Invalid escape sequence (#1973, 3c37da1)
Revise workflow based on AI; keep previous try for comparison (#1968, e77ed6c)
Sign releases (#1968, e77ed6c)
Snyk-test (#1972, e033694)
deps: Bump actions/checkout from 5.0.0 to 6.0.0 (#1987, dcf5b70)
deps: Bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#1988, ce25118)
deps: Bump actions/download-artifact from 5.0.0 to 6.0.0 (#1962, 984043d)
deps: Bump actions/setup-python from 6.0.0 to 6.1.0 (#1992, 452013e)
deps: Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#1963, a43e783)
deps: Bump datamodel-code-generator[http] from 0.35.0 to 0.36.0 (#1993, 001341c)
deps: Bump github/codeql-action from 4.30.9 to 4.31.2 (#1969, 2f41780)
deps: Bump github/codeql-action from 4.31.2 to 4.31.5 (#1991, d29467c)
deps: Bump python-semantic-release/python-semantic-release (#1985, cfd47d6)
deps: Bump python-semantic-release/python-semantic-release (#1979, e2eb368)
deps: Update cmarkgfm requirement (#1965, 62b01e1)

Features

Max python version increase from 3.11 to 3.12 (#1976, 9866a61)
Python 12 (#1976, 9866a61)

Detailed Changes: v3.9.3...v3.10.0

Assets 2

23 Oct 13:50

oscal-compass-bot

v3.9.3

0e88f89

v3.9.3

v3.9.3 (2025-10-23)

This release is published under the Apache-2.0 License.

Bug Fixes

Changelog (#1945, 3bb09e0)
CHANGELOG.md semantic-verioning (#1945, 3bb09e0)
Cli.md not strictly json (#1947, 7c781d7)
Md format (#1947, 7c781d7)
Openssf scorecard report token-permissions 0 (#1935, f77beac)
Openssf scorecard report token-permissions 0/10 (#1935, f77beac)
Sonar complaints (#1947, 7c781d7)
Trestle_author.md yml-ish (#1947, 7c781d7)
Update README with link to end-to-end demo (#1947, 7c781d7)
Valid json (#1947, 7c781d7)
What is going on with mdformat? (#1947, 7c781d7)
deps: Bump actions/cache from 4.2.4 to 4.3.0 (#1943, 6e78c2a)
deps: Bump actions/create-github-app-token from 2.1.1 to 2.1.4 (#1937, 5aab873)
deps: Bump actions/setup-python from 5.6.0 to 6.0.0 (#1938, 7536c09)
deps: Bump actions/stale from 10.0.0 to 10.1.0 (#1952, 04c9423)
deps: Bump datamodel-code-generator[http] from 0.33.0 to 0.34.0 (#1942, 4fa737e)
deps: Bump datamodel-code-generator[http] from 0.34.0 to 0.35.0 (#1954, 906481f)
deps: Bump github/codeql-action from 3.30.1 to 3.30.5 (#1944, 68bc246)
deps: Bump github/codeql-action from 3.30.5 to 3.30.6 (#1950, b8e4d54)
deps: Bump github/codeql-action from 3.30.6 to 4.30.8 (#1955, c9269df)
deps: Bump github/codeql-action from 4.30.8 to 4.30.9 (#1957, 8e0ed3b)
deps: Bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#1951, 84500bc)
deps: Bump python-semantic-release/python-semantic-release (#1939, ee4a006)

Detailed Changes: v3.9.2...v3.9.3

Assets 6

10 Sep 18:23

oscal-compass-bot

v3.9.2

05ef397

v3.9.2

v3.9.2 (2025-09-10)

This release is published under the Apache-2.0 License.

