Added
- Added
--insecureCLI option andinsecureconfiguration setting as clearer alternatives to--allow-self-signedandallow_self_signed. The new option explicitly communicates that SSL verification is completely disabled, making the connection vulnerable to man-in-the-middle attacks. - Added prominent warning messages when SSL verification is disabled (via either
--insecureor--allow-self-signed), explaining the security risks and recommending the secure alternative of using the system certificate trust store (available with Python >= 3.10).
Changed
- Removed Clear Linux from the OS package testing workflow as the project has been discontinued.
- Fixed Python version for PDM install in the build release workflow.
Deprecated
- The
--allow-self-signedCLI option andallow_self_signedconfiguration setting are now deprecated in favor of--insecureandinsecure. Deprecation warnings are displayed when these options are used, guiding users to the clearer alternative. Both options remain functional for backward compatibility and will be maintained for an extended deprecation period before removal.
Fixed
- Fixed crash when API returns scopes not yet recognized by py-gitguardian.
- Skip non-seekable files instead of crashing.
Security
- Improved clarity around SSL verification settings. The
--allow-self-signedoption name was misleading as it suggests certificate validation is still performed, when in reality all SSL verification is disabled. The new--insecureoption makes this behavior explicit. Both options remain functional for backward compatibility.