:c5687b8d43cf58545ade1fe3e055f70eac7a5a1a0bf42824308d868289a95737 \ + --hash=sha256:cba8c411ef271aa037d7357a2bc8f9ee8b58b9965831d9e51baf703280dc73d3 \ + --hash=sha256:d15a181d1ecd0d4270dc32edb46f7cb7733c7c508857278d3d378d14d606db2d \ + --hash=sha256:d4db7c7aef085872ef65a8fd7d6d09a14ae91f691dec3e87ee5ee0539d516f53 \ + --hash=sha256:d4eccecf9adf6fbcc6861a38015c2a64f38b9d94838ac1810a9023a0609e1b78 \ + --hash=sha256:d67d839ede4ed1b28a4e8909735fc992a923cdb84e618544973d7dfc71540803 \ + --hash=sha256:daf496c58a8c52083df09b80c860005194014c3698698d1a57cbcfa182142a3a \ + --hash=sha256:e61ceaab6f49fb8bdfaa0f92c4b57bcfbea54c09277b1b4f7ac376bfb7a7c174 \ + --hash=sha256:f84fbc98b019fef2ee9a1cb3ce93e3187a6df0b2538a651bfb890254ba9f90b5 + # via -r requirements.in +regex==2022.1.18 \ + --hash=sha256:04611cc0f627fc4a50bc4a9a2e6178a974c6a6a4aa9c1cca921635d2c47b9c87 \ + --hash=sha256:0b5d6f9aed3153487252d00a18e53f19b7f52a1651bc1d0c4b5844bc286dfa52 \ + --hash=sha256:0d2f5c3f7057530afd7b739ed42eb04f1011203bc5e4663e1e1d01bb50f813e3 \ + --hash=sha256:11772be1eb1748e0e197a40ffb82fb8fd0d6914cd147d841d9703e2bef24d288 \ + --hash=sha256:1333b3ce73269f986b1fa4d5d395643810074dc2de5b9d262eb258daf37dc98f \ + --hash=sha256:16f81025bb3556eccb0681d7946e2b35ff254f9f888cff7d2120e8826330315c \ + --hash=sha256:1a171eaac36a08964d023eeff740b18a415f79aeb212169080c170ec42dd5184 \ + --hash=sha256:1d6301f5288e9bdca65fab3de6b7de17362c5016d6bf8ee4ba4cbe833b2eda0f \ + --hash=sha256:1e031899cb2bc92c0cf4d45389eff5b078d1936860a1be3aa8c94fa25fb46ed8 \ + --hash=sha256:1f8c0ae0a0de4e19fddaaff036f508db175f6f03db318c80bbc239a1def62d02 \ + --hash=sha256:2245441445099411b528379dee83e56eadf449db924648e5feb9b747473f42e3 \ + --hash=sha256:22709d701e7037e64dae2a04855021b62efd64a66c3ceed99dfd684bfef09e38 \ + --hash=sha256:24c89346734a4e4d60ecf9b27cac4c1fee3431a413f7aa00be7c4d7bbacc2c4d \ + --hash=sha256:25716aa70a0d153cd844fe861d4f3315a6ccafce22b39d8aadbf7fcadff2b633 \ + --hash=sha256:2dacb3dae6b8cc579637a7b72f008bff50a94cde5e36e432352f4ca57b9e54c4 \ + --hash=sha256:34316bf693b1d2d29c087ee7e4bb10cdfa39da5f9c50fa15b07489b4ab93a1b5 \ + --hash=sha256:36b2d700a27e168fa96272b42d28c7ac3ff72030c67b32f37c05616ebd22a202 \ + --hash=sha256:37978254d9d00cda01acc1997513f786b6b971e57b778fbe7c20e30ae81a97f3 \ + --hash=sha256:38289f1690a7e27aacd049e420769b996826f3728756859420eeee21cc857118 \ + --hash=sha256:385ccf6d011b97768a640e9d4de25412204fbe8d6b9ae39ff115d4ff03f6fe5d \ + --hash=sha256:3c7ea86b9ca83e30fa4d4cd0eaf01db3ebcc7b2726a25990966627e39577d729 \ + --hash=sha256:49810f907dfe6de8da5da7d2b238d343e6add62f01a15d03e2195afc180059ed \ + --hash=sha256:519c0b3a6fbb68afaa0febf0d28f6c4b0a1074aefc484802ecb9709faf181607 \ + --hash=sha256:51f02ca184518702975b56affde6c573ebad4e411599005ce4468b1014b4786c \ + --hash=sha256:552a39987ac6655dad4bf6f17dd2b55c7b0c6e949d933b8846d2e312ee80005a \ + --hash=sha256:596f5ae2eeddb79b595583c2e0285312b2783b0ec759930c272dbf02f851ff75 \ + --hash=sha256:6014038f52b4b2ac1fa41a58d439a8a00f015b5c0735a0cd4b09afe344c94899 \ + --hash=sha256:61ebbcd208d78658b09e19c78920f1ad38936a0aa0f9c459c46c197d11c580a0 \ + --hash=sha256:6213713ac743b190ecbf3f316d6e41d099e774812d470422b3a0f137ea635832 \ + --hash=sha256:637e27ea1ebe4a561db75a880ac659ff439dec7f55588212e71700bb1ddd5af9 \ + --hash=sha256:6aa427c55a0abec450bca10b64446331b5ca8f79b648531138f357569705bc4a \ + --hash=sha256:6ca45359d7a21644793de0e29de497ef7f1ae7268e346c4faf87b421fea364e6 \ + --hash=sha256:6db1b52c6f2c04fafc8da17ea506608e6be7086715dab498570c3e55e4f8fbd1 \ + --hash=sha256:752e7ddfb743344d447367baa85bccd3629c2c3940f70506eb5f01abce98ee68 \ + --hash=sha256:760c54ad1b8a9b81951030a7e8e7c3ec0964c1cb9fee585a03ff53d9e531bb8e \ + --hash=sha256:768632fd8172ae03852e3245f11c8a425d95f65ff444ce46b3e673ae5b057b74 \ + --hash=sha256:7a0b9f6a1a15d494b35f25ed07abda03209fa76c33564c09c9e81d34f4b919d7 \ + --hash=sha256:7e070d3aef50ac3856f2ef5ec7214798453da878bb5e5a16c16a61edf1817cc3 \ + --hash=sha256:7e12949e5071c20ec49ef00c75121ed2b076972132fc1913ddf5f76cae8d10b4 \ + --hash=sha256:7e26eac9e52e8ce86f915fd33380f1b6896a2b51994e40bb094841e5003429b4 \ + --hash=sha256:85ffd6b1cb0dfb037ede50ff3bef80d9bf7fa60515d192403af6745524524f3b \ + --hash=sha256:8618d9213a863c468a865e9d2ec50221015f7abf52221bc927152ef26c484b4c \ + --hash=sha256:8acef4d8a4353f6678fd1035422a937c2170de58a2b29f7da045d5249e934101 \ + --hash=sha256:8d2f355a951f60f0843f2368b39970e4667517e54e86b1508e76f92b44811a8a \ + --hash=sha256:90b6840b6448203228a9d8464a7a0d99aa8fa9f027ef95fe230579abaf8a6ee1 \ + --hash=sha256:9187500d83fd0cef4669385cbb0961e227a41c0c9bc39219044e35810793edf7 \ + --hash=sha256:93c20777a72cae8620203ac11c4010365706062aa13aaedd1a21bb07adbb9d5d \ + --hash=sha256:93cce7d422a0093cfb3606beae38a8e47a25232eea0f292c878af580a9dc7605 \ + --hash=sha256:94c623c331a48a5ccc7d25271399aff29729fa202c737ae3b4b28b89d2b0976d \ + --hash=sha256:97f32dc03a8054a4c4a5ab5d761ed4861e828b2c200febd4e46857069a483916 \ + --hash=sha256:9a2bf98ac92f58777c0fafc772bf0493e67fcf677302e0c0a630ee517a43b949 \ + --hash=sha256:a602bdc8607c99eb5b391592d58c92618dcd1537fdd87df1813f03fed49957a6 \ + --hash=sha256:a9d24b03daf7415f78abc2d25a208f234e2c585e5e6f92f0204d2ab7b9ab48e3 \ + --hash=sha256:abfcb0ef78df0ee9df4ea81f03beea41849340ce33a4c4bd4dbb99e23ec781b6 \ + --hash=sha256:b013f759cd69cb0a62de954d6d2096d648bc210034b79b1881406b07ed0a83f9 \ + --hash=sha256:b02e3e72665cd02afafb933453b0c9f6c59ff6e3708bd28d0d8580450e7e88af \ + --hash=sha256:b52cc45e71657bc4743a5606d9023459de929b2a198d545868e11898ba1c3f59 \ + --hash=sha256:ba37f11e1d020969e8a779c06b4af866ffb6b854d7229db63c5fdddfceaa917f \ + --hash=sha256:bb804c7d0bfbd7e3f33924ff49757de9106c44e27979e2492819c16972ec0da2 \ + --hash=sha256:bf594cc7cc9d528338d66674c10a5b25e3cde7dd75c3e96784df8f371d77a298 \ + --hash=sha256:c38baee6bdb7fe1b110b6b3aaa555e6e872d322206b7245aa39572d3fc991ee4 \ + --hash=sha256:c73d2166e4b210b73d1429c4f1ca97cea9cc090e5302df2a7a0a96ce55373f1c \ + --hash=sha256:c9099bf89078675c372339011ccfc9ec310310bf6c292b413c013eb90ffdcafc \ + --hash=sha256:cf0db26a1f76aa6b3aa314a74b8facd586b7a5457d05b64f8082a62c9c49582a \ + --hash=sha256:d19a34f8a3429bd536996ad53597b805c10352a8561d8382e05830df389d2b43 \ + --hash=sha256:da80047524eac2acf7c04c18ac7a7da05a9136241f642dd2ed94269ef0d0a45a \ + --hash=sha256:de2923886b5d3214be951bc2ce3f6b8ac0d6dfd4a0d0e2a4d2e5523d8046fdfb \ + --hash=sha256:defa0652696ff0ba48c8aff5a1fac1eef1ca6ac9c660b047fc8e7623c4eb5093 \ + --hash=sha256:e54a1eb9fd38f2779e973d2f8958fd575b532fe26013405d1afb9ee2374e7ab8 \ + --hash=sha256:e5c31d70a478b0ca22a9d2d76d520ae996214019d39ed7dd93af872c7f301e52 \ + --hash=sha256:ebaeb93f90c0903233b11ce913a7cb8f6ee069158406e056f884854c737d2442 \ + --hash=sha256:ecfe51abf7f045e0b9cdde71ca9e153d11238679ef7b5da6c82093874adf3338 \ + --hash=sha256:f99112aed4fb7cee00c7f77e8b964a9b10f69488cdff626ffd797d02e2e4484f \ + --hash=sha256:fd914db437ec25bfa410f8aa0aa2f3ba87cdfc04d9919d608d02330947afaeab + # via -r requirements.in +requests==2.27.1 \ + --hash=sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61 \ + --hash=sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d + # via + # -r requirements.in + # docker +six==1.16.0 \ + --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \ + --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 + # via dockerfile-parse +smmap==5.0.0 \ + --hash=sha256:2aba19d6a040e78d8b09de5c57e96207b09ed71d8e55ce0959eeee6c8e190d94 \ + --hash=sha256:c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936 + # via gitdb +stevedore==3.5.0 \ + --hash=sha256:a547de73308fd7e90075bb4d301405bebf705292fa90a90fc3bcf9133f58616c \ + --hash=sha256:f40253887d8712eaa2bb0ea3830374416736dc8ec0e22f5a65092c1174c44335 + # via -r requirements.in +urllib3==1.26.8 \ + --hash=sha256:000ca7f471a233c2251c6c7023ee85305721bfdf18621ebff4fd17a8653427ed \ + --hash=sha256:0e7c33d9a63e7ddfcb86780aac87befc2fbddf46c58dbb487e0855f7ceec283c + # via requests +wcwidth==0.2.5 \ + --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \ + --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83 + # via prettytable +websocket-client==1.2.3 \ + --hash=sha256:1315816c0acc508997eb3ae03b9d3ff619c9d12d544c9a9b553704b1cc4f6af5 \ + --hash=sha256:2eed4cc58e4d65613ed6114af2f380f7910ff416fc8c46947f6e76b6815f56c0 + # via docker diff --git a/docs/releases/v2_9_1.md b/docs/releases/v2_9_1.md new file mode 100644 index 00000000..e57364b7 --- /dev/null +++ b/docs/releases/v2_9_1.md @@ -0,0 +1,17 @@ +# Release 2.9.1 + +This is a patched release to address a few important bugs. Please see the [Release 2.9.0 release notes](v2_9_0.md) for details on the first cut. + +Specifically, patches on top of v2.9.0 in this release do the following: +* [Use Skoepo to fix the retrieval method for the image digest](https://github.com/tern-tools/tern/issues/1101) +* [Parse extended attributes using new parse_hash_content() method](https://github.com/tern-tools/tern/issues/1100) +* [Fix CycloneDX report generation](https://github.com/tern-tools/tern/issues/1097) +* [Fix Scancode parsing TypeError](https://github.com/tern-tools/tern/issues/1063) + +## Patches +``` +ce5c763 Fix scancode KeyError during license parsing +57c644c classes: Parse extended attributes +e74466b Fix retrieving image digest +16db01a Fix CycloneDX report generation +``` diff --git a/requirements.txt b/requirements.txt index 16f2af60..2717a7f2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,11 +9,11 @@ PyYAML>=6.0 docker~=5.0 dockerfile-parse~=1.2 -requests~=2.26 +requests~=2.27 stevedore>=3.5 pbr>=5.8 debian-inspector>=30.0 -regex>=2021.11 +regex>=2022.1 GitPython~=3.1 -prettytable~=2.4 +prettytable~=3.0 packageurl-python>=0.9.6