# Tidelift CLI release Notes * 1.13.X * [1.13.30] - April 3, 2024 * Return a new error when redundant lockfiles are found in same directory, e.g. "package-lock.json" and "yarn.json". * [1.13.29] - March 4, 2024 * Build with CGO_ENABLED=0 to be portable * [1.13.28] - March 4, 2024 * Ensure manifests are formatted properly on upload * Build with newer golang * [1.13.27] - February 2, 2024 * Fix "tidelift init --json" so it only returns JSON. * [1.13.26] - January 11, 2024 * Switch to a non-proxy'd endpoint for the status command * [1.13.25] - January 10, 2024 * Collect "Replace" field info in go-resolved-depenencies.json * [1.13.24] - January 2, 2024 * Switch to a new API field used by groups commands * [1.13.23] - December 22, 2023 * Update manifest searching implementation * [1.13.22] - December 21, 2023 * Bug fix for status requests containing slashes * [1.13.21] - December 20, 2023 * Added more debug logging during manifest searching * [1.13.20] - December 19, 2023 * Added more debug logging * [1.13.19] - December 14, 2023 * Brings back error while auto-detecting branch from the git repo * Remove deprecated `--allow-requested` option for `tidelift alignment` * [1.13.18] - December 5, 2023 * Bug fix to silence Go test imports command warning * Revert attempt to check for functioning secret service * [1.13.17] - December 5, 2023 * Extends the timeout for `tidelift selfupdate` to a more generous duration. * Add `lifter_recommendation` to `tidelift alignment save --wait --json` response for vulnerabilities with recommendations * Don't check for updates if TIDELIFT_SKIP_UPDATE_CHECK=1 * Make local alignment error messages more verbose. * [1.13.16] - November 10, 2023 * Output violations for catalog release lookup results * Move to a 64-bit build for ARM linux. * [1.13.15] - November 8, 2023 * Output manifest resolution duration when --debug is passed. * [1.13.14] - November 8, 2023 * Notify Tidelift when alignment polling takes too long. * [1.13.13] - November 6, 2023 * Start to add support for uploading more than 100 manifests for very large projects. * [1.13.12] - October 16, 2023 * Add `--external-identifier` optional flag to `tidelift alignment save` command. * [1.13.11] - Aug 16, 2023 * Fix a bug with git branch detection that stripped characters. * [1.13.10] - Aug 15, 2023 * Add support for SPDX tag/value manifests. * [1.13.9] - Aug 9, 2023 * Ensure that at least the standard slug name is shown for alignment errors * Sync standards display names with Tidelift UI * [1.13.8] - Aug 7, 2023 * Handle empty external_identifier string errors when creating/updating projects. * [1.13.7] - Aug 4, 2023 * Adds an `--external-identifier` flag to the `tidelift init`, `tidelift projects new`, and `tidelift projects update` commands. * [1.13.6] - July 13, 2023 * Handle a small number of api keys with partially invalid data * Update saved alignment error message with org keys. * Fix error message when organization is not set. * [1.13.5] - June 12, 2023 * Allow org keys to work with `tidelift catalogs list`. * [1.13.4] - June 12, 2023 * Allow --name to set a Project's updated name. * Update api key url shown after creating an api key. * [1.13.3] - May 30, 2023 * Remove requirement to prefix org with org type (and assume "team" as default) * [1.13.2] - May 26, 2023 * Allow for periods in project names * [1.13.1] - May 14, 2023 * Add a darwin/arm64 build for native mac silicon * [1.13.0] - April 27, 2023 * Add scoped alignment output to json output * 1.12.X * [1.12.31] - April 18, 2023 * Bugfix: Don't try to use --mode=update-lockfile with older yarn. * [1.12.30] - March 30, 2023 * Bugfix: fixes a mistake made when disabling vendor mode in 1.12.29 * [1.12.29] - March 30, 2023 * Fixes go resolution for vendored go projects by disabling vendor mode, and improves scope detection in go. * [1.12.28] - March 29, 2023 * Fixes go lockfile detection to properly detect "go-resolved-dependencies.json" * [1.12.27] - March 13, 2023 * Add support for api-key type naming changes from "repository" to "project" * [1.12.26] - March 1, 2023 * Adds `branching-behavior` flag to `tidelift projects update` command. * [1.12.25] - March 