0.20.0

Script-Languages-Container-Tool 0.20.0, released 2024-07-09

Code name: Fix vulnerabilities

Summary

This release fixes the following vulnerabilities by updating dependencies:

• CVE-2024-35195 in dependency requests in versions < 2.32.0 caused by requests Session object not verifying requests after making first request with verify=False
• CVE-2024-37891 in transitive dependency via boto3 to urllib3 in versions < 2.2.2 caused by proxy-authorization request header not to be stripped during cross-origin redirects as no update of notebook-connector is available, yet.
• GHSA-w235-7p84-xx57 in transitive dependency via luigi to tornado in versions < 6.4.1 enabling CRLF injection in CurlAsyncHTTPClient headers.
• GHSA-753j-mpmx-qq6g in transitive dependency via luigi to tornado in versions < 6.4.1 due to inconsistent interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

However, the release ignores the following vulnerabilities

• GHSA-753j-mpmx-qq6g in dependency configobj in versions ≤ 5.0.8 being ReDoS exploitable by developers using values in a server-side configuration file as SLCT is used only client side and a patched version is not available, yet.

Security Issues

• #216: Updated dependencies to fix vulnerabilities

0.19.0: Updated dependencies

Summary

This releases updated the dependency to exasol-integration-test-docker-environment and updates to Python3.10.

Refactorings

• #212: Updating dependencies and Python

0.18.3: Pinned dependencies

Summary

This releases the pinned dependency docker and docutils.

Refactoring

• #209: Fixed CI tests

0.18.2

Script-Languages-Container-Tool 0.18.0, released 2024-02-19

Code name: Remove typeguard pin

Summary

This releases the pinned dependency typeguard.

Refactoring

• #207: Remove typeguard pin

0.18.1

Script-Languages-Container-Tool 0.18.0, released 2023-11-24

Code name: Configobj moved

Summary

This release moves configobj from dependencies to dev dependencies so the security alert
regarding ReDoS exploit does not propagate

Security

• moved configobj to dev dependencies

0.18.0

Script-Languages-Container-Tool 0.18.0, released 2023-06-27

Code name: Fixes and improvements.

Summary

This release updated the integration-test-docker-environment to version 1.7.1, added options for configurin logging and fixed the database setup reuse.

Features / Enhancements

• #196: Added logging options to API and CLI

Refactorings

• #201: Updated to integration-test-docker-environment 1.7.1

Bug Fixes

• #200: Fixed reuse database setup

Security

N/A

Documentation

N/A

0.17.0: Add API and CLI commands for building and pushing the test container

Script-Languages-Container-Tool 0.17.0, released 2023-05-12

Code name: Add API and CLI commands for building and pushing the test container

Summary

This releases adds API and CLI commands for building and pushing the test container. It further updates the integration-test-docker-environment to 1.6.0 and fixes some bugs.

Features / Enhancements

• #193: Added build and push test container CLI commands

Refactorings

• #187: Updated release_config.yml
• #192: Remove setup.py and updated the integration-test-docker-environment to 1.6.0

Bug Fixes

• #184: Fixed variable used to get the version in the release workflow
• #183: Disabled check_version workflow for tags

Security

N/A

Documentation

N/A

0.16.0: Bugfix in LanguageDefinition class and prepare for pypi release.

Script-Languages-Container-Tool 0.16.0, released 2023-03-20

Code name: Bugfix in LanguageDefinition class and prepare for pypi release.

Summary

This release fixes a bug where PYTHON3 was missing
when the LanguageDefinition class was called with add_missing_builtin.
It also prepares the project for the pypi release.

Features / Enhancements

• #175: Update vagrant environment
• #178: Install exasol-integration-test-docker-environment from pypi
• #180: Prepare for pypi release

Refactorings

N/A

Bug Fixes

• #174: Add missing PYTHON3 to the add_missing_builtin option for the LanguageDefinition class

Security

• #172: Fix CVE-2007-4559

Documentation

N/A

0.15.0: Path-in-bucket parameter fix, initial API layer and support for stream output of tests to log files.

Summary

This release fixes a major bug which occured if the parameter "path-in-bucket" was not specified.
Also, it introduces a new API module , which allows the usage of the script-languages-container-tools functionality from other Python packages.
The handling of the logging for tests has been improved, as the logs are now written to the log-file during the test execution.
Besides, there is one more bugfix and a minor improvement in the documentation in the code.

Features / Enhancements

• #160: Streamed test output to log file

Refactorings

• #124: Moved implementations of all click commands in separate methods

Bug Fixes

• #163: Fixed upload path if --path-in-bucket not specified
• #164: Fixed default values for click parameters of type multiple=true

Documentation

• #152: Added note to exalsct scripts that these files are generated

0.14.0: Provide docker credentials to tests.

Summary

This release contains a bugfix which avoids that tests exceed the Dockerhub pull rate limit and fail.

Features / Enhancements

n/a

Refactorings

n/a

Bug Fixes

• #157: Injected docker credentials to test as environment variables

Documentation

n/a