v0.10.2

What's Changed

• fix: prefix release/tag with v by @Strum355 in #840
• fix: don't make requests for empty list of llm models by @Strum355 in #842
• fix: dont send empty image references list to exhort by @Strum355 in #845
• feat: include extra telemetry info by @Strum355 in #847
• fix: use gradle group:artifact range for diagnostics instead of version range by @Strum355 in #850
• chore: rename trustification references to guacsec by @Strum355 in #848
• feat: add UI config for setting exhort backend url by @Strum355 in #852
• chore: remove references to Snyk by @Strum355 in #851
• chore: add readme section for backend url and use in llm analysis by @Strum355 in #853
• chore: prevent CRLF in non-windows files by @ruromero in #855
• fix: replace rather than prepend recommended version in codeaction by @Strum355 in #856
• fix: don't count duplicate vulns multiple times in CA notification by @Strum355 in #858
• fix: use version range for code action instead of groupid:artifactid range by @Strum355 in #859
• [release] v0.10.2 by @github-actions[bot] in #860

Full Changelog: 0.10.1...v0.10.2

0.10.1

What's Changed

• chore: split release pipeline from version bump pipeline by @Strum355 in #832
• [release] v0.10.1 by @github-actions[bot] in #834
• fix: remove gh pr merge from prep-release pipeline by @Strum355 in #835
• [release] v0.10.1 with fixed pipeline by @Strum355 in #836
• [release] v0.10.1 with fixed pipeline (attempt 2) by @Strum355 in #837

New Contributors

• @github-actions[bot] made their first contribution in #834

Full Changelog: v0.10.0...0.10.1

v0.10.0

Changelog

What's Changed

• chore: remove LSP and integrate features directly by @Strum355 in #794
• feat: support toggling of recommendations by @Strum355 in #795
• chore: enable 'strict' type-checking in tsconfig by @Strum355 in #796
• chore: bump javascript-api version by @Strum355 in #797
• fix: component analysis status bar error tooltip not showing by @Strum355 in #798
• chore: improve UX for CA error messages by @Strum355 in #799
• feat: improve UX for error messages in logs & notifications by @Strum355 in #801
• feat: add option for additional maven cli arguments by @Strum355 in #802
• feat: support exclude patterns to ignore paths by @Strum355 in #803
• feat: LLM AI model cards by @Strum355 in #800
• feat: add metric names to LLM model cards hover and only include basics by @Strum355 in #806
• build: updated package with v0.9.6 by @soul2zimate in #807
• chore: fix wrong .npmrc path by @ruromero in #809
• fix: don't run component analysis for files opened not by the user by @Strum355 in #811
• docs: update markdown syntax for gradle-groovy by @ruromero in #814
• docs: align code block formatting in README.md by @ruromero in #816
• chore(ci): generate deployment builds using the commit sha by @ruromero in #817
• chore: bump javascript-api & api-spec versions by @Strum355 in #819
• chore: bump current version to v0.10.0 by @ruromero in #820
• chore: update readme to better explain maven/gradle wrapper settings by @Strum355 in #818
• feat: add telemetry for LLM models referenced in annotations, hovered on and reports generated for by @Strum355 in #813
• fix: revert "don't run component analysis for files opened not by the user" by @Strum355 in #821
• fix: correct thresholds in llm analysis bar chart by @Strum355 in #822
• fix: bump js api for image analysis opts propagation fix by @Strum355 in #823
• fix(ci): fix creating PR with version bump in release pipeline by @Strum355 in #826
• fix: bump js api for empty gomod fix by @Strum355 in #824
• fix: bump js api for podman hostinfo fallback fix by @Strum355 in #825
• chore(ci): use current released version in package.json and bump to next patch in stage by @Strum355 in #827
• fix(ci): typo node -> npm for stage workflow by @Strum355 in #828
• chore: switch llm analysis endpoint to default exhort url with EXHORT_DEV_MODE flag by @Strum355 in #829
• chore: create release PR label by @Strum355 in #830

New Contributors

• @soul2zimate made their first contribution in #807

Full Changelog: v0.9.6...v0.10.0

v0.9.6

Changelog

What's Changed

• docs: Minor reorg of content in README.md by @ritz303 in #749
• feat: support configuring maven wrapper usage preference by @Strum355 in #757
• docs: add changelog for 0.9.6 by @ruromero in #787
• fix: bump lsp & js api for mvnw preference fix by @Strum355 in #788
• chore(ci): add publish to vscode and ovsx upon release by @ruromero in #791
• feat: support configuring gradle wrapper usage preference by @Strum355 in #792
• chore: upgrade to js 0.2.3 by @ruromero in #793
• docs: update README.md accordingly by @ruromero in #790

