Merge pull request #123 from mailjet/release/1.5.0

Release 1.5.0

Author: skupriienko

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -33,7 +33,6 @@ body:
       label: Python Version
       description: What Python version are you using?
       options:
-        - '3.9'
         - '3.10'
         - '3.11'
         - '3.12'

.github/workflows/commit_checks.yaml

@@ -7,15 +7,18 @@ on:
       - main
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: '3.12'  # Specify a Python version explicitly
-      - uses: pre-commit/action@v3.0.1
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
 
   test:
     name: test py${{ matrix.python-version }} on ${{ matrix.os }}
@@ -27,15 +30,15 @@ jobs:
       fail-fast: false
       matrix:
         os: ["ubuntu-latest", "macos-latest", "windows-latest"]
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
     env:
       MJ_APIKEY_PUBLIC: ${{ secrets.MJ_APIKEY_PUBLIC }}
       MJ_APIKEY_PRIVATE: ${{ secrets.MJ_APIKEY_PRIVATE }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0  # Get full history with tags (required for setuptools-scm)
-      - uses: conda-incubator/setup-miniconda@v3
+      - uses: conda-incubator/setup-miniconda@835234971496cad1653abb28a638a281cf32541f # v3.2.0
         with:
           python-version: ${{ matrix.python-version }}
           channels: defaults

.github/workflows/issue-triage.yml

@@ -4,14 +4,17 @@ on:
   issues:
     types: [opened, labeled, unlabeled, reopened]
 
+permissions:
+  contents: read
+
 jobs:
   triage:
     runs-on: ubuntu-latest
     permissions:
       issues: write
     steps:
       - name: Initial triage
-        uses: actions/github-script@v6
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/pr_validation.yml

@@ -4,22 +4,25 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: '3.12'
 
       - name: Build package
         run: |
-          pip install --upgrade build setuptools wheel setuptools-scm
+          pip install --upgrade build setuptools setuptools-scm
           python -m build
 
       - name: Test installation

.github/workflows/publish.yml

@@ -7,6 +7,9 @@ on:
     types: [published]  # Triggers when a GitHub release is published
   workflow_dispatch:  # Manual trigger
 
+permissions:
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -15,17 +18,17 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: '3.12'
 
       - name: Install build tools
-        run: pip install --upgrade build setuptools wheel setuptools-scm twine
+        run: pip install --upgrade build setuptools setuptools-scm twine
 
       - name: Extract version
         id: get_version

.gitignore

@@ -234,3 +234,5 @@ dev/
 # pytest cache
 .pytest_cache/
 pytestdebug.log
+
+*/_version.py

.pre-commit-config.yaml

@@ -3,6 +3,8 @@
 #   pre-commit run --all-files
 # Update this file:
 #   pre-commit autoupdate
+default_language_version:
+  python: python3
 exclude: ^(.*/versioneer\.py|.*/_version\.py|.*/.*\.svg)
 
 ci:
@@ -111,7 +113,7 @@ repos:
     rev: v3.20.0
     hooks:
       - id: pyupgrade
-        args: [--py39-plus, --keep-runtime-typing]
+        args: [--py310-plus, --keep-runtime-typing]
 
   - repo: https://github.com/charliermarsh/ruff-pre-commit
     # Ruff version.
@@ -123,6 +125,13 @@ repos:
       # Run the formatter.
       - id: ruff-format
 
+  - repo: https://github.com/pycqa/pydocstyle
+    rev: 6.3.0
+    hooks:
+      - id: pydocstyle
+        args: [--select=D200,D213,D400,D415]
+        additional_dependencies: [tomli]
+
   -   repo: https://github.com/dosisod/refurb
       rev: v2.1.0
       hooks:
@@ -133,10 +142,9 @@ repos:
     rev: v1.16.1
     hooks:
     -   id: mypy
-        args:
-          [
-            --config-file=./pyproject.toml,
-          ]
+        args: [--config-file=./pyproject.toml]
+        additional_dependencies:
+          - types-requests
         exclude: ^samples/
 
   - repo: https://github.com/RobertCraigie/pyright-python

CHANGELOG.md

@@ -4,6 +4,39 @@ We [keep a changelog.](http://keepachangelog.com/)
 
 ## [Unreleased]
 
+## [1.5.0] - 2025-07-11
+
+### Added
+
+- Add class `TestCsvImpor` with a test suite for testing CSV import functionality to `test.py`
+- Add `types-requests` to `mypy`'s `additional_dependencies` in `pre-commit` hooks
+- Add `pydocstyle` pre-commit's hook
+- Add `*/_version.py` to `.gitignore`
+
+### Fixed
+
+- Fix a csvimport error 'List index (0) out of bounds': renamed `json_data` back to `data`. Corrected behavior broken since v1.4.0
+
+### Changed
+
+- Update pre-commit hooks to the latest versions
+- Breaking changes: drop support for Python 3.9
+- Import Callable from collections.abc
+- Improve a conda recipe
+- Update `README.md`
+
+### Security
+
+- Add the Security Policy file `SECURITY.md`
+- Use `permissions: contents: read` in all CI workflow files explicitly
+- Use commit hashes to ensure reproducible builds
+- Update pinning for runtime dependency `requests >=2.32.4`
+
+### Pull Requests Merged
+
+- [PR_120](https://github.com/mailjet/mailjet-apiv3-python/pull/120) - Fix a csvimport error 'List index (0) out of bounds'
+- [PR_123](https://github.com/mailjet/mailjet-apiv3-python/pull/123) - Release 1.5.0
+
 ## [1.4.0] - 2025-05-07
 