1, 2023 * Adds new auto status values to alignment statistics. * [1.12.24] - February 1, 2023 * Fixes `init` and `projects new` so that failure to detect the git branch is not a fatal error * [1.12.23] - January 26, 2023 * Switch Catalog lookup endpoint so it no longer requires a project to be defined. * Use new standard error format in projects commands. * [1.12.22] - January 26, 2023 * Fixes a regression from 1.4.0 where "alignment save" was not observing the "--directory" flag. * [1.12.21] - January 24, 2023 * Give an error if uploading too many files (> 99) * [1.12.20] - January 6, 2023 * Don't generate a lockfile if npm-shrinkwrap.json already exists. * [1.12.19] - January 6, 2023 * Fixes the output for `--dry-run` to return JSON instead of plaintext. * [1.12.18] - January 5, 2023 * `init` and `projects new` commands will now auto-detect the current branch and set it as the default branch if `--default-branch` is not specified. * [1.12.17] - December 1, 2022 * Quiet some go output unless --debug is passed. * [1.12.16] - November 28, 2022 * The --debug flag will now show output from NPM and Yarn when the CLI is resolving dependencies. * [1.12.15] - November 28, 2022 * Include a few new fields in the --json output for package release lookups. * [1.12.14] - November 17, 2022 * Returns a more helpful HTTP timeout message containing a `TIDELIFT_TIMEOUT` hint. * [1.12.13] - November 11, 2022 * Allow directories to be passed to `--exclude`/`-e`/`TIDELIFT_EXCLUDED_MANIFESTS` too. * [1.12.12] - November 8, 2022 * Adds `--exclude`/`-e` flag and `TIDELIFT_EXCLUDED_MANIFESTS` env var to exclude a comma-delimited list of manifest filepaths. * [1.12.11] - November 4, 2022 * Fix bug where rare "pending" status was returning "0 packages found." * [1.12.10] - October 12, 2022 * Return a successful response for scans with no packages found. * [1.12.9] - September 16, 2022 * Change the --catalog flag exit into a warning for now. * [1.12.8] - September 13, 2022 * Disallow the --catalog flag on `alignment save`, since saved alignments always run against their set catalog. * [1.12.7] - August 18, 2022 * Adds `TIDELIFT_GRADLE_CONFIGURATION_PATTERN=...` environment var to limit the configurations resolved in a Gradle project. * [1.12.6] - August 18, 2022 * Show catalog display names in `catalogs list`. * [1.12.5] - July 14, 2022 * Fail silently if command to get import scopes fails, and treat everything as "runtime". * [1.12.4] - June 28, 2022 * Populate a custom "Scope" field in go-resolved-dependencies.json with "runtime" or "test". * [1.12.3] - June 21, 2022 * Add dependencies.csv to manifest file name globs. * [1.12.2] - June 10, 2022 * Ensure that approved with violations are shown even when alignment is 100%. * [1.12.1] - June 7, 2022 * Show approved releases that have violations in saved alignments. * [1.12.0] - May 24, 2022 * Allow specifying a baseline alignment number to use for alignments. * 1.11.X * [1.11.2] - May 12, 2022 * If available, return baseline alignment information when performing an alignment. * [1.11.1] - May 6, 2022 * Add support for CycloneDX manifests. * [1.11.0] - May 2, 2022 * Add -R flag for recursively searching for manifest files. * 1.10.X * [1.10.0] - April 26, 2022 * Add "newly introduced" information to CLI output. * Fix bug where versions were not coming through for `alignment save` and `status`. * 1.9.X * Unreleased * Add some help copy to "tidelift request" so people know they can pass filenames. * [1.9.4] - April 22, 2022 * Look for gradlew in both command-relative folder AND the manifest-relative folder. * [1.9.3] - April 20, 2022 * Adapt to new error envelope format and new error response for update project endpoint. * [1.9.2] - April 18, 2022 * Adds support for aligning against build.gradle.kts (Kotlin) files. * [1.9.1] - April 13, 2022 * Retry transient errors while waiting on scan status (timeouts, bad gateways, not founds) * [1.9.0] - March 22, 2022 * Adds `tidelift groups remove-project` * Standardize successful removals by removing list response from `tidelift groups remove-user` * 1.8.X * [1.8.0] - March 18, 2022 * Adds `tidelift groups