v2.0.0-rc.4

This is a release candidate for GitProxy v2 which improves stability by fixing various bugs and wrapping up the codebase's TypeScript conversion. Some notable changes include:

• Added support for AWS Credential Provider to authenticate MongoDB connections in #1319
• Added documentation page for config properties in #1243
  • Schema reference available on our website
• Fixed failure on subsequent pushes to the same branch (Invalid revision range) in #1305
• Fixed startup error due to mismatched default repos in #1284

What's Changed

• fix: rename definitions/authentication in schema to make it more inutitive by @kriswest in #1231
• chore(deps): update github-actions - workflows - .github/workflows/dependency-review.yml by @renovate[bot] in #1226
• chore: remove defunct release workflow by @kriswest in #1234
• chore(deps): update dependency @types/node to ^22.18.7 - li-cli - experimental/li-cli/package.json by @renovate[bot] in #1235
• chore: deprecate github api baseUrl by @andypols in #1232
• feat: improve login page flexibility by @jescalada in #1227
• chore: generate provenance statement when publishing to npm by @kriswest in #1242
• test: fix generated-config test and default config for updated schema by @kriswest in #1244
• refactor: git-proxy-cli package to TS + ESM (v2) by @jescalada in #1180
• fix(deps): update npm - - package.json by @renovate[bot] in #1236
• feat: config schema for missing properties by @kriswest in #1243
• chore(deps): update npm - - package.json by @renovate[bot] in #1247
• refactor: service module to TS + ESM (v2) by @jescalada in #1166
• fix: escape literals in scan diff by @kriswest in #1251
• chore(deps): update github-actions - workflows - .github/workflows/dependency-review.yml by @renovate[bot] in #1250
• refactor: Add TypeScript support by @fabiovincenzi in #1142
• fix: infinite loop in UserList component by @andypols in #1255
• fix: the npm check-types failures by @andypols in #1254
• refactor: remove unnecessary getUserLoggedIn API call in User component by @andypols in #1257
• refactor: convert remaining UI files to TS by @jescalada in #1256
• fix: correct and simplify git push/pull request classification using content-type headers by @kriswest in #1249
• fix: Plugin loader tests by @jescalada in #1262
• chore: add confirmation dialog by @andypols in #1267
• fix: broken user links by @andypols in #1268
• test: add tests for plugins written in ESM by @jescalada in #1266
• fix: empty pagination by @andypols in #1274
• refactor: consolidate TS types by @jescalada in #1275
• fix(deps): update npm - - package.json by @renovate[bot] in #1252
• chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml by @renovate[bot] in #1279
• fix: proxy preparations mismatch bug by @jescalada in #1284
• fix: demo video by @tabathad in #1298
• refactor: migrate tests to Vitest + TS by @jescalada in #1202
• fix(deps): update npm to v5 - - package.json (major) by @renovate[bot] in #900
• chore(deps): update github-actions - workflows - .github/workflows/scorecard.yml by @renovate[bot] in #1306
• chore(deps): update npm to v2 - - package.json (major) by @renovate[bot] in #1132
• fix(deps): update dependency axios to ^1.13.2 - git-proxy-cli - packages/git-proxy-cli/package.json by @renovate[bot] in #1290
• fix: revert singleBranch option in pullRemote action by @jescalada in #1305
• fix: the condition "types" here will never be used warning by @andypols in #1311
• fix: macos test failures due to concurrent file access by @coopernetes in #1312
• fix: misleading endpoint status codes and error messages by @jescalada in #1293
• fix: defer reading of database configuration until needed to fix race by @kriswest in #1316
• feat: add support for using an AWS Credential Provider to authenticate MongoDB connections by @kriswest in #1319
• chore: upgrade node & mongo versions in ci, actions upgrades by @coopernetes in #1315
• fix: drop dependency on jwk-to-pem by using native crypto by @dgl in #1283
• fix: move supertest to dev dependencies by @andypols in #1328
• fix: convert remaining UI javascript to typescript by @andypols in #1329
• chore: bump git-proxy version to v2.0.0-rc.4 by @jescalada in #1322

