github boecht/birre v4.0.0-alpha.2
Release 4.0.0-alpha.2
on GitHub

latest releases: v4.0.0, v4.0.0-beta.2, v4.0.0-beta.1...
pre-releaseone month ago

[4.0.0-alpha.2] - 2025-11-05

Changed

  • Breaking: Require Python 3.13+ (upgrade from 3.11+ in alpha.1) to improve asyncio reliability
    and error clarity
  • TOP: Enhance interactive search with bulk subscription, rating number + color, and parent hierarchy enrichment
  • Improve startup reliability and remove event loop race conditions by simplifying async/sync bridge (lower memory)
  • Reduce CLI and diagnostics complexity through extensive refactors for more predictable behavior and lower
    maintenance risk
  • Improve logging robustness by guarding against writes to closed streams to prevent noisy teardown errors
  • Accept expected 400 "already requested" responses as successful diagnostics connectivity checks
  • Standardize test selection flags (--offline, --online-only) across CLI, docs, and workflows for clearer usage
  • Prefer local pyproject.toml version when displaying CLI version to give accurate development context
  • Establish performance baselines with benchmark suite to enable future regression detection
  • Increase code clarity and reliability by replacing magic numbers with named constants and
    enforcing low complexity thresholds
  • Streamline release workflow with validated version inputs and safer tag extraction for consistent releases
  • Improve Windows/macOS/Linux parity with cross-platform test matrix running under Python 3.13
  • Consolidate formatting and validation utilities for consistent, cleaner CLI tables and messages
  • Improve company rating workflow reliability by handling both sync and async tool results seamlessly
  • Improve contributor experience with clearer prompt and agent operation documentation
  • Stabilize CI by re-adding pinned action versions after evaluating removal impacts

Added

  • TOP: Add parent company enrichment and rating color details to interactive search results for richer risk context
  • Add property-based testing (Hypothesis) to detect edge cases automatically in rating and findings logic
  • Add performance benchmarks (pytest-benchmark) for critical paths to track regressions over time
  • Add complexity checking (mccabe) to enforce a maximum function complexity threshold and surface refactor candidates
  • Add dependency review, Scorecard, and Codecov workflows for safer dependencies and coverage transparency
  • Add agent operations and prompt documentation to standardize automated contribution workflows

Removed

  • TOP: Remove dry-run shortcuts from diagnostics so production selftests execute real API calls for authentic validation
  • Remove thousands of lines of duplicate and obsolete CLI/diagnostic helper code to lower memory usage and
    improve performance

Fixed

  • Fix configuration validation to compare enum values with equality instead of identity for
    reliable parameter source detection
  • Fix selftest failures by correcting tool parameter names and making mock context methods async
  • Fix interactive search 403 errors by creating required ephemeral subscriptions before fetching company details
  • Fix logging handler errors during teardown by safely ignoring closed stream writes
  • Fix background task handling to keep tasks alive during sync bridge tests preventing premature cancellation issues
  • Fix Windows path and whitespace normalization in CLI tests to avoid spurious failures across platforms
  • Fix version display fallback logic to show meaningful messages when local version metadata is unavailable
  • Fix release workflow to sanitize version inputs and prevent command injection via workflow dispatch values
  • Fix subscription tracking type (use set instead of dict) to correct ephemeral subscription handling

Security

  • Harden release workflow with strict version validation and sanitized tag extraction
  • Enforce least-privilege GitHub Actions permissions (contents: read) across workflows to reduce token scope
  • Add Dependency Review Action to block introduction of known vulnerable packages before merge
  • Add OpenSSF Scorecard supply-chain security analysis for continuous security posture monitoring
  • Maintain reproducible and verifiable CI by pinning critical GitHub actions versions for stability
  • Expand automated code scanning (CodeQL, SonarCloud) coverage for earlier vulnerability and quality issue detection
  • Fix residual security-related CI findings from alpha.1 release to strengthen baseline

Full Changelog: v4.0.0-alpha.1...v4.0.0-alpha.2

Check out latest releases or
releases around boecht/birre v4.0.0-alpha.2

Don't miss a new birre release

NewReleases is sending notifications on new releases.

Get notifications