Skip to content

v3.0.2

Latest

Choose a tag to compare

@ianhelle ianhelle released this 18 Jul 18:50
cb71514

v3.0.2

Security

  • Dependency floor bumps for 13 CVEs flagged by Component Governance (#909) — bumped minimum versions for direct dependencies with known vulnerabilities, and added explicit minimum-version pins for vulnerable transitive dependencies to prevent silent downgrades:

    Package Old Min New Min
    azure-core >=1.24.0 >=1.38.0
    cryptography >=43.0.1 >=48.0.0
    jinja2 >=3.1.5 >=3.1.6
    lxml >=4.6.5 >=6.1.1
    pyjwt >=2.3.0 >=2.13.0
    urllib3 >=2.6.3 >=2.7.0
    tornado >=6.4.2 >=6.5.5
    aiohttp (unpinned) >=3.14.0
    h11 (unpinned) >=0.16.0
    idna (unpinned) >=3.15
    jaraco.context (unpinned) >=6.1.0
    Pillow (unpinned) >=12.2.0
    filelock (dev) >=3.0.0 >=3.29.1

Bug Fixes

  • Cybereason driver: failsafe JSON parsing — added a try/except around response JSON parsing to avoid unhandled exceptions on malformed API responses. (#908)
  • azure-mgmt-resource 26.0.0 compatibility — the 26.0.0 release moved ResourceManagementClient to a new import path and introduced other breaking changes, which broke every Sentinel/Azure context provider import. Capped the dependency to <26.0.0.
  • mypy false positive on numpy 2.5 stubs — mypy was inferring its syntax-checking target from setup.cfg's minimum supported Python version instead of the interpreter actually running it, causing a spurious failure on numpy's PEP 695 stub syntax. mypy now runs with an explicit --python-version matching the CI job. Also fixed 6 real (previously-masked) type errors this uncovered across nbinit.py, azure_ml_tools.py, pivot_magic_core.py, polling_detection.py, eventcluster.py, and foliummap.py.

Removed

  • conda/ requirements files and requirements-all.txt are no longer tracked in the repository. These were unmaintained/unenforced duplicates of the dependency set already declared in setup.py's extras. Use pip install -e ".[test]" (or .[all] for just the optional extras) instead. tools/create_reqs_all.py remains available as a manual, on-demand generator if you need a frozen requirements-all.txt locally.
  • Removed the check_reqs_all pre-commit hook, which used to auto-rewrite requirements-all.txt (and strip its hand-maintained comments) on every commit touching a Python file.
  • Removed tests/test_pkg_imports.py::test_conda_reqs; kept and simplified test_missing_pkgs_req.

Internal / CI

  • Fixed a stdlib-detection bug in tools/toollib/import_analyzer.py that misclassified standard-library modules as missing packages when run from a uv-managed virtual environment (used sys.prefix only; now also checks sys.base_prefix).
  • Simplified GitHub Actions and Azure Pipelines CI installs to use pip install -e ".[test]" in place of separate requirements-all.txt + requirements-dev.txt steps; updated pip cache keys accordingly and fixed a stray cache-key path typo in the docs job.
  • Updated .devcontainer/Dockerfile to install msticpy[test] directly.
  • sphinx requirement split by Python version (>=8.1.3 for Python ≤3.11, >=9.1.0 for Python ≥3.12). (#902)
  • azure-storage-blob minimum bumped to >=12.28.0. (#903)

Dependency Updates

Development / CI

Package Old New
coverage >=7.13.5 >=7.14.1
filelock >=3.0.0 >=3.29.1
ruff >=0.15.12 >=0.15.16
respx >=0.20.1 >=0.22.0 (required for httpx>=0.28.0 compatibility)
sphinx >=5.0.1,<8.0.0 >=8.1.3 (py≤3.11) / >=9.1.0 (py≥3.12)

Runtime

Package Old New
tldextract >=2.2.2 >=5.3.1
python-dateutil >=2.8.1 >=2.9.0.post0
azure-storage-blob >=12.5.0 >=12.28.0

Full Changelog: v3.0.1...v3.0.2