v0.0.4

Changelog

🚀 Features

• b011477 Allow environment variables in Configuration and Tool destination settings
• bd2c326 Add update mode with rollback for existing Tools

🐛 Fixes

• c2752b4 Fix toolfetch --version separators to dynamically adjust length

🔄️ Changes

• 84fd2ee Improve logging

🧰 Tasks

• 8c1a6c7 Update demo presentation in README.md
• e86641f Bump Project Version to 0.0.4-SNAPSHOT

🛠 Build

• 33a097d Replace xmlstarlet/yq usage with grep and awk for XML/YAML parsing
• ac2b90d Ensure clean maven phase is included consistently during Native Image builds

Verify Release

See VERIFICATION.md for details.

v0.0.3

Changelog

🐛 Fixes

• cae8014 Add ZIP Bomb protection for archive extraction

🧰 Tasks

• ce6e7f1 Update README.md with demo presentation
• a38ce61 Bump Project Version to 0.0.3-SNAPSHOT

🛠 Build

• a6efed4 Add workflows and scripts for generating and publishing Badges
• b9d4162 Use ./mvnw verify instead of ./mvnw clean verify or install
• 6a6e8ab Make toolfetch --version report GraalVM JVM used to build native image more explicitly
• 1a43602 Use --pull always to ensure the latest SonarQube image is used
• 731cfbd Add -ntp flag to Maven commands to disable download progress output
• 6a07eae Add option in GitHub Actions to include current date in Maven Repository Cache Key for daily refresh

⚙️ Dependencies

• 315c261 Update syft from 1.42.2 to 1.42.4
• 1dc8d76 Update nullaway from 0.13.1 to 0.13.3
• 950ea89 Update json-schema-validator from 3.0.1 to 3.0.2
• ea6ea1a Update jackson-tools from 3.1.1 to 3.1.2
• 749b335 Update git-commit-id-maven-plugin from 9.1.0 to 10.0.0
• 00efe8f Update error-prone from 2.48.0 to 2.49.0
• 8eed1b1 Update dependency-check-maven from 12.2.0 to 12.2.1

Verify Release

See VERIFICATION.md for details.

v0.0.2

Changelog

🐛 Fixes

• 7591dc9 Preserve Unix file permissions during archive extraction

🧰 Tasks

• 588931c Add 'GitHub' to excluded contributors in jreleaser.yml
• 78a80de Update README.md with planned features (7z Archive Format, Custom Certificate Authorities) and installation instructions
• 3ea90af Bump Project Version to 0.0.2-SNAPSHOT

🛠 Build

• 42352f7 Ensure executable permissions for ToolFetch binaries in released assets
• f561a73 Make toolfetch --version report GraalVM JVM used to build native image

Verify Release

See VERIFICATION.md for details.

v0.0.1

Changelog

🚀 Features

• 5d5e204 Add checksum verification for Tools
• cbbd314 Add initial support for Archive Formats (tar, zip, jar) and Compression Formats (brotli, bzip2, deflate, gzip, lz4, lzma, pack200, snappy, xz, z, zstandard)
• 1218038 Add VersionProvider

🐛 Fixes

• c61bc14 Better fix for "Arbitrary file access during archive extraction ("Zip Slip")" to satisfy CodeQL Analysis

🧪 Tests

• 1cb2265 Add assertion to ensure Logback is successfully initialized
• 6a0d9fa Add Native Image support for Smoke Tests

🧰 Tasks

• 6fa88c4 Extract release verification details into VERIFICATION.md and update references in README.md and changelog template
• 3a807ba Add GitHub Downloads (all assets, all releases) badge to README.md
• 1d6cc00 Standardize "Toolfetch" capitalization to "ToolFetch" across workflows and schema
• 9d3f6b0 Normalize line endings in NOTICE generation
• 2c20d79 Replace license headers with SPDX identifiers
• 15e1455 Add NOTICE
• bb4cb26 Add "OWASP Scan" and "Smoke Tests" badges to README.md
• 1d19643 Add IntelliJ IDEA run configurations
• cfe609c Initial commit

🛠 Build

• 06376a3 Increase OWASP Scan timeout to 30 minutes
• e5cb47f Add SonarScan workflow and switch to JacocoScan for pull requests
• 8967ec3 Introduce GA/EA Release Types in GitHub Actions
• 84f9f6e Update GitHub Actions checks in scripts to use explicit GITHUB_ACTIONS env variable
• d3838bc Fix SonarScan "too many failed login attempts for username or IP address" on GitHub Actions
• 67ed734 Remove explicit Main-Class configuration to use JReleaser auto-detection
• aee77e6 Build Native Image with early-access version of JReleaser (patch for jreleaser/jreleaser#2094)
• a6e768a Add native-maven-plugin alternative build method
• 440d05c Add version bump workflow
• 161d103 Rename workflow name from "Test & Scan" to "Tests & Scans"
• f4bbe62 Implement SLSA Level 3
• dba2253 Implement Strict GraalVM SBOM and patch picocli JAR: "The SBOM feature could not associate 168 type(s) to a component"
• a0150a2 Enhance JReleaser configuration and release process
• 72c7cb4 "OWASP Scan" GitHub Action should run on main push and workflow_dispatch
• 542ad93 Move maven-surefire-plugin and maven-failsafe-plugin argLine to maven property
• 6695ab3 Fix "Did you forget to run actions/checkout before running your local action?"
• 45420db Update GitHub Actions
• cd2d902 Add GraalVM Native Image build support

⚙️ Dependencies

• 85f0a13 Update git-commit-id-maven-plugin from 9.0.2 to 9.1.0
• b79f069 Update spotbugs-maven-plugin from 4.9.8.2 to 4.9.8.3
• 4216cc7 Update jackson-tools from 3.1.0 to 3.1.1
• 3b83864 Update native-maven-plugin from 0.11.5 to 1.0.0
• d727eb7 Update jansi from 2.4.2 to 2.4.3
• 6b9b0c3 Update xz from 1.11 to 1.12
• 51a0325 Update mockito from 5.22.0 to 5.23.0
• 9023ad7 Update maven-resources-plugin from 3.4.0 to 3.5.0
• f636bbc Update json-schema-validator from 3.0.0 to 3.0.1
• 8f6b51b Don't exclude com.ethlo.time:itu from json-schema-validator
• c883523 Add jackson-annotations:2.21 and jackson-core:3.1.0 dependencies
• 712ccbe Update mockito from 5.21.0 to 5.22.0
• 1cb0cad Update error-prone from 2.47.0 to 2.48.0

Verify Release

See VERIFICATION.md for details.