- Security updates to dependencies
(
6833db1)
Bumps actions/cache from 4 to 5. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: actions/cache dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/checkout from 5 to 6. - Release notes - Commits
--- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/setup-python from 5 to 6. - Release notes - Commits
--- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/upload-artifact from 4.6.2 to 6.0.0. - Release notes - Commits
--- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps filelock from 3.18.0 to 3.20.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: filelock dependency-version: 3.20.3
dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps github/codeql-action from 3 to 4. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pillow from 11.1.0 to 12.1.1. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pillow dependency-version: 12.1.1
dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pip from 25.2 to 26.0. - Changelog - Commits
--- updated-dependencies: - dependency-name: pip dependency-version: '26.0'
dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pydantic from 2.12.3 to 2.12.4. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pydantic dependency-version: 2.12.4
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pydantic from 2.12.4 to 2.12.5. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pydantic dependency-version: 2.12.5
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 6.1.1 to 6.1.2. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.1.2
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 6.1.2 to 6.1.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.1.3
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 6.1.3 to 6.2.0. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.2.0
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 6.2.0 to 6.7.0. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.7.0
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 6.2.0 to 6.7.4. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.7.4
dependency-type: direct:production ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps python-semantic-release/publish-action from 10.4.1 to 10.5.1. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: python-semantic-release/publish-action dependency-version: 10.5.1
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps python-semantic-release/publish-action from 10.5.1 to 10.5.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: python-semantic-release/publish-action dependency-version: 10.5.3
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps rich-click from 1.9.3 to 1.9.7. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: rich-click dependency-version: 1.9.7
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ruamel-yaml from 0.18.15 to 0.19.1.
--- updated-dependencies: - dependency-name: ruamel-yaml dependency-version: 0.19.1
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps urllib3 from 2.5.0 to 2.6.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3
dependency-type: indirect ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Ignore tarfile symlink vulnerability in pip-audit
(
01dad6b)
https://github.com/advisories/GHSA-4xh5-x5gv-qwph pypa/pip#13607
As we're not affected, this seems to be the most pragmatic approach for this curveball.
The current python action (as bumped by dependabot) seems to still be running pip 25.2 which pip-audit flagged for known vulnerability
- Update pip/requests/urllib3 to fix known vulnerabilities
(
9de1994)
Bumps actions/checkout from 4 to 5. - Release notes - Commits
--- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/upload-artifact from 4.6.1 to 4.6.2. - Release notes - Commits
--- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 4.6.2
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps cairosvg from 2.7.1 to 2.8.2. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: cairosvg dependency-version: 2.8.2
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ossf/scorecard-action from 2.4.1 to 2.4.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-version: 2.4.3
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pydantic from 2.11.3 to 2.12.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pydantic dependency-version: 2.12.3
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 5.4.0 to 6.1.1. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: pypdf dependency-version: 6.1.1
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps python-semantic-release/publish-action from 9.21.1 to 10.4.1. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: python-semantic-release/publish-action dependency-version: 10.4.1
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps rich-click from 1.8.8 to 1.9.3. - Release notes - Changelog - Commits
--- updated-dependencies: - dependency-name: rich-click dependency-version: 1.9.3
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ruamel-yaml from 0.18.10 to 0.18.15.
--- updated-dependencies: - dependency-name: ruamel-yaml dependency-version: 0.18.15
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Remove comma to demo release
(
036151b)
This is only for demonstration purposes. Marked as a fix to trigger a release.
- Escape XKCD title and alt text
(
8432a24)
Otherwise the SVG can be become invalid...
Finite Mike." ``` needs to be escaped to ``` Pete & Pete's Endless Mike into Finite Mike.
- Don't show location of build directory in a dry-run
(
cd4c675)
It wouldn't have been created...
-
Add "Usage" document, adjust README and overview, fix custom locations (
2c390da) -
Fix config file path in library example (same as in CLI example) (
6c3198a) -
Improve README (
8a22464) -
add what you get from using SVG+YAML - add how quickly you can get started - Move "Documentation" to be before "Examples"
- Improve logging and console UI with rich formatting
(
fcf16ed)
- Use rich and rich-click - colors, panels etc. * Proper syntax highlighting for SVG and YAML * Show directory tree after --create-from * Don't repeat identical subprocess log messages, count them
- Remove
bakeaction (1aff43f)
This is technically a breaking change but only for invoking.
- Add section on always quoting variables
(
7c0d13e)
Just got caught out by that myself :)
-
Clarify that Jinja2 extensions to load are strings (
3a921eb) -
Link to official Jinja2 extensions (
264cb76) -
Update README.md to include windows specific instructions (#33,
ef2d2f6)
- Add
--dry-run,--fail-if-exists, build in temp dir (70f956c)
Also prep --create-from (coming up)
- Don't fail just warn about undefined Jinja variables
(
05cb2c1)
Stumbled over this when I used an existing template for --create-from. Maybe introduce a --fail-undefined-vars option later.
