You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,8 +4,14 @@ We [keep a changelog.](http://keepachangelog.com/)
4
4
5
5
## [Unreleased]
6
6
7
+
### Security
8
+
9
+
- Prevented Path Traversal (CWE-22) vulnerabilities by enforcing strict URL encoding (urllib.parse.quote) on all dynamically injected path parameters (id and action_id).
10
+
- Prevented cleartext transmission (CWE-319) by enforcing strict api_url scheme validation (https) and hostname presence during Config initialization.
11
+
7
12
### Added
8
13
14
+
- Developer Experience (DX) Guardrails: The SDK now logs explicit warnings when encountering ambiguous routing configurations (e.g., using the singular `template` resource on Content API `v1`, or attempting to route the Send API outside of `v3`/`v3.1`).
9
15
- Content API `v1` real multipart upload support using `requests``files` kwarg.
10
16
- Content API v1 routes: pluralized `templates` and isolated `data/images` endpoints strictly mapping to official Mailjet architecture.
11
17
- Validated and added explicit test coverage for Issue #97, proving `TemplateLanguage` and `Variables` are correctly serialized by the SDK.
@@ -21,9 +27,11 @@ We [keep a changelog.](http://keepachangelog.com/)
21
27
-[BREAKING] Bumping to v2.0.0 due to cleanup of legacy methods, unused parameters, and unused exceptions to conform to modern Python developer experience standards. Developer workflows utilizing standard CRUD methods (create, get, update, delete) and returning standard HTTP Responses are **unaffected**.
- Refactored `Client` and `Config` using `@dataclass` and `requests.Session` for connection pooling to drastically improve performance on multiple sequential requests.
30
+
- Refactored `Endpoint._build_url` cyclomatic complexity by extracting `_build_csv_url` and `_check_dx_guardrails` into pure `@staticmethods` to satisfy strict static analysis (PLR6301, C901).
24
31
- Enforced absolute imports, strict type narrowing, and strict Google Style docstring validation across the codebase.
25
32
- Modernized the test suite by migrating from legacy `unittest` classes to `pytest` fixtures, refactoring assertions to the AAA (Arrange, Act, Assert) pattern, and achieving 94% core test coverage.
26
33
- Cleaned up local development environments (environment-dev.yaml) and pinned sub-dependencies for stable CI pipelines.
34
+
- Optimized CI pipeline execution speed by implementing native pip dependency caching (`cache: 'pip'`).
27
35
- Updated `pyproject.toml` and `Makefile` to reflect the new test directory structure.
28
36
- Updated `SECURITY.md` policy to reflect support exclusively for the `>= 2.0.x` active branch.
0 commit comments