Skip to content

Releases: exasol/python-toolbox

10.2.0

Choose a tag to compare

@github-actions github-actions released this 07 Jul 08:30
095e09e

10.2.0 - 2026-07-07

Summary

This minor release adds automated vulnerability updates through Nox session
vulnerabilities:update and improves the dependency-update.yml. It also includes a
few workflow-related bug fixes and documentation updates.

Bug

  • #909: Updated cd.yml workflow so that cd-extension.yml workflow depends on build-and-publish. This ensures that the custom release workflow only runs when the PyPi release was successful.
  • #910: Added gh-pages.yml to be ignored when has_documentation=False in the PROJECT_CONFIG

Feature

  • #898: Created Nox session vulnerabilities:update to automatically resolve
    vulnerable dependencies and report the result for the dependency update workflow

Dependency Updates

main

  • Updated dependency coverage:7.14.3 to 7.15.0
  • Updated dependency typer:0.26.7 to 0.26.8

10.1.0

Choose a tag to compare

@github-actions github-actions released this 30 Jun 09:59
3928354

10.1.0 - 2026-06-30

Summary

This minor release adds an opt-out for documentation-enabled workflows and jobs. Projects can
now declare that they do not serve documentation with the has_documentation switch in
BaseConfig, and the workflow generator/checker will stop documentation relevant jobs
and workflows for those projects. This should only be set to False for exceptional cases.

Feature

  • #901: Provided switch has_documentation in BaseConfig for projects without documentation

10.0.0

Choose a tag to compare

@github-actions github-actions released this 23 Jun 10:18
bc6d3bf

10.0.0 - 2026-06-23

Summary

In this major release, several modifications were made to the PTB's workflow templates and actions:

  • the default DB-version was updated to come from BaseConfig instead of the
    hardcoded 7.1.9, so ITDE-related test flows use the configured Exasol baseline
    and unit-test help no longer advertises --db-version.

  • the github_template_dict.custom_workflows entry now auto-detects secret names
    from custom workflow files and passes them into PTB-controlled workflow templates.
    For example:

    on:
      workflow_call:
        secrets:
          PYPI_TOKEN:
            required: true
          SONAR_TOKEN:
            required: true
  • the Python environment GitHub action now accepts extras as a comma-separated
    list, which makes it easier to pass multiple optional dependency groups in one
    value. Additionally, it supports all-extras, so that all extras are installed
    without further specification needed.

  • the new workflow:audit Nox session runs zizmor against GitHub Actions and
    reusable workflows, so security checks are part of the normal checks.yml
    pipeline instead of being a separate manual step. It also keeps the audit
    configuration in the project root via .zizmor.yml; see the
    zizmor configuration guide
    and the
    troubleshooting guide for findings
    for details on tuning or suppressing findings locally.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
cryptography GHSA-537c-gmf6-5ccf 48.0.0 48.0.1
msgpack GHSA-6v7p-g79w-8964 1.1.2 1.2.1

Feature

  • #874: Added the security label to dependency update PR creation
  • #699: Added all-extras support to the Python environment GitHub action
  • #875: Added name attribute to generated workflow jobs using -extension.yml workflows

Bug

  • #744: Updated nox DB-version handling to use BaseConfig.minimum_exasol_version instead hardcoded 7.1.9

Feature

  • #878: Added Nox session workflow:audit which uses zizmor and added it in checks.yml
  • #872: Added custom_workflows to github_template_dict for automatic custom workflow secret extraction

Refactoring

  • #744: Extracted shared minimum-version selection logic into minimum_declared_version()
  • #699: Switched extras in the Python environment GitHub action to comma-separation

Documentation

  • #828: Removed the legacy migration page and merged the useful guidance into getting started
  • #789: Consolidated the metrics and Sonar documentation to reflect the current PTB reporting flow

Security

  • #867: Fixed zizmor linting results

Dependency Updates

main

  • Updated dependency coverage:7.14.1 to 7.14.3
  • Updated dependency import-linter:2.11 to 2.12
  • Updated dependency pip-audit:2.10.0 to 2.10.1
  • Updated dependency pylint:4.0.5 to 4.0.6
  • Updated dependency pytest:9.0.3 to 9.1.1
  • Updated dependency zizmor:1.25.2 to 1.26.1

9.0.0

Choose a tag to compare

@github-actions github-actions released this 16 Jun 08:31
fcb06e9

9.0.0 - 2026-06-16

Summary

This major version introduces matrix.yml whose results are generated by the nox session matrix:generate.