New Contributors

• @dgl made their first contribution in #1283

Full Changelog: v2.0.0-rc.3...v2.0.0-rc.4

v2.0.0-rc.3

This is a release candidate for GitProxy v2 which includes a addresses a diverse set of security, functionality, stability and performance issues/enhancement requests including:

• optimize pullRemote for large repos #985
• [Feature]: Create admin protected endpoint for creating users #40 & Feature Request: User Creation Endpoint and CLI Command #980
• [Refactor]: Improve configuration loading #32
• (bug) scanDiff fails on force pushes #1008
• chore: add /healthcheck endpoint to the proxy #1197
• Incorrect error message on cloning unauthorized repo #1181
• Investigate duplication of process steps in push approval flow #1196
• Z_DATA_ERROR during push parsing #1040
• Log out with AD auth fails in production #1201

A number of improvements to Git Proxy tests and dependency updates are also included in this release.

What's Changed

• chore(deps): update dependency cross-env to v10 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1173
• fix: prevent DOS when checking an unknown repo by @andypols in #1095
• feat: Create admin protected endpoint for creating users by @dcoric in #981
• chore: add testing documentation and coverage checks by @jescalada in #1147
• chore(deps): update github-actions - workflows - .github/workflows/dependency-review.yml by @renovate[bot] in #1170
• chore(deps): update dependency @types/node to ^22.18.1 - li-cli - experimental/li-cli/package.json by @renovate[bot] in #1190
• fix(deps): update npm - website - website/package.json by @renovate[bot] in #1131
• test: improve repo DB tests and CheckRepoInAuthList tests by @andypols in #1109
• refactor: migrate configuration system from JSON Schema to QuickType by @fabiovincenzi in #1140
• chore(deps): update dependency cypress to v15 - - package.json by @renovate[bot] in #1192
• fix: allowing empty diffs in scanDiff by @fabiovincenzi in #1182
• chore: add /healthcheck endpoint to the proxy by @andypols in #1197
• chore(deps): update github-actions - workflows - .github/workflows/scorecard.yml by @renovate[bot] in #1198
• feat: push speed optimizations by @jescalada in #1189
• fix(deps): update dependency axios to ^1.12.2 - git-proxy-cli - packages/git-proxy-cli/package.json by @renovate[bot] in #1205
• fix: incorrect error message on cloning unauthorized repos by @fabiovincenzi in #1204
• fix: Logout calls localhost in prod; standardise API base resolution by @andypols in #1201
• chore: update to eslint v9 by @06kellyjac in #955
• chore(deps): update dependency lint-staged to v16 - - package.json by @renovate[bot] in #1195
• fix(deps): update npm - li-cli - experimental/li-cli/package.json by @renovate[bot] in #1203
• fix(deps): update npm - - package.json by @renovate[bot] in #1183
• fix(deps): update npm - website - website/package.json by @renovate[bot] in #1208
• chore(deps): update github-actions to v5 - workflows - .github/workflows/unused-dependencies.yml (major) by @renovate[bot] in #1214
• fix(deps): update dependency dotenv to v17 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1215
• fix(deps): update dependency express to v5 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1219
• fix(deps): update dependency express to v5 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json by @renovate[bot] in #1217
• fix(deps): update dependency express-rate-limit to v8 - - package.json by @renovate[bot] in #1220
• refactor: eliminate duplicate executeChain calls in push approval flow by @fabiovincenzi in #1209
• fix: reimplement push parsing to prevent Z_DATA_ERROR by @kriswest in #1187
• fix(deps): update dependency express-rate-limit to v8 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1221
• fix: linter warnings and CI failure by @jescalada in #1218
• fix(deps): update dependency env-paths to v3 - - package.json by @renovate[bot] in #1216
• fix: "MongoServerError: The _id cannot be changed" when updating users by @andypols in #1230
• fix: bug in using API_BASE with URL by @andypols in #1228

Full Changelog: v2.0.0-rc2...v2.0.0-rc.3

v2.0.0-rc2

This is a release candidate for GitProxy v2 which adds support for SCM providers other than GitHub, (including Gitlab and basic git servers) and prevents proxying for requests for unknown git repositories.

Breaking changes are included in #1043 ( feat(key on repo url): support git hosts other than GitHub + multiple forks) and (also in v2.0.0-rc2) in #973 (associate commits by email).

