From 8682dbfd851999eeff069b657dd9e5f800377cee Mon Sep 17 00:00:00 2001 From: Chin Yeung Li Date: Mon, 23 Feb 2026 14:32:43 +0800 Subject: [PATCH 1/5] Typo and spacing corrections. Signed-off-by: Chin Yeung Li --- etc/scripts/utils_requirements.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/scripts/utils_requirements.py b/etc/scripts/utils_requirements.py index b9b2c0e..f377578 100644 --- a/etc/scripts/utils_requirements.py +++ b/etc/scripts/utils_requirements.py @@ -15,7 +15,7 @@ """ Utilities to manage requirements files and call pip. NOTE: this should use ONLY the standard library and not import anything else -because this is used for boostrapping with no requirements installed. +because this is used for bootstrapping with no requirements installed. """ @@ -31,7 +31,7 @@ def load_requirements(requirements_file="requirements.txt", with_unpinned=False) def get_required_name_versions(requirement_lines, with_unpinned=False): """ - Yield required (name, version) tuples given a`requirement_lines` iterable of + Yield required (name, version) tuples given a `requirement_lines` iterable of requirement text lines. Only accept requirements pinned to an exact version. """ @@ -47,7 +47,7 @@ def get_required_name_versions(requirement_lines, with_unpinned=False): def get_required_name_version(requirement, with_unpinned=False): """ - Return a (name, version) tuple given a`requirement` specifier string. + Return a (name, version) tuple given a `requirement` specifier string. Requirement version must be pinned. If ``with_unpinned`` is True, unpinned requirements are accepted and only the name portion is returned. From 33840a6daeb28d342b1b439673b8472465b0c31f Mon Sep 17 00:00:00 2001 From: Ayan Sinha Mahapatra Date: Thu, 16 Apr 2026 17:58:33 +0530 Subject: [PATCH 2/5] Replace versions with commit hashes in actions Signed-off-by: Ayan Sinha Mahapatra --- .github/workflows/docs-ci.yml | 4 ++-- .github/workflows/pypi-release.yml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docs-ci.yml b/.github/workflows/docs-ci.yml index 8d8aa55..2c01c2c 100644 --- a/.github/workflows/docs-ci.yml +++ b/.github/workflows/docs-ci.yml @@ -13,10 +13,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 7da0a40..87f2c49 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -24,9 +24,9 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.12 @@ -40,7 +40,7 @@ jobs: run: python -m twine check dist/* - name: Upload built archives - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: pypi_archives path: dist/* @@ -54,13 +54,13 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Create GH release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: draft: true files: dist/* @@ -77,11 +77,11 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Publish to PyPI if: startsWith(github.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@release/v1 \ No newline at end of file + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b \ No newline at end of file From c3b24eaca4bdb6e13e6b573fb5f0d56af56586f4 Mon Sep 17 00:00:00 2001 From: Ayan Sinha Mahapatra Date: Thu, 16 Apr 2026 21:41:23 +0530 Subject: [PATCH 3/5] Enable zizmor in github actions Also add fixes to actions from zizmor runs. Signed-off-by: Ayan Sinha Mahapatra --- .github/workflows/docs-ci.yml | 3 +++ .github/workflows/pypi-release.yml | 3 +++ .github/workflows/zizmor.yml | 24 ++++++++++++++++++++++++ 3 files changed, 30 insertions(+) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/docs-ci.yml b/.github/workflows/docs-ci.yml index 2c01c2c..fbc267f 100644 --- a/.github/workflows/docs-ci.yml +++ b/.github/workflows/docs-ci.yml @@ -2,6 +2,7 @@ name: CI Documentation on: [push, pull_request] +permissions: {} jobs: build: runs-on: ubuntu-24.04 @@ -14,6 +15,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 87f2c49..0a9bb54 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -18,6 +18,7 @@ on: tags: - "v*.*.*" +permissions: {} jobs: build-pypi-distribs: name: Build and publish library to PyPI @@ -25,6 +26,8 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..aa8259d --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,24 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + name: Run zizmor 🌈 + runs-on: ubuntu-latest + permissions: + security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 From 1a31224cd886061423bf10a11df7a4d11160584b Mon Sep 17 00:00:00 2001 From: Ayan Sinha Mahapatra Date: Mon, 13 Jul 2026 21:51:38 +0530 Subject: [PATCH 4/5] Bump lief version and remove constraints Signed-off-by: Ayan Sinha Mahapatra --- requirements.txt | 2 +- setup.cfg | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements.txt b/requirements.txt index 6859828..8ffbc10 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # from blint v2.3.2 # https://github.com/owasp-dep-scan/blint/blob/1e1250a4bf6c25eccba8970bd877901ee56070c7/poetry.lock -lief==0.17.0 +lief==0.17.2 symbolic==10.2.1 click==8.3.0 commoncode==32.4.0 \ No newline at end of file diff --git a/setup.cfg b/setup.cfg index aa31318..4bcddce 100644 --- a/setup.cfg +++ b/setup.cfg @@ -47,8 +47,8 @@ install_requires = commoncode plugincode typecode - lief==0.17.0 - symbolic==10.2.1 + lief>=0.17.2 + symbolic>=10.2.1 [options.entry_points] From 36ac8bc627b3a162c51f69d522e04d2a3ac9f493 Mon Sep 17 00:00:00 2001 From: Ayan Sinha Mahapatra Date: Tue, 14 Jul 2026 16:18:20 +0530 Subject: [PATCH 5/5] Bump version and CHANGELOG for v0.2.1 Signed-off-by: Ayan Sinha Mahapatra --- CHANGELOG.rst | 6 ++++++ setup.cfg | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fee2fbf..45d63df 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,12 @@ Changelog ========= +v0.2.1 +------ + +Patch release with updated dependencies and no version constraints. + + v0.2.0 ------ diff --git a/setup.cfg b/setup.cfg index 4bcddce..65fe80f 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,7 +1,7 @@ [metadata] name = binary-inspector license = Apache-2.0 AND MIT -version = 0.2.0 +version = 0.2.1 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 description = binary-inspector is a library and tools to inspect binaries (elf, winpe, mach0) for symbols and other information, and models to store this.