Skip to content

v1.9.22

Choose a tag to compare

View all tags
@pirate pirate released this 02 Apr 07:34
v1.9.22
fbeef29
This commit was signed with the committer’s verified signature.
pirate Nick Sweeting
SSH Key Fingerprint: 6CIN5ob1siNL6Oe4C6+10sUHRwN+AO3b7Hb8TX8SPJY
Verified
Learn about vigilant mode.

✨ Highlights

  • 🔒 Security defaults now propagate consistently across binaries and providers.

    • BinProvider now owns default postinstall_scripts and min_release_age values, and Binary inherits them automatically when you don't override them explicitly.
    • Unsupported providers now fail closed instead of silently ignoring security constraints.
    provider = EnvProvider(postinstall_scripts=True, min_release_age=4)
binary = Binary(name="python", binproviders=[provider])
assert binary.postinstall_scripts is True
assert binary.min_release_age == 4

  • ⬆️ min_version is enforced end-to-end instead of only being advisory.

    • install() and update() now validate the resolved version after the package manager runs.
    • load_or_install() will upgrade an already-installed binary when it exists but does not satisfy the requested minimum version.
    binary = provider.load_or_install("black", min_version=SemVer("24.0.0"))

  • 📦 Provider install/update plumbing is more explicit and consistent.

    • Core handler signatures now thread postinstall_scripts, min_release_age, and min_version through setup/install/update paths.
    • pip and npm explicitly declare support for release-age and postinstall controls.
    • brew only uses Pyinfra/Ansible helper paths when postinstall scripts are allowed, and otherwise falls back to direct CLI invocations with the right flags.
    • Timeout settings are preserved through provider copies via model fields instead of hidden underscored state.

  • 🧪 Tests were expanded around the new behavior and cleaned up for strict type-checking.

    • Added fail-closed coverage for providers that cannot honor min_release_age or disabled postinstall scripts.
    • Added live tests for pip minimum-version upgrades and npm postinstall-script overrides.
    • Tightened the test helper typing so ty-check and pyright pass without cast, Any, or type: ignore shortcuts.
    def is_install_args_sequence(value: object) -> TypeGuard[InstallArgs]:
    return isinstance(value, (tuple, list)) and all(isinstance(item, str) for item in value)

  • 🏷️ Release metadata

    • Version bumped to 1.9.22.
    • uv.lock refreshed to match the new package version.
Assets 4
Loading