Release v0.16.7

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.7
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.7

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.7 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.7/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.7] - 2026-04-04

Changed

• Upgrade vendored typescript-go to c0703e66b68b

[0.16.6] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 02bf7c9f25a4

[0.16.5] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7d9b07b896c1

[0.16.4] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df62f5db69a2

[0.16.3] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 65056016dd8a

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2....

Release v0.16.6

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.6
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.6

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.6 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.6/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.6] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 02bf7c9f25a4

[0.16.5] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7d9b07b896c1

[0.16.4] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df62f5db69a2

[0.16.3] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 65056016dd8a

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Adde...

Release v0.16.5

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.5
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.5

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.5 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.5/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.5] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7d9b07b896c1

[0.16.4] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df62f5db69a2

[0.16.3] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 65056016dd8a

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[...

Release v0.16.4

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.4
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.4

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.4 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.4/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.4] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df62f5db69a2

[0.16.3] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 65056016dd8a

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platfor...

Release v0.16.3

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.3
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.3

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.3 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.3/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.3] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 65056016dd8a

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows...

Release v0.16.2

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.2
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.2

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.2 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.2/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.2] - 2026-04-04

Changed

• Upgrade vendored typescript-go to df56d26717f7

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

• Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0....

Release v0.16.1

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.1
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.1

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.1 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.1/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.1] - 2026-04-04

Changed

• Upgrade vendored typescript-go to 7f8f645fc008

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

• Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0.1.0] - 2026-02-11

Added

• Initial release
• AST-level change detection for Rush monorepo libraries using vendored typescript-go parser
• Taint propagation through workspace depend...

Release v0.16.0

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.16.0
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.16.0

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.16.0 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.16.0/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

[0.16.0] - 2026-04-04

Changed

• Breaking: Merged target and virtual-target types into a unified target definition. The type field is removed. All targets now support app, targetName, changeDirs, lockfile detection, and fine-grained mode. targetName defaults to the package name when not set. changeDirs defaults to **/* when not set.

[0.15.3] - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

[0.15.2] - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

• Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0.1.0] - 2026-02-11

Added

• Initial release
• AST-level change detection for Rush monorepo libraries using vendored typescript-go parser
• Taint propagation through workspace dependency graph (unlimited BFS hops)
• Target and virtual target support via .goodchangesrc.json configuration
• Lockfile dependency change detection (pnpm-lock.yaml)
• Optional CSS/SCSS ...

Release v0.15.3

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.15.3
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.15.3

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.15.3 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.15.3/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

0.15.3 - 2026-02-23

Fixed

• Add intra-file taint propagation after seeding phase in both AnalyzeLibraryPackage and FindAffectedFiles, so that symbols referencing other tainted symbols in the same file are also marked as tainted before BFS starts

0.15.2 - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

[0.15.1] - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

[0.15.0] - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

[0.14.2] - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

[0.14.1] - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

• Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0.1.0] - 2026-02-11

Added

• Initial release
• AST-level change detection for Rush monorepo libraries using vendored typescript-go parser
• Taint propagation through workspace dependency graph (unlimited BFS hops)
• Target and virtual target support via .goodchangesrc.json configuration
• Lockfile dependency change detection (pnpm-lock.yaml)
• Optional CSS/SCSS taint tracking and propagation through @use/@import chains
• Optional type-only change detection (interfaces, type aliases, annotations)
• Multi-stage Docker build
• Automated vendor upgrade workflow

Release v0.15.2

Docker Image

The Docker image for this release has been published to DockerHub:

Repository: gooddata/gooddata-goodchanges

Tags:

• gooddata/gooddata-goodchanges:0.15.2
• gooddata/gooddata-goodchanges:latest

Pull Commands

# Pull specific version
docker pull gooddata/gooddata-goodchanges:0.15.2

# Pull latest
docker pull gooddata/gooddata-goodchanges:latest

Run Command

docker run --rm gooddata/gooddata-goodchanges:0.15.2 [command]

Standalone Binaries

Download the binary for your platform from the assets below.