What's Changed

• test: Implement fuzz tests for processors by @jescalada in #1115
• chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml by @renovate[bot] in #1156
• chore: update npm release workflow to handle pre-releases by @jescalada in #1159
• feat(key on repo url): support git hosts other than GitHub + multiple forks by @kriswest in #1043
• chore: bump version to rc.2 by @jescalada in #1162
• fix: flaky fuzz test errors by @jescalada in #1158
• feat: JWT apiAuthentication UI integration by @jescalada in #1096
• test: fix Cypress test data dependency by @jescalada in #1154
• feat: implement formatting checks to CI by @fabiovincenzi in #1153
• feat: don't forward requests for unknown repos by @kriswest in #1164
• fix(deps): update npm - li-cli - experimental/li-cli/package.json by @renovate[bot] in #1114
• chore(deps): update amannn/action-semantic-pull-request action to v6 - workflows - .github/workflows/pr-lint.yml by @renovate[bot] in #1157
• fix(deps): update npm - - package.json by @renovate[bot] in #1135
• fix: mongoDB client impl issues by @kriswest in #1167
• fix: return 200 status codes on rejection to ensure error message renders in git client by @kriswest in #1178
• fix: render committer and author email links instead of estimated profile links by @kriswest in #1179
• fix: display errors when adding a new repo by @andypols in #1120

Full Changelog: v2.0.0-rc.1...v2.0.0-rc2

v2.0.0-rc.1

This is a release candidate for GitProxy v2. Breaking changes are included in #973 (associate commits by email).

If you encounter any problems, feel free to open an issue!

What's Changed

• fix(deps): update npm - - package.json by @renovate[bot] in #883
• fix: restore user configs being merged with defaults by @coopernetes in #1129
• chore(deps): update github-actions - workflows - .github/workflows/ci.yml by @renovate[bot] in #1127
• chore(deps): update dependency @finos/git-proxy to ^1.19.2 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json by @renovate[bot] in #1128
• fix(deps): update dependency axios to ^1.11.0 - git-proxy-cli - packages/git-proxy-cli/package.json by @renovate[bot] in #1130
• chore: prepare for 2.x release with rc version by @coopernetes in #1137
• refactor: replace getMissingData action with checkEmptyBranch by @jescalada in #1134
• fix: 946 associate commits by email by @kriswest in #973

Full Changelog: v1.19.2...v2.0.0-rc.1

v1.19.2

❗️ Important security updates ❗️

This release contains security fixes for newly discovered high severity issues. These issues were privately reported to the GitProxy & FINOS teams. Special thanks to the following individuals for their contributions:

• @dgl for the initial report, analysis and reproductions
• @jescalada @fabiovincenzi @06kellyjac for implementing & reviewing the various fixes

The following advisories are resolved in this release:

• GHSA-qr93-8wwf-22g4
• GHSA-xxmh-rf63-qwjv
• GHSA-39p2-8hq9-fwj6
• GHSA-v98g-8rqx-g93g

All GitProxy users & implementations are strongly advised to upgrade to this latest version to receive these critical fixes. Additional bug fixes and enhancements are included below.

What's Changed

• fix: additional user api leaks by @andypols in #1098
• fix(deps): update dependency body-parser to v2 - license-inventory - experimental/license-inventory/package.json by @renovate[bot] in #1087
• chore(deps): update github-actions - workflows - .github/workflows/unused-dependencies.yml by @renovate[bot] in #1112
• fix: updated URL for FINOS community slack channel by @sam-holmes2 in #1011
• docs: update SECURITY.md with reporting guidance by @tabathad in #1117
• fix: dependency vulnerability fixes by @jescalada in #1103
• fix: default config validation error and extras by @jescalada in #1124
• fix: parsePush regression on tmp directory by @jescalada in #1118

New Contributors

• @tabathad made their first contribution in #1117

Full Changelog: v1.19.1...v1.19.2

Version 1.19.1

What's Changed

• fix: prevent non-admin users changing another user's gitAccount by @andypols in #1093
• refactor(tsx): Migrate React components to TSX by @fabiovincenzi in #984
• fix: only trim trailing .git not any match by @06kellyjac in #1094
• chore: bump by patch to v1.19.1 by @jescalada in #1102

