Skip to content

v0.8.1b1

Latest
Latest

Choose a tag to compare

View all tags
@DavidOsipov DavidOsipov released this 25 Mar 21:57
· 64 commits to main since this release
v0.8.1b1
163aab7
This commit was signed with the committer’s verified signature.
DavidOsipov David Osipov
GPG key ID: 0E55C4A47454E82E
Verified
Learn about vigilant mode.

Added

  • Adds a SonarQube quality gate check that prevents deployments until analysis meets quality thresholds.
  • Adds nested CodeQL SARIF support and uploads CodeQL reports as workflow artifacts.
  • Adds a dedicated Python tests workflow with multi-version support and integrated analysis.
  • Adds a poetry-plugin-export step for generating Snyk requirements.
  • Adds new configuration files for SonarQube, SonarCloud, and GitHub Pages (including a new jekyll-gh-pages.yml).
  • Adds Node.js and Wrangler installation steps and a manual deployment trigger via workflow_dispatch.
  • Adds comprehensive gmpy2 type stubs to improve type checking and IDE support.
  • Adds FAQ documentation for the Verifiable Secret Sharing library.

Changed

  • Changes workflow actions to use explicit commit hashes for improved reproducibility.
  • Changes linter configuration by replacing Flake8 and Black with Ruff.
  • Changes SonarQube workflow logging to include emojis and detailed output for quality gate status.
  • Changes quality gate checks by updating endpoints and task naming for clearer status handling.
  • Improves CI/CD workflows through refined caching keys, enhanced report processing, and updated dependency digests.
  • Refines GitHub Actions and Jekyll site configurations for more reliable deployments and clearer site navigation.
  • Updates Python version requirements (to ≥3.10 and 3.13) and adjusts type annotations and error handling in cryptographic functions.
  • Refines dependency configurations (including CodeQL, CycloneDX, and Node.js) to ensure build stability.

Fixed

  • Fixes CycloneDX SBOM generation command syntax and error handling.
  • Fixes Jekyll build command and working directory issues to ensure correct site deployment.
  • Fixes deployment command paths in GitHub Actions workflows.

Removed

  • Removes Flake8 report handling from the SonarQube workflow.
  • Removes the Pyright typecheck step from the Python tests workflow.
  • Removes deprecated GitHub Actions workflow files (e.g. sonarcloud.yml and debricked.yml) and redundant project name parameters in Cloudflare Pages deploy commands.

Security

  • Adds a Bandit security configuration for enhanced code analysis.
  • Adds SHA3-256 hash verification for reports to secure artifact integrity.
  • Enhances constant-time comparisons and mitigates timing attacks in the VSS module.
  • Refactors and secures the VSS module by standardizing constant-time operations and improving secure RNG.
  • Improves input validation and encoding in randomness functions for stronger timing security.
Assets 16
Loading