Skip to content

v0.10.1: reliability and security hardening

Latest

Choose a tag to compare

@ferdinandobons ferdinandobons released this 10 Jul 09:17

BrandDocs v0.10.1 is a reliability and security hardening release. It adds no new product features.

Security

  • Validate OOXML packages at every live extract, generate, deterministic-QA, and visual-render boundary before third-party parsers process them.
  • Enforce archive, inflated part/package, entry-count, compression-ratio, duplicate-member, unsafe-path, and content-types constraints centrally.

Fixed

  • Preserve XLSX x14 sparkline groups through openpyxl saves and fail closed when worksheet extensions are lost.
  • Publish generated files atomically only after schema, resolver, provenance, and QA checks pass; failed runs preserve any existing good output.
  • Bound whole-row and whole-column Excel names to the used rectangle, reject discontiguous names explicitly, and keep sparse-sheet operations sparse.
  • Make fixture-builder failures fail CI instead of silently becoming skips.

Changed

  • Pin CI/development dependencies in requirements-ci.txt.
  • Treat warnings as errors except for the explicitly handled openpyxl sparkline warning.
  • Test and support Python 3.10 through 3.13 explicitly.

Verification

  • 946 tests passed, 6 skipped, and 39 subtests passed locally on Python 3.11 and 3.13.
  • Ruff lint and formatting checks passed.
  • Real LibreOffice/Poppler rendering passed locally and in GitHub Actions.
  • GitHub Actions passed across Python 3.10, 3.11, 3.12, and 3.13.