Projects can extend BaseConfig with additional matrix values when they need to expose
more entries to the workflows.

class Config(BaseConfig):
    extra_matrix_value: str = "extra"

    @computed_field  # type: ignore[misc]
    @property
    def computed_matrix_value(self) -> str:
        # This can be requested when generating the matrix. If it is a simple string value,
        # like is shown here, then the code will automatically wrap it in an array.
        return f"{self.project_name}-computed"

The corresponding nox sessions (matrix:all, matrix:exasol, and matrix:python) will
remain available until September 15, 2026, to provide a transition period for existing projects.

At the same time, the workflows matrix-all.yml, matrix-exasol.yml, and matrix-python.yml
are deprecated and are no longer maintained by the exasol-toolbox. You can still use
these workflows in your project until you transition fully to using matrix.yml.

Feature

  • #730: Added support to extend GitHub workflow cd.yml
  • #864: Modified PTB workflow templates to not persist credentials and to use pinned SHAs
  • #654: Added and used general matrix matrix.yml for PTB-provided workflows

Refactoring

  • #682: Modified PTB exasol_versions to an empty list

Dependency Updates

main

  • Added dependency zizmor:1.25.2

8.2.0

Choose a tag to compare

@github-actions github-actions released this 10 Jun 07:03
a715f39

8.2.0 - 2026-06-10

Summary

This minor release adds manual triggering for periodic-validation.yml and makes the
Sonar secret name used by report.yml configurable via BaseConfig.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
pip PYSEC-2026-196 26.1.1 26.1.2

Feature

  • #854: Added workflow_dispatch for periodic-validation.yml
  • #827: Modified report.yml to allow overriding the Sonar secret name via BaseConfig

Refactoring

  • #852: Modified merge-gate to ensure run-fast-tests succeeds
  • #811: Modified workflow templates to not persist-credentials, not provide attacker-controllable inlines, and not pass more secrets to report.yml

Dependency Updates

main

  • Updated dependency coverage:7.14.0 to 7.14.1
  • Updated dependency pysonar:1.5.0.4793 to 1.6.0.4905
  • Updated dependency sphinx-toolbox:4.1.2 to 4.2.0
  • Updated dependency typer:0.25.1 to 0.26.7

8.1.1

Choose a tag to compare

@github-actions github-actions released this 27 May 13:38
0e31a6d

8.1.1 - 2026-05-27

Summary

This patch release resolves a bug found in dependency-update.yml. This was introduced in 8.1.0.

Bugfix

  • #850: Fixed jq and piping in dependency-update.yml

8.1.0

Choose a tag to compare

@github-actions github-actions released this 27 May 11:11
547916a

8.1.0 - 2026-05-27

Summary

In this minor release, the nox session workflow:check was added and is now used in the checks.yml.
If this job is active in your CI, please double-check if additional files should be added into your project's .gitattributes.

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
idna CVE-2026-45409 3.14 3.15

Bugfix

  • #840: Added export plugin installation within dependency-update.yml
  • #847: Used hashed poetry export output with pip-audit --disable-pip to avoid the
    copied-interpreter failure in Poetry-managed Python builds

Feature

  • #722: Added check in workflow:generate to compare the generated and existing content before writing out and nox session workflow:check
  • #642: Added nox session workflow:check into the checks.yml
  • #698: Added a comment in the top of all workflows maintained by the PTB

Refactoring

  • #722: Modified workflow:generate backend function to class WorkflowOrchestrator

Dependency Updates

main

  • Updated dependency black:26.3.1 to 26.5.1
  • Updated dependency shibuya:2026.1.9 to 2026.5.19

dev

  • Updated dependency types-pyyaml:6.0.12.20260510 to 6.0.12.20260518

8.0.0

Choose a tag to compare

@github-actions github-actions released this 13 May 12:01
e46075c

8.0.0 - 2026-05-13

Summary

In this major release, several modifications were made to the PTB's workflow templates:

  • For automatically resolving vulnerabilities, the dependency-update.yml workflow was
    added. For more details, see the Update Dependencies section.
  • The periodic run which was previously executed in the ci.yml has been moved to its
    own periodic-validation.yml and will run weekly. This also has been modified to
    run the slow-checks.yml so that more complete linting and coverage information is
    sent to Sonar.
  • With the addition of periodic-validation.yml, the pr-merge.yml was reduced so that
    it only executes gh-pages.yml.
  • The unit tests job has been moved from checks.yml to its own fast-tests.yml file.
  • Workflow extensions were added to fast-tests and merge-gate. This allows users to
    add custom fast-tests-extension.yml and merge-gate-extension.yml files. For more
    details, check out the Workflow Extensions section.
  • slow-checks.yml is only maintained by the project (not the PTB). See the Not Maintained by the PTB section.