Bug Fixes

Add comment (#1756, 929ee37)
Add newline to workflow file (#1878, 82bc3bb)
Bad part name/id when generate/assemble markdown (#1928, 428d880)
Do not continue on error in synk scan job (#1878, 82bc3bb)
Removes unnecessary line (#1878, 82bc3bb)
Unit test execution in PyCharm (#1756, 929ee37)
Unit test execution in PyCharm (#1755) (#1756, 929ee37)
Update new tests for cwd (#1756, 929ee37)
deps: Bump actions/cache from 4.2.3 to 4.2.4 (#1930, 719eb72)
deps: Bump actions/cache from 4.2.3 to 4.2.4 (#1927, 4470d53)
deps: Bump actions/checkout from 4.2.2 to 5.0.0 (#1932, 3fb4ccc)
deps: Bump actions/checkout from 4.2.2 to 5.0.0 (#1923, 98bd38f)
deps: Bump actions/create-github-app-token from 1.12.0 to 2.1.1 (#1915, 7211962)
deps: Bump actions/download-artifact from 4.2.1 to 5.0.0 (#1911, 9acb8e9)
deps: Bump actions/stale from 9.1.0 to 10.0.0 (#1931, 2a048f2)
deps: Bump cryptography from 44.0.2 to 45.0.6 (#1910, 9cec58e)
deps: Bump cryptography from 45.0.6 to 45.0.7 (#1924, 2a09b91)
deps: Bump datamodel-code-generator[http] from 0.25.3 to 0.33.0 (#1918, b655f46)
deps: Bump github/codeql-action from 3.28.13 to 3.29.11 (#1916, 3950083)
deps: Bump github/codeql-action from 3.29.11 to 3.30.1 (#1933, 5a9e53d)
deps: Bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1925, 9d7c5ce)
deps: Bump paramiko from 3.5.0 to 4.0.0 (#1909, a9bfc17)
deps: Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#1929, adb68ef)
deps: Bump python-semantic-release/python-semantic-release (#1912, 94826da)
deps: Bump SonarSource/sonarcloud-github-action (#1926, 3d6eddb)
deps: Bump SonarSource/sonarcloud-github-action (#1884, 823bf68)
deps: Bump urllib3 from 1.26.19 to 2.5.0 (#1897, 2fe4fb6)

Chores

Add .synk file with pending license exceptions (#1878, 82bc3bb)
Add slash at the end of fedramp link (#1878, 82bc3bb)
Revert docs change (#1878, 82bc3bb)
Update .snyk to correct paramiko license (#1878, 82bc3bb)
Update .snyk to include pending exception (#1878, 82bc3bb)

Continuous Integration

Add snyk license scanning to PR CI workflow (#1878, 82bc3bb)

Documentation

Update FedRAMP doc templates link (#1878, 82bc3bb)

Detailed Changes: v3.9.1...v3.9.2

Assets 6

07 Jul 12:34

oscal-compass-bot

v3.9.1

764d400

v3.9.1

v3.9.1 (2025-07-07)

Build

build(deps): bump actions/setup-python from 5.5.0 to 5.6.0 (#1865)

Bumps actions/setup-python from 5.5.0 to 5.6.0.

updated-dependencies:

dependency-name: actions/setup-python
dependency-version: 5.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (c79f7bc)

build(deps): update cmarkgfm requirement (#1757)

Updates the requirements on cmarkgfm to permit the latest version.

updated-dependencies:

dependency-name: cmarkgfm
dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jennifer Power <[email protected]> (e1430c0)

Chore

chore: Merge back version tags and changelog into develop. (03c5beb)

Ci

ci: updates for failing CI jobs (#1886)
docs: updates python-semantic-release link in guide

Signed-off-by: Jennifer Power <[email protected]>

fix: updates ignore comments for mypy version 1.16.0

Signed-off-by: Jennifer Power <[email protected]>

Signed-off-by: Jennifer Power <[email protected]> (c96da54)

Documentation

docs: fixes markdown formatting in docs (#1893)

Signed-off-by: Jennifer Power <[email protected]> (df4091c)

Fix

fix: removes reviewers from dependabot configuration (#1894)

The field is no longer supported. CODEOWNERS will be used.

