Security audit Python project dependencies against security advisory databases.
Bugfix/Maintenance release.
>=1.4.
.packaging
from 22.0
to 23.0
(#173).packaging
from 23.0
to 23.1
(#209).Full Changelog: https://github.com/twu/skjold/compare/v0.6.1...v0.6.2
Bugfix/Maintenance release.
packaging
>=21,<23.0
. (#162). Thanks @whardier!types-toml
from 0.10.8
to 0.10.8.1
(#156)mypy
from 0.990
to 0.991
(#157)actions/setup-python
from 4.3.0
to 4.3.1
(#160)Full Changelog: https://github.com/twu/skjold/compare/v0.6.0...v0.6.1
Feature release.
This release breaks .skjoldignore
files when containing PyUP
identifiers (See #148). You might need to re-add them to the ignore file using the CVE
or new PyUP identifier.
0.981
to 0.982
(#141)22.8.0
to 22.10.0
(#144)3.9.0
to 3.10.0
(#143)pytest
from 7.1.3
to 7.2.0
(#146)types-pyyaml
from 6.0.12
to 6.0.12.1
(#147)pytest-sugar
from 0.9.5
to 0.9.6
(#151)mypy from
0.982
to 0.990
(#152)types-pyyaml
from 6.0.12.1
to 6.0.12.2
(#153)actions/checkout
from 3.0.2
to 3.1.0
(#142)actions/setup-python
from 4.2.0
to 4.3.0
(#145)Full Changelog: https://github.com/twu/skjold/compare/v0.5.1...v0.6.0
Hotfix release.
more_info_path
to create correct pyup.io
URLs (https://github.com/twu/skjold/pull/140). Thanks @joakimnordling!types-pyyaml
from 6.0.9
to 6.0.12
(https://github.com/twu/skjold/pull/134).types-toml
from 0.10.7
to 0.10.8
(https://github.com/twu/skjold/pull/124).coverage
from 6.4.1
to 6.5.0
(https://github.com/twu/skjold/pull/138).actions/setup-python
from 4.0.0
to 4.2.0
(https://github.com/twu/skjold/pull/128, https://github.com/twu/skjold/pull/122).Full Changelog: https://github.com/twu/skjold/compare/v0.5.0...v0.5.1
Feature / Hotfix release.
Breaking: This version drops support for Python 3.6 (#117) and adds the filename to both output formats (#118).
Changes
poetry-core
(#91). Thanks @fabaff!(,0)
(#90). Thanks @stesix!ECOSYSTEM
+ versions
) (#115). Thanks @Kurt-von-Laven!actions/checkout
from 2.3.4
to 2.4.0
(#82).actions/setup-python
from 2.2.2
to 2.3.2
(#93).Full Changelog: https://github.com/twu/skjold/compare/v0.4.1...v0.5.0
Hotfix release.
Changes
github
fixed version specifiers e.g. = 1.4.2
. Fixes #61. Thanks @brondsem!Feature/Maintenance release.
Important!: From this release onwards skjold
depends on/uses packaging
instead of poetry-semver
(See #52 for details).
Changes
packaging
for parsing versions instead of poetry-semver
. See #52github
source. See #56Bugfix release.
Changes
verbose
flag from .pre-commit-hook.yaml
as it is only supposed to be used during debugging. See Comment Thanks @asottile!Bugfix release.
Changes
click
version to 8.x
to fix issue with changed get_default
signature.Feature / Maintenance release.
Important!: When using skjold
as a pre-commit
-hook it only gets triggered if you want to commit changed dependency files (e.g. Pipenv.lock
, poetry.lock
, requirements.txt
,...). It will not continuously check your dependencies on every commit!
Important!: If you use report_only
in any way make sure that you add verbose: true
to your hook configuration otherwise pre-commit
won't show you any output since the hook is always returning with a zero exit code due to report_only
being set!
Breaking Changes
skjold
will now always write the number of ignored findings and vulnerable packages to stderr
. The rest of the output json
or cli
are still written to stdout
for easier redirection.Changes
.skjoldignore
. (See #47) Thanks @micheller!skjold
now outputs ignored findings when using cli
or json
output formats.osv
or pypa
as sources. (See #45)cli
output if present.0.902
mypy.ini
to pyproject.toml
.types-toml
and types-PyYAML
as dev
dependencies.README.md
.