Features

  • #829: Extended removing a job from a workflow to also remove it from the needs of another job
  • #825: Created two workflows by splitting up previous ones:
    • Moved the periodic jobs in ci.yml to its own periodic-validation.yml
    • Moved the unit tests job in checks.yml to its own fast-tests.yml
  • #730: Added workflow extensions to fast-tests and merge-gate
  • #756: Added dependency-update.yml to automate resolving vulnerabilities with a generated pull request
  • #792: Improved dependency-update.yml documentation
  • #831: Switched slow-checks.yml to be provided by the project and not maintained by the PTB and improved output of pydantic validation of .workflow-patcher.yml

Bugfix

  • #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency Vulnerability Affected Fixed in
urllib3 CVE-2026-44431 2.6.3 2.7.0
urllib3 CVE-2026-44432 2.6.3 2.7.0
  • #836: Relocked poetry.lock

Dependency Updates

main

  • Updated dependency coverage:7.13.4 to 7.14.0
  • Updated dependency importlib-resources:6.5.2 to 7.1.0
  • Updated dependency mypy:1.19.1 to 2.1.0
  • Updated dependency nox:2026.2.9 to 2026.4.10
  • Updated dependency pip-licenses:5.5.1 to 5.5.5
  • Updated dependency pre-commit:4.5.1 to 4.6.0
  • Updated dependency pydantic:2.12.5 to 2.13.4
  • Updated dependency pysonar:1.0.2.1722 to 1.5.0.4793
  • Updated dependency sphinxcontrib-mermaid:2.0.1 to 2.0.2
  • Updated dependency typer:0.24.1 to 0.25.1

dev

  • Updated dependency types-pyyaml:6.0.12.20250915 to 6.0.12.20260510

7.0.0

Choose a tag to compare

@github-actions github-actions released this 29 Apr 09:26
de9c841

7.0.0 - 2026-04-29

Summary

In this major release, support for the version.pyfile has been removed. Users should:

  • delete the version.py file

  • add in their project's __init__.py module

    from importlib.metadata import version
    __version__ = version("<package_name>")

This is required for the nox session docs:multiversion to successfully complete,
and it is a Python standard for users to check in the terminal which version they are
using.

The underlying code for the nox sessions vulnerabilities:resolved and release:prepare have been modified so that all dependencies (main, in groups, and in optional groups) are considered for the vulnerability report. Additionally, we only consider a vulnerability resolved if pip-audit includes fix_versions for the dependency. Previously, these nox sessions only reported the dependencies of main and the transitive dependencies of main.

Feature

  • #803: Included other dependencies for local pip-audit check

Refactoring

  • #800: Removed tbx security pretty-print, tbx lint pretty-print, and creation of .lint.txt, as superseded by Sonar and .lint.json usage
  • #791: Resolved Sonar concerns: accepted specific subprocess import usage, subprocess commands, & improved minor maintainability items
  • #629: Replace version.py with version from the __init__.py

Bug Fix

  • #808: Resolved release:prepare to update pyproject.toml

6.4.0

Choose a tag to compare

@github-actions github-actions released this 22 Apr 08:46
5553263

6.4.0 - 2026-04-22

Summary

This release includes a few notable improvements:

  • The nox session release:prepare automatically reports resolved security issues.
  • The stability of the tbx security cve CLI commands is improved with new test coverage
    to help ensure it works for non-Python projects.

Features

  • #777: Improved VulnerabilityMatcher to handle packages with multiple vulnerabilities
  • #517: Modified nox session release:prepare to report resolved security issues

Refactoring

  • #731: Reduced costly test-python-environment.yml to run when triggered on main or when the files related to the action are altered
  • #785: Removed nox session project:report and metrics-schema, as superseded by Sonar usage
  • #763: Parsed and manipulated Changes Files
  • #788: Removed tbx workflow CLI commands, as superseded by nox session workflow:generate

Bugfix

  • #798: Added test to ensure tbx security cve works