Skip to content

Releases: exasol/python-toolbox

10.1.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 09:59
3928354

10.1.0 - 2026-06-30

Summary

This minor release adds an opt-out for documentation-enabled workflows and jobs. Projects can
now declare that they do not serve documentation with the has_documentation switch in
BaseConfig, and the workflow generator/checker will stop documentation relevant jobs
and workflows for those projects. This should only be set to False for exceptional cases.

Feature

  • #901: Provided switch has_documentation in BaseConfig for projects without documentation

10.0.0

Choose a tag to compare

@github-actions github-actions released this 23 Jun 10:18
bc6d3bf

10.0.0 - 2026-06-23

Summary

In this major release, several modifications were made to the PTB's workflow templates and actions:

  • the default DB-version was updated to come from BaseConfig instead of the
    hardcoded 7.1.9, so ITDE-related test flows use the configured Exasol baseline
    and unit-test help no longer advertises --db-version.

  • the github_template_dict.custom_workflows entry now auto-detects secret names
    from custom workflow files and passes them into PTB-controlled workflow templates.
    For example:

    on:
      workflow_call:
        secrets:
          PYPI_TOKEN:
            required: true
          SONAR_TOKEN:
            required: true
  • the Python environment GitHub action now accepts extras as a comma-separated
    list, which makes it easier to pass multiple optional dependency groups in one
    value. Additionally, it supports all-extras, so that all extras are installed
    without further specification needed.

  • the new workflow:audit Nox session runs zizmor against GitHub Actions and
    reusable workflows, so security checks are part of the normal checks.yml
    pipeline instead of being a separate manual step. It also keeps the audit
    configuration in the project root via .zizmor.yml; see the
    zizmor configuration guide
    and the
    troubleshooting guide for findings
    for details on tuning or suppressing findings locally.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
cryptography GHSA-537c-gmf6-5ccf 48.0.0 48.0.1
msgpack GHSA-6v7p-g79w-8964 1.1.2 1.2.1

Feature

  • #874: Added the security label to dependency update PR creation
  • #699: Added all-extras support to the Python environment GitHub action
  • #875: Added name attribute to generated workflow jobs using -extension.yml workflows

Bug

  • #744: Updated nox DB-version handling to use BaseConfig.minimum_exasol_version instead hardcoded 7.1.9

Feature

  • #878: Added Nox session workflow:audit which uses zizmor and added it in checks.yml
  • #872: Added custom_workflows to github_template_dict for automatic custom workflow secret extraction

Refactoring

  • #744: Extracted shared minimum-version selection logic into minimum_declared_version()
  • #699: Switched extras in the Python environment GitHub action to comma-separation

Documentation

  • #828: Removed the legacy migration page and merged the useful guidance into getting started
  • #789: Consolidated the metrics and Sonar documentation to reflect the current PTB reporting flow

Security

  • #867: Fixed zizmor linting results

Dependency Updates

main

  • Updated dependency coverage:7.14.1 to 7.14.3
  • Updated dependency import-linter:2.11 to 2.12
  • Updated dependency pip-audit:2.10.0 to 2.10.1
  • Updated dependency pylint:4.0.5 to 4.0.6
  • Updated dependency pytest:9.0.3 to 9.1.1
  • Updated dependency zizmor:1.25.2 to 1.26.1

9.0.0

Choose a tag to compare

@github-actions github-actions released this 16 Jun 08:31
fcb06e9

9.0.0 - 2026-06-16

Summary

This major version introduces matrix.yml whose results are generated by the nox session matrix:generate.

Projects can extend BaseConfig with additional matrix values when they need to expose
more entries to the workflows.

class Config(BaseConfig):
    extra_matrix_value: str = "extra"

    @computed_field  # type: ignore[misc]
    @property
    def computed_matrix_value(self) -> str:
        # This can be requested when generating the matrix. If it is a simple string value,
        # like is shown here, then the code will automatically wrap it in an array.
        return f"{self.project_name}-computed"

The corresponding nox sessions (matrix:all, matrix:exasol, and matrix:python) will
remain available until September 15, 2026, to provide a transition period for existing projects.

At the same time, the workflows matrix-all.yml, matrix-exasol.yml, and matrix-python.yml
are deprecated and are no longer maintained by the exasol-toolbox. You can still use
these workflows in your project until you transition fully to using matrix.yml.