Full Changelog: v0.9.5...v0.9.6

v0.9.5

Changelog

• enhancement - Added support for vulnerability analysis for Gradle build manifests.
• enhancement - Added support for vulnerability analysis on images in Dockerfiles.
• enhancement - Added new settings for the Python and Go ecosystems.
• enhancement - Added support for private GitHub Registries.
• fixes - Fixed an issue by removing a redundant / at the beginning of Windows URI paths that was causing some mvn commands to fail. See PR#692 for details.
• fixes - Fixed an issue with the Stack Analysis running on an open file, instead of running on an opened manifest file. See PR#692 for details.
• known issue - You can get an error by using the Use Pip Dep Tree and Use Python Virtual Environment options simultaneously. See the Known Issues section of the README for more information.
• known issue - Red Hat Dependency Analytics has limitations for Maven and Gradle. See the Known Issues section of the README for more information.
• informational - Added a telemetry event to track Red Hat's recommended version acceptance.

What's Changed

• feat: gradle support by @IlonaShishov in #708

Full Changelog: v0.9.4...v0.9.5

v0.9.4

Changelog

• informational - Removing access to Snyk's Vulnerability Database.

What's Changed

• chore: disable snyk token by @IlonaShishov in #694

Full Changelog: v0.9.3...v0.9.4

v0.9.3

Changelog

• enhancement - Red Hat Dependency Analytics reporting has integrated the ONGuard service by using Open Source Vulnerability (OSV) and the National Vulnerability Database (NVD) data sources for additional vulnerability information.
• enhancement - Integrated VS Code's Secret Storage feature for securing the Snyk token. See PR689 for details.
• fixes - Fixed an issue with displaying wrong data when the event handler for Component Analysis was triggered on a unsaved manifest file. Component Analysis is no longer triggered on unsaved manifest files. See PR#239 for details.
• fixes - Fixed an issue where the diagnostic source name is being obscured in the View Problem panel from an inline analysis. See PR#239 for details.
• informational - The naming convention for VS Code commands has changed from fabric8 to rhda. For example, fabric8.stackAnalysis is now rhda.stackAnalysis.

What's Changed

• feat: add osv-nvd provider by @IlonaShishov in #683

Full Changelog: v0.9.2...v0.9.3

v0.9.2

What's Changed

• chore: issue handling by @IlonaShishov in #676

• informational - The redHatDependencyAnalyticsReportFilePath setting name has changed to reportFilePath. If you had a custom file path set for redHatDependencyAnalyticsReportFilePath, then you need to add your custom file path to the reportFilePath setting.
• enhancement - Added a vulnerability severity alert level setting for the user to receive inline notifications for just errors or warnings. See PR#674 for details.
• fixes - Fixed an issue with the codeActionsMap call. When multiple manifest documents are open that have the same dependency, one of the document entries gets deleted. This gave a wrong result in the analysis. See PR#236 for details.
• fixes - Fixed an issue in the Exhort Javascript API. This fix enables and supports analysis of pom.xml manifests that include local modules, and a parent Project Object Model (POM). See the PR#237 for details.
• fixes - Fixed an issue with the analysis report not displaying because of spaces in the manifest file path. See PR#100 for details.

Full Changelog: v0.9.1...v0.9.2

v0.9.1

What's Changed

• fix: endpoint configuration issue by @IlonaShishov in #672

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

• refactor: code structure supporting single source exhort payload to multi source by @IlonaShishov in PR#661
• informational - Service Preview release of Red Hat Dependency Analytics (RHDA) extension.
• informational - Configuration names for all supported executable paths in the extension settings have changed. These executable paths are only used for the analysis.
• enhancement - Added support for error observation by using Sentry.
• enhancement - Support for more complex SPDX SBOM relationships.
• enhancement - Added recommendations and remediations in the Quick Fix... tab.
• fixes - Fixed an issue where unique Snyk vulnerability information was not being displayed in the Dependency Analytics report. See PR#217 for details.
• fixes - Better valid and invalid token alert messages for the Snyk vulnerability information provider. See PR#218 for details.
• fixes - Fixed analysis report discrepancies between Red Hat Dependency Analytics and Snyk’s analytics. See PR#219 for details.
• fixes - Fixed the Go and Python package links so they point to their specific package manager website.