Sourced from python-semantic-release/python-semantic-release's releases.

v10.0.0 (2025-05-25)

This release is published under the MIT License.

✨ Features

• cmd-version: Enable version_variables version stamp of vars with double-equals (PR#1244, 080e4bc)

• parser-conventional: Set parser to evaluate all squashed commits by default (6fcdc99)

• parser-conventional: Set parser to ignore merge commits by default (59bf084)

• parser-emoji: Set parser to evaluate all squashed commits by default (514a922)

• parser-emoji: Set parser to ignore merge commits by default (8a51525)

• parser-scipy: Set parser to evaluate all squashed commits by default (634fffe)

• parser-scipy: Set parser to ignore merge commits by default (d4f128e)

🪲 Bug Fixes

• changelog-md: Change to 1-line descriptions in markdown template (e7ac155)

• changelog-rst: Change to 1-line descriptions in the default ReStructuredText template (731466f)

• cli: Adjust verbosity parameter to enable silly-level logging (bd3e7bf)

• github-action: Resolve command injection vulnerability in action script (fb3da27)

• parser-conventional: Remove breaking change footer messages from commit descriptions (b271cbb)

• parser-conventional: Remove issue footer messages from commit descriptions (b1bb0e5)

• parser-conventional: Remove PR/MR references from commit subject line (eed63fa)

• parser-conventional: Remove release notice footer messages from commit descriptions (7e8dc13)

• parser-emoji: Remove issue footer messages from commit descriptions (b757603)

• parser-emoji: Remove PR/MR references from commit subject line (16465f1)

• parser-emoji: Remove release notice footer messages from commit descriptions (b6307cb)

• parser-scipy: Remove issue footer messages from commit descriptions (3cfee76)

• parser-scipy: Remove PR/MR references from commit subject line (da4140f)

• parser-scipy: Remove release notice footer messages from commit descriptions (58308e3)

... (truncated)

Sourced from python-semantic-release/python-semantic-release's changelog.

v10.0.0 (2025-05-25)

✨ Features

• cmd-version: Enable version_variables version stamp of vars with double-equals (PR#1244, 080e4bc)

• parser-conventional: Set parser to evaluate all squashed commits by default (6fcdc99_)

• parser-conventional: Set parser to ignore merge commits by default (59bf084_)

• parser-emoji: Set parser to evaluate all squashed commits by default (514a922_)

• parser-emoji: Set parser to ignore merge commits by default (8a51525_)

• parser-scipy: Set parser to evaluate all squashed commits by default (634fffe_)

• parser-scipy: Set parser to ignore merge commits by default (d4f128e_)

🪲 Bug Fixes

• changelog-md: Change to 1-line descriptions in markdown template, closes [#733](https://github.com/python-semantic-release/python-semantic-release/issues/733)_ (e7ac155_)

• changelog-rst: Change to 1-line descriptions in the default ReStructuredText template, closes [#733](https://github.com/python-semantic-release/python-semantic-release/issues/733)_ (731466f_)

• cli: Adjust verbosity parameter to enable silly-level logging (bd3e7bf_)

• github-action: Resolve command injection vulnerability in action script (fb3da27_)

• parser-conventional: Remove breaking change footer messages from commit descriptions (b271cbb_)

• parser-conventional: Remove issue footer messages from commit descriptions (b1bb0e5_)

• parser-conventional: Remove PR/MR references from commit subject line (eed63fa_)

• parser-conventional: Remove release notice footer messages from commit descriptions (7e8dc13_)

• parser-emoji: Remove issue footer messages from commit descriptions (b757603_)

• parser-emoji: Remove PR/MR references from commit subject line (16465f1_)

• parser-emoji: Remove release notice footer messages from commit descriptions (b6307cb_)

• parser-scipy: Remove issue footer messages from commit descriptions (3cfee76_)

... (truncated)

• 092ace2 10.0.0
• 7338fcf Revert "10.0.0"
• e06ee28 10.0.0
• bca5198 chore(scripts): update doc script for new doc file locations
• bd3e7bf fix(cli): adjust verbosity parameter to enable silly-level logging
• 8d7b4c0 test(cmd-version): update changelog test case for handling issue closure footers
• 58d4e7f test(fixtures): update repo fixtures to include at least one issue closure re...
• 4e52f4b docs: refactor documentation page navigation
• 4ea92ec docs(upgrading-v10): added migration guide for v9 to v10
• 8bed5bc docs(contributing): refactor contributing & contributors layout
• Additional commits viewable in compare view

Sourced from python-semantic-release/publish-action's releases.

v10.0.0 (2025-05-25)

Bug Fixes

• github-action: Resolve command injection vulnerability in action script (#56, 1863c50)

Build System

• deps: Bump python-semantic-release from 9.21.1 to 10.0.0 (#59, 155d667)

Breaking Changes

• github-action: The root_options action input parameter has been removed because it created a command injection vulnerability for arbitrary code to execute within the container context of the GitHub action if a command injection code was provided as part of the root_options parameter string. To eliminate the vulnerability, each relevant option that can be provided to semantic-release has been individually added as its own parameter and will be processed individually to prevent command injection. Please review our Github Actions Configuration page on the Python Semantic Release Documentation website to review the newly available configuration options that replace the root_options parameter.

Resolved Issues

• #55: bug: command injection through GH action inputs

---

Detailed Changes: v9.21.1...v10.0.0

• d62706c ci(release): update python-semantic-release action params after upgrade
• b0deb1f chore(config): change "angular" to "conventional" in semantic-release parse...
• 791cf60 ci(deps): bump python-semantic-release@v9.21.1 action to v10.0.0 (#58)
• 155d667 build(deps): bump python-semantic-release from 9.21.1 to 10.0.0 (#59)
• 1863c50 fix(github-action)!: resolve command injection vulnerability in action script...
• 799ce25 ci(deps): bump docker/build-push-action@v6.16.0 action to v6.17.0 (#57)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions