Skip to content

Releases: slalombuild/secureli

v0.19.0

05 Jan 00:26
Compare
Choose a tag to compare

v0.19.0 (2024-01-05)

Chore

  • chore: Improve terminal output (#335)

Implementing the following changes:

  1. Add debug log level (colored cyan)
  2. Make error messages print to stderr instead of stdout
  3. include "[seCureLI] [<log level>] " prefix to messages
  4. Update default log level from ERROR to WARN
  5. Move log level enum to separate class and use more consistently (a986da5)
  • chore: Issue 320 - remove six from exclude list (#323)

closes #320

Co-authored-by: Caleb Tonn <caleb.tonn@slalom.com> (57aea2d)

Feature

  • feat: Periodically check for hook updates on scan (#336)

Description

This PR adds the feature to check for updates to hooks when running a
scan. Since the update check doesn't need to be done on every scan, we
only check at most once per week. This will prevent the added latency of
calling out to GitHub (or wherever hooks are hosted) on every scan.

pre-commit does not expose the functionality
of checking for hook updates without actually performing the update, so
for now this PR imports functions directly from the pre-commit tool
(since it is also written in python).
This is not a best practice, but is probably the cleanest option we have
for now. We can look into implementing this functionality in
pre-commit itself in the future.

Note that there is currently no way to specify whether to include the
--bleeding-edge flag (implemented internally with a tags_only
boolean). The implication is that if someone updates their version of a
hook repository beyond the latest release, we will detect it as being
out-of-date, instead of ahead. In practice, this feels like a day-2 kind
of feature that won't be important to many users.

This PR closes #176 .

Feature Work

  • Updates internal .pre-commit-config.yaml file to add hooks. Not sure
    why this repo did not have defined hooks previously?
  • Updates internal secureli config file to set the log level to DEBUG
    (we should see all output while developing secureli)
  • Instead of deserializing the .pre-commit-config.yaml file to a
    dictionary, this adds a proper pydantic model

Cleanup work

Unrelated to the ticket, I also performed some fixes/cleanup:

  • Fixed bug in existing unit test causing .pre-commit-config.yaml to
    get overwritten
  • Cleaned up errors in type hints across numerous files
  • Cleaned up some comments & output for clarity/correctness
  • Minor cleanup refactoring
  • Fixed an error from pytest warning of use of the deprecated package
    pkg_resources (by using the recommended alternative)
  • Rename test function with duplicate name
  • Remove duplicate test fixture (9839881)

v0.18.0

14 Nov 18:36
Compare
Choose a tag to compare

v0.18.0 (2023-11-14)

Feature

  • feat: 154 Prompt User to Install Code Linters for each Detected Language (#332)

closes #154

Overview

Adds functionality to prompt the user to determine if linter based
pre-commit hooks should be added to the code repository. The user will
be prompted for each detected language during init.

An example messages will be Add lint pre-commit(s) for JavaScript? [Y/n]

adding the --yes option will bypass the prompting to install linter
pre-commit hooks and will automatically add them.

Technical Approach

This pr includes reorganizing the pre-commit templates into a new
folder/file structure. Templates will be located under
resources/pre-commit and will be split into separate folders and files
based on if they are linter hooks or not. The user responses and code
will determine whether or not the hooks should be combined and saved to
the user's repository. Splitting these files out ensures a simple way of
knowing which hooks are linters.

Testing

  1. run secureli init
  2. follow flow to add/ignore linters for each detected language
  3. Verify pre-commit linters are added or not added to pre-commit.yaml
    depending on prompt response

Regression testing:
Testing scan and update to ensure both are working as normal. (c63860f)

v0.17.1

10 Nov 17:59
Compare
Choose a tag to compare

v0.17.1 (2023-11-10)

Fix

  • fix: Correctly parsing %-encoded URLs from .git/config file (#331)

Resolves #261

The configparser module by default assumes that '%' characters
indicate the presence of a variable and will try to parse a config value
accordingly. Switching to "raw" mode prevents this behavior.