 ### Added
@@ -141,4 +174,5 @@ We [keep a changelog.](http://keepachangelog.com/)
 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
 
 [1.4.0]: https://github.com/mailjet/mailjet-apiv3-python/releases/tag/v1.4.0
-[unreleased]: https://github.com/mailjet/mailjet-apiv3-python/releases/tag/v1.4.0...HEAD
+[1.5.0]: https://github.com/mailjet/mailjet-apiv3-python/releases/tag/v1.5.0
+[unreleased]: https://github.com/mailjet/mailjet-apiv3-python/releases/tag/v1.5.0...HEAD

README.md

@@ -58,7 +58,7 @@ Check out all the resources and Python code examples in the official [Mailjet Do
 
 This library `mailjet_rest` officially supports the following Python versions:
 
-- Python >=3.9,\<3.14
+- Python >=3.10,\<3.14
 
 It's tested up to 3.13 (including).
 
@@ -70,7 +70,7 @@ To build the `mailjet_rest` package from the sources you need `setuptools` (as a
 
 ### Runtime dependencies
 
-At runtime the package requires only `requests >=2.32.3`.
+At runtime the package requires only `requests >=2.32.4`.
 
 ### Test dependencies
 
@@ -443,5 +443,5 @@ If you have suggestions on how to improve the guides, please submit an issue in
 - [@skupriienko](https://github.com/skupriienko)
 
 [api_credential]: https://app.mailjet.com/account/apikeys
-[doc]: http://dev.mailjet.com/guides/?python#
-[mailjet]: (http://www.mailjet.com/)
+[doc]: https://dev.mailjet.com/email/guides/?python#
+[mailjet]: (https://www.mailjet.com)

SECURITY.md

@@ -0,0 +1,82 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.4.x   | :white_check_mark: |
+| < 1.4.0 | :x:                |
+
+# Vulnerability Disclosure
+
+If you think you have found a potential security vulnerability in
+mailjet-rest, please open a [draft Security Advisory](https://github.com/mailjet/mailjet-apiv3-python/security/advisories/new)
+via GitHub. We will coordinate verification and next steps through
+that secure medium.
+
+If English is not your first language, please try to describe the
+problem and its impact to the best of your ability. For greater detail,
+please use your native language and we will try our best to translate it
+using online services.
+
+Please also include the code you used to find the problem and the
+shortest amount of code necessary to reproduce it.
+
+Please do not disclose this to anyone else. We will retrieve a CVE
+identifier if necessary and give you full credit under whatever name or
+alias you provide. We will only request an identifier when we have a fix
+and can publish it in a release.
+
+We will respect your privacy and will only publicize your involvement if
+you grant us permission.
+
+## Process
+
+This following information discusses the process the project
+follows in response to vulnerability disclosures. If you are disclosing
+a vulnerability, this section of the documentation lets you know how we
+will respond to your disclosure.
+
+### Timeline
+
+When you report an issue, one of the project members will respond to you
+within five days *at the outside*. In most cases responses will be
+faster, usually within 72 hours. This initial response will at the very
+least confirm receipt of the report.
+
+If we were able to rapidly reproduce the issue, the initial response
+will also contain confirmation of the issue. If we are not, we will
+often ask for more information about the reproduction scenario.
+
+Our goal is to have a fix for any vulnerability released within two
+weeks of the initial disclosure. This may potentially involve shipping
+an interim release that simply disables function while a more mature fix
+can be prepared, but will in the vast majority of cases mean shipping a
+complete release as soon as possible.
+
+Throughout the fix process we will keep you up to speed with how the fix
+is progressing. Once the fix is prepared, we will notify you that we
+believe we have a fix. Often we will ask you to confirm the fix resolves
+the problem in your environment, especially if we are not confident of
+our reproduction scenario.
+
+At this point, we will prepare for the release. We will obtain a CVE
+number if one is required, providing you with full credit for the
+discovery. We will also decide on a planned release date, and let you
+know when it is. This release date will *always* be on a weekday.
+
+At this point we will reach out to our major downstream packagers to
+notify them of an impending security-related patch so they can make
+arrangements. In addition, these packagers will be provided with the
+intended patch ahead of time, to ensure that they are able to promptly
+release their downstream packages.
+
+On release day, we will push the patch to our public repository, along
+with an updated changelog that describes the issue and credits you. We
+will then issue a PyPI release containing the patch.
+
+At this point, we will publicise the release.
+
+We will also explicitly mention which commits contain the fix to make it
+easier for other distributors and users to easily patch their own
+versions of mailjet-rest if upgrading is not an option.