All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

• bump dependencies

• bump dependencies

• bump dependencies

• bump dependencies and SECURITY

• bump dependencies

• bump dependencies

• bump dependencies

• 403 request error

• bump dependencies
• full url optional param
• changelog moved

• docs update

• axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

• update to cyclonedx version 1.6

• switch to API v2

• package-lock.json parser will fix sub-dependencies names

• update GithubActions to node 20.x

• automate dependency scans

• migrated to [email protected]
• Bump dependencies

• Bump dependencies

• Bump dependencies

• Fallback missing versions to 0.0.0

• Bump axios to fix vulnerabilities

• Automatically publish releases from main branch

• --includeDevDependencies false now properly disables devDependencies

• support package-lock.json v.3

• bump dependencies

• support for yarn v2+ lock files

• project migrated to yarn 3.5

• docs updated

• npm.ls cli -> package-lock.json or package.json or yarn.lock parse
• npm removed
• updated dependencies

• Migrate versions of dependencies

• Support new scan tool and fix problem with programmatic API for >= [email protected]
• Stop usage of global-npm until we find new resolution
• Get back npm as local dependency

• SBOM
• --saveAs and --saveAsFormat
• Bump minimist from 1.2.5 to 1.2.6
• Bump urijs from 1.19.10 to 1.19.11
• replace packageurl-js with simple local function
• improve docs

• request -> axios
• fix dependencies
• doc fixes

• --breakOnWarnings and --breakOnViolations
• Bump devDependencies

• Describe Error: The programmatic API was removed in npm v8.0.0
• Bump devDependencies
• Introduce sonarjs

• Bump glob-parent from 5.1.1 to 5.1.2
• Bump path-parse from 1.0.6 to 1.0.7
• Bump lodash from 4.17.19 to 4.17.21
• Bump y18n from 4.0.0 to 4.0.1

• option --includeDevDependencies. It is allow to scan dev dependencies

• Use global-npm (meaning npm is no longer a dependency of ts-node-client)

• option --brakeOnViolations. It is fail build in case any violations after scan transferred.
• option --brakeOnWarnings. It is fail build in case any warning after scan transferred.

• userName is not required param for scans
• Support usage of scan meta param binaryLinks inside Options definition

• Node JS and dependencies updates "node": ">= 8.12.0"

• Improve variable usage and tasks migration
• Support usage of scan meta params: branch and tag inside Options definition
• Skip npmDependency without names
• Update travis config
• Update dependency to resolve vulnerabilities

• Added proxy support and config
• Update travis config
• Updated README.md with app.trustsource.io
• Updated default url to app.trustsource.io
• Added windows support
• Fixed json

• options: --credentials and --credentialsFile instead you should use --config.
• option --baseUrl instead you should use --url.

• option --config. It is similar to credentials, but it will contain any config information.
• option --url. It is similar to baseUrl.
• option --apiKey and --userName so it will be unnecessary to create .tsrc.json file.
• options --version and --help.
• options shortcut.