Testing

Manually tested by changing my .git/config file to set the origin URL
to include %20, and was able to replicate the failure detailed in the
ticket. (af842fb)

v0.17.0

02 Nov 18:14
Compare
Choose a tag to compare

v0.17.0 (2023-11-02)

Chore

  • chore: Issue 159 - Using latest git hooks (#322)

#159

Pre-commit does not support using a latest
tag
,
the only way to use latest is to update after install.

I tested these changes by updating the version I installed with brew
re-initializing a test repo with javascript and python code. It looks
like the fix I made to the update command could use a regression test,
that line of code cannot run without a folder path argument.

Co-authored-by: Rob Rodriguez <robert.rodriguez@slalom.com> (4b77d27)

Feature

  • feat: add version option functionality (#330)

closes #170

Adds option to display the current seCureLI version in the terminal
using either -v or --version (285864d)

v0.16.0

11 Oct 23:05
Compare
Choose a tag to compare

v0.16.0 (2023-10-11)

Chore

  • chore: Reverting python from 3.11 to 3.9 (#319)

#318

Co-authored-by: Rob Rodriguez <robert.rodriguez@slalom.com> (b8ce59c)

  • chore: Secureli 265 python311 support (#317)

This is to resolve issues with publishing after changing secureli to
support python3.11


Co-authored-by: Rob Rodriguez <rob@kqfv3xf6td.home>
Co-authored-by: Rob Rodriguez <robert.rodriguez@slalom.com> (c9808a2)

  • chore: pip: Bump poethepoet from 0.23.0 to 0.24.1 (#310)