- Implement
--create-from(ec24465)
If used in conjunction with --dry-run, don't create any files. Otherwise, also process the new
configs immediately.
This needs to work properly on Windows. Test to confirm relative and absolute paths lead to the same directories being used (maybe run all tests with both?)
- Actually deep-merge configs
(
1069a68)
-
Add link to pre-commit installation with uv (
c834d30) -
Clarify directories, document/page names, variant config (
c83f5c5) -
Clarify page
templatesetting (8de9fc8)
- Improved test suite, tests now also linted
(
11e8bb8)
Reviewed all tests. Now 73 tests covering 91%.
- Delete Sigstore signing - PyPI already doing that
(
1e4c7b6)
Only now I noticed the .publish.attestation files in the releases...
- Add sigstore badge
(
015fc47)
- Disable sigstore signing while waiting on PyPI issue
(
b850286)
pypa/gh-action-pypi-publish#357
- Sign releases with Sigstore
(
e6b0f62)
More of a ci: but I want to trigger a release to confirm
-
Clarify that a page setting can override main or document (
9b0c40f) -
Fix default location of documents (
228df2c)
(same directory as config file, not another subdirectory)
-
Fix description - page overrides for page, not document (
b43718a) -
Improve configuration reference, add section on custom locations (
aeee114)
- Refactor documentation
(
8efced6)
A first stab at making the documentation up-to-date and useful.
- Up-to-date documentation
(
1a6ba58)
Marking this as a feature to trigger a new release.
- Remove superfluous theme/color mechanism
(
bdf9fbe)
This is technically a breaking change but trivial to resolve in configs: No more special implicit treatment of "theme" to resolve a "style".
Just use regular variables like ``` style: primary_text_colour: {{ theme.off_black }}
secondary_text_colour: {{ theme.off_white }}
theme: off_black: "#2d2a2b"
off_white: "#f5f5f5" ```
- Show how you can add messages to the processing log
(
a2c2b62)
-
Don't run pre-commit/tests twice on push to main (
f721c24) -
Keep static
__version__in__init__.py, update upon release (d240591)
The exit code of Python Semantic Release was shadowed by the exit code of the assignment of its output.
- Uv.lock was always a release behind
(
5ac00cc)
- Ensure uv.lock gets updated by a release
(
6a074c8)
- Add DocumentNotFoundError to errors.all
(
02e95e8)
- Add PSR default templates
(
b29b68c)
It's not clever enough to only pick up custom templates, must copy their templates as a starting point for customisation.
- Show PSR output (was getting consumed for evaluation)
(
4cb4c85)
-
Remove version variable for CITATION.cff (now in template) (
ee7bd69) -
Use PSR's templating mechanism instead of a script (
2e608f9)
- Remove unused version
(
4b21a43)
The tag is already set correctly
- Add CITATION.cff and update its version and date during release
(
812b098)
- Remove debug logging
(
dbf2b88)
Finally, this is working.
- Need to capture also stderr
(
cb6d2a9)
- Add some debug logging
(
83060f4)
Still not determining correctly whether a release is needed.
- Use grep to find string in multiline output
(
34e0575)
- Don't re-trigger release, cater for some concurrency issues
(
be08d84)
python-semantic-release runs build_command in a new shell...
- Add names to stages
(
83db7fd)
Not a real feature, want to trigger new release
-
Add GH_TOKEN for creating release, remove invalid "version_source" (
6e7e99d) -
Can't use official release action (docker), it can't run
uv build(c9d4e52)
Mimicking released output for the subsequent actions
-
Correct PyPI action version (
66801c5) -
Need to set up Python and uv for running
uv build(0e353a1) -
Use official python-semantic-release actions (
0c86b69)
- First proper release with python-semantic-release
(
f2996cb)
Not a real feature, just a minor rename to trigger the release.
-
Need to double backslash escape in .toml (
b9db84e) -
Remove invalid "commit-parser" section (using default "angular" anyway) (
cc4a985)
- Delete .releaserc in favour of all settings in pyproject.toml
(
178cd75)
Using the deploy key now
- Use deploy key
(
a943ffc)
python-semantic-release needs to write (version number, changelog...) Github actions can not be allowed to bypass branch protection rules. Deploy keys can. https://github.com/orgs/community/discussions/25305#discussioncomment-10728028
- Add newline
(
73cd049)
-
Add python-semantic-release (
b1ec53c) -
Only release if pre-commit and tests were successful (
9be16d7) -
Use correct workflow file name (
717d273)
-
Always inject "page_number" into the config/template context (
f6b38a0) -
Config directory may already be rendered string (
1d05a3a)
We determine variant pages late in the game when the variant config was merged into the document config