Skip to content

Releases: gooddata/gooddata-goodchanges

Release v0.21.0

02 May 08:45
@github-actions github-actions
v0.21.0
0e8eb07
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.21.0 Latest
Latest

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.21.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.21.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.21.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.21.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.21.0] - 2026-05-02

Added

  • Top-level type field in .goodchangesrc.json ("library" or "app"). When set, overrides the automatic library-vs-app inference from package.json. Invalid values cause a fatal error at startup.

[0.20.0] - 2026-05-01

Changed

  • LOG_LEVEL=BASIC output now goes to stderr instead of stdout. Stdout is reserved for the JSON result, so piping goodchanges | jq … works with logging enabled.

[0.19.4] - 2026-04-29

Changed

[0.19.3] - 2026-04-28

Changed

[0.19.2] - 2026-04-24

Fixed

  • Bare dynamic import("pkg") calls (e.g. () => import("pkg") passed to a loader, or const mod = await import("pkg") used opaquely without property access) are now recorded as side-effect imports, so taint on the target package propagates to the importing file. Previously only the three pattern forms (var+property-access, destructure, .then callback) produced an Import record, leaving bare calls invisible to taint propagation.

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", `ex...
Read more
Assets 14

Release v0.20.0

01 May 13:50
@github-actions github-actions
v0.20.0
0f923aa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.20.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.20.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.20.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.20.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.20.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.20.0] - 2026-05-01

Changed

  • LOG_LEVEL=BASIC output now goes to stderr instead of stdout. Stdout is reserved for the JSON result, so piping goodchanges | jq … works with logging enabled.

[0.19.4] - 2026-04-29

Changed

[0.19.3] - 2026-04-28

Changed

[0.19.2] - 2026-04-24

Fixed

  • Bare dynamic import("pkg") calls (e.g. () => import("pkg") passed to a loader, or const mod = await import("pkg") used opaquely without property access) are now recorded as side-effect imports, so taint on the target package propagates to the importing file. Previously only the three pattern forms (var+property-access, destructure, .then callback) produced an Import record, leaving bare calls invisible to taint propagation.

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)...
Read more
Loading

Release v0.19.4

01 May 13:28
@github-actions github-actions
v0.19.4
75ac258
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.19.4

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.19.4
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.19.4

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.19.4 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.19.4/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.19.4] - 2026-04-29

Changed

[0.19.3] - 2026-04-28

Changed

[0.19.2] - 2026-04-24

Fixed

  • Bare dynamic import("pkg") calls (e.g. () => import("pkg") passed to a loader, or const mod = await import("pkg") used opaquely without property access) are now recorded as side-effect imports, so taint on the target package propagates to the importing file. Previously only the three pattern forms (var+property-access, destructure, .then callback) produced an Import record, leaving bare calls invisible to taint propagation.

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, inst...
Read more
Loading

Release v0.19.3

28 Apr 15:09
@github-actions github-actions
v0.19.3
bbe446c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.19.3

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.19.3
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.19.3

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.19.3 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.19.3/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.19.3] - 2026-04-28

Changed

[0.19.2] - 2026-04-24

Fixed

  • Bare dynamic import("pkg") calls (e.g. () => import("pkg") passed to a loader, or const mod = await import("pkg") used opaquely without property access) are now recorded as side-effect imports, so taint on the target package propagates to the importing file. Previously only the three pattern forms (var+property-access, destructure, .then callback) produced an Import record, leaving bare calls invisible to taint propagation.

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. `import "./styles.scss...
Read more
Loading

Release v0.19.2

24 Apr 08:45
@github-actions github-actions
v0.19.2
e6fac63
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.19.2

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.19.2
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.19.2

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.19.2 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.19.2/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.19.2] - 2026-04-24

Fixed

  • Bare dynamic import("pkg") calls (e.g. () => import("pkg") passed to a loader, or const mod = await import("pkg") used opaquely without property access) are now recorded as side-effect imports, so taint on the target package propagates to the importing file. Previously only the three pattern forms (var+property-access, destructure, .then callback) produced an Import record, leaving bare calls invisible to taint propagation.

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field...
Read more
Loading

Release v0.19.1

23 Apr 13:35
@github-actions github-actions
v0.19.1
ce8c591
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.19.1

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.19.1
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.19.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.19.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.19.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.19.1] - 2026-04-23

Fixed

  • Global changeDirs taint now enumerates every export from each entrypoint (including recursively via export * from "./local") instead of seeding a "*" wildcard. Downstream packages consume exports by exact name, so the wildcard never matched named imports — taint stopped at the first hop and targets transitively dependent on the tainted library were missed.

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detec...
Read more
Loading

Release v0.19.0

20 Apr 18:05
@github-actions github-actions
v0.19.0
72b473f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.19.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.19.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.19.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.19.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.19.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.19.0] - 2026-04-20

Added

  • IGNORE_APP_RELATIONSHIP env var. When set, the app field in target configs is ignored — targets are no longer triggered just because their corresponding app is tainted (only direct changes, lockfile changes, and tainted workspace imports apply).

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter...
Read more
Loading

Release v0.18.1

13 Apr 15:57
@github-actions github-actions
v0.18.1
de5b231
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.18.1

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.18.1
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.18.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.18.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.18.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match wit...
Read more
Loading

Release v0.18.0

10 Apr 02:26
@github-actions github-actions
v0.18.0
0874154
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.18.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.18.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.18.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.18.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.18.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected...
Read more
Loading

Release v0.17.1

10 Apr 02:09
@github-actions github-actions
v0.17.1
5195541
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.17.1

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.17.1
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.17.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.17.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.17.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to `[]{"name", "dete...
Read more
Loading