github fabric-testbed/BastionKeyClient v1.9.0
v1.9.0 — Drop Authlib, modernize dependencies, automated PyPI publishing
on GitHub

5 hours ago

Highlights

  • Security: removed the vulnerable Authlib dependency (CVE-2026-27962, Dependabot alert #43).
  • Dependencies: slimmed requirements.txt to direct dependencies only, with refreshed minimum versions (requests>=2.32.0, urllib3>=2.0.7, filelock>=3.12.0, python-dotenv>=1.0.0, ansible>=9.0.0, ansible-runner>=2.4.0).
  • Python support: bumped python_requires to >=3.10 (drops 3.6–3.9). Ansible 9.0+ is now installed automatically as a dependency.
  • Packaging: PyPI page now renders the README as Markdown.
  • Release automation: added a GitHub Actions workflow that builds and publishes to PyPI on v* tag push using PyPI Trusted Publishing (OIDC, no API tokens).

Upgrade notes

  • Python 3.9 and earlier are no longer supported.
  • A separate pip install ansible is no longer required — installing bastion-key-client pulls Ansible 9.0+ in automatically.
  • No API or configuration changes; the .env parameters and CLI flags from 1.7.0 are unchanged.

Install

sudo pip3 install --upgrade bastion-key-client

Full changelog: v1.7.0...v1.9.0

Check out latest releases or
releases around fabric-testbed/BastionKeyClient v1.9.0

Don't miss a new BastionKeyClient release

NewReleases is sending notifications on new releases.

Get notifications