# Changelog for `poutine` v1.1.3 🎉
This release focuses on core engine improvements, stability fixes, and modernization of the toolchain. The biggest shift is the move away from exec-based Git operations toward a fully in-memory model using go-git, along with improved resiliency and observability during analysis.

Major Improvements 🌟🌟


⚡ In-Memory Git with go-git v6: Replaced exec-based Git operations with go-git using in-memory storage. This significantly improves performance, portability, and reduces reliance on system binaries, by @SUSTAPLE117.

(#400)


🛡️ Resilient Repository Batch Fetching: Improved robustness of repository batch fetching, reducing failures during large-scale analysis operations, by @SUSTAPLE117.

(#399)


📊 Analysis Progress Monitoring Improvements: Enhanced visibility into analysis progress, making long-running operations easier to track and debug, by @SUSTAPLE117.

(#419)



Improvements 🔧


🧪 Snapshot Testing Added: Introduced snapshot testing to improve regression detection and testing confidence, by @SUSTAPLE117.

(#401)


⚙️ Go 1.26 Upgrade + Dependency Refresh: Upgraded to Go 1.26 and refreshed dependencies for improved performance and compatibility, by @SUSTAPLE117.

(#412)


🔐 Improved Rule Handling for GitHub Actions: Configured skip actions to be ignored for the github_action_from_unverified_creator_used rule, improving rule accuracy, by @mbarbero.

(#398)


📦 Goreleaser Configuration Updates: Updated release configuration and tooling for improved build and distribution workflows, by @SUSTAPLE117.

(#417), (#418)



Bug Fixes 🐛


🐳 Docker Image Parsing Fixes: Fixed issues with Docker image parsing and purl generation, by @SUSTAPLE117.

(#413)


📄 YAML Parsing Fixes: Resolved YAML parsing errors affecting analysis reliability, by @SUSTAPLE117.

(#414)


🔑 GitHub Fine-Grained PAT Compatibility: Fixed organization repository listing failures when using fine-grained tokens without Issues:Read, by @fproulx-boostsecurity.

(#415)


🧾 SARIF Taxonomy GUID Fix: Corrected SARIF taxonomy GUID issues to ensure proper report compatibility, by @SUSTAPLE117.

(#416)



Dependency Updates ⬆️
GitHub Actions

Updated github/codeql-action from 3.30.5 to 4.31.2. (#370)
Updated ossf/scorecard-action from 2.4.2 to 2.4.3. (#371)
Updated step-security/harden-runner from 2.13.0 to 2.13.1. (#375)
Updated actions/upload-artifact from 4.6.2 to 5.0.0. (#376)
Updated actions/setup-go from 5.5.0 to 6.4.0. (#403)
Updated goreleaser/goreleaser-action from 6.4.0 to 7.0.0. (#411)
Updated actions/deploy-pages from 4.0.5 to 5.0.0. (#410)
Updated actions/checkout from 5.0.0 to 6.0.2. (#408)
Updated sigstore/cosign-installer across versions 3.9.2 → 4.0.0 → 4.1.1. (#377), (#405)

Go Modules

Updated gitlab.com/gitlab-org/api/client-go from 0.151.0 to 0.157.1. (#369)
Updated github.com/open-policy-agent/opa from 1.9.0 to 1.10.0. (#372)
Updated github.com/mark3labs/mcp-go from 0.41.1 to 0.42.0. (#373)
Updated golang.org/x/oauth2 from 0.31.0 to 0.32.0. (#374)
Updated golang.org/x/crypto from 0.42.0 to 0.45.0. (#380)


Full Changelog 📜
For a detailed view of all changes, see the full changelog.

View the full release notes at https://github.com/boostsecurityio/poutine/releases/tag/v1.1.3.