Skip to content

v0.1.1

Choose a tag to compare

@0disoft 0disoft released this 08 Jul 07:47

Patch release for the local AI/ML BOM CLI and composite GitHub Action.

Highlights:

  • Adds manifest-gated output-set writes and stale/partial output cleanup from the preceding hardening commits.
  • Adds Ruff lint validation in CI and local validation docs.
  • Preserves CLI/config precedence when GitHub Action inputs omit format or warning policy.
  • Applies recursive artifact exclude globs before hashing, including .git and __pycache__ subtrees selected by broad include patterns.
  • Expands strict redaction coverage for common AWS, Slack, GitLab, Google API key, Bearer, and JWT-shaped values.
  • Reports blank dataset license_declared values as missing license warnings.
  • Caps Git metadata reads so oversized packed refs resolve as warnings instead of unbounded reads.

Deferred:

  • PyPI publishing remains deferred until package-registry policy is approved.
  • Mutable major action tags such as v0 remain deferred.
  • GitHub Marketplace registration remains deferred.

Validation:

  • Local validation passed: uv sync --locked, compileall, Ruff, unittest, uv build, wheel verification, GitHub Action wrapper verification, CLI smoke, and git diff --check.
  • GitHub Actions passed on commit 82e6534: CI run 28926353328 and Dependency Graph run 28926356278.