Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .release-please-manifest.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
".": "0.2.49",
"packages/modelaudit-picklescan": "0.1.8"
".": "0.2.50",
"packages/modelaudit-picklescan": "0.1.9"
}
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.2.50](https://github.com/promptfoo/modelaudit/compare/v0.2.49...v0.2.50) (2026-07-11)

### Bug Fixes

- **cache:** reuse stat without breaking public overrides ([#1732](https://github.com/promptfoo/modelaudit/issues/1732)) ([39cd664](https://github.com/promptfoo/modelaudit/commit/39cd664e3093eaf6e6b8e02ae78f4dd8c8174e3d))
- **cli:** handle startup interrupts gracefully ([#1723](https://github.com/promptfoo/modelaudit/issues/1723)) ([839c7cf](https://github.com/promptfoo/modelaudit/commit/839c7cfc501b147af30bdd284e2e3612410f6f0b))
- deep-merge partial auth config updates ([#1721](https://github.com/promptfoo/modelaudit/issues/1721)) ([8f33995](https://github.com/promptfoo/modelaudit/commit/8f3399506f8104135ed06effc34f490a68e1df7e))
- **deps:** update NumPy to 2.5 on Python 3.12+ ([#1706](https://github.com/promptfoo/modelaudit/issues/1706)) ([eeba9b8](https://github.com/promptfoo/modelaudit/commit/eeba9b84db3b1e1e257892f6a0ccaf1bd5530dce))
- **hashing:** adapt reads near scan deadlines ([#1734](https://github.com/promptfoo/modelaudit/issues/1734)) ([f23e1c0](https://github.com/promptfoo/modelaudit/commit/f23e1c030d4bdf24eb4052a0af0db8ff322ac7d1))
- **picklescan:** preserve POSIX ctime checks ([#1719](https://github.com/promptfoo/modelaudit/issues/1719)) ([cbde525](https://github.com/promptfoo/modelaudit/commit/cbde5250755288d783467420990bd9c5c15e4631))
- restore cross-platform nightly CI safety ([#1704](https://github.com/promptfoo/modelaudit/issues/1704)) ([9df81da](https://github.com/promptfoo/modelaudit/commit/9df81dab9aed308024b814afddb617eee6ab3b1a))

## [Unreleased]

### Bug Fixes
Expand Down
7 changes: 7 additions & 0 deletions packages/modelaudit-picklescan/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@ All notable changes to `modelaudit-picklescan` will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this package adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.1.9](https://github.com/promptfoo/modelaudit/compare/modelaudit-picklescan-v0.1.8...modelaudit-picklescan-v0.1.9) (2026-07-11)

### Bug Fixes

- **picklescan:** preserve POSIX ctime checks ([#1719](https://github.com/promptfoo/modelaudit/issues/1719)) ([cbde525](https://github.com/promptfoo/modelaudit/commit/cbde5250755288d783467420990bd9c5c15e4631))
- restore cross-platform nightly CI safety ([#1704](https://github.com/promptfoo/modelaudit/issues/1704)) ([9df81da](https://github.com/promptfoo/modelaudit/commit/9df81dab9aed308024b814afddb617eee6ab3b1a))

## [0.1.8](https://github.com/promptfoo/modelaudit/compare/modelaudit-picklescan-v0.1.7...modelaudit-picklescan-v0.1.8) (2026-06-25)

### Bug Fixes
Expand Down
2 changes: 1 addition & 1 deletion packages/modelaudit-picklescan/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "modelaudit-picklescan-rust"
version = "0.1.8" # x-release-please-version
version = "0.1.9" # x-release-please-version

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Refresh Cargo.lock with the crate version bump

This release bump changes the Rust crate to 0.1.9, but packages/modelaudit-picklescan/Cargo.lock still records modelaudit-picklescan-rust as 0.1.7. On a clean checkout, Cargo treats that as a lockfile update; cargo check --help documents --locked as asserting the lock file remains unchanged, and the picklescan MSRV check in .github/workflows/test.yml:1003-1006 uses --locked. Please regenerate Cargo.lock with the version bump so locked builds and the committed release metadata agree.

Useful? React with 👍 / 👎.

edition = "2021"
rust-version = "1.83"
description = "Native pickle security scanner engine for modelaudit-picklescan"
Expand Down
2 changes: 1 addition & 1 deletion packages/modelaudit-picklescan/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "maturin"

[project]
name = "modelaudit-picklescan"
version = "0.1.8" # x-release-please-version
version = "0.1.9" # x-release-please-version
description = "Standalone pickle security scanner extracted from ModelAudit"
authors = [
{ name = "Ian Webster", email = "ian@promptfoo.dev" },
Expand Down
2 changes: 1 addition & 1 deletion packages/modelaudit-picklescan/uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "hatchling.build"

[project]
name = "modelaudit"
version = "0.2.49"
version = "0.2.50"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep uv.lock in sync with the released version

This release bump updates pyproject.toml to 0.2.50, but the committed lock file still has the root modelaudit package block at version = "0.2.49" in uv.lock. On this release/dependency path, the CI lock-consistency job runs uv lock --check, and any --locked install/metadata consumer will see the previous package version from the lock, so the release commit should include the uv lock update alongside this version change.

Useful? React with 👍 / 👎.

description = "Static scanning library for detecting malicious code, potential backdoor indicators, and other security risks in ML model files"
authors = [
{ name = "Ian Webster", email = "ian@promptfoo.dev" },
Expand Down
128 changes: 64 additions & 64 deletions uv.lock

Large diffs are not rendered by default.