You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+13-1Lines changed: 13 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,11 +5,13 @@ All notable changes to this project will be documented in this file.
5
5
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
6
6
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
7
7
8
-
9
8
## [Unreleased]
10
9
10
+
## [1.19.0] - 2026-06-11
11
+
11
12
### Added
12
13
14
+
- Added a Docker credential helper for Cloudsmith registries. `cloudsmith credential-helper install docker` installs a `docker-credential-cloudsmith` launcher binary and registers it in `~/.docker/config.json`, so Docker authenticates to Cloudsmith registries automatically using your existing CLI credentials — no manual `docker login` required. Custom Cloudsmith registry domains are discovered via the API and cached locally; add extra hostnames with `--domain` (repeatable), disable discovery with `--no-discover`, or preview changes with `--dry-run`. Manage installed helpers with `cloudsmith credential-helper uninstall docker` and `cloudsmith credential-helper list`.
13
15
- Added Bitbucket Pipelines to OIDC credential auto-discovery. When a pipeline step sets `oidc: true`, the CLI reads the OIDC token from the `BITBUCKET_STEP_OIDC_TOKEN` environment variable and exchanges it for a Cloudsmith access token. Works out of the box with no extra dependencies.
14
16
- Added CircleCI to OIDC credential auto-discovery. When running in CircleCI, the CLI reads the OIDC token from the `CIRCLE_OIDC_TOKEN_V2` (preferred) or `CIRCLE_OIDC_TOKEN` environment variable and exchanges it for a Cloudsmith access token. Works out of the box with no extra dependencies.
15
17
- Added Azure DevOps to OIDC credential auto-discovery. When running in an Azure DevOps pipeline, the CLI fetches an OIDC token from the `SYSTEM_OIDCREQUESTURI` endpoint using the pipeline's `SYSTEM_ACCESSTOKEN` and exchanges it for a Cloudsmith access token. Works out of the box with no extra dependencies.
@@ -18,6 +20,16 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
18
20
- Added GitLab CI to OIDC credential auto-discovery. When running in GitLab CI/CD, the CLI reads the OIDC token from the `CLOUDSMITH_OIDC_TOKEN` environment variable (configured via `id_tokens` in `.gitlab-ci.yml`) and exchanges it for a Cloudsmith access token. Works out of the box with no extra dependencies.
19
21
- Added controls for OIDC detector selection. Set `CLOUDSMITH_OIDC_<DETECTOR>_DISABLED=true` to skip a specific detector (only the literal `true` disables), or use `--oidc-detector-order` (env var `CLOUDSMITH_OIDC_DETECTOR_ORDER`) with a comma-separated list of detector ids to override which detectors are considered and the order they are tried in. When both are set, disable flags take precedence over the order list. Both controls can also be set in `config.ini` via the `oidc_detector_order` and `oidc_disabled_detectors` keys (the latter additive with the `*_DISABLED` env vars). Unknown ids in the order, or controls that leave no detector enabled, are surfaced as a warning. Detector ids: `aws`, `azure_devops`, `bitbucket`, `circleci`, `generic`, `github`, `gitlab`.
20
22
23
+
### Fixed
24
+
25
+
- The official Docker image now runs as a dedicated non-root `cloudsmith` user (uid 1000) instead of root.
26
+
- The PyJWT dependency now declares the `crypto` extra (`PyJWT[crypto]`), fixing zipapp (`.pyz`) builds that previously shipped without cryptography wheels and failed at startup on macOS.
27
+
28
+
### Security
29
+
30
+
- Upgraded vulnerable dependencies — `mcp` 1.9.1 → 1.27.2 plus transitive upgrades (`urllib3`, `requests`, `starlette`, `python-multipart`, `python-dotenv`, `idna`, `pygments`, `pytest`) — resolving all open Dependabot alerts.
0 commit comments