diff --git a/.github/actions/security-issues/action.yml b/.github/actions/security-issues/action.yml index 64e67b470..58c969d4b 100644 --- a/.github/actions/security-issues/action.yml +++ b/.github/actions/security-issues/action.yml @@ -39,7 +39,7 @@ runs: - name: Install Python Toolbox / Security tool shell: bash run: | - pip install exasol-toolbox==8.1.1 + pip install exasol-toolbox==8.2.0 - name: Create Security Issue Report shell: bash diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 304fbaef5..56efbf691 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,6 +1,7 @@ # Changelog * [unreleased](unreleased.md) +* [8.2.0](changes_8.2.0.md) * [8.1.1](changes_8.1.1.md) * [8.1.0](changes_8.1.0.md) * [8.0.0](changes_8.0.0.md) @@ -67,6 +68,7 @@ hidden: --- unreleased +changes_8.2.0 changes_8.1.1 changes_8.1.0 changes_8.0.0 diff --git a/doc/changes/changes_8.2.0.md b/doc/changes/changes_8.2.0.md new file mode 100644 index 000000000..e9bdc5690 --- /dev/null +++ b/doc/changes/changes_8.2.0.md @@ -0,0 +1,33 @@ +# 8.2.0 - 2026-06-10 + +## Summary + +This minor release adds manual triggering for `periodic-validation.yml` and makes the +Sonar secret name used by `report.yml` configurable via `BaseConfig`. + +## Security Issues + +This release fixes vulnerabilities by updating dependencies: + +| Dependency | Vulnerability | Affected | Fixed in | +|------------|----------------|----------|----------| +| pip | PYSEC-2026-196 | 26.1.1 | 26.1.2 | + +## Feature + +* #854: Added `workflow_dispatch` for `periodic-validation.yml` +* #827: Modified `report.yml` to allow overriding the Sonar secret name via `BaseConfig` + +## Refactoring + +* #852: Modified `merge-gate` to ensure `run-fast-tests` succeeds +* #811: Modified workflow templates to not persist-credentials, not provide attacker-controllable inlines, and not pass more secrets to `report.yml` + +## Dependency Updates + +### `main` + +* Updated dependency `coverage:7.14.0` to `7.14.1` +* Updated dependency `pysonar:1.5.0.4793` to `1.6.0.4905` +* Updated dependency `sphinx-toolbox:4.1.2` to `4.2.0` +* Updated dependency `typer:0.25.1` to `0.26.7` diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index 051929350..fb4737052 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -1,13 +1,3 @@ # Unreleased ## Summary - -## Feature - -* #854: Added `workflow_dispatch` for `periodic-validation.yml` -* #827: Modified `report.yml` to allow overriding the Sonar secret name via `BaseConfig` - -## Refactoring - -* #852: Modified `merge-gate` to ensure `run-fast-tests` succeeds -* #811: Modified workflow templates to not persist-credentials, not provide attacker-controllable inlines, and not pass more secrets to `report.yml` diff --git a/project-template/cookiecutter.json b/project-template/cookiecutter.json index b20bf5969..af11e9fa1 100644 --- a/project-template/cookiecutter.json +++ b/project-template/cookiecutter.json @@ -9,7 +9,7 @@ "author_email": "opensource@exasol.com", "project_short_tag": "", "python_version_min": "3.10", - "exasol_toolbox_version_range": ">=8.1.1,<9", + "exasol_toolbox_version_range": ">=8.2.0,<9", "license_year": "{% now 'utc', '%Y' %}", "__repo_name_slug": "{{cookiecutter.package_name}}", "__package_name_slug": "{{cookiecutter.package_name}}", diff --git a/pyproject.toml b/pyproject.toml index c824c1faf..4dbc06d44 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "exasol-toolbox" -version = "8.1.1" +version = "8.2.0" description = "Your one-stop solution for managing all standard tasks and core workflows of your Python project." authors = [ { name = "Nicola Coretti", email = "nicola.coretti@exasol.com" },