v0.1.5

Security & maintenance release

Fixes

• Bump Go 1.25.7 → 1.25.9, resolving 9 stdlib CVEs:
  CVE-2026-25679, CVE-2026-27139, CVE-2026-27142,
  CVE-2026-32280, CVE-2026-32281, CVE-2026-32282,
  CVE-2026-32283, CVE-2026-32288, CVE-2026-32289

Changes

• Sync upstream FedRAMP/docs SHA to a06fa8f
• Remove OpenSSF Scorecard integration (workflow, badges, docs)
• Bump goreleaser/goreleaser-action 6.4.0 → 7.0.0
• Bump anchore/sbom-action 0.22.2 → 0.24.0
• Bump google/osv-scanner-action 2.3.3 → 2.3.5
• Bump actions/setup-go 6.2.0 → 6.4.0

Note

This is expected to be the final release for the foreseeable future.
The repository will be archived following this release.

v0.1.4

Security

• Bump Go 1.25.5 → 1.25.7 to resolve GO-2026-4337, GO-2026-4340

v0.1.3

Changelog

• 0588578 deps: bump bubbles to v1.0.0 and osv-scanner to v2.3.3
• 950f39d deps: bump github.com/charmbracelet/bubbles from 0.21.0 to 0.21.1
• 16bd4bd feat: update to consolidated FRMR.documentation.json format
• b818eae fix: use version tag for scorecard-action (required for publish_results)
• eb75409 fix: use version tags for all actions in scorecard workflow
• a241d2f security: add permissions, pin actions to SHA, add SECURITY.md

v0.1.2

Changelog

• a780156 feat: add MSI installer, README badges, and license link
• 2376d38 fix: remove unsupported MSI nfpms config
• 16223b6 fix: update FedRAMP API URL after repo restructure
• 9e53315 switched to goreleaser pro

v0.1.1

Changelog

• 3a64736 Add CODEOWNERS
• a97475d Add demo GIF and ignore local artifacts
• 0c2c705 chore: disable staticcheck style rules (ST*)
• f990f38 chore: improve demo with custom theme and better showcase
• 620d2d4 chore: remove govulncheck workflow, OSV scanner is sufficient
• 81275eb chore: simplify linter config to focus on bugs not style
• fae7890 feat: add SBOM generation with syft
• 7c87364 fix: goreleaser v2 format_overrides syntax for Windows zip
• b1258c3 fix: handle unchecked error returns for linter compliance
• 4d63489 fix: remove duplicate goreleaser config (.yml was overriding .yaml)
• c6aaac3 fix: update test.yml to use Go version from go.mod
• 3a9cfb6 fix: upgrade golangci-lint to v2.4 for Go 1.25.5 support
• 477012c fix: upgrade golangci-lint-action to v9 for v2.x support
• 5f3d21b fix: use goreleaser v2 formats syntax for archives
• cb446d0 fix: use setup-go before govulncheck for Go 1.25.5 compatibility

v0.1.0

Changelog

• 04fda89 Update to Go 1.25.5
• d95f2fa Use official govulncheck-action
• d8334a8 Bump Go version to 1.22 for govulncheck compatibility
• 7a4e56e Fix GoReleaser v6, standardize README, add Dependabot and govulncheck
• ad572c5 Standardize README installation section
• a659d33 Add GoReleaser config with Windows, Homebrew, and Scoop support
• 2eeff6a Add Homebrew install instructions and update license year
• 26b6fcc Pin GoReleaser to v2 and add acknowledgment
• 7ae259c Initial commit: FedRAMP TUI with release workflow