Releases: exasol/python-toolbox
Release list
10.2.0
10.2.0 - 2026-07-07
Summary
This minor release adds automated vulnerability updates through Nox session
vulnerabilities:update and improves the dependency-update.yml. It also includes a
few workflow-related bug fixes and documentation updates.
Bug
- #909: Updated
cd.ymlworkflow so thatcd-extension.ymlworkflow depends onbuild-and-publish. This ensures that the custom release workflow only runs when the PyPi release was successful. - #910: Added
gh-pages.ymlto be ignored whenhas_documentation=Falsein thePROJECT_CONFIG
Feature
- #898: Created Nox session
vulnerabilities:updateto automatically resolve
vulnerable dependencies and report the result for the dependency update workflow
Dependency Updates
main
- Updated dependency
coverage:7.14.3to7.15.0 - Updated dependency
typer:0.26.7to0.26.8
10.1.0
10.1.0 - 2026-06-30
Summary
This minor release adds an opt-out for documentation-enabled workflows and jobs. Projects can
now declare that they do not serve documentation with the has_documentation switch in
BaseConfig, and the workflow generator/checker will stop documentation relevant jobs
and workflows for those projects. This should only be set to False for exceptional cases.
Feature
- #901: Provided switch
has_documentationinBaseConfigfor projects without documentation
10.0.0
10.0.0 - 2026-06-23
Summary
In this major release, several modifications were made to the PTB's workflow templates and actions:
-
the default DB-version was updated to come from
BaseConfiginstead of the
hardcoded7.1.9, so ITDE-related test flows use the configured Exasol baseline
and unit-test help no longer advertises--db-version. -
the
github_template_dict.custom_workflowsentry now auto-detects secret names
from custom workflow files and passes them into PTB-controlled workflow templates.
For example:on: workflow_call: secrets: PYPI_TOKEN: required: true SONAR_TOKEN: required: true
-
the Python environment GitHub action now accepts
extrasas a comma-separated
list, which makes it easier to pass multiple optional dependency groups in one
value. Additionally, it supportsall-extras, so that all extras are installed
without further specification needed. -
the new
workflow:auditNox session runszizmoragainst GitHub Actions and
reusable workflows, so security checks are part of the normalchecks.yml
pipeline instead of being a separate manual step. It also keeps the audit
configuration in the project root via.zizmor.yml; see the
zizmor configuration guide
and the
troubleshooting guide for findings
for details on tuning or suppressing findings locally.
Security Issues
This release fixes vulnerabilities by updating dependencies:
| Dependency | Vulnerability | Affected | Fixed in |
|---|---|---|---|
| cryptography | GHSA-537c-gmf6-5ccf | 48.0.0 | 48.0.1 |
| msgpack | GHSA-6v7p-g79w-8964 | 1.1.2 | 1.2.1 |
Feature
- #874: Added the
securitylabel to dependency update PR creation - #699: Added
all-extrassupport to the Python environment GitHub action - #875: Added
nameattribute to generated workflow jobs using-extension.ymlworkflows
Bug
- #744: Updated nox DB-version handling to use
BaseConfig.minimum_exasol_versioninstead hardcoded7.1.9
Feature
- #878: Added Nox session
workflow:auditwhich useszizmorand added it inchecks.yml - #872: Added
custom_workflowstogithub_template_dictfor automatic custom workflow secret extraction
Refactoring
- #744: Extracted shared minimum-version selection logic into
minimum_declared_version() - #699: Switched
extrasin the Python environment GitHub action to comma-separation
Documentation
- #828: Removed the legacy migration page and merged the useful guidance into getting started
- #789: Consolidated the metrics and Sonar documentation to reflect the current PTB reporting flow
Security
- #867: Fixed zizmor linting results
Dependency Updates
main
- Updated dependency
coverage:7.14.1to7.14.3 - Updated dependency
import-linter:2.11to2.12 - Updated dependency
pip-audit:2.10.0to2.10.1 - Updated dependency
pylint:4.0.5to4.0.6 - Updated dependency
pytest:9.0.3to9.1.1 - Updated dependency
zizmor:1.25.2to1.26.1
9.0.0
9.0.0 - 2026-06-16
Summary
This major version introduces matrix.yml whose results are generated by the nox session matrix:generate.