Feature

  • #730: Added support to extend GitHub workflow cd.yml
  • #864: Modified PTB workflow templates to not persist credentials and to use pinned SHAs
  • #654: Added and used general matrix matrix.yml for PTB-provided workflows

Refactoring

  • #682: Modified PTB exasol_versions to an empty list

Dependency Updates

main

  • Added dependency zizmor:1.25.2

8.2.0

Choose a tag to compare

@github-actions github-actions released this 10 Jun 07:03
a715f39

8.2.0 - 2026-06-10

Summary

This minor release adds manual triggering for periodic-validation.yml and makes the
Sonar secret name used by report.yml configurable via BaseConfig.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
pip PYSEC-2026-196 26.1.1 26.1.2

Feature

  • #854: Added workflow_dispatch for periodic-validation.yml
  • #827: Modified report.yml to allow overriding the Sonar secret name via BaseConfig

Refactoring

  • #852: Modified merge-gate to ensure run-fast-tests succeeds
  • #811: Modified workflow templates to not persist-credentials, not provide attacker-controllable inlines, and not pass more secrets to report.yml

Dependency Updates

main

  • Updated dependency coverage:7.14.0 to 7.14.1
  • Updated dependency pysonar:1.5.0.4793 to 1.6.0.4905
  • Updated dependency sphinx-toolbox:4.1.2 to 4.2.0
  • Updated dependency typer:0.25.1 to 0.26.7

8.1.1

Choose a tag to compare

@github-actions github-actions released this 27 May 13:38
0e31a6d

8.1.1 - 2026-05-27

Summary

This patch release resolves a bug found in dependency-update.yml. This was introduced in 8.1.0.

Bugfix

  • #850: Fixed jq and piping in dependency-update.yml

8.1.0

Choose a tag to compare

@github-actions github-actions released this 27 May 11:11
547916a

8.1.0 - 2026-05-27

Summary

In this minor release, the nox session workflow:check was added and is now used in the checks.yml.
If this job is active in your CI, please double-check if additional files should be added into your project's .gitattributes.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
idna CVE-2026-45409 3.14 3.15

Bugfix

  • #840: Added export plugin installation within dependency-update.yml
  • #847: Used hashed poetry export output with pip-audit --disable-pip to avoid the
    copied-interpreter failure in Poetry-managed Python builds

Feature

  • #722: Added check in workflow:generate to compare the generated and existing content before writing out and nox session workflow:check
  • #642: Added nox session workflow:check into the checks.yml
  • #698: Added a comment in the top of all workflows maintained by the PTB

Refactoring

  • #722: Modified workflow:generate backend function to class WorkflowOrchestrator

Dependency Updates

main

  • Updated dependency black:26.3.1 to 26.5.1
  • Updated dependency shibuya:2026.1.9 to 2026.5.19

dev

  • Updated dependency types-pyyaml:6.0.12.20260510 to 6.0.12.20260518

8.0.0

Choose a tag to compare

@github-actions github-actions released this 13 May 12:01
e46075c

8.0.0 - 2026-05-13

Summary

In this major release, several modifications were made to the PTB's workflow templates:

  • For automatically resolving vulnerabilities, the dependency-update.yml workflow was
    added. For more details, see the Update Dependencies section.
  • The periodic run which was previously executed in the ci.yml has been moved to its
    own periodic-validation.yml and will run weekly. This also has been modified to
    run the slow-checks.yml so that more complete linting and coverage information is
    sent to Sonar.
  • With the addition of periodic-validation.yml, the pr-merge.yml was reduced so that
    it only executes gh-pages.yml.
  • The unit tests job has been moved from checks.yml to its own fast-tests.yml file.
  • Workflow extensions were added to fast-tests and merge-gate. This allows users to
    add custom fast-tests-extension.yml and merge-gate-extension.yml files. For more
    details, check out the Workflow Extensions section.
  • slow-checks.yml is only maintained by the project (not the PTB). See the Not Maintained by the PTB section.

Features

  • #829: Extended removing a job from a workflow to also remove it from the needs of another job
  • #825: Created two workflows by splitting up previous ones:
    • Moved the periodic jobs in ci.yml to its own periodic-validation.yml
    • Moved the unit tests job in checks.yml to its own fast-tests.yml
  • #730: Added workflow extensions to fast-tests and merge-gate
  • #756: Added dependency-update.yml to automate resolving vulnerabilities with a generated pull request
  • #792: Improved dependency-update.yml documentation
  • #831: Switched slow-checks.yml to be provided by the project and not maintained by the PTB and improved output of pydantic validation of .workflow-patcher.yml

Bugfix

  • #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
urllib3 CVE-2026-44431 2.6.3 2.7.0
urllib3 CVE-2026-44432 2.6.3 2.7.0
  • #836: Relocked poetry.lock

