v0.1.7 — APT Clean dry-run safety + test-infrastructure honesty

Highlights

A focused hotfix release addressing one user-facing safety bug and several layers of test-infrastructure honesty issues uncovered along the way.

🔒 Security

• APT Clean() now respects DryRun. Previously apt autoclean executed regardless of the DryRun option, silently defeating the safety mechanism users expect from dry-run mode. The YUM/Snap/Flatpak Clean implementations already honored DryRun; APT now matches. Regression tests added in manager/apt/apt_clean_dryrun_test.go.
• Docker test runners no longer mask test failures. Three layers of the same class of CI-honesty bug, fixed:
  • bash -ec with ; separators replaces bash -c with && chains. Due to bash operator precedence, trailing || true on fixture-generation lines caught failures from earlier in the chain (including go test), letting failed tests pass CI silently.
  • --abort-on-container-failure replaces --abort-on-container-exit in the Makefile. The latter aborts on any container exit (success or failure), so the fastest test container's success killed the slower siblings mid-run, masking failures.
  • The test-all aggregator service now uses long-form depends_on with condition: service_completed_successfully. Short form only waited for dependents to start, so test-all's echo could finish before the actual tests reported failure.
• Defense-in-depth on the test-all aggregator: read_only: true, security_opt: [\"no-new-privileges:true\"], and a read-only /workspace bind mount.

💥 Breaking change

• PackageInfo JSON output now uses snake_case field names (e.g. package_manager, new_version, additional_data) instead of Go's default PascalCase. Required fields (name, status, package_manager) are always emitted; optional fields use omitempty. Consumers parsing JSON output must update field names. (#40, thanks @aijanai)

🛠 Build / tooling

• Migrated Makefile from docker-compose (v1, EOL'd June 2023) to docker compose (v2 plugin) — required for the new --abort-on-container-failure flag.
• go.mod now declares go 1.23.0 (full version) instead of go 1.23, resolving Go toolchain download failures in some environments. (#40)

Acknowledgments

• @aijanai — PR #40 (snake_case JSON tags + go.mod toolchain fix), originally filed Nov 2025.
• coderabbitai, gemini-code-assist, chatgpt-codex-connector — automated review on PR #67 caught two real bugs that survived my initial implementation (P1: cross-test container race; P2: Compose v1/v2 binary mismatch).

Full changelog: v0.1.6...v0.1.7

v0.1.6: YUM Package Manager Support, ARM64 Architecture Support, Enhanced Testing Infrastructure, Improved Documentation, Enhanced CI/CD pipeline with multi-OS testing, Improved project structure and organization

What's Changed

• add read only yum support (yum search, yum info) by @aijanai in #10
• Follow-up to PR #10: Fix YUM package manager review issues by @bluet in #14
• feat(yum): Document behavior contracts and improve status detection by @bluet in #17
• fix(security): prevent command injection vulnerability in package managers (Issue #23) by @bluet in #25
• feat: implement CommandRunner architecture for APT and YUM package managers (Issue #20) by @bluet in #26
• Bump github.com/urfave/cli/v2 from 2.27.6 to 2.27.7 by @dependabot[bot] in #33
• Add APT purge support via CustomCommandArgs by @brunodam in #36
• Support ARM64 architecture when running docker tests by @brunodam in #35
• Prepare v0.1.6 release with YUM package manager support by @Copilot in #38

New Contributors

• @brunodam made their first contribution in #36
• @Copilot made their first contribution in #38

Full Changelog: v0.1.5...v0.1.6

v0.1.5: Bug fixes, infrastructure improvements, and Apache 2.0 license upgrade

🚀 What's New

🔧 Bug Fixes

• Removed leftover test comments from main.go
• Fixed DockerTestRunner missing imports and context timeout support
• Fixed non-deterministic package ordering in ParseFindOutput
• Fixed GetPackageManager("") panic when no package manager auto-selected

🏗️ Infrastructure Improvements

• License Upgrade: Migrated from MIT to Apache License 2.0 for better patent protection
• CI/CD Enhancements: Updated workflows to support Go 1.23/1.24
• Pre-commit Hooks: Added comprehensive code quality checks
• Docker Testing: Enhanced multi-OS testing infrastructure
• Documentation: Synchronized all docs with current project state

📚 Documentation Updates

• Added professional README badges for CI/CD status
• Updated development commands and workflow documentation
• Enhanced testing strategy documentation
• Added comprehensive project roadmap in CLAUDE.md

🔒 Security & Quality

• Security-focused pre-commit hooks using local system tools
• Enhanced code formatting and linting pipeline
• Improved error handling and resource management

📊 Changes Since v0.1.4

• 25 commits with significant infrastructure and quality improvements
• Apache 2.0 License upgrade for enterprise-grade legal clarity
• Enhanced CI/CD pipeline with multi-version Go support
• Comprehensive documentation updates

🙏 Contributors

Thanks to @aijanai for contributing the GetPackageManager fixes in PR #12!

---

Full Changelog: v0.1.4...v0.1.5

v0.1.4

Full Changelog: v0.1.3...v0.1.4

v0.1.3

Full Changelog: v0.1.2...v0.1.3

v0.1.2

Full Changelog: 0.1.1...v0.1.2