Bumps poethepoet from 0.23.0 to
0.24.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nat-n/poethepoet/releases&#34;&gt;poethepoet&#39;s
releases</a>.</em></p>
<blockquote>
<h2>0.24.1</h2>
<h1>Enhancements</h1>
<ul>
<li>Show helpful error message when task executable is not on the path
(<a
href="https://github.com/nat-n/poethepoet/commit/dfb8cabe3019bfa4a22398996975bf14f22b0bf5&#34;&gt;#dfb8cabe&lt;/a&gt;)&lt;/li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="nat-n/poethepoet@v0.24.0...v0.24.1&#34;&gt;https://github.com/nat-n/poethepoet/compare/v0.24.0...v0.24.1&lt;/a&gt;&lt;/p>
<h2>0.24.0</h2>
<h2>Enhancements</h2>
<ul>
<li>Use quotes to improve accuracy of logged commands <a
href="https://redirect.github.com/nat-n/poethepoet/issues/169&#34;&gt;#169&lt;/a>
(<a
href="https://github.com/nat-n/poethepoet/commit/21c523ebc6168d4fa00fcc98fd5b04646f56bd6c&#34;&gt;#21c523eb&lt;/a&gt;)&lt;/li>
</ul>
<h2>Fixes</h2>
<ul>
<li>Make task dependencies work as expected for referenced tasks <a
href="https://redirect.github.com/nat-n/poethepoet/issues/168&#34;&gt;#168&lt;/a>
(<a
href="https://github.com/nat-n/poethepoet/commit/8f73c7784ab3b47ef6f0c30d3f1177a6a1d35559&#34;&gt;#8f73c778&lt;/a&gt;)&lt;/li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="nat-n/poethepoet@v0.23.0...v0.24.0&#34;&gt;https://github.com/nat-n/poethepoet/compare/v0.23.0...v0.24.0&lt;/a&gt;&lt;/p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="nat-n/poethepoet@903ed9af0dd313a6da32f24ec4357101435976d8&#34;&gt;&lt;code&gt;903ed9a&lt;/code&gt;&lt;/a>
Bump version to 0.24.1</li>
<li><a
href="nat-n/poethepoet@dfb8cabe3019bfa4a22398996975bf14f22b0bf5&#34;&gt;&lt;code&gt;dfb8cab&lt;/code&gt;&lt;/a>
Show helpful error message when task executable is not on the path</li>
<li><a
href="nat-n/poethepoet@f500668f82439b472051d4971421681645f0ff04&#34;&gt;&lt;code&gt;f500668&lt;/code&gt;&lt;/a>
Add installation instructions for homebrew formula</li>
<li><a
href="nat-n/poethepoet@0c757678326f5ca34024dff2f6b01d8e51d6468b&#34;&gt;&lt;code&gt;0c75767&lt;/code&gt;&lt;/a>
Add workflow step to trigger homebrew update</li>
<li><a
href="nat-n/poethepoet@caf7ba819a52c952225d8addb1eaea923ec30294&#34;&gt;&lt;code&gt;caf7ba8&lt;/code&gt;&lt;/a>
Bump version to 0.24.0</li>
<li><a
href="nat-n/poethepoet@21c523ebc6168d4fa00fcc98fd5b04646f56bd6c&#34;&gt;&lt;code&gt;21c523e&lt;/code&gt;&lt;/a>
Use quotes to improve accuracy of logged commands <a
href="https://redirect.github.com/nat-n/poethepoet/issues/169&#34;&gt;#169&lt;/a&gt;&lt;/li>
<li><a
href="nat-n/poethepoet@ad9242496ccb2848dea29dc27ba65a00666b9b19&#34;&gt;&lt;code&gt;ad92424&lt;/code&gt;&lt;/a>
Improve ruff configuration and remove isort</li>
<li><a
href="nat-n/poethepoet@8f73c7784ab3b47ef6f0c30d3f1177a6a1d35559&#34;&gt;&lt;code&gt;8f73c77&lt;/code&gt;&lt;/a>
Make task dependecies work as expected for referenced tasks <a
href="https://redirect.github.com/nat-n/poethepoet/issues/168&#34;&gt;#168&lt;/a&gt;&lt;/li>
<li><a
href="nat-n/poethepoet@2c6e6bd75e5cea8c3c0315032c4b1920c3bf486a&#34;&gt;&lt;code&gt;2c6e6bd&lt;/code&gt;&lt;/a>
Configure ruff and apply prescribed fixes</li>
<li><a
href="nat-n/poethepoet@29f4a5419ff96776ac7d38820c811e4c18e8507f&#34;&gt;&lt;code&gt;29f4a54&lt;/code&gt;&lt;/a>
Create CODE_OF_CONDUCT.md</li>
<li>See full diff in <a
href="nat-n/poethepoet@v0.23.0...v0.24.1&#34;&gt;compare
view</a></li>
</ul>
</details>
<br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.


<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits
    that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after
    your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge
    and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating
    it. You can achieve the same result by closing it manually
  • @dependabot show &lt;dependency name&gt; ignore conditions will show all
    of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop
    Dependabot creating any more for this major version (unless you reopen
    the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop
    Dependabot creating any more for this minor version (unless you reopen
    the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop
    Dependabot creating any more for this dependency (unless you reopen the
    PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (ecfac07)

Feature

  • feat: Added Python 3.11 support (#316)

Resolving string representation of enum for EchoLevel
Edited TOML file


Co-authored-by: Rob Rodriguez <rob@kqfv3xf6td.home>
Co-authored-by: Rob Rodriguez <robert.rodriguez@slalom.com> (f31d19f)

v0.15.0

10 Oct 20:09
Compare
Choose a tag to compare

v0.15.0 (2023-10-10)

Feature

  • feat: Updates documentation and creates a new release artifact (#314) (06c3c36)

v0.14.0

23 Aug 16:41
Compare
Choose a tag to compare

v0.14.0 (2023-08-23)

Feature

  • feat: use python 3.9 in pypi publish job (#281) (0269290)

v0.13.0

21 Aug 16:37
Compare
Choose a tag to compare

v0.13.0 (2023-08-21)

Chore

  • chore: secure tokens (#276)

Resolves #275 (896bf6f)

  • chore: replaces all PAT uses with GH App token (#273)

Resolves #185 (39bf02c)

