Skip to content

CHANGELOG.md

Latest commit

 

History

History
66 lines (40 loc) · 1.89 KB

CHANGELOG.md

File metadata and controls

66 lines (40 loc) · 1.89 KB

Changelog

0.7.1 (2023-04-22)

Changed

  • Changed the build.outputs.hashes state to use $GITHUB_OUTPUT instead of deprecated ::set-output method.

0.7.0 (2023-04-22)

Added

  • Added instructions on how to configure a Trusted Publisher.

0.6.0 (2023-01-10)

Added

  • Added the repo_token parameter to the ossf/scorecard-action GitHub Action.

  • Added documentation on how to upgrade dependencies in lock files manually with pip-compile and the --upgrade-package option.

Changed

  • Changed Dependabot configuration to reduce the total number of opened pull requests without sacrificing timely security fixes or upgrades signalling a new major version.

  • Changed the publish job to only use the publish GitHub Environment, rather than both publish and build jobs. This means that there will only be one approval required to publish to PyPI since all other steps before can either be rolled back without harming users (ie deleting GitHub releases, git tags) or are idempotent (provenance attestation).

0.5.0 (2022-12-10)

Added

  • Added instructions for configuring signed commits and tags automatically from git.
  • Added security policy and instructions for configuring private vulnerability reporting.

0.4.0 (2022-12-09)

Added

  • Added scriv for tracking changelog fragments

Changed

  • Changed from flit to hatch for building the package

0.3.0

Added

  • Added deployment pipeline to PyPI
  • Added provenance signing with SLSA GitHub Action
  • Added instructions on how to configure branch protections
  • Added instructions for opting-in to required 2FA on PyPI
  • Added the OpenSSF Scorecard GitHub Action

Changed

  • Changed default permissions to read-all for GitHub Actions