list-projects` * 1.7.X * [1.7.0] - March 16, 2022 * Adds `tidelift groups add-project` * 1.6.X * [1.6.10] - March 15, 2022 * Expose the new project's name field after `tidelift projects new` * [1.6.10] - March 10, 2022 * Handle 422 errors in POST requests. * [1.6.9] - March 10, 2022 * Include users' roles when listing users in a group. * [1.6.8] - March 8, 2022 * Tell Tidelift if lockfiles are generated or not when uploading. * [1.6.7] - March 4, 2022 * Adds `tidelift groups remove-user` * [1.6.6] - March 1, 2022 * Fix json output from `tidelift projects new` * [1.6.5] - March 1, 2022 * Adds `tidelift projects delete` * [1.6.4] - February 28, 2022 * Adds `tidelift groups add-user` * [1.6.3] - February 25, 2022 * Adds `TIDELIFT_MAVEN_FORCE_DEP_PLUGIN=1` flag to ensure Maven Dependency Plugin is installed for lockfile resolution even when it's not available in environment. * [1.6.2] - February 25, 2022 * Adds `tidelift groups list-users` * [1.6.1] - February 18, 2022 * Ensure --organization is constructed correctly when using tidelift init. * [1.6.0] - February 18, 2022 * Adds `tidelift groups new` * Adds `tidelift groups list` * Adds `tidelift groups remove` * 1.5.X * [1.5.11] - February 16, 2022 * Adds TIDELIFT_NPM_NO_RESOLVE and TIDELIFT_NUGET_NO_RESOLVE env vars to skip lockfile resolution. * [1.5.10] - February 14, 2022 * Add `tidelift projects update` command to update branch, catalog, and groups. * [1.5.9] - February 9, 2022 * Adds examples of passing filenames to alignment help text * [1.5.8] - February 8, 2022 * Builds on new behavior of 1.5.5: only fails if both generated files fail. * [1.5.7] - February 8, 2022 * Don't exit early when we get a 404 while waiting on scan, in case of race condition. * [1.5.6] - February 8, 2022 * Fix alignment summary on output, so it prints when --wait is used. * [1.5.5] - February 7, 2022 * Exit with error and status code 1 when Maven lockfile can't be generated. * [1.5.4] - February 7, 2022 * Fix a bug that wasn't surfacing errors while changing directories. * [1.5.3] - February 2, 2022 * Print alignment summary on `tidelift status` * [1.5.2] - February 2, 2022 * Fix a panic in `tidelift projects new-key` * [1.5.1] - January 25, 2022 * Fix `tidelift selftest` for v1 api keys. * [1.5.0] - January 13, 2022 * Allow setting default branch of repository via `init` or `projects new`. * 1.4.X * [1.4.1] - January 14, 2022 * Fix skip-if-cached upper limit * [1.4.0] - January 6, 2022 * Use checksum and TTL (--skip-if-cached=) to determine if scan needs to be re-run or not. * 1.3.x * [1.3.1] - December 13, 2021 * Send checksum of non-generated manifests as checksum.sha256. * [1.3.0] - November 18, 2021 * Breaking Change with Alignment Save. branches are now autodetected (see docs -> https://ptm.tl/cli-docs) and if can not find, required by --branch * 1.2.x * [1.2.5] - November 11, 2021 * Temporarily revert to go 1.17.2 to avoid a net/http regression. * [1.2.4] - November 10, 2021 * Don't regenerate and upload existing Gradle lockfiles twice either. * [1.2.3] - November 4, 2021 * Fixes a bug with NPM/Yarn where lockfiles in subfolders were being uploaded twice. * [1.2.2] - November 3, 2021 * Prioritize gradle wrapper over gradle binary, to avoid environments with mismatched versions. * [1.2.1] - October 26, 2021 * Remove bower support. * [1.2.0] - October 22, 2021 * Generate an ephemeral NPM or Yarn lockfile during alignment if it doesn't exist. * 1.1.x * [1.1.1] - October 12, 2021 * Disable warnings on selfupdate. * [1.1.0] - October 4, 2021 * Allow subdirectories for manifest specification (e.g: `tidelift alignment subdir/package.json`) instead of always needing to be at the root next to the files. * 1.0.x * [1.0.7] - October 1, 2021 * Don't fail if removing a tmpfile fails * [1.0.6] - September 29, 2021 * Makes CLI flag/arg errors a little more consistent. * [1.0.5] - September 28, 2021 * A lot of error message and command output changes to standardize linking to docs, argument counts, and more. * [1.0.4] - September 28, 2021 * Rework Go Build Constraints for Platform Specific Code * [1.0.3] - September 27, 2021 * Adjust how nuget lock files are