Release/prepare 7.0.0

.github/actions/security-issues/action.yml

@@ -39,7 +39,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==6.4.0
+        pip install exasol-toolbox==7.0.0
 
     - name: Create Security Issue Report
       shell: bash

doc/changes/changes_7.0.0.md

@@ -0,0 +1,33 @@
+# 7.0.0 - 2026-04-29
+
+## Summary
+
+In this major release, support for the `version.py`file has been removed. Users should:
+
+- delete the `version.py` file
+- add in their project's `__init__.py` module
+
+    ```python
+    from importlib.metadata import version
+    __version__ = version("<package_name>")
+    ```
+This is required for the nox session `docs:multiversion` to successfully complete,
+and it is a Python standard for users to check in the terminal which version they are
+using.
+
+The underlying code for the nox sessions `vulnerabilities:resolved` and
+`release:prepare` have been modified so that all dependencies (`main`, in `groups`,
+and in `optional groups`) are considered for the vulnerability report. Additionally,
+we only consider a vulnerability resolved if `pip-audit` includes `fix_versions`
+for the dependency. Previously, these nox sessions only reported the dependencies
+of `main` and the transitive dependencies of `main`.
+
+## Feature
+
+* #803: Included other dependencies for local `pip-audit` check
+
+## Refactoring
+
+* #800: Removed tbx security pretty-print, tbx lint pretty-print, and creation of .lint.txt, as superseded by Sonar and .lint.json usage
+* #791: Resolved Sonar concerns: accepted specific `subprocess` import usage, `subprocess` commands, & improved minor maintainability items
+* #629: Replace `version.py` with version from the `__init__.py`

doc/changes/unreleased.md

@@ -1,25 +1,3 @@
 # Unreleased
 
 ## Summary
-
-In this major release, support for the `version.py`file has been removed. Users should:
-- delete the `version.py` file
-- add in their project's `__init__.py` module
-
-    ```python
-    from importlib.metadata import version
-    __version__ = version("<package_name>")
-    ```
-This is required for the nox session `docs:multiversion` to successfully complete,
-and it is a Python standard for users to check in the terminal which version they are
-using.
-
-## Feature
-
-* #803: Included other dependencies for local `pip-audit` check
-
-## Refactoring
-
-* #800: Removed tbx security pretty-print, tbx lint pretty-print, and creation of .lint.txt, as superseded by Sonar and .lint.json usage
-* #791: Resolved Sonar concerns: accepted specific `subprocess` import usage, `subprocess` commands, & improved minor maintainability items
-* #629: Replace `version.py` with version from the `__init__.py`

exasol/toolbox/templates/github/workflows/build-and-publish.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/check-release-tag.yml

@@ -17,7 +17,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/checks.yml

@@ -16,7 +16,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"
@@ -42,7 +42,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"
@@ -67,7 +67,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: ${{ matrix.python-versions }}
           poetry-version: "(( dependency_manager_version ))"
@@ -102,7 +102,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: ${{ matrix.python-versions }}
           poetry-version: "(( dependency_manager_version ))"
@@ -128,7 +128,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: ${{ matrix.python-versions }}
           poetry-version: "(( dependency_manager_version ))"
@@ -157,7 +157,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"
@@ -179,7 +179,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"
@@ -205,7 +205,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: ${{ matrix.python-versions }}
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/gh-pages.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/matrix-all.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/matrix-exasol.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/matrix-python.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/report.yml

@@ -20,7 +20,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: "(( minimum_python_version ))"
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/templates/github/workflows/slow-checks.yml

@@ -29,7 +29,7 @@ jobs:
 
       - name: Set up Python & Poetry Environment
         id: set-up-python-and-poetry-environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@v6
+        uses: exasol/python-toolbox/.github/actions/python-environment@v7
         with:
           python-version: ${{ matrix.python-version }}
           poetry-version: "(( dependency_manager_version ))"

exasol/toolbox/util/dependencies/track_vulnerabilities.py

@@ -56,7 +56,9 @@ def resolved_vulnerabilities(self) -> list[Vulnerability]:
         """
         matcher = VulnerabilityMatcher(self.current_vulnerabilities)
         return [
-            vuln for vuln in self.previous_vulnerabilities if matcher.is_resolved(vuln)
+            vuln
+            for vuln in self.previous_vulnerabilities
+            if vuln.fix_versions and matcher.is_resolved(vuln)
         ]
 
     def report_resolved_vulnerabilities(self) -> str:

project-template/cookiecutter.json

@@ -9,7 +9,7 @@
   "author_email": "opensource@exasol.com",
   "project_short_tag": "",
   "python_version_min": "3.10",
-  "exasol_toolbox_version_range": ">=6.4.0,<7",
+  "exasol_toolbox_version_range": ">=7.0.0,<8",
   "license_year": "{% now 'utc', '%Y' %}",
   "__repo_name_slug": "{{cookiecutter.package_name}}",
   "__package_name_slug": "{{cookiecutter.package_name}}",

test/unit/util/dependencies/track_vulnerabilities_test.py

@@ -117,3 +117,17 @@ def test_resolved_vulnerability(self, sample_vulnerability):
             current_vulnerabilities=[],
         )
         assert audit.resolved_vulnerabilities == [sample_vulnerability.vulnerability]
+
+    def test_vulnerability_without_fix_version_is_not_reported_as_resolved(
+        self, sample_vulnerability
+    ):
+        vuln = sample_vulnerability.vulnerability.model_copy(
+            update={"fix_versions": []}
+        )
+        audit = DependenciesAudit(
+            previous_vulnerabilities=[vuln],
+            current_vulnerabilities=[],
+        )
+
+        assert audit.resolved_vulnerabilities == []
+        assert audit.report_resolved_vulnerabilities() == ""