Full Changelog: v1.19.0...v1.19.1

Version 1.19.0

What's Changed

• chore(deps): update dependency @types/node to ^22.15.34 - li-cli - experimental/li-cli/package.json by @renovate in #1067
• chore(deps): update dependency @finos/git-proxy to ^1.18.0 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json by @renovate in #1073
• chore(deps): update github-actions - workflows - .github/workflows/scorecard.yml by @renovate in #1072
• chore(deps): update dependency @finos/git-proxy to ^1.18.2 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json by @renovate in #1074
• fix(deps): update dependency eslint to ^9.30.0 - website - website/package.json by @renovate in #1075
• chore(deps): update dependency lint-staged to v16 - license-inventory - experimental/license-inventory/package.json by @renovate in #1076
• chore(deps): update dependency node to v22 - workflows - .github/workflows/unused-dependencies.yml by @renovate in #1077
• chore(deps): update dependency sinon to v20 - - package.json by @renovate in #1078
• fix(deps): update dependency eslint to ^9.30.1 - website - website/package.json by @renovate in #1079
• fix(deps): update npm - li-cli - experimental/li-cli/package.json by @renovate in #1080
• chore(deps): update dependency sinon to v21 - - package.json by @renovate in #1081
• chore(deps): update grafana/grafana docker tag to v12 - license-inventory - experimental/license-inventory/docker-compose.yaml by @renovate in #1082
• fix(deps): update dependency body-parser to v2 - - package.json by @renovate in #1084
• fix(proxy): preserve original Git pack POST streams before validation by @fabiovincenzi in #1060
• feat: mongo connection string & cookie secret from env vars by @coopernetes in #1086
• fix(deps): update dependency zod to ^3.25.73 - li-cli - experimental/li-cli/package.json by @renovate in #1085
• fix: updated README and documentation site with info on community meeting by @sam-holmes2 in #1026
• chore: add @jescalada as a featured maintainer on docs site and remov… by @JamieSlome in #1097
• fix: use a public user object to prevent passwords and other secrets … by @andypols in #1090
• chore: bump by minor to v1.19.0 by @JamieSlome in #1099

New Contributors

• @sam-holmes2 made their first contribution in #1026
• @andypols made their first contribution in #1090

Full Changelog: v1.18.2...v1.19.0

Version 1.18.2

What's Changed

• fix: correct typing for ConfigLoader env by @06kellyjac in #1070
• chore: bump by patch to v1.18.2 by @JamieSlome in #1071

Full Changelog: v1.18.1...v1.18.2

Version 1.18.1

What's Changed

• test: improve auth test coverage by @jescalada in #1024
• chore(deps): update dependency @jest/globals to v30 - license-inventory - experimental/license-inventory/package.json by @renovate in #1058
• test: improve proxy route test coverage by @jescalada in #1025
• chore: upgrade node in CI to 20.19 by @jescalada in #1059
• fix: allow for auth with activedirectory again by @06kellyjac in #1061
• chore: bump by patch to v1.18.1 by @JamieSlome in #1069

Full Changelog: v1.18.0...v1.18.1

Version 1.18.0

What's Changed

• test: stop the config loader and restore defaults after tests have run by @kriswest in #1050
• chore: apply finos active badge by @TheJuanAndOnly99 in #1052
• feat: support direct querying of AD group membership via LDAP by @kriswest in #972
• fix(deps): update npm - li-cli - experimental/li-cli/package.json by @renovate in #1016
• chore(deps): update dependency @finos/git-proxy to ^1.17.2 - git-proxy-plugin-samples - plugins/git-proxy-plugin-samples/package.json by @renovate in #1054
• chore(deps): update github-actions - workflows - .github/workflows/ci.yml by @renovate in #1055
• fix(deps): update dependency axios to ^1.10.0 - git-proxy-cli - packages/git-proxy-cli/package.json by @renovate in #1056
• feat(experimental): fall back to local spdx data and filter deprecated by @06kellyjac in #1048
• fix(deps): update npm - website - website/package.json by @renovate in #1057
• feat(auth): add role mapping for JWT auth claims by @jescalada in #977
• chore: bump by minor to v1.18.0 by @JamieSlome in #1066

Full Changelog: v1.17.2...v1.18.0