v2.108.0
📦 jfrog-cliView on GitHub →
✨ 16 features🐛 7 fixes🔧 7 symbols
Summary
This release introduces new features across multiple components, including pnpm support for build info, new JFrog CLI commands like 'jf mcp', and enhanced security scanning capabilities for Yarn and pnpm. Several bug fixes address issues related to poetry dependency capture and authentication errors.
Migration Steps
- If you rely on reference token privilege handling, note that the previous fix has been reverted in [jfrog-cli-core].
✨ New Features
- [build-info-go] Added pnpm package support to recognise 403 Forbidden output.
- [jfrog-cli] Add jf mcp command to configure the remote JFrog MCP server.
- [jfrog-cli] Add AI context description to commands.
- [jfrog-cli] Add server id to login command.
- [jfrog-cli] Enhance metrics visibility by including package manager context.
- [jfrog-cli] Make nix command visible.
- [jfrog-cli] Added Post Failure Run support for pnpm and Yarn.
- [jfrog-cli-artifactory] Add AI-agent help text to artifactory commands.
- [jfrog-cli-artifactory] Enhance metrics visibility by including package manager context.
- [jfrog-cli-artifactory] Add path validation to prevent traversal attacks in artifact handling.
- [jfrog-cli-core] Enhance metrics visibility by including package manager context.
- [jfrog-cli-security] Support parsing SCA issues without components.
- [jfrog-cli-security] Add AI-agent help text to security commands.
- [jfrog-cli-security] Feature/xray 138688 add yarn support for jf ca.
- [jfrog-cli-security] XRAY-144809 - CA command [Maven]: Add option to consider plugin deps.
- [jfrog-cli-security] Feature/xray 138688 add pnpm support for jf ca.
🐛 Bug Fixes
- [build-info-go] RTECO-1287 fix poetry install --only main capturing all dependencies.
- [jfrog-cli] RTECO 1296 fix repeated 401 errors before fallback authentication.
- [jfrog-cli] RTECO-1287 fix poetry install --only main capturing all dependencies.
- [jfrog-cli-artifactory] Updated logic for extracting repository key in case of reverse proxy scenario.
- [jfrog-cli-core] Revert "Fix reference token privilege escalation".
- [jfrog-cli-security] XRAY-140212 - Updated gradle dep tree jar with the missing deps fix.
- [jfrog-cli-security] fix: disable npm workspaces for native config reads.