Skip to content

fix(sec): suppress CVE-2026-33845, bump to v0.1.6, track CLAUDE.md#186

Merged
longieirl merged 2 commits intomainfrom
fix/sec-cve-2026-33845
May 8, 2026
Merged

fix(sec): suppress CVE-2026-33845, bump to v0.1.6, track CLAUDE.md#186
longieirl merged 2 commits intomainfrom
fix/sec-cve-2026-33845

Conversation

@longieirl
Copy link
Copy Markdown
Owner

@longieirl longieirl commented May 8, 2026

Pull Request

Summary

  • Suppresses CVE-2026-33845 (libgnutls30t64) in .trivyignore — no Debian 13 fix available; DTLS code path unreachable in this PDF-processing app. Review date 2026-06-08.
  • Bumps version to 0.1.6.
  • Tracks CLAUDE.md as project documentation (removes from .gitignore); adds explicit rule that all changes must go via a PR branch, never pushed directly to main.

Closes #184.

Changes

  • .trivyignoreCVE-2026-33845 suppressed with full justification and review date
  • CHANGELOG.md[0.1.6] entry added
  • packages/parser-core/pyproject.toml — 0.1.5 → 0.1.6
  • packages/parser-core/src/bankstatements_core/__version__.py — 0.1.5 → 0.1.6
  • packages/parser-free/pyproject.toml — 0.1.5 → 0.1.6
  • .gitignoreCLAUDE.md unignored
  • CLAUDE.md — tracked for the first time; "never push to main" rule added

Type

  • Security
  • Documentation

Testing

  • Tests pass (coverage ≥ 91%)
  • Manually tested

Checklist

  • Code follows project style
  • Self-reviewed
  • Documentation updated (if needed)
  • No new warnings

Downstream impact

  • This PR changes a public interface in bankstatements_core (exported class, function, or exception)

longieirl added 2 commits May 8, 2026 10:21
@longieirl
Revert "fix(sec): suppress CVE-2026-33845, bump to v0.1.6, track CLAU…
dff46c3 
…DE.md (closes #184)"

This reverts commit 0282183.
@longieirl
fix(sec): suppress CVE-2026-33845, bump to v0.1.6, track CLAUDE.md (c…
ec21ac3 
…loses #184)

- Add CVE-2026-33845 (libgnutls30t64 GnuTLS DoS via DTLS zero-length fragment) to
  .trivyignore — no fixed version available in Debian 13; DTLS code path is unreachable
  in this PDF-processing application. Review date set to 2026-06-08.
- Bump version to 0.1.6 across all three version files.
- Remove CLAUDE.md from .gitignore and track it as project documentation; add explicit
  rule that all changes must go through a PR branch, never pushed directly to main.
@longieirl longieirl self-assigned this May 8, 2026
@github-actions github-actions Bot added bug Something isn't working documentation Improvements or additions to documentation labels May 8, 2026
@longieirl longieirl merged commit 0372115 into main May 8, 2026
2 checks passed
@longieirl longieirl deleted the fix/sec-cve-2026-33845 branch May 8, 2026 09:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@longieirl longieirl

Labels

bug Something isn't working documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🚨 Security Alert: 1 Critical Vulnerabilities Found

1 participant

@longieirl