v0.1.2

This GUAC release is done to capture the current state of the graphQL API (before changes to the vulnerability, isDependency, and input spec schema). This will allow for the demos/documentation to function normally until these updates are released and the demo/documents are updated.

Additionally, a guac-compose tarball is attached that is pre-configured to point to the published container for this release, ghcr.io/guacsec/guac:v0.1.2.

Changelog

• 463b800 📖 Included comments for the bfs on patchPlanning (#1130)
• 64dfda6 Add @jeffmendoza as Maintainer. (#1144)
• 9368f3a Add PointOfContact predicate to PatchPlanning (#1088)
• 61f54cd Added non-nil dereferencing to SLSA parser (#1127)
• 542de58 Bump actions/setup-go from 4.0.1 to 4.1.0 (#1149)
• be6f554 Bump github.com/99designs/gqlgen from 0.17.35 to 0.17.36 (#1111)
• 93f9ec8 Bump github.com/aws/aws-sdk-go from 1.44.284 to 1.44.318 (#1134)
• c88d885 Bump github.com/aws/aws-sdk-go from 1.44.318 to 1.44.323 (#1155)
• cd0816e Bump github.com/fsouza/fake-gcs-server from 1.45.2 to 1.46.0 (#1108)
• dff7644 Bump github.com/fsouza/fake-gcs-server from 1.46.0 to 1.47.4 (#1136)
• bc9970c Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (#1090)
• 83cd681 Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#1109)
• d01bc9c Bump github.com/google/osv-scanner from 1.3.5 to 1.3.6 (#1089)
• c8fd1a8 Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 (#1137)
• c618ce8 Bump github.com/nats-io/nats-server/v2 from 2.9.20 to 2.9.21 (#1152)
• acc26ce Bump github.com/nats-io/nats.go from 1.27.1 to 1.28.0 (#1092)
• 6fb18da Bump github.com/ossf/scorecard/v4 from 4.11.0 to 4.12.0 (#1153)
• 33755da Bump github.com/regclient/regclient from 0.5.0 to 0.5.1 (#1138)
• 6b4d7a4 Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 (#1151)
• 4c6e169 Bump github.com/spdx/tools-golang from 0.5.2 to 0.5.3 (#1110)
• ec385a9 Bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 (#1135)
• 605a5fa Bump google.golang.org/api from 0.130.0 to 0.133.0 (#1091)
• 191faac Bump google.golang.org/api from 0.134.0 to 0.136.0 (#1154)
• 3b3cb50 Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (#1150)
• 50f97f7 Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 (#1139)
• 093d702 Fix Logging in Collectsub Server (#995)
• 1bd9fef Mandatory queries filtering specs (#1114)
• 069edcb Parse SPDX: manage relations with top level package (#1103)
• 021655e Refactored and Included Tests for TopoSortFromBfsNodeMap (#1133)
• a0b4370 Remove UI Opts, add queries used by viz under packages (#1122)
• a0ac552 Workaround depversion handling. (#1113)
• 7d1960b [PatchPlanning] Add CLI cmd for patch planning (#1129)
• 00e931f [PatchPlanning] Rename dependencies to dependents in search (#1142)
• 90cb0b7 [PatchPlanning] Toposort / frontiers (#1101)
• a8e7ad3 [fix] Removed Empty String Parents for Root Nodes (#1131)
• c3fe7c4 [patchPlanning] Make Parent field in BfsNode into a list (#1095)
• c0614ec add certifyBad query, certifyGood ingestion and query, update bulk assembler (#1123)
• 3f93cd4 add query for IsOccurrence, isDependency and HasSBOM for Arango backend (#1096)
• 7724bda arango: query hashEqual, bulk ingest hasSBOM and hashEqual, filter on builtFrom on hasSLSA (#1100)
• bc5c042 connects guac with a given aws neptune cluster endpoint (#1126)
• 606f5da fix to add type filter for dependent package (#1156)
• 9f1ccf2 fix ui opts and examples for visualizer code gen (#1121)
• febfb54 issue-1105 inmem HasSBOM: manage no hasSBOMSpec sent (#1106)
• bdd1b0c specify the version of the nats helm chart (#1119)
• 15ad9f9 update API for bulk ingestion for CertifyBad/CertifyGood, add missing unit tests, update collections on arango (#1115)