Merge pull request #776 from nexB/release-prep

Prepare release

Author: pombredanne

.VERSION

@@ -0,0 +1,3 @@
+refs=$Format:%D$
+commit=$Format:%H$
+abbrev_commit=$Format:%H$

CHANGELOG.rst

@@ -4,37 +4,50 @@ Release notes
 Version v30.0.0
 ----------------
 
-- Refactor core processing with Importers that import data and Improvers that
-  get the imported data and convert that in Vulnerabilities and Packages and can
-  also improve and refine imported and existing data. The migration to this new
-  architecture is under way.
+- We refactored the core processing with Importers that import data and Improvers that
+  transform imported data and convert that in Vulnerabilities and Packages. Improvers can
+  also improve and refine imported and existing data as well as enrich data using external
+  data sources. The migration to this new architecture is under way and not all importers
+  are available. You can track the progress in this issue: https://github.com/nexB/vulnerablecode/issues/597 
+  Because of these extensive changes, it is not possible to migrate existing imported
+  data to the new schema. You will need instead to restart imports from an empty database
+  or request access to the new vulnerablecode.io live instance.
 
-- Add new data sources including OSV, GitHub and GitLab.
+- We added new data sources including PYSEC, GitHub and GitLab.
 
-- Improve documentation including adding examples for importers and improvers
+- We improved the documentation including adding development examples for importers and improvers.
 
-- Remove the ability to edit relationships from the UI. The UI is now read-only
-  and we will need to design a different UI for proper review and curation of
-  vulnerabilities.
+- We removed the ability to edit relationships from the UI. The UI is now read-only
+  and we will need to design a different UI for proper review and curation of vulnerabilities.
 
-- Add support for nix as a Linux deployment target.
+- We added support for NixOS as a Linux deployment target.
 
-- Lookup vulnerabilities from CPE through API
+- The aliases of a vulnerabily are reported in the API vulnerabilities/ endpoint
 
-- Breaking Changes at API level
-  - /api/vulnerabilities 
-    - Replace `resolved_packages` by `fixed_packages` 
-    - Replace `unresolved_packages` by `affected_packages`
-    - Replace `url` by `reference_url` in the reference list
-  - /api/packages
-    - Replace `unresolved_vulnerabilities` by `affected_by_vulnerabilities`
-    - Replace  `resolved_vulnerabilities` by `fixing_vulnerabilities`
-    - Replace `url` by `reference_url` in the reference list
 
-- Add alias to the /api/vulnerabilities
+- There are breaking Changes at API level with changes in the data structure:
 
-- Lookup vulnerabilities from aliases
+  - in the /api/vulnerabilities/ endpoint:
 
+    - Rename `resolved_packages` to `fixed_packages` 
+    - Rename `unresolved_packages` to `affected_packages`
+    - Rename `url` to `reference_url` in the reference list
+
+  - in the /api/packages/ endpoint:
+
+    - Rename `unresolved_vulnerabilities` to `affected_by_vulnerabilities`
+    - Rename  `resolved_vulnerabilities` to `fixing_vulnerabilities`
+    - Rename `url` to `reference_url` in the reference list
+
+- There is a new experimental cpe/ API endpoint to lookup for vulnerabilities by CPE and 
+  another aliases/ endpoint to lookup for vulnerabilities by aliases. These two endpoints will be
+  replaced by query parameters on the main vulnerabilities/ endpoint when stabilized.
+
+
+Other:
+
+- we dropped calver to use a plain semver.
+- we adopted vers and the new univers library to handle version ranges.
 
 
 Version v20.10

CODE_OF_CONDUCT.rst

@@ -0,0 +1,86 @@
+Contributor Covenant Code of Conduct
+====================================
+
+Our Pledge
+----------
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our
+project and our community a harassment-free experience for everyone,
+regardless of age, body size, disability, ethnicity, gender identity and
+expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+Our Standards
+-------------
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+-  Using welcoming and inclusive language
+-  Being respectful of differing viewpoints and experiences
+-  Gracefully accepting constructive criticism
+-  Focusing on what is best for the community
+-  Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+-  The use of sexualized language or imagery and unwelcome sexual
+   attention or advances
+-  Trolling, insulting/derogatory comments, and personal or political
+   attacks
+-  Public or private harassment
+-  Publishing others’ private information, such as a physical or
+   electronic address, without explicit permission
+-  Other conduct which could reasonably be considered inappropriate in a
+   professional setting
+
+Our Responsibilities
+--------------------
+
+Project maintainers are responsible for clarifying the standards of
+acceptable behavior and are expected to take appropriate and fair
+corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit,
+or reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, or to ban
+temporarily or permanently any contributor for other behaviors that they
+deem inappropriate, threatening, offensive, or harmful.
+
+Scope
+-----
+
+This Code of Conduct applies both within project spaces and in public
+spaces when an individual is representing the project or its community.
+Examples of representing a project or community include using an
+official project e-mail address, posting via an official social media
+account, or acting as an appointed representative at an online or
+offline event. Representation of a project may be further defined and
+clarified by project maintainers.
+
+Enforcement
+-----------
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may
+be reported by contacting the project team at [email protected]
+or on the Gitter chat channel at https://gitter.im/aboutcode-org/discuss .
+All complaints will be reviewed and investigated and will result in a
+response that is deemed necessary and appropriate to the circumstances.
+The project team is obligated to maintain confidentiality with regard to
+the reporter of an incident. Further details of specific enforcement
+policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in
+good faith may face temporary or permanent repercussions as determined
+by other members of the project’s leadership.
+
+Attribution
+-----------
+
+This Code of Conduct is adapted from the `Contributor Covenant`_ ,
+version 1.4, available at
+https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+.. _Contributor Covenant: https://www.contributor-covenant.org

LICENSE

@@ -0,0 +1,27 @@
+graft vulnerabilities
+graft vulnerablecode
+graft docs
+graft etc
+recursive-include etc/thirdparty *
+
+include *.LICENSE
+include NOTICE
+include *.toml
+include *.yml
+include *.rst
+include *.png
+include setup.*
+include configure*
+include requirements*
+include .dockerignore
+include .gitignore
+include .readthedocs.yml
+include manage.py
+include Dockerfile
+include Makefile
+include MANIFEST.in
+
+include .VERSION
+
+global-exclude *.py[co] __pycache__ *.*~
+