discovered. * [1.0.2] - September 23, 2021 * Add build for Homebrew, and remove selfupdate ability for homebrew builds. * [1.0.1] - September 22, 2021 * Removing some unused release properties. * [1.0.0] - September 21, 2021 * Cutting our first Majorly Stable Tidelift 1.0.0 version. * 0.34.x * [0.34.5] - September 16, 2021 * Bugfix: Show error when passing incorrect organization types as configuration. * [0.34.4] - September 16, 2021 * Pick up `{"error": {"message": "err"}}` responses, as well as just `{"message": "err"}` * [0.34.3] - September 15, 2021 * Bugfix: Require a Project to be set to run `tidelift status`. * [0.34.2] - September 13, 2021 * Bugfix: Change helptext for `tidelift init --force`. * [0.34.1] - September 13, 2021 * Bugfixes to prevent errors with multiple periods at end due to the way Go formats errors. * [0.34.0] - September 10, 2021 * Show statistics in both `alignment` and `alignment save`'s --json output. This allows you to parse our output yourself, rather than rely on our "blocking build" because of at least one denial. * 0.33.x * [0.33.0] - September 3, 2021 * Remove --allow-requested, which has been silently broken for a while, favor the upcoming --statistics to calculate this manually. * 0.32.x * [0.32.0] - September 2, 2021 * Remove deprecated Scan, TEAM/REPO Settings that we deprecated in March 2021. * 0.31.x - September 2, 2021 * [0.31.0] - September 2, 2021 * Disable npm-ls.json generation and uploading. * 0.30.x * [0.30.0] - August 27, 2021 * Show warning when TIDELIFT_API_KEY is set in .tidelift files, Very important upcoming backwards incompatible change to note. Please use environment variables for project keys, and `tidelift auth` for user keys. * 0.29.x * [0.29.1] - August 18, 2021 * Small Quality of Life changes in `tidelift selftest`, showing who the API user is. * [0.29.0] - August 18, 2021 * Checking authentication before long running commands. This fixes a longstanding problem where we would run pip tooling, before uploading the manifests, when you then realize that the client is not authenticated. By checking beforehand, we minimize the time-to-error response. * 0.28.x * [0.28.0] - August 13, 2021 * Adds a --wait flag to `tidelift request --all`, allows processing on tidelift.com to finish working before continuing on and ending the command. Useful for chaning a `tidelift alignment save` afterwards in CI/CD. * 0.27.x * [0.27.0-0.27.1] - August 4, 2021 * Bug fixes for filename uploading for NuGet * 0.26.x * [0.26.8] - August 3, 2021 * Show error when submitting a non-Tidelift acceptable project name on `tidelift projects new` and `tidelift init` * [0.26.7] - July 29, 2021 * Sanitizing slashes for passing to bibliothecary. * [0.26.6] - July 28, 2021 * Fixed dep tree generation for NPM 7.x * [0.26.5] - July 27, 2021 * Fixed example for `tidelift projects save-lockfiles` * [0.26.4] - July 26, 2021 * Add error when organization not provided to `tidelift init` * [0.26.3] - July 16, 2021 * Show an outdated message as a warning, if outdated, before every command. * [0.26.2] - July 16, 2021 * Make the requests list tree one branching tree, instead of three branching trees. * [0.26.1] - July 15, 2021 * Uses pterm library to make codepage437 trees, vs using own functions. * [0.26.0] - July 15, 2021 * Adds new `tidelift request list` to list (currently only) outstanding requests a user has made. * Adds `--no-trees` to hide the CodePage437 Box Drawing Trees from plaintext output. * 0.25.x * [0.25.6] - June 30, 2021 * Updated help docs to point to CLI docs. * Unhiding `tidelift selftest` * (Fixing date for 0.25.5 in changelog) * [0.25.5] - June 30, 2021 * Added a check in `tidelift selftest` to see whether the installed version is outdated, with instructions on how to selfupdate. * [0.25.4] - May 28, 2021 * Updated `tidelift projects new` to include a `--group` flag, allowing multiple of group flag. * Updated `tidelift init` to include a `--group` flag, allowing multiple of group flag. * [0.25.3] - May 18, 2010 * Fix bug where configuration variable wasn't being set properly due to refactoring * [0.25.1] * Show decision notes in `tidelift releases lookup` output