Feature: Add a summary of relevant changes to releases or to a CHANGELOG file #2784
Description
Is your feature request related to a problem? Please describe.
As a user of Scorecard, it's hard to know whether to update to a new version. Releases only show a wall of commits, most of which aren't "interesting" and some of which aren't understandable at a glance (i.e. "Atomically load from accessState to avoid data race."), meaning I need to open the PR to understand if it's something I care about.
Describe the solution you'd like
All releases would start with a summary of significant changes, so that a user can tell at a glance whether the changes are relevant to their use-case. The summary would include anything maintainers deem significant, which would include anything with any chance of modifying a project's score.
The example below was my best effort to detect relevant changes in 4.10.4 by looking at the changelog, which took me a (many) few minutes. It'd be great if someone more in-the-know could do this once, instead of all users having to do it for themselves, with a higher chance of missing something (maybe I did in the example below!).
Additional context
I've noticed that PRs have a section that's meant to be used for release-note, but it doesn't seem to be used.
v4.10.4
Notable changes
- Improved GitLab support! (✨ Gitlab support: RepoClient #2655)
- Pinned-Dependencies now properly scores
pip install -e [--no-deps](🐛 Handle editable pip installs #2731) - Code-Review now treats human and bot PRs differently (🐛 Use leveled scoring for Code Review check #2542)
- Binary-Artifacts now detects and properly penalizes WebAssembly files (🐛 Add wasm files as binary artifacts #2548)
Changelog
9831629 Increase recordings, switch API, and lower tolerance (#2760)
8966abd Initial implementation of go-git client (#2720)
[...]