v0.38.0

What's Changed

Added

• Added support for resolving Gradle dependencies from version catalog (libs.versions.toml)
• Added support for Gradle Kotlin DSL (build.gradle.kts) dependency parsing

Full Changelog: v0.37.0...v0.38.0

v0.37.0

What's Changed

Added

• Added skip_headers and skip_headers_limit support in scanoss.json file_snippet settings to filter license headers, comments, and imports before snippet matching
• Added proxy, http_config (base_uri, ignore_cert_errors) support in scanoss.json file_snippet settings
• Centralized scan settings into ScannerCfg.SCANOSS_SETTINGS

Full Changelog: v0.36.0...v0.37.0

v0.35.0

What's Changed

Added

• Implemented scan tuning parameters via CLI options and scanoss.json settings file (file_snippet section)
• Added ScanSettingsBuilder for constructing file snippet scan settings with priority: scanoss.json > CLI arguments
• Supported settings: min_snippet_hits, min_snippet_lines, ranking_enabled, ranking_threshold, honour_file_exts, dependency_analysis

Full Changelog: v0.34.0...v0.35.0

v0.34.0

What's Changed

Added

• Added support for pnpm-lock.yaml dependency parsing (v5, v6, and v9+ lockfile formats with transitive dependency scope resolution)
• Added support for pip_requirements_lock.txt (pip-compile / pip-tools lock file) dependency parsing
• Added support for Poetry dependency format in pyproject.toml parser ([tool.poetry.dependencies], [tool.poetry.dev-dependencies], [tool.poetry.group.<name>.dependencies])

Fixed

• Throttled file system operations in excludeBinariesAndLargeFiles using PQueue (concurrency: 10) to prevent EMFILE errors when processing large file lists
• Switched from async isBinaryFile to sync isBinaryFileSync for more predictable concurrency behavior

v0.32.0

What's Changed

Changed

• Improved decompression error handling: extraction failures are now collected and reported rather than stopping the entire process
• CLI scan command displays warnings for archives that failed to extract while continuing with successful extractions

Fixed

• Fixed libarchive.js compatibility with Electron ASAR archives by resolving module paths through app.asar.unpacked
• Used indirect dynamic import to prevent bundlers from converting ESM import() to require()
• Fixed libarchive.js worker initialization for paths containing spaces

Full Changelog: v0.31.2...v0.32.0

v0.31.2

What's Changed

Fixed

• Fixed CryptographyScanner hang when processing empty file list

Full Changelog: v0.31.1...v0.31.2

v0.31.1

What's Changed

Fixed

• Polyfill global File for libarchive.js in environments where it is not available

Full Changelog: v0.31.0...v0.31.1

v0.31.0

What's Changed

Added

• Added support for new archive decompression formats: .rar, .rpm, .tar.bz2, .tar.lzma, .tar.xz, .tbz2, .txz, .7z (via libarchive.js)
• Added support for single-file .gz decompression (via Node.js zlib)

Changed

• Upgraded tar dependency from ^6.2.1 to ^7.5.7

Full Changelog: v0.30.1...v0.31.0

v0.30.1

What's Changed

Fixed

• Exported missing License interface from IDependencyClient
• Added missing requirement field to CryptographyResponse interface

Full Changelog: v0.30.0...v0.30.1

v0.30.0

What's Changed

Fixed

• Reset proxy environment variables on each new HttpClient and Dispatcher instance
• Include file path in decompression error messages
• Added missing component URL to the HTML format

Changed

• Upgraded form-data dependency from ^4.0.0 to ^4.0.5
• Upgraded tar dependency from ^6.1.11 to ^6.2.1
• Refactored DependencyTypes.ts to extend interfaces from IDependencyClient instead of duplicating type definitions
• Updated DependencyScanner return types to use extended IDependencyResponse interface
• Removed unused dependency component extraction logic from ComponentDataProvider
• Added URL column to dependencies table in HTML report template

Full Changelog: v0.29.0...v0.30.0