You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* feat(jsonpath): moved Secret Modifier `?jp=<jsonpath>` under `/plugin`
This is a course-correction, as this modifier uses an external dependency, and so it should have been a plugin from the start.
* feat(tooling): integrate govulncheck and modularize asdf setup
- Add govulncheck to the toolchain and run it automatically during CI.
- Modularize ASDF plugin and tool setup with task commands (tools.plugins, tools.update, tools.install).
- Update developer guides and documentation to match the new bootstrap workflow.
💘 Generated with Crush
Assisted-by: Crush:gemini-3.5-flash
* fix: allow to install asdf plugins off main registry in CI
* chore: fix `examples/viper`
Copy file name to clipboardExpand all lines: CHANGELOG.md
+9Lines changed: 9 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,8 +15,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
15
15
- WARNING: currently untested due to lack of test environment.
16
16
-`kp://`: Keeper Secrets Manager source implementation (available in `plugin/source/keeper`).
17
17
- WARNING: currently untested due to lack of test environment.
18
+
-`?jp=`: JSONPath extractor modifier for JSON secrets (available in `plugin/modifier/jsonpath`).
18
19
-**Tooling**:
19
20
- Test tasks in `Taskfile.yaml` (`test`, `test.full`, `test.short`, `test.ci`) now support passing a specific directory path using `-- <path>`.
21
+
- Added modular `tools.plugins`, `tools.update`, and `tools.install` tasks to `Taskfile.yaml` for robust `asdf`-based toolchain management.
22
+
- Integrated `govulncheck` (v1.3.0) into `.tool-versions` toolchain and added `task vuln` for local vulnerability scanning.
23
+
- Integrated `task vuln` check directly into the CI pipeline.
20
24
21
25
### Changed
22
26
@@ -25,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
25
29
-**Support**: Documented in [README](./README.md) that for now we are not going to support LastPass (`lp://`)
26
30
nor Dashlane (`dl://`) as a source. They both lack a Golang SDK and/or a REST API.
27
31
32
+
### Removed
33
+
34
+
-**BREAKING CHANGE**: Removed `jp` (JSONPath) modifier from default built-in modifiers of `Spelunker` to completely free the core root module from any external production dependencies. It has been moved to a plugin under `plugin/modifier/jsonpath/` and must now be explicitly registered using `jsonpath.WithJSONPath()`.
0 commit comments