Feature

  • feat: (144) Add Directory Support -d --directory (#279)

#144

Example commands using the new directory option:

secureli scan --directory /absolute/path/to/a/git/directory
secureli scan -d ./relative/path/to/a/git/directory
secureli init -d ./relative/path/to/a/git/directory
secureli update --directory /absolute/path/to/a/git/directory

Co-authored-by: Adina <adina.micula@slalom.com> (d23f94b)

v0.12.0

14 Aug 21:45
Compare
Choose a tag to compare

v0.12.0 (2023-08-14)

Feature

  • feat: swaps token for semantic release to github app token (secureli-185) (#272) (e10226e)

v0.11.0

09 Aug 20:26
Compare
Choose a tag to compare

v0.11.0 (2023-08-09)

Chore

  • chore: pip: bump pygments from 2.15.1 to 2.16.1 (#263)

Bumps pygments from 2.15.1 to
2.16.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pygments/pygments/releases&#34;&gt;pygments&#39;s
releases</a>.</em></p>
<blockquote>
<h2>2.16.1</h2>
<ul>
<li>Fix <code>native</code> style missing from style list (<a
href="https://redirect.github.com/pygments/pygments/issues/2484&#34;&gt;#2484&lt;/a&gt;)&lt;/li>
</ul>
<h2>2.16.0</h2>
<ul>
<li>
<p>New lexers:</p>
<ul>
<li>ASN.1 (<a
href="https://redirect.github.com/pygments/pygments/issues/2462&#34;&gt;#2462&lt;/a&gt;)&lt;/li>
<li>Blueprint (<a
href="https://redirect.github.com/pygments/pygments/issues/2434&#34;&gt;#2434&lt;/a&gt;)&lt;/li>
<li>BQN (<a
href="https://redirect.github.com/pygments/pygments/issues/2472&#34;&gt;#2472&lt;/a&gt;)&lt;/li>
<li>DNS zone files (<a
href="https://redirect.github.com/pygments/pygments/issues/2464&#34;&gt;#2464&lt;/a&gt;)&lt;/li>
<li>GraphQL (<a
href="https://redirect.github.com/pygments/pygments/issues/2428&#34;&gt;#2428&lt;/a&gt;)&lt;/li>
<li>Linux desktop files (following the specification of the Freedesktop
group, formerly known as XDG) (<a
href="https://redirect.github.com/pygments/pygments/issues/2470&#34;&gt;#2470&lt;/a&gt;)&lt;/li>
<li>NVIDIA PTX (<a
href="https://redirect.github.com/pygments/pygments/issues/2432&#34;&gt;#2432&lt;/a&gt;)&lt;/li>
<li>OpenSCAD (<a
href="https://redirect.github.com/pygments/pygments/issues/2449&#34;&gt;#2449&lt;/a&gt;)&lt;/li>
<li>systemd (<a
href="https://redirect.github.com/pygments/pygments/issues/2470&#34;&gt;#2470&lt;/a&gt;)&lt;/li>
<li>TLS presentation language (<a
href="https://redirect.github.com/pygments/pygments/issues/2455&#34;&gt;#2455&lt;/a&gt;)&lt;/li>
<li>Verifpal (<a
href="https://redirect.github.com/pygments/pygments/issues/2430&#34;&gt;#2430&lt;/a&gt;)&lt;/li>
<li>YARA (<a
href="https://redirect.github.com/pygments/pygments/issues/2453&#34;&gt;#2453&lt;/a&gt;)&lt;/li>
</ul>
</li>
<li>
<p>Updated lexers:</p>
<ul>
<li>ASC: Add <code>application/pem-certificate-chain</code> mimetype (<a
href="https://redirect.github.com/pygments/pygments/issues/2471&#34;&gt;#2471&lt;/a&gt;)&lt;/li>
<li>C/C++: Refine keyword lists (<a
href="https://redirect.github.com/pygments/pygments/issues/2421&#34;&gt;#2421&lt;/a>,
<a
