diff --git a/.bumpversion.toml b/.bumpversion.toml index 8901fe2..6ddf71f 100644 --- a/.bumpversion.toml +++ b/.bumpversion.toml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 [tool.bumpversion] -current_version = "0.19.4" +current_version = "0.19.5" parse = "(?P\\d+)\\.(?P\\d+)\\.(?P\\d+)((?Pa|b|rc)(?P\\d+))?" serialize = [ "{major}.{minor}.{patch}{pre_l}{pre_n}", diff --git a/.github/ISSUE_TEMPLATE/security_vulnerability.yml b/.github/ISSUE_TEMPLATE/security_vulnerability.yml index a6157c8..bdeea74 100644 --- a/.github/ISSUE_TEMPLATE/security_vulnerability.yml +++ b/.github/ISSUE_TEMPLATE/security_vulnerability.yml @@ -29,7 +29,7 @@ body: attributes: label: Zenzic version description: Output of `zenzic --version` - placeholder: "0.19.4" + placeholder: "0.19.5" validations: required: true diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml index 9ab5f73..dab4b50 100644 --- a/.pre-commit-hooks.yaml +++ b/.pre-commit-hooks.yaml @@ -7,7 +7,7 @@ # # repos: # - repo: https://github.com/PythonWoods/zenzic -# rev: v0.19.4 +# rev: v0.19.5 # hooks: # - id: zenzic-verify # quality gate — corrisponde a `just verify` lato zenzic # - id: zenzic-guard # fast staged-file credential scan diff --git a/CHANGELOG.md b/CHANGELOG.md index 220e5a2..6d30633 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,13 @@ Versions follow [Semantic Versioning](https://semver.org/). ## [Unreleased] +## [0.19.5] - 2026-07-04 + +### Fixed + +- **Core (Validator):** Hardened the Polyglot Extractor by masking HTML and MD/MDX comments to ignore tags within comments, preventing false-positive diagnostics and aligning with Markdown link scanning. +- **Core (Validator):** Aligned code fence detection in the Polyglot Extractor with `SuppressionTracker` by ignoring closing fences with trailing characters (e.g. ```` ```extra ````), preventing premature code block closure. + ## [0.19.4] - 2026-07-04 ### Fixed diff --git a/CITATION.cff b/CITATION.cff index a865b0d..6da0ddb 100644 --- a/CITATION.cff +++ b/CITATION.cff @@ -15,7 +15,7 @@ abstract: >- performs deterministic static analysis using a two-pass reference pipeline and a RE2-backed credential scanner, with zero subprocess calls and full SARIF 2.1.0 support for CI/CD integration. -version: 0.19.4 +version: 0.19.5 date-released: 2026-07-04 url: "https://zenzic.dev" repository-code: "https://github.com/PythonWoods/zenzic" diff --git a/RELEASE.md b/RELEASE.md index 0c527b0..76d1d45 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -8,7 +8,7 @@ | Field | Value | | :------- | :--------- | -| Version | v0.19.4 | +| Version | v0.19.5 | | Codename | Magnetite | | Date | 2026-07-04 | | Status | Stable | @@ -21,7 +21,7 @@ Before tagging, every item must be green: - [ ] `zenzic lab all` — all 20 scenarios exit with expected code - [ ] `zenzic score --stamp` committed — badge in README.md reflects current score - [ ] `zenzic check all .` — zero findings in the repo root -- [ ] `pyproject.toml` version matches the tag (`0.19.4`) +- [ ] `pyproject.toml` version matches the tag (`0.19.5`) - [ ] `CITATION.cff` version and date updated - [ ] Parità bilingue Z602 verificata (docs vs i18n/it/) - [ ] `CHANGELOG.md` — `[Unreleased]` section moved to the new version heading @@ -55,11 +55,11 @@ git checkout main git pull origin main # 3. Tag the main branch and push -git tag v0.19.4 +git tag v0.19.5 git push origin main --tags ``` -- [ ] Create GitHub Release from the tag, using the `## [0.19.4]` CHANGELOG section as the release body. +- [ ] Create GitHub Release from the tag, using the `## [0.19.5]` CHANGELOG section as the release body. ## Changelog Reference diff --git a/mkdocs.yml b/mkdocs.yml index 563c79a..75bb493 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -199,7 +199,7 @@ extra: # ADR-037: No hardcoded SemVer in any .html or .md source. # CI pipeline passes the current version at build time, e.g.: # uv run mkdocs build --extra zenzic_version=0.14.1 - zenzic_version: "0.19.4" # release sync + zenzic_version: "0.19.5" # release sync social: - icon: fontawesome/brands/github link: https://github.com/PythonWoods/zenzic diff --git a/pyproject.toml b/pyproject.toml index 458d079..5d6e7a7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -13,7 +13,7 @@ build-backend = "hatchling.build" [project] name = "zenzic" -version = "0.19.4" +version = "0.19.5" description = "Engineering-grade, engine-agnostic static analyzer and credential scanner for Markdown documentation" readme = "README.md" requires-python = ">=3.10" diff --git a/src/zenzic/__init__.py b/src/zenzic/__init__.py index 3446963..f3a6ce4 100644 --- a/src/zenzic/__init__.py +++ b/src/zenzic/__init__.py @@ -2,5 +2,5 @@ # SPDX-License-Identifier: Apache-2.0 """Zenzic — engine-agnostic static analyzer and credential scanner for Markdown documentation.""" -__version__ = "0.19.4" +__version__ = "0.19.5" __version_name__ = "Basalt" # Release codename stored separately from the package version. diff --git a/src/zenzic/cli/_standalone.py b/src/zenzic/cli/_standalone.py index e26ffa7..0065479 100644 --- a/src/zenzic/cli/_standalone.py +++ b/src/zenzic/cli/_standalone.py @@ -1585,7 +1585,7 @@ def _scaffold_plugin(repo_root: Path, plugin_name: str, force: bool) -> None: description = "Custom Zenzic plugin rule package" readme = "README.md" requires-python = ">=3.11" -dependencies = ["zenzic>=0.19.4"] +dependencies = ["zenzic>=0.19.5"] [project.entry-points."zenzic.rules"] {project_slug} = "{module_name}.rules:{class_name}" diff --git a/uv.lock b/uv.lock index a27d8cd..19fd3b7 100644 --- a/uv.lock +++ b/uv.lock @@ -2465,7 +2465,7 @@ wheels = [ [[package]] name = "zenzic" -version = "0.19.4" +version = "0.19.5" source = { editable = "." } dependencies = [ { name = "google-re2" },