diff --git a/CHANGELOG.md b/CHANGELOG.md index b5e1d7b..69f63cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [1.13.3] - 2026-03-26 + +* CI pipelines now include automated security scanning (CodeQL, Docker lint), increasing detection of vulnerabilities and misconfigurations +* Workflow permissions were tightened and fixed, ensuring secure and reliable execution of reusable workflows +* Publishing and “stable” tagging are now restricted to the `main` branch, preventing accidental releases from other branches +* Stale CI runs are automatically cancelled, reducing wasted resources and speeding up feedback cycles +* Overall CI reliability and security posture improved, with fewer false positives and more consistent pipeline results + + ## [1.13.2] - 2026-03-26 * Fail fast with a clear error when the Nix bootstrap or nix binary is unavailable instead of continuing with a broken startup path. diff --git a/flake.nix b/flake.nix index 4c121ef..4275c71 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ rec { pkgmgr = pyPkgs.buildPythonApplication { pname = "package-manager"; - version = "1.13.2"; + version = "1.13.3"; # Use the git repo as source src = ./.; diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD index 81de5c1..95fd141 100644 --- a/packaging/arch/PKGBUILD +++ b/packaging/arch/PKGBUILD @@ -1,7 +1,7 @@ # Maintainer: Kevin Veen-Birkenbach pkgname=package-manager -pkgver=1.13.2 +pkgver=1.13.3 pkgrel=1 pkgdesc="Local-flake wrapper for Kevin's package-manager (Nix-based)." arch=('any') diff --git a/packaging/debian/changelog b/packaging/debian/changelog index c905830..271fda1 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,3 +1,13 @@ +package-manager (1.13.3-1) unstable; urgency=medium + + * CI pipelines now include automated security scanning (CodeQL, Docker lint), increasing detection of vulnerabilities and misconfigurations +* Workflow permissions were tightened and fixed, ensuring secure and reliable execution of reusable workflows +* Publishing and “stable” tagging are now restricted to the `main` branch, preventing accidental releases from other branches +* Stale CI runs are automatically cancelled, reducing wasted resources and speeding up feedback cycles +* Overall CI reliability and security posture improved, with fewer false positives and more consistent pipeline results + + -- Kevin Veen-Birkenbach Thu, 26 Mar 2026 17:10:21 +0100 + package-manager (1.13.2-1) unstable; urgency=medium * Fail fast with a clear error when the Nix bootstrap or nix binary is unavailable instead of continuing with a broken startup path. diff --git a/packaging/fedora/package-manager.spec b/packaging/fedora/package-manager.spec index 2b98bab..bd0741f 100644 --- a/packaging/fedora/package-manager.spec +++ b/packaging/fedora/package-manager.spec @@ -1,5 +1,5 @@ Name: package-manager -Version: 1.13.2 +Version: 1.13.3 Release: 1%{?dist} Summary: Wrapper that runs Kevin's package-manager via Nix flake @@ -74,6 +74,13 @@ echo ">>> package-manager removed. Nix itself was not removed." /usr/lib/package-manager/ %changelog +* Thu Mar 26 2026 Kevin Veen-Birkenbach - 1.13.3-1 +- CI pipelines now include automated security scanning (CodeQL, Docker lint), increasing detection of vulnerabilities and misconfigurations +* Workflow permissions were tightened and fixed, ensuring secure and reliable execution of reusable workflows +* Publishing and “stable” tagging are now restricted to the `main` branch, preventing accidental releases from other branches +* Stale CI runs are automatically cancelled, reducing wasted resources and speeding up feedback cycles +* Overall CI reliability and security posture improved, with fewer false positives and more consistent pipeline results + * Thu Mar 26 2026 Kevin Veen-Birkenbach - 1.13.2-1 - Fail fast with a clear error when the Nix bootstrap or nix binary is unavailable instead of continuing with a broken startup path. diff --git a/pyproject.toml b/pyproject.toml index 9ab01ca..3212a2d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ build-backend = "setuptools.build_meta" [project] name = "kpmx" -version = "1.13.2" +version = "1.13.3" description = "Kevin's package-manager tool (pkgmgr)" readme = "README.md" requires-python = ">=3.9"