href="https://redirect.github.com/pygments/pygments/issues/2422&#34;&gt;#2422&lt;/a&gt;)&lt;/li>
<li>Carbon: Fix long processing times on invalid input, fix number
lexing (<a
href="https://redirect.github.com/pygments/pygments/issues/2454&#34;&gt;#2454&lt;/a>,
<a
href="https://redirect.github.com/pygments/pygments/issues/2456&#34;&gt;#2456&lt;/a&gt;)&lt;/li>
<li>Elpi: Handle quotations (<a
href="https://redirect.github.com/pygments/pygments/issues/2419&#34;&gt;#2419&lt;/a&gt;)&lt;/li>
<li>Go: Support additional built-ins (<a
href="https://redirect.github.com/pygments/pygments/issues/2481&#34;&gt;#2481&lt;/a&gt;)&lt;/li>
<li>HTTP: Support empty headers (<a
href="https://redirect.github.com/pygments/pygments/issues/2461&#34;&gt;#2461&lt;/a>),
support more general methods (<a
href="https://redirect.github.com/pygments/pygments/issues/2460&#34;&gt;#2460&lt;/a>),
also recognize responses in <code>analyse_text</code> implementation (<a
href="https://redirect.github.com/pygments/pygments/issues/2460&#34;&gt;#2460&lt;/a>),
and highlight URL encoded data (<a
href="https://redirect.github.com/pygments/pygments/issues/2465&#34;&gt;#2465&lt;/a>,
<a
href="https://redirect.github.com/pygments/pygments/issues/1620&#34;&gt;#1620&lt;/a&gt;)&lt;/li>
<li>Igor Pro: Update to Igor Pro 9 (<a
href="https://redirect.github.com/pygments/pygments/issues/2482&#34;&gt;#2482&lt;/a&gt;)&lt;/li>
<li>lean: Recognize expressions nested within attributes (<a
href="https://redirect.github.com/pygments/pygments/issues/1817&#34;&gt;#1817&lt;/a&gt;)&lt;/li>
<li>Macaulay2: Update builtins (<a
href="https://redirect.github.com/pygments/pygments/issues/2457&#34;&gt;#2457&lt;/a&gt;)&lt;/li>
<li>Markdown: Allow extra characters after language name
in code blocks (<a
href="https://redirect.github.com/pygments/pygments/issues/2437&#34;&gt;#2437&lt;/a&gt;)&lt;/li>
<li>NestedText: Update to version 3 (<a
href="https://redirect.github.com/pygments/pygments/issues/2459&#34;&gt;#2459&lt;/a&gt;)&lt;/li>
<li>scdoc: Improve language guessing implementation (<a
href="https://redirect.github.com/pygments/pygments/issues/2402&#34;&gt;#2402&lt;/a&gt;)&lt;/li>
<li>Spice: Update to latest version (<a
href="https://redirect.github.com/pygments/pygments/issues/2476&#34;&gt;#2476&lt;/a&gt;)&lt;/li>
<li>Transact SQL: Add Pre-sorted Group keyword (<a
href="https://redirect.github.com/pygments/pygments/issues/2417&#34;&gt;#2417&lt;/a&gt;)&lt;/li>
<li>Uxntal: Update for current runes (<a
href="https://redirect.github.com/pygments/pygments/issues/2424&#34;&gt;#2424&lt;/a&gt;)&lt;/li>
<li>Wikitext: Fix templates in wiki links; fix a language converter
false positive; add bold italic markup (<a
href="https://redirect.github.com/pygments/pygments/issues/2447&#34;&gt;#2447&lt;/a&gt;)&lt;/li>
</ul>
</li>
<li>
<p>Add <code>Generic.EmphStrong</code> token for bold italic markup (<a
href="https://redirect.github.com/pygments/pygments/issues/2444&#34;&gt;#2444&lt;/a&gt;)&lt;/p>
</li>
<li>
<p>Add Lightbulb style (<a
