jd/rosbackup-packagemini
1
0
Fork 0
Code Issues Pull requests Projects Releases 6 Packages Wiki Activity Actions
6 releases 7 tags
  • v0.2.4 e9c42f51f1

    v0.2.4
    All checks were successful
    release / release (push) Successful in 17s
    Details
    Stable

    Ghost released this 2026-06-20 15:33:17 +00:00 | 14 commits to main since this release

    Supersedes 0.2.3 (whose release did not publish due to the workflow bug below). Carries the full
    supply-chain pinning from 0.2.3 plus the fix.

    Security

    • Supply-chain pinning. Base images by @sha256 digest (python:3.12-slim, caddy:2,
      caddy:2-builder, alpine:3); Caddy v2.11.4 + xcaddy modules caddy-dns/desec@v1.1.0 and
      mholt/caddy-ratelimit@v0.1.0; Python deps exact + pip --require-hashes; the caddy image for
      hash-password; lazydocker v0.25.2 with SHA-256 verification; release-workflow image + deps.
      See DESIGN.md → Supply chain.

    Fixed

    • Release workflow: the hashed requirements-dev.txt was missing pytest 9's pygments
      dependency, so pip --require-hashes failed in CI; added pygments==2.20.0. Verified in a clean venv.
    Downloads