Security/578 resolve vulnerabilities and update dependencies

.github/actions/security-issues/action.yml

@@ -39,7 +39,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==1.10.0
+        pip install exasol-toolbox==1.11.0
 
     - name: Create Security Issue Report
       shell: bash

.github/workflows/build-and-publish.yml

@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment

.github/workflows/check-release-tag.yml

@@ -12,7 +12,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment

.github/workflows/checks.yml

@@ -11,7 +11,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
@@ -29,7 +29,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -56,7 +56,7 @@ jobs:
     if: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }}
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -75,7 +75,7 @@ jobs:
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -86,7 +86,7 @@ jobs:
         run: poetry run -- nox -s lint:code
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: lint-python${{ matrix.python-version }}
           path: |
@@ -106,7 +106,7 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -128,7 +128,7 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -139,7 +139,7 @@ jobs:
         run: poetry run -- nox -s lint:security
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: security-python${{ matrix.python-version }}
           path: .security.json
@@ -152,7 +152,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -168,7 +168,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -188,7 +188,7 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         # The PTB has unit tests which require the fetch-depth to be 0.
         with:
           fetch-depth: 0
@@ -202,7 +202,7 @@ jobs:
         run: poetry run -- nox -s test:unit -- --coverage
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: coverage-python${{ matrix.python-version }}-fast
           path: .coverage

.github/workflows/gh-pages.yml

@@ -12,7 +12,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/matrix-all.yml

@@ -14,7 +14,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment

.github/workflows/matrix-exasol.yml

@@ -14,7 +14,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment

.github/workflows/matrix-python.yml

@@ -14,7 +14,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment

.github/workflows/report.yml

@@ -14,15 +14,15 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v5.0.0
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts
 
@@ -41,7 +41,7 @@ jobs:
         run: poetry run -- nox -s project:report -- --format json | tee metrics.json
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: metrics.json
           path: metrics.json

.github/workflows/slow-checks.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: ./.github/actions/python-environment
@@ -35,7 +35,7 @@ jobs:
         run: poetry run -- nox -s test:integration -- --coverage --db-version ${{ matrix.exasol-version }}
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: coverage-python${{ matrix.python-version }}-slow
           path: .coverage
@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Python & Poetry Environment
         uses: ./.github/actions/python-environment

doc/changes/changes_1.11.0.md

@@ -0,0 +1,40 @@
+# 1.11.0 - 2025-10-29
+
+With the addition of the nox session `package:check`, it's recommended to
+switch a README.md to README.rst. The underlying package `twine` which is used
+in that check performs more checks for rst files.
+
+## Feature
+
+* #494: Created check of built packages with nox session `package:check`
+
+## Refactoring
+
+* #578: Updated GitHub actions which now use node 24:
+   * actions/checkout to [v5](https://github.com/actions/checkout/releases/tag/v5.0.0)
+   * actions/download-artifact to [v6](https://github.com/actions/download-artifact/releases/tag/v6.0.0)
+   * actions/upload-artifact to [v5](https://github.com/actions/upload-artifact/releases/tag/v5.0.0)
+
+## Security
+
+* #578: Resolved CVE-2024-12797 for cryptography and CVE-2025-8869 for pip by updating the lock file
+
+## Dependency Updates
+
+### `main`
+* Updated dependency `black:25.1.0` to `25.9.0`
+* Updated dependency `coverage:7.10.6` to `7.11.0`
+* Updated dependency `furo:2025.7.19` to `2025.9.25`
+* Updated dependency `import-linter:2.4` to `2.5.2`
+* Updated dependency `isort:6.0.1` to `6.1.0`
+* Updated dependency `mypy:1.17.1` to `1.18.2`
+* Updated dependency `nox:2025.5.1` to `2025.10.16`
+* Updated dependency `pip-licenses:5.0.0` to `5.5.0`
+* Updated dependency `pydantic:2.11.7` to `2.12.3`
+* Updated dependency `pylint:3.3.8` to `4.0.2`
+* Updated dependency `pysonar:1.1.0.2035` to `1.2.0.2419`
+* Updated dependency `pytest:8.4.1` to `8.4.2`
+* Updated dependency `pyupgrade:3.20.0` to `3.21.0`
+* Updated dependency `shibuya:2025.8.16` to `2025.10.21`
+* Added dependency `twine:6.2.0`
+* Updated dependency `typer:0.17.3` to `0.20.0`

doc/changes/unreleased.md

@@ -1,5 +1 @@
 # Unreleased
-
-## Feature
-
-* #494: Created check of built packages with nox session `package:check`

doc/github_actions/python_environment.rst

@@ -49,10 +49,10 @@ Example Usage
 
         steps:
           - name: SCM Checkout
-            uses: actions/checkout@v4
+            uses: actions/checkout@v5
 
           - name: Setup Python & Poetry Environment
-            uses: exasol/python-toolbox/.github/actions/python-environment@1.1.0
+            uses: exasol/python-toolbox/.github/actions/python-environment@v1
             with:
               python-version: 3.12
               poetry-version: 2.1.2

doc/github_actions/security_issues.rst

@@ -26,10 +26,10 @@ Example Usage
 
         steps:
           - name: SCM Checkout
-            uses: actions/checkout@v4
+            uses: actions/checkout@v5
 
           - name: Report Security Issues
-            uses: exasol/python-toolbox/.github/actions/security-issues@0.6.1
+            uses: exasol/python-toolbox/.github/actions/security-issues@v1
             with:
               format: "maven"
               command: "cat maven-cve-report.json"

exasol/toolbox/config.py

@@ -48,7 +48,7 @@ class BaseConfig(BaseModel):
     )
 
     exasol_versions: tuple[ValidVersionStr, ...] = Field(
-        default=("7.1.9",),
+        default=("7.1.30", "8.29.6", "2025.1.0"),
         description="Exasol versions to use in running CI workflows for integration tests using the DB",
     )
     create_major_version_tags: bool = Field(

exasol/toolbox/templates/github/workflows/build-and-publish.yml

@@ -15,7 +15,7 @@ jobs:
       contents: write
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: exasol/python-toolbox/.github/actions/python-environment@v1

exasol/toolbox/templates/github/workflows/check-release-tag.yml

@@ -12,7 +12,7 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
         uses: exasol/python-toolbox/.github/actions/python-environment@v1