Platform	Architecture	Asset
Linux	x86_64	goodchanges-linux-amd64.tar.gz
Linux	ARM64	goodchanges-linux-arm64.tar.gz
macOS	Intel	goodchanges-darwin-amd64.tar.gz
macOS	Apple Silicon	goodchanges-darwin-arm64.tar.gz
Windows	x86_64	goodchanges-windows-amd64.zip
Windows	ARM64	goodchanges-windows-arm64.zip

All platforms

• goodchanges-darwin-amd64.tar.gz
• goodchanges-darwin-amd64.tar.gz.sha256
• goodchanges-darwin-arm64.tar.gz
• goodchanges-darwin-arm64.tar.gz.sha256
• goodchanges-linux-amd64.tar.gz
• goodchanges-linux-amd64.tar.gz.sha256
• goodchanges-linux-arm64.tar.gz
• goodchanges-linux-arm64.tar.gz.sha256
• goodchanges-windows-amd64.zip
• goodchanges-windows-amd64.zip.sha256
• goodchanges-windows-arm64.zip
• goodchanges-windows-arm64.zip.sha256

Install (Linux/macOS)

# Example: download and install linux/amd64
curl -sL https://github.com/gooddata/gooddata-goodchanges/releases/download/v0.15.2/goodchanges-linux-amd64.tar.gz | tar xz
chmod +x goodchanges-linux-amd64
sudo mv goodchanges-linux-amd64 /usr/local/bin/goodchanges

Changelog

0.15.2 - 2026-02-20

Fixed

• Fix export const/export let declarations not being added to the exports list in the TS parser, causing locally declared exported variables (e.g. export const allScenarios = [...]) to be invisible during entrypoint taint checking

0.15.1 - 2026-02-17

Changed

• Upgrade vendored typescript-go to daa761e5c641

0.15.0 - 2026-02-17

Added

• lockfileVersion change detection: when lockfileVersion changes in a subspace's pnpm-lock.yaml, all projects in that subspace are treated as having all external deps changed, and all library exports are wildcard-tainted. This propagates transitively through the existing dependency graph and taint analysis.
• ParseLockfileVersion using proper YAML parsing (gopkg.in/yaml.v3) to compare old vs new lockfile versions

0.14.2 - 2026-02-16

Added

• Comprehensive debug logging across all analyzer functions: FindAffectedFiles, FindEntrypoints, CollectEntrypointExports, HasTaintedImports, HasTaintedImportsForGlob, FindCSSTaintedPackages, and import resolution (resolve.go)

0.14.1 - 2026-02-16

Changed

• Upgrade vendored typescript-go to 7b198ca5c705

[0.14.0] - 2026-02-14

Added

• JSON import taint propagation: changed .json files now taint TS/JS files that import them, with symbol-level granularity based on usage of the imported binding

[0.13.0] - 2026-02-14

Added

• Per-target ignores field in target definitions. Per-target ignores are additive with the global ignores and only apply to the specific target's detection.

[0.12.0] - 2026-02-14

Changed

• Breaking: .goodchangesrc.json now uses a targets array instead of a single top-level target definition. Each entry in targets is a target object with type, app, targetName, and changeDirs. The ignores field remains at the top level (shared across all targets).

[0.11.2] - 2026-02-14

Fixed

• Fine-grained detection now seeds taint from changed CSS/SCSS files within the project (with CSS module granularity for *.module.scss/*.module.css)

[0.11.1] - 2026-02-14

Changed

• Fine-grained detection now uses symbol-level taint propagation matching library analysis: AST diffs identify changed symbols, import graph tracks name mappings, BFS only propagates to importers of actually changed symbols, with intra-file and re-export handling

[0.11.0] - 2026-02-14

Added

• -v / --version flag prints the embedded version from the VERSION file

[0.10.0] - 2026-02-14

Added

• Fine-grained changeDirs entries now support an optional filter field to narrow output results (e.g. {"glob": "src/**/*", "filter": "src/**/*.test.ts", "type": "fine-grained"} analyzes all files but only returns affected test files)

[0.9.5] - 2026-02-14

Changed

• Fine-grained changeDirs now AST-diff changed files against the merge base; whitespace-only or comment-only changes no longer cascade through importers

[0.9.4] - 2026-02-14

Fixed

• Fine-grained BFS propagation now follows re-exports (export { X } from "./foo", export * from "./foo") so barrel files no longer break the chain

