Skip to content

Release v1.9.1

Choose a tag to compare

View all tags
@damienSavoldelli damienSavoldelli released this 25 Mar 18:19
· 13 commits to main since this release
v1.9.1
7f7c9e4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What changed

  • Added a dedicated non-blocking Docker hardening workflow in CI:
  • Dockerfile lint (hadolint)
  • runtime image size sanity reporting
  • Trivy vulnerability scan (HIGH/CRITICAL)
  • Hardened Docker reproducibility by pinning the Python base image with digest in Dockerfile.
  • Improved container safety with a fixed non-root runtime user (UID 10001) and safer pip defaults.
  • Updated Docker documentation with local hardening commands and reproducibility guidance.

Why it matters

  • Improves supply-chain and build reproducibility for contributors and CI.
  • Adds visible Docker security checks without blocking delivery workflows.
  • Strengthens dev/CI container hygiene while preserving existing product behavior.

Notes

  • v1.9.1 is a patch hardening release.
  • No CLI/runtime behavior changes.
  • No API or output schema/contract changes.

GitHub Pull Requests Included

Full Changelog: v1.9.0...v1.9.1

Contributors

damienSavoldelli
Assets 2
Loading