Skip to content

Releases: gooddata/gooddata-goodchanges

Release v0.18.1

13 Apr 15:57
@github-actions github-actions
v0.18.1
de5b231
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.18.1 Latest
Latest

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.18.1
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.18.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.18.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.18.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.18.1] - 2026-04-13

Changed

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match wit...
Read more
Assets 14

Release v0.18.0

10 Apr 02:26
@github-actions github-actions
v0.18.0
0874154
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.18.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.18.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.18.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.18.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.18.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.18.0] - 2026-04-10

Added

  • Global changeDirs field in .goodchangesrc.json (top-level, next to ignores). Matching files taint all exports (libraries) and trigger all targets in the package.

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected...
Read more
Loading

Release v0.17.1

10 Apr 02:09
@github-actions github-actions
v0.17.1
5195541
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.17.1

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.17.1
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.17.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.17.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.17.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.17.1] - 2026-04-10

Fixed

  • Detect runtime side-effect statements (e.g. console.log()) in entrypoint/barrel files as affecting all exports — previously these were misclassified as "comments/imports only" and seeded zero taint

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to `[]{"name", "dete...
Read more
Loading

Release v0.17.0

10 Apr 01:55
@github-actions github-actions
v0.17.0
d1b632d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.17.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.17.0
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.17.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.17.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.17.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.17.0] - 2026-04-04

Changed

  • Breaking: Lockfile dep change detection now parses old and new pnpm-lock.yaml as YAML (gopkg.in/yaml.v3) instead of diffing text lines. Compares resolved versions for direct deps per importer, and BFS-walks the snapshots section to detect transitive dep version changes — a transitive change taints the direct dep that pulled it in.

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis ...
Read more
Loading

Release v0.16.7

04 Apr 17:56
@github-actions github-actions
v0.16.7
7d75e57
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.7

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.7
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.7

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.7 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.7/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.7] - 2026-04-04

Changed

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2....

Read more
Loading

Release v0.16.6

04 Apr 17:15
@github-actions github-actions
v0.16.6
bb29182
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.6

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.6
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.6

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.6 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.6/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.6] - 2026-04-04

Changed

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2.4] - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Adde...

Read more
Loading

Release v0.16.5

04 Apr 17:12
@github-actions github-actions
v0.16.5
f1928fa
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.5

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.5
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.5

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.5 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.5/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.5] - 2026-04-04

Changed

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2.4] - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

  • SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

  • Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[...

Read more
Loading

Release v0.16.4

04 Apr 17:07
@github-actions github-actions
v0.16.4
2cada5a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.4

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.4
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.4

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.4 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.4/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.4] - 2026-04-04

Changed

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2.4] - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

  • SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

  • Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

  • Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
  • Docker images limited to linux/amd64 and linux/arm64 only (other platfor...
Read more
Loading

Release v0.16.3

04 Apr 17:04
@github-actions github-actions
v0.16.3
8c90052
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.3

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.3
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.3

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.3 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.3/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.3] - 2026-04-04

Changed

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2.4] - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

  • SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

  • Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

  • Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
  • Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

  • Cross-platform standalone binaries attached to GitHub releases (32 targets)
  • Support for Linux, macOS, Windows...
Read more
Loading

Release v0.16.2

04 Apr 17:01
@github-actions github-actions
v0.16.2
528a4e4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.16.2

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

  • gooddata/gooddata-goodchanges:0.16.2
  • gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.2

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.2 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform Architecture Asset
Linux x86_64 goodchanges-linux-amd64.tar.gz
Linux ARM64 goodchanges-linux-arm64.tar.gz
macOS Intel goodchanges-darwin-amd64.tar.gz
macOS Apple Silicon goodchanges-darwin-arm64.tar.gz
Windows x86_64 goodchanges-windows-amd64.zip
Windows ARM64 goodchanges-windows-arm64.zip
All platforms
  • goodchanges-darwin-amd64.tar.gz
  • goodchanges-darwin-amd64.tar.gz.sha256
  • goodchanges-darwin-arm64.tar.gz
  • goodchanges-darwin-arm64.tar.gz.sha256
  • goodchanges-linux-amd64.tar.gz
  • goodchanges-linux-amd64.tar.gz.sha256
  • goodchanges-linux-arm64.tar.gz
  • goodchanges-linux-arm64.tar.gz.sha256
  • goodchanges-windows-amd64.zip
  • goodchanges-windows-amd64.zip.sha256
  • goodchanges-windows-arm64.zip
  • goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.2/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.2] - 2026-04-04

Changed

[0.16.1] - 2026-04-04

Changed

[0.16.0] - 2026-04-04

Changed

  • Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

  • Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

  • Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

[0.15.0] - 2026-02-17

Added

  • lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
  • ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

  • Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

[0.14.0] - 2026-02-14

Added

  • JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

  • Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

  • Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

  • Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

  • Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

  • -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

  • Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

  • Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

  • Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

  • Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

  • CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

  • Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

  • Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
  • Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
  • Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
  • Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

  • When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

  • Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

  • Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

  • Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

  • Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

  • Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
  • New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
  • Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

  • changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

  • Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

  • install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

[0.2.4] - 2026-02-12

Changed

  • Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

  • SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

  • Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

  • Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
  • Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

  • Cross-platform standalone binaries attached to GitHub releases (32 targets)
  • Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

  • Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0....

Read more
Loading