[0.9.3] - 2026-02-14

Fixed

• Fine-grained changeDirs now detect lockfile dependency changes (pnpm-lock.yaml upgrades taint files importing the affected external dep)

[0.9.2] - 2026-02-14

Changed

• CSS module imports (*.module.scss/*.module.css) with named bindings now use granular taint: only symbols that reference the imported binding are tainted, instead of all exports in the file

[0.9.1] - 2026-02-14

Fixed

• Changed CSS/SCSS files within a library now taint TS files that relatively import them (e.g. import "./styles.scss" taints all exports of the importing file)

[0.9.0] - 2026-02-14

Changed

• Breaking: changeDirs entries now use glob patterns instead of directory paths ("glob" field replaces "path")
• Glob matching uses doublestar: * matches files in current dir, **/* matches all nested files, **/*.stories.tsx matches specific patterns
• Ignores override glob matches: if a file matches a glob but is also in ignores, it is excluded
• Fine-grained changeDirs only match TS/TSX source files

[0.8.0] - 2026-02-14

Changed

• When TARGETS is set, compute relevant package set (active targets + transitive dependencies) and skip change detection, library analysis, and transitive dependent walks for irrelevant packages

[0.7.1] - 2026-02-14

Fixed

• Load all .goodchangesrc.json configs once at startup instead of re-reading from disk per changed file and again during target detection

[0.7.0] - 2026-02-14

Changed

• Skip expensive target detection (file scanning, taint import checks) for targets excluded by TARGETS filter

[0.6.0] - 2026-02-14

Added

• Optional TARGETS env var to filter output by target name (comma-delimited, supports * wildcard globs)

[0.5.1] - 2026-02-14

Fixed

• Fix ignore globs not supporting ** patterns (e.g. scenarios/**/*.md) by replacing filepath.Match with doublestar.Match

[0.5.0] - 2026-02-13

Added

• Fine-grained virtual target detection: changeDirs entries can specify "type": "fine-grained" to collect specific affected files instead of triggering a full run
• New FindAffectedFiles analyzer function for transitive file-level taint propagation within directories
• Output format changed from []string to []{"name", "detections?"} for richer target information

Changed

• changeDirs config field is now an array of objects ({"path": "...", "type?": "..."}) instead of plain strings

[0.4.0] - 2026-02-13

Changed

• Parallelize library analysis within the same topological level using goroutines

[0.3.0] - 2026-02-13

Added

• install.sh script for downloading and installing standalone binaries with SHA-256 verification

[0.2.5] - 2026-02-13

Changed

• Upgrade vendored typescript-go to f058889a79ed

[0.2.4] - 2026-02-12

Changed

• Trim release binaries to 6 targets: linux/amd64, linux/arm64, darwin/amd64, darwin/arm64, windows/amd64, windows/arm64

[0.2.3] - 2026-02-12

Added

• SHA-256 hash files (.sha256) for every release binary

[0.2.2] - 2026-02-12

Fixed

• Fix runner label for GitHub release job (runners-cxa-xlarge, not cxa-xlarge)

[0.2.1] - 2026-02-12

Changed

• Use cxa-xlarge runner for GitHub release job (cross-compiling 32 binaries)
• Docker images limited to linux/amd64 and linux/arm64 only (other platforms served via standalone binaries)

[0.2.0] - 2026-02-12

Added

• Cross-platform standalone binaries attached to GitHub releases (32 targets)
• Support for Linux, macOS, Windows, FreeBSD, OpenBSD, NetBSD, Solaris, Illumos, AIX, DragonFlyBSD

Changed

• Docker build uses Go cross-compilation instead of QEMU emulation for faster multi-platform builds

[0.1.0] - 2026-02-11

Added

• Initial release
• AST-level change detection for Rush monorepo libraries using vendored typescript-go parser
• Taint propagation through workspace dependency graph (unlimited BFS hops)
• Target and virtual target support via .goodchangesrc.json configuration
• Lockfile dependency change detection (pnpm-lock.yaml)
• Optional CSS/SCSS taint tracking and propagation through @use/@import chains
• Optional type-only change detection (interfaces, type aliases, annotations)
• Multi-stage Docker build
• Automated vendor upgrade workflow