href="https://redirect.github.com/pygments/pygments/issues/2474&#34;&gt;#2474&lt;/a&gt;)&lt;/p>
</li>
<li>
<p>Add Eclipse-Light style (<a
href="https://redirect.github.com/pygments/pygments/issues/2440&#34;&gt;#2440&lt;/a&gt;)&lt;/p>
</li>
<li>
<p>Improve contrast in Monokai style (<a
href="https://redirect.github.com/pygments/pygments/issues/2448&#34;&gt;#2448&lt;/a&gt;)&lt;/p>
</li>
<li>
<p>Add documentation how to create terminal code highlighting commands
(<a
href="https://redirect.github.com/pygments/pygments/issues/2131&#34;&gt;#2131&lt;/a>,
<a
href="https://redirect.github.com/pygments/pygments/issues/2425&#34;&gt;#2425&lt;/a&gt;)&lt;/p>
</li>
<li>
<p>Add support for loading TrueType fonts to the
<code>ImageFormatter</code> (<a
href="https://redirect.github.com/pygments/pygments/issues/1960&#34;&gt;#1960&lt;/a&gt;)&lt;/p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pygments/pygments/blob/master/CHANGES&#34;&gt;pygments&#39;s
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.16.1</h2>
<ul>
<li>Fix <code>native</code> style missing from style list (<a
href="https://redirect.github.com/pygments/pygments/issues/2484&#34;&gt;#2484&lt;/a&gt;)&lt;/li>
</ul>
<h2>Version 2.16.0</h2>
<p>(released August 6th, 2023)</p>
<ul>
<li>
<p>New lexers:</p>
<ul>
<li>ASN.1 (<a
href="https://redirect.github.com/pygments/pygments/issues/2462&#34;&gt;#2462&lt;/a&gt;)&lt;/li>
<li>Blueprint (<a
href="https://redirect.github.com/pygments/pygments/issues/2434&#34;&gt;#2434&lt;/a&gt;)&lt;/li>
<li>BQN (<a
href="https://redirect.github.com/pygments/pygments/issues/2472&#34;&gt;#2472&lt;/a&gt;)&lt;/li>
<li>DNS zone files (<a
href="https://redirect.github.com/pygments/pygments/issues/2464&#34;&gt;#2464&lt;/a&gt;)&lt;/li>
<li>GraphQL (<a
href="https://redirect.github.com/pygments/pygments/issues/2428&#34;&gt;#2428&lt;/a&gt;)&lt;/li>
<li>Linux desktop files (following the specification of the
Freedesktop group, formerly known as XDG) (<a
href="https://redirect.github.com/pygments/pygments/issues/2470&#34;&gt;#2470&lt;/a&gt;)&lt;/li>
<li>NVIDIA PTX (<a
href="https://redirect.github.com/pygments/pygments/issues/2432&#34;&gt;#2432&lt;/a&gt;)&lt;/li>
<li>OpenSCAD (<a
href="https://redirect.github.com/pygments/pygments/issues/2449&#34;&gt;#2449&lt;/a&gt;)&lt;/li>
<li>systemd (<a
href="https://redirect.github.com/pygments/pygments/issues/2470&#34;&gt;#2470&lt;/a&gt;)&lt;/li>
<li>TLS presentation language (<a
href="https://redirect.github.com/pygments/pygments/issues/2455&#34;&gt;#2455&lt;/a&gt;)&lt;/li>
<li>Verifpal (<a
href="https://redirect.github.com/pygments/pygments/issues/2430&#34;&gt;#2430&lt;/a&gt;)&lt;/li>
<li>YARA (<a
href="https://redirect.github.com/pygments/pygments/issues/2453&#34;&gt;#2453&lt;/a&gt;)&lt;/li>
</ul>
</li>
<li>
<p>Updated lexers:</p>
<ul>
<li>ASC: Add <code>application/pem-certificate-chain</code> mimetype (<a
href="https://redirect.github.com/pygments/pygments/issues/2471&#34;&gt;#2471&lt;/a&gt;)&lt;/li>
<li>C/C++: Refi...

Read more