Releases: stacklet/sinistral-cli
Releases · stacklet/sinistral-cli
Release list
v0.5.36: chore: Add release notes for 0.5.35 and 0.5.36 (ENG-7840) (#78)
Immutable
release. Only release title and notes can be modified.
[ENG-7840](https://stacklet.atlassian.net/browse/ENG-7840) What ---- - Add release note sections for 0.5.35 (got skipped) and 0.5.36 (pending) - Document the CVE dependency upgrades (0.5.35) and the c7n/c7n-left upgrades (0.5.36) - Add a generalized supply-chain hardening note for customers - Omit internal-only changes that are not user-facing Why --- - The NEWS file was missing sections for the 0.5.35 and 0.5.36 releases Testing ------- N/A (documentation only) Docs ---- `NEWS.md` updated [ENG-7840]: https://stacklet.atlassian.net/browse/ENG-7840?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
v0.5.35: chore: updates to dependencies for CVE fixes + zizmor fixes (#73)
Immutable
release. Only release title and notes can be modified.
### what
- Upgraded all dependencies via `uv lock --upgrade` to pull in
CVE fixes
- Removed `requirements.txt` and its generation hook from
`.pre-commit-config.yaml` now that Dependabot parses `uv.lock`
natively
- Added `zizmor` to `.pre-commit-config.yaml` as a pre-commit hook
- Fixed all `zizmor` findings in CI/release workflows:
- Added `persist-credentials: false` to all `actions/checkout`
steps (artipacked)
- Added explicit `permissions: contents: read` at workflow and
job level where missing (excessive-permissions)
- Replaced `${{ github.ref_name }}` inline in a `run:` block
with an `env` variable to prevent template injection
(template-injection)
### why
CVE fixes in transitive dependencies. Dependabot now supports
`uv.lock` directly, making the generated `requirements.txt`
redundant. `zizmor` is added to pre-commit to catch GitHub Actions
security issues early. The workflow fixes address the security
findings `zizmor` surfaced.
### testing
`zizmor .` reports no findings. Pre-commit hooks pass.
### docs
No documentation changes required.
---------------------------
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Tim Van Steenburgh <tvansteenburgh@gmail.com>
Updated for c7n-left 0.3.35
Release for upgrades to c7n-left 0.3.35 (c7n 0.9.49)
v0.5.33: chore: upgrade to c7n 0.9.47 (#64)
[ENG-5821](https://stacklet.atlassian.net/browse/ENG-5821) ### what Upgrade to c7n 0.9.47 ### why Forward. Always. ### testing - [x] Unit tests ### docs N/A [ENG-5821]: https://stacklet.atlassian.net/browse/ENG-5821?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
v0.5.32: chore: update codecov-cli version (#61)
### what Update codecov-cli version ### why This fixes a security vulnerability in one of its dependencies (by removing the dependency). ### testing Unit tests ### docs N/A
v0.5.30
What's Changed
- chore: cleanup dependency version for c7n-left drop == by @albertodonato in #53
- fix: add global debug flag to suppress traceback unless -d/--debug specified (ENG-3817) by @goodwillstack in #54
- chore: update c7n to 0.9.43 (ENG-4616) by @howbazaar in #55
- chore: update tools and their versions (ENG-5091) by @howbazaar in #57
- chore: update c7n to 0.9.44, prep release 0.5.30 (ENG-5015) by @ajkerrigan in #56
New Contributors
- @goodwillstack made their first contribution in #54
- @howbazaar made their first contribution in #55
Full Changelog: v0.5.0...v0.5.30
v0.5.0
What's Changed
- chore: pull in c7n-left 0.3.28, increment version by @ajkerrigan in #52
New Contributors
- @ajkerrigan made their first contribution in #52
Full Changelog: v0.4.0...v0.5.0
v0.4.0
What's Changed
- feat: Add support for grabbing CI info from the env by @sontek in #49
- chore: bump to version 0.4.0 by @tvansteenburgh in #51
Full Changelog: v0.3.0...v0.4.0
v0.3.0
What's Changed
- fix: move global options to cli only (ENG-3700) by @albertodonato in #45
- fix: Add error handling for lack of metadata by @sontek in #46
- chore: update versions of c7n-left and increment sinistral-cli version by @kapilt in #47
- chore: update to latest sigstore action by @tvansteenburgh in #48
New Contributors
Full Changelog: v0.2.7...v0.3.0
v0.2.7
What's Changed
- fix: fix project name param for run command by @johnsca in #38
- fix: case-sensitive severity by @tvansteenburgh in #39
- feat: support critical severity (ENG-2663) by @johnsca in #40
- feat: add support for is_default flag on policy collections (ENG-2684) by @johnsca in #34
- feat: release sinistral cli on tag/release by @thisisshi in #41
- chore: update dependencies (ENG-3373) by @albertodonato in #42
- chore: update to latest c7n-left (ENG-3431) by @fwereade in #43
- fix: explicit pin of upstream c7n-left version by @johnsca in #44
New Contributors
- @albertodonato made their first contribution in #42
- @fwereade made their first contribution in #43
Full Changelog: v0.2.6...v0.2.7