Releases: pythonnz/pdfbaker
0.11.3
v0.11.3 (2025-10-19)
Bug Fixes
- Ignore tarfile symlink vulnerability in pip-audit (
01dad6b)
GHSA-4xh5-x5gv-qwph pypa/pip#13607
As we're not affected, this seems to be the most pragmatic approach for this curveball.
Continuous Integration
The current python action (as bumped by dependabot) seems to still be running pip 25.2 which pip-audit flagged for known vulnerability
Detailed Changes: 0.11.2...0.11.3
0.11.2
v0.11.2 (2025-10-19)
Bug Fixes
- Update pip/requests/urllib3 to fix known vulnerabilities (
9de1994)
Chores
Bumps actions/checkout from 4 to 5.
updated-dependencies:
- dependency-name: actions/checkout dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/upload-artifact from 4.6.1 to 4.6.2.
updated-dependencies:
- dependency-name: actions/upload-artifact dependency-version: 4.6.2
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps cairosvg from 2.7.1 to 2.8.2.
updated-dependencies:
- dependency-name: cairosvg dependency-version: 2.8.2
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ossf/scorecard-action from 2.4.1 to 2.4.3.
updated-dependencies:
- dependency-name: ossf/scorecard-action dependency-version: 2.4.3
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pydantic from 2.11.3 to 2.12.3.
updated-dependencies:
- dependency-name: pydantic dependency-version: 2.12.3
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps pypdf from 5.4.0 to 6.1.1.
updated-dependencies:
- dependency-name: pypdf dependency-version: 6.1.1
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps python-semantic-release/publish-action from 9.21.1 to 10.4.1.
updated-dependencies:
- dependency-name: python-semantic-release/publish-action dependency-version: 10.4.1
dependency-type: direct:production
update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps rich-click from 1.8.8 to 1.9.3.
updated-dependencies:
- dependency-name: rich-click dependency-version: 1.9.3
dependency-type: direct:production
update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ruamel-yaml from 0.18.10 to 0.18.15.
updated-dependencies:
- dependency-name: ruamel-yaml dependency-version: 0.18.15
dependency-type: direct:production
update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Detailed Changes: 0.11.1...0.11.2
0.11.1
v0.11.1 (2025-10-16)
Bug Fixes
- Remove comma to demo release (
036151b)
This is only for demonstration purposes. Marked as a fix to trigger a release.
Detailed Changes: 0.11.0...0.11.1
0.11.0
v0.11.0 (2025-05-23)
Bug Fixes
- Escape XKCD title and alt text (
8432a24)
Otherwise the SVG can be become invalid...
"Applying renormalization to bullies successfully transformed Pete & Pete's Endless Mike into Finite Mike." needs to be escaped to Pete & Pete's Endless Mike into Finite Mike.
Code Style
- Don't show location of build directory in a dry-run (
cd4c675)
It wouldn't have been created...
Documentation
-
Add "Usage" document, adjust README and overview, fix custom locations (
2c390da) -
Fix config file path in library example (same as in CLI example) (
6c3198a) -
Improve README (
8a22464) -
add what you get from using SVG+YAML
-
add how quickly you can get started
-
Move "Documentation" to be before "Examples"
Features
- Improve logging and console UI with rich formatting (
fcf16ed)
- Use rich and rich-click - colors, panels etc.
- Proper syntax highlighting for SVG and YAML
- Show directory tree after --create-from
- Don't repeat identical subprocess log messages, count them
Detailed Changes: 0.10.0...0.11.0
0.10.0
v0.10.0 (2025-05-18)
Code Style
- Remove
bakeaction (1aff43f)
This is technically a breaking change but only for invoking.
Documentation
- Add section on always quoting variables (
7c0d13e)
Just got caught out by that myself :)
-
Clarify that Jinja2 extensions to load are strings (
3a921eb) -
Link to official Jinja2 extensions (
264cb76) -
Update README.md to include windows specific instructions (#33,
ef2d2f6)
Features
- Add
--dry-run,--fail-if-exists, build in temp dir (70f956c)
Also prep --create-from (coming up)
- Don't fail just warn about undefined Jinja variables (
05cb2c1)
Stumbled over this when I used an existing template for --create-from. Maybe introduce a --fail-undefined-vars option later.
- Implement
--create-from(ec24465)
If used in conjunction with --dry-run, don't create any files. Otherwise, also process the new configs immediately.
Testing
This needs to work properly on Windows. Test to confirm relative and absolute paths lead to the same directories being used (maybe run all tests with both?)
Detailed Changes: 0.9.4...0.10.0
0.9.4
0.9.3
v0.9.3 (2025-05-10)
Bug Fixes
- Improved test suite, tests now also linted (
11e8bb8)
Reviewed all tests. Now 73 tests covering 91%.
Continuous Integration
- Delete Sigstore signing - PyPI already doing that (
1e4c7b6)
Only now I noticed the .publish.attestation files in the releases...
Documentation
- Add sigstore badge (
015fc47)
Detailed Changes: 0.9.2...0.9.3
0.9.2
v0.9.2 (2025-05-09)
Bug Fixes
- Disable sigstore signing while waiting on PyPI issue (
b850286)
pypa/gh-action-pypi-publish#357
Detailed Changes: 0.9.1...0.9.2
0.9.1
v0.9.1 (2025-05-09)
Bug Fixes
- Sign releases with Sigstore (
e6b0f62)
More of a ci: but I want to trigger a release to confirm
Documentation
-
Clarify that a page setting can override main or document (
9b0c40f) -
Fix default location of documents (
228df2c)
(same directory as config file, not another subdirectory)
-
Fix description - page overrides for page, not document (
b43718a) -
Improve configuration reference, add section on custom locations (
aeee114)
Detailed Changes: 0.9.0...0.9.1
0.9.0
v0.9.0 (2025-05-09)
Documentation
- Refactor documentation (
8efced6)
A first stab at making the documentation up-to-date and useful.
Features
- Up-to-date documentation (
1a6ba58)
Marking this as a feature to trigger a new release.
Detailed Changes: 0.8.14...0.9.0