Smqtk-core

Latest version: v0.19.0

Safety actively analyzes 682532 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

3.6

interface to make it easier to use under real-world conditions.

Most repository updates have revolved around stream lining the mechanics going
into creating and publishing releases.

The override of `__new__` provided functionality that, from experience and
observation, was never actually made use of or added any actual security to
anything. This feature came at the cost of interrupting some downstream tools
(e.g. in ipython when inspecting a class with the ?-suffix) and adding
complexity in how Pluggable needed to be used in defining interfaces (multiple
inheritance and mixin UX). With the feature not being used, these costs don't
make any sense any more. Thus, this override was removed for simplicity. Now,
"not usable" implementations may be manually constructed if the user really
desires to, under the presumption that manual construction implies manual
consent. The `is_usable()` class method of course still exists and super-logic
may continue to make use of it in relation to use-prevention or use-warning
logic.

Updates / New Features
----------------------

CI

* Reverted previous release automation due to unintended side-effects.
Created a revised publish action to more simply publish the package to pypi,
guarding against activating on forks of the repository.
This workflow has been made to be reusable by other repositories' workflows.

* Modified CI unittests workflow to run for PRs targeting branches that match
the `release*` glob.

* Added additional step in unittest workflow to install optional package
requirements.

* Reduced CodeCov report submission by skipping this step on scheduled runs.

* Update code-cov action usage to use v3.

Contribution Guide

* Added instructions to update pending release when making a contribution.

Dependencies

* Updated minimum required python version to 3.7 to follow python end of life.

* Updated development abstract dep versions to "*" since we do not currently
require any specific versions.

Documentation

* Updated release instructions to be clear on where to push created release
branches. This now includes instructions related to a ``release`` branch.

* Expanded top-level contributing document with more details.

Plugin

* Added a suggestion to fix `NotAModuleError`.

* Removed __new__ override to prevent construction of "not usable"
implementations. This feature has never been observed/utilized in the wild
and it's removal simplifies tool interactions and use complexity.

Miscellaneous

* Removed CODE_OF_CONDUCT file. This is not something that we can enforce
at this time so it will be removed.

* Added SMQTK-Descriptors to the ``README.md`` package list and graphic.

* Added script to help with updating versioning and updating changelog during
the release process.

* Updated README to include reference to the SMQTK-IQR package.

* Periodic update of pinned dependency versions in lock file.

* Added missing assert failure message to configuration test helper.

* Added properties file for use with SonarQube and SonarCloud.

Fixes
-----

0.19.0

=======
This minor update brings in a number of repository updates, deprecates python

0.18.2

=======
This patch release updates some aspects of the CI workflow and documentation,
notably the automated package publishing upon appropriate tag pushing.

Updates / New Features
----------------------

CI

* Reverted previous release automation due to unintended side-effects.
Created a revised publish action to more simply publish the package to pypi,
guarding against activating on fork of the repository.
This workflow has been made to be reusable by other repositories' workflows.

* Modified CI unittests workflow to run for PRs targeting branches that match
the `release*` glob.

* Added additional step in unittest workflow to install optional package
requirements.

* Reduced CodeCov report submission by skipping this step on scheduled runs.

Contribution Guide

* Added instructions to update pending release when making a contribution.

Documentation

* Updated release instructions to be clear on where to push created release
branches. This now includes instructions related to a ``release`` branch.

* Expanded top-level contributing document with more details.

Plugin

* Added a suggestion to fix `NotAModuleError`.

Miscellaneous

* Removed CODE_OF_CONDUCT file. This is not something that we can enforce
at this time so it will be removed.

* Added SMQTK-Descriptors to the ``README.md`` package list and graphic.

* Added script to help with updating versioning and updating changelog during
the release process.

* Updated README to include reference to the SMQTK-IQR package.

* Periodic update of pinned dependency versions in lock file.

* Added missing assert failure message to configuration test helper.

Fixes
-----

Dependency Versions

* Updated the locked version of urllib3 to address a security vulnerability.
Due to this being an implicit dependency, this change only affects those who
create development environments from this repo using `poetry`.

* Updated the developer dependency and locked version of ipython to address a
security vulnerability.

* Removed `jedi = "^0.17.2"` requirement since recent `ipython = "^7.17.3"`
update appropriately addresses the dependency.

0.18.1

Not secure
=======


Updates / New Features
----------------------

CI

* Added use of CodeCov. Fixed/added unittests to show 100% of test code,
e.g. no dead-code in the tests. CodeCov checks different coverage bars
for test and package scopes.

Documentation

* Added an FAQ to cover some basic questions about SMQTK as a whole.

* Added additional examples around using the ``smqtk_core.configuration``
module: non-trivial constructor type configuration, and multiple-choice
configuration specification, generation and utilization.

* Added a review process document that details how SMQTK PR's should be
reviewed.

* Update the "Libraries" section of the ``README.md`` file for more detail.

* Added ``release.yml`` to github workflow to automate part of the release and
publishing process. Releases will now be triggered after a new tag is pushed
to the repo. The maintainer will no longer have to manually create releases
and manually publish to PYPI.

Fixes
-----

Documentation

* Fix some white-space and indentation issues in the ``README.md`` file.

0.18.0

Not secure
=======
This minor update removes the runtime requirement on the ``setuptools`` package
in favor of equivalent functionality that is in the standard library from
python version 3.8 and onward.
For python versions 3.7 and lower, we introduce the common
``importlib-metadata`` backport package.

Additional updates may be found below.


Updates / New Features
----------------------

Dependencies

* Remove dependency on ``setuptool``'s ``pkg_resources`` module.
Taking the stance of bullet number 5 in from [Python's Packaging User-guide] with
regards to getting this package's version.
The "needs to be installed" requirement from before is maintained.

* Added dependency on the ``importlib-metadata`` backport package for
installations in environments that use python version less-than 3.8.

* Added ``ipython`` (and appropriately supporting version of ``jedi``) as
development dependencies.
Minimum versioning is set to support python 3.6 (current versions follow
[NEP 29] and thus require python 3.7+).

Documentation

* Clarified plugin implementation entrypoint example to include setuptools
``setuptools.setup()`` function and ``setup.cfg`` file.

* Revisions from proof-reading.

Plugins

* Entry-point discovery functionality now uses ``importlib_metadata`` /
``importlib.metadata`` as appropriate for the version of python being used.

Testing

* Added terminal-output coverage report in the standard pytest config in the
``pyproject.toml`` file.


[Python's Packaging User-guide]: https://packaging.python.org/guides/single-sourcing-package-version/
[NEP 29]: https://packaging.python.org/guides/single-sourcing-package-version/

0.17.0

Not secure
==================


Updates / New Features
----------------------

Pluggable

* Removed `__init__` method and added a `__new__` in its place. The behavior is
the same, but is now less fragile from override and addresses some issues
with type-checking during some multiple inheritance situations.

Misc.

* Now standardize to using [Poetry] for environment/build/publish management.

* Collapsed pytest configuration into the ``pyproject.toml`` file.

* Updated release process documentation to reflect the use of Poetry.

* Add explicit ReadTheDocs configuration file ``.readthedocs.yaml``.


Fixes
-----

CI

* Update CI configurations to use [Poetry].

Docs

* Fix incorrect filepath relative to this repository in the release process
documentation.

* Fix for use with poetry where appropriate.


[Poetry]: https://python-poetry.org/

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.