Projects can extend BaseConfig with additional matrix values when they need to expose
more entries to the workflows.
class Config(BaseConfig):
extra_matrix_value: str = "extra"
@computed_field # type: ignore[misc]
@property
def computed_matrix_value(self) -> str:
# This can be requested when generating the matrix. If it is a simple string value,
# like is shown here, then the code will automatically wrap it in an array.
return f"{self.project_name}-computed"The corresponding nox sessions (matrix:all, matrix:exasol, and matrix:python) will
remain available until September 15, 2026, to provide a transition period for existing projects.
At the same time, the workflows matrix-all.yml, matrix-exasol.yml, and matrix-python.yml
are deprecated and are no longer maintained by the exasol-toolbox. You can still use
these workflows in your project until you transition fully to using matrix.yml.
Feature
- #730: Added support to extend GitHub workflow
cd.yml - #864: Modified PTB workflow templates to not persist credentials and to use pinned SHAs
- #654: Added and used general matrix
matrix.ymlfor PTB-provided workflows
Refactoring
- #682: Modified PTB exasol_versions to an empty list
Dependency Updates
main
- Added dependency
zizmor:1.25.2
8.2.0
8.2.0 - 2026-06-10
Summary
This minor release adds manual triggering for periodic-validation.yml and makes the
Sonar secret name used by report.yml configurable via BaseConfig.
Security Issues
This release fixes vulnerabilities by updating dependencies:
| Dependency | Vulnerability | Affected | Fixed in |
|---|---|---|---|
| pip | PYSEC-2026-196 | 26.1.1 | 26.1.2 |
Feature
- #854: Added
workflow_dispatchforperiodic-validation.yml - #827: Modified
report.ymlto allow overriding the Sonar secret name viaBaseConfig
Refactoring
- #852: Modified
merge-gateto ensurerun-fast-testssucceeds - #811: Modified workflow templates to not persist-credentials, not provide attacker-controllable inlines, and not pass more secrets to
report.yml
Dependency Updates
main
- Updated dependency
coverage:7.14.0to7.14.1 - Updated dependency
pysonar:1.5.0.4793to1.6.0.4905 - Updated dependency
sphinx-toolbox:4.1.2to4.2.0 - Updated dependency
typer:0.25.1to0.26.7
8.1.1
8.1.1 - 2026-05-27
Summary
This patch release resolves a bug found in dependency-update.yml. This was introduced in 8.1.0.
Bugfix
- #850: Fixed jq and piping in
dependency-update.yml
8.1.0
8.1.0 - 2026-05-27
Summary
In this minor release, the nox session workflow:check was added and is now used in the checks.yml.
If this job is active in your CI, please double-check if additional files should be added into your project's .gitattributes.
Security Issues
This release fixes vulnerabilities by updating dependencies:
| Dependency | Vulnerability | Affected | Fixed in |
|---|---|---|---|
| idna | CVE-2026-45409 | 3.14 | 3.15 |
Bugfix
- #840: Added
exportplugin installation withindependency-update.yml - #847: Used hashed
poetry exportoutput withpip-audit --disable-pipto avoid the
copied-interpreter failure in Poetry-managed Python builds
Feature
- #722: Added check in
workflow:generateto compare the generated and existing content before writing out and nox sessionworkflow:check - #642: Added nox session
workflow:checkinto thechecks.yml - #698: Added a comment in the top of all workflows maintained by the PTB
Refactoring
- #722: Modified
workflow:generatebackend function to classWorkflowOrchestrator
Dependency Updates
main
- Updated dependency
black:26.3.1to26.5.1 - Updated dependency
shibuya:2026.1.9to2026.5.19
dev
- Updated dependency
types-pyyaml:6.0.12.20260510to6.0.12.20260518
8.0.0
8.0.0 - 2026-05-13
Summary
In this major release, several modifications were made to the PTB's workflow templates:
- For automatically resolving vulnerabilities, the
dependency-update.ymlworkflow was
added. For more details, see the Update Dependencies section. - The periodic run which was previously executed in the
ci.ymlhas been moved to its
ownperiodic-validation.ymland will run weekly. This also has been modified to
run theslow-checks.ymlso that more complete linting and coverage information is
sent to Sonar. - With the addition of
periodic-validation.yml, thepr-merge.ymlwas reduced so that
it only executesgh-pages.yml. - The unit tests job has been moved from
checks.ymlto its ownfast-tests.ymlfile. - Workflow extensions were added to
fast-testsandmerge-gate. This allows users to
add customfast-tests-extension.ymlandmerge-gate-extension.ymlfiles. For more
details, check out the Workflow Extensions section. slow-checks.ymlis only maintained by the project (not the PTB). See the Not Maintained by the PTB section.
Features
- #829: Extended removing a job from a workflow to also remove it from the
needsof another job - #825: Created two workflows by splitting up previous ones:
- Moved the periodic jobs in
ci.ymlto its ownperiodic-validation.yml - Moved the unit tests job in
checks.ymlto its ownfast-tests.yml
- Moved the periodic jobs in
- #730: Added workflow extensions to
fast-testsandmerge-gate - #756: Added
dependency-update.ymlto automate resolving vulnerabilities with a generated pull request - #792: Improved
dependency-update.ymldocumentation - #831: Switched
slow-checks.ymlto be provided by the project and not maintained by the PTB and improved output of pydantic validation of.workflow-patcher.yml
Bugfix
- #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed
Security Issues
This release fixes vulnerabilities by updating dependencies:
| Dependency | Vulnerability | Affected | Fixed in |
|---|---|---|---|
| urllib3 | CVE-2026-44431 | 2.6.3 | 2.7.0 |
| urllib3 | CVE-2026-44432 | 2.6.3 | 2.7.0 |
- #836: Relocked
poetry.lock
Dependency Updates
main
- Updated dependency
coverage:7.13.4to7.14.0 - Updated dependency
importlib-resources:6.5.2to7.1.0 - Updated dependency
mypy:1.19.1to2.1.0 - Updated dependency
nox:2026.2.9to2026.4.10 - Updated dependency
pip-licenses:5.5.1to5.5.5 - Updated dependency
pre-commit:4.5.1to4.6.0 - Updated dependency
pydantic:2.12.5to2.13.4 - Updated dependency
pysonar:1.0.2.1722to1.5.0.4793 - Updated dependency
sphinxcontrib-mermaid:2.0.1to2.0.2 - Updated dependency
typer:0.24.1to0.25.1
dev
- Updated dependency
types-pyyaml:6.0.12.20250915to6.0.12.20260510
7.0.0
7.0.0 - 2026-04-29
Summary
In this major release, support for the version.pyfile has been removed. Users should:
-
delete the
version.pyfile -
add in their project's
__init__.pymodulefrom importlib.metadata import version __version__ = version("<package_name>")
This is required for the nox session docs:multiversion to successfully complete,
and it is a Python standard for users to check in the terminal which version they are
using.
The underlying code for the nox sessions vulnerabilities:resolved and release:prepare have been modified so that all dependencies (main, in groups, and in optional groups) are considered for the vulnerability report. Additionally, we only consider a vulnerability resolved if pip-audit includes fix_versions for the dependency. Previously, these nox sessions only reported the dependencies of main and the transitive dependencies of main.
Feature
- #803: Included other dependencies for local
pip-auditcheck
Refactoring
- #800: Removed tbx security pretty-print, tbx lint pretty-print, and creation of .lint.txt, as superseded by Sonar and .lint.json usage
- #791: Resolved Sonar concerns: accepted specific
subprocessimport usage,subprocesscommands, & improved minor maintainability items - #629: Replace
version.pywith version from the__init__.py
Bug Fix
- #808: Resolved
release:prepareto updatepyproject.toml
6.4.0
6.4.0 - 2026-04-22
Summary
This release includes a few notable improvements:
- The nox session
release:prepareautomatically reports resolved security issues. - The stability of the
tbx security cveCLI commands is improved with new test coverage
to help ensure it works for non-Python projects.
Features
- #777: Improved VulnerabilityMatcher to handle packages with multiple vulnerabilities
- #517: Modified nox session
release:prepareto report resolved security issues
Refactoring
- #731: Reduced costly
test-python-environment.ymlto run when triggered onmainor when the files related to the action are altered - #785: Removed nox session
project:reportand metrics-schema, as superseded by Sonar usage - #763: Parsed and manipulated Changes Files
- #788: Removed tbx workflow CLI commands, as superseded by nox session
workflow:generate
Bugfix
- #798: Added test to ensure
tbx security cveworks