Dependency Updates

main

  • Updated dependency coverage:7.13.4 to 7.14.0
  • Updated dependency importlib-resources:6.5.2 to 7.1.0
  • Updated dependency mypy:1.19.1 to 2.1.0
  • Updated dependency nox:2026.2.9 to 2026.4.10
  • Updated dependency pip-licenses:5.5.1 to 5.5.5
  • Updated dependency pre-commit:4.5.1 to 4.6.0
  • Updated dependency pydantic:2.12.5 to 2.13.4
  • Updated dependency pysonar:1.0.2.1722 to 1.5.0.4793
  • Updated dependency sphinxcontrib-mermaid:2.0.1 to 2.0.2
  • Updated dependency typer:0.24.1 to 0.25.1

dev

  • Updated dependency types-pyyaml:6.0.12.20250915 to 6.0.12.20260510

7.0.0

Choose a tag to compare

@github-actions github-actions released this 29 Apr 09:26
de9c841

7.0.0 - 2026-04-29

Summary

In this major release, support for the version.pyfile has been removed. Users should:

  • delete the version.py file

  • add in their project's __init__.py module

    from importlib.metadata import version
    __version__ = version("<package_name>")

This is required for the nox session docs:multiversion to successfully complete,
and it is a Python standard for users to check in the terminal which version they are
using.

The underlying code for the nox sessions vulnerabilities:resolved and release:prepare have been modified so that all dependencies (main, in groups, and in optional groups) are considered for the vulnerability report. Additionally, we only consider a vulnerability resolved if pip-audit includes fix_versions for the dependency. Previously, these nox sessions only reported the dependencies of main and the transitive dependencies of main.

Feature

  • #803: Included other dependencies for local pip-audit check

Refactoring

  • #800: Removed tbx security pretty-print, tbx lint pretty-print, and creation of .lint.txt, as superseded by Sonar and .lint.json usage
  • #791: Resolved Sonar concerns: accepted specific subprocess import usage, subprocess commands, & improved minor maintainability items
  • #629: Replace version.py with version from the __init__.py

Bug Fix

  • #808: Resolved release:prepare to update pyproject.toml

6.4.0

Choose a tag to compare

@github-actions github-actions released this 22 Apr 08:46
5553263

6.4.0 - 2026-04-22

Summary

This release includes a few notable improvements:

  • The nox session release:prepare automatically reports resolved security issues.
  • The stability of the tbx security cve CLI commands is improved with new test coverage
    to help ensure it works for non-Python projects.

Features

  • #777: Improved VulnerabilityMatcher to handle packages with multiple vulnerabilities
  • #517: Modified nox session release:prepare to report resolved security issues

Refactoring

  • #731: Reduced costly test-python-environment.yml to run when triggered on main or when the files related to the action are altered
  • #785: Removed nox session project:report and metrics-schema, as superseded by Sonar usage
  • #763: Parsed and manipulated Changes Files
  • #788: Removed tbx workflow CLI commands, as superseded by nox session workflow:generate

Bugfix

  • #798: Added test to ensure tbx security cve works

6.3.0

Choose a tag to compare

@github-actions github-actions released this 15 Apr 07:13
e8120e1

6.3.0 - 2026-04-15

Summary

This release includes an update of action/upload-pages-artifact from v4 to v5.0.0. With this
change, now all actions used in the PTB run with Node.js 24. This is important as support
for Node.js 20 reaches it end-of-life in April 2026 and support for it in GitHub will end in
September 2026; for more details, see GitHub's deprecation notice.

The report.yml is also called after the checks.yml completes. This allows users
to get linting, security, and unit test coverage before running the slow-checks.yml,
as described in the Pull Request description.

This release also adds a vulnerabilities:resolved Nox session, which reports GitHub security issues resolved since the last release.

This release fixes a vulnerability by updating the poetry.lock file.

Name Version ID Fix Versions Updated to
pytest 9.0.2 CVE-2025-71176 9.0.3 9.0.3

To ensure usage of secure packages, it is up to the user to similarly relock their dependencies.

Features

  • #402: Created nox session vulnerabilities:resolved to report resolved GitHub security issues
  • #733: Adjusted structlog and log level for workflow generation

Refactoring

  • #764: Updated action/upload-pages-artifact from v4 to v5
  • #768: Updated merge-gate.yml to execute the report.yml after the checks.yml completes

Bugfix

  • #766: Fixed action/upload-pages-artifact from v5 to v5.0.0

Security

  • #774: Fixed vulnerability by re-locking pytest in the poetry.lock

Dependency Updates

main

  • Updated dependency pytest:9.0.2 to 9.0.3