diff --git a/.github/workflows/docs-ci.yml b/.github/workflows/docs-ci.yml index 93d1ebb..fa211a8 100644 --- a/.github/workflows/docs-ci.yml +++ b/.github/workflows/docs-ci.yml @@ -2,6 +2,7 @@ name: CI Documentation on: [push, pull_request] +permissions: {} jobs: build: runs-on: ubuntu-24.04 @@ -13,10 +14,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 7da0a40..0a9bb54 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -18,15 +18,18 @@ on: tags: - "v*.*.*" +permissions: {} jobs: build-pypi-distribs: name: Build and publish library to PyPI runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.12 @@ -40,7 +43,7 @@ jobs: run: python -m twine check dist/* - name: Upload built archives - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: pypi_archives path: dist/* @@ -54,13 +57,13 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Create GH release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: draft: true files: dist/* @@ -77,11 +80,11 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Publish to PyPI if: startsWith(github.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3fddd61..2848e04 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,10 +16,12 @@ jobs: os: ["ubuntu-latest"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "${{ matrix.python }}" diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..aa8259d --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,24 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + name: Run zizmor 🌈 + runs-on: ubuntu-latest + permissions: + security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fee2fbf..45d63df 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,12 @@ Changelog ========= +v0.2.1 +------ + +Patch release with updated dependencies and no version constraints. + + v0.2.0 ------ diff --git a/etc/scripts/utils_requirements.py b/etc/scripts/utils_requirements.py index b9b2c0e..f377578 100644 --- a/etc/scripts/utils_requirements.py +++ b/etc/scripts/utils_requirements.py @@ -15,7 +15,7 @@ """ Utilities to manage requirements files and call pip. NOTE: this should use ONLY the standard library and not import anything else -because this is used for boostrapping with no requirements installed. +because this is used for bootstrapping with no requirements installed. """ @@ -31,7 +31,7 @@ def load_requirements(requirements_file="requirements.txt", with_unpinned=False) def get_required_name_versions(requirement_lines, with_unpinned=False): """ - Yield required (name, version) tuples given a`requirement_lines` iterable of + Yield required (name, version) tuples given a `requirement_lines` iterable of requirement text lines. Only accept requirements pinned to an exact version. """ @@ -47,7 +47,7 @@ def get_required_name_versions(requirement_lines, with_unpinned=False): def get_required_name_version(requirement, with_unpinned=False): """ - Return a (name, version) tuple given a`requirement` specifier string. + Return a (name, version) tuple given a `requirement` specifier string. Requirement version must be pinned. If ``with_unpinned`` is True, unpinned requirements are accepted and only the name portion is returned. diff --git a/requirements.txt b/requirements.txt index 6859828..8ffbc10 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # from blint v2.3.2 # https://github.com/owasp-dep-scan/blint/blob/1e1250a4bf6c25eccba8970bd877901ee56070c7/poetry.lock -lief==0.17.0 +lief==0.17.2 symbolic==10.2.1 click==8.3.0 commoncode==32.4.0 \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index aa31318..65fe80f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,7 +1,7 @@ [metadata] name = binary-inspector license = Apache-2.0 AND MIT -version = 0.2.0 +version = 0.2.1 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 description = binary-inspector is a library and tools to inspect binaries (elf, winpe, mach0) for symbols and other information, and models to store this. @@ -47,8 +47,8 @@ install_requires = commoncode plugincode typecode - lief==0.17.0 - symbolic==10.2.1 + lief>=0.17.2 + symbolic>=10.2.1 [options.entry_points]