Signed-off-by: Jennifer Power <[email protected]> (ba41c68)

fix: prefix dependabot messages with fix (#1872)

Fixes #1788

Signed-off-by: d10n <[email protected]>
Co-authored-by: Jennifer Power <[email protected]> (357f8ca)

fix: website documentation for using mike (#1817)
fix: website documentation for using mike

Signed-off-by: Chris Butler <[email protected]>

fix: typofix in website.md

Signed-off-by: Jennifer Power <[email protected]>

Signed-off-by: Chris Butler <[email protected]>
Signed-off-by: Jennifer Power <[email protected]>
Co-authored-by: Jennifer Power <[email protected]> (9d9ff68)

Unknown

Merge pull request #1899 from oscal-compass/develop

chore: Trestle release 3.9.1 (dc59ed5)

Assets 6

30 Apr 13:44

oscal-compass-bot

v3.9.0

74bbae0

v3.9.0

v3.9.0 (2025-04-30)

Build

build(deps): bump cryptography from 43.0.3 to 44.0.2 (#1830)

Bumps cryptography from 43.0.3 to 44.0.2.

updated-dependencies:

dependency-name: cryptography
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (61c0b95)

build(deps): bump actions/stale from 9.0.0 to 9.1.0 (#1804)

Bumps actions/stale from 9.0.0 to 9.1.0.

updated-dependencies:

dependency-name: actions/stale
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b7b5656)

Chore

chore: Merge back version tags and changelog into develop. (c578be8)

Ci

ci: adds actionlint workflow (#1771)
ci: adds an actionlint workflow

Signed-off-by: Jennifer Power <[email protected]>

docs: adds steps for testing GH Actions in PR template

The steps are commented and can be uncommeted when changes
are to GitHub Actions workflows

Signed-off-by: Jennifer Power <[email protected]>

style: adds newline at the end of new files

Signed-off-by: Jennifer Power <[email protected]>

chore(deps): updates action image version to latest

Signed-off-by: Jennifer Power <[email protected]>

Signed-off-by: Jennifer Power <[email protected]> (95d5f71)

Documentation

docs: updates security insights location and content (#1840)
docs: updates security insights location and content

Signed-off-by: Jennifer Power <[email protected]>

docs: fixes license expression of security insights

Signed-off-by: Jennifer Power <[email protected]>

Signed-off-by: Jennifer Power <[email protected]> (87c4f80)

Feature

feat: move dependencies from setup.cfg to pyproject.toml (#1859)
feat: add content to pyproject.toml for parity with setup.cfg

Signed-off-by: George Vauter <[email protected]>

remove project metadata and deps from setup.cfg

Signed-off-by: George Vauter <[email protected]>

fix: replace deprecated license metadata

Signed-off-by: George Vauter <[email protected]>

fix: remove experimental distutils section from pyproject

Signed-off-by: George Vauter <[email protected]>

Signed-off-by: George Vauter <[email protected]> (2779edf)

Fix

fix: add the score card workflow and badge (#1854)

Signed-off-by: thealberto <[email protected]>
Co-authored-by: Jennifer Power <[email protected]> (7ec8006)

fix: OSCAL Property must have value field (#1839)

Signed-off-by: Lou DeGenaro <[email protected]> (b243c4a)

Unknown

Merge pull request #1863 from oscal-compass/develop

chore: Trestle Release (ae6d100)

[StepSecurity] ci: Harden GitHub Actions (#1853)

Signed-off-by: StepSecurity Bot <[email protected]>
Co-authored-by: StepSecurity Bot <[email protected]>
Co-authored-by: Jennifer Power <[email protected]> (5bdcd51)

Assets 6

25 Mar 17:37

oscal-compass-bot

v3.8.1

c4a742b

v3.8.1

v3.8.1 (2025-03-25)

Build

build(deps): bump jinja2 from 3.1.4 to 3.1.6 (#1832)

Bumps jinja2 from 3.1.4 to 3.1.6.

updated-dependencies:

dependency-name: jinja2
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (b643059)

Chore

chore: Merge back version tags and changelog into develop. (e4f3a22)

Documentation

docs: add OpenSSF Security Insights file (#1831)
docs: adds initial ossf security insights file

Signed-off-by: Jennifer Power <[email protected]>

fix: typo in maintainer name

Signed-off-by: Jennifer Power <[email protected]>

Signed-off-by: Jennifer Power <[email protected]> (de52d29)

Fix

fix: don't skip main component when creating SSP with author jinja (#1834)
Don't skip main component in ssp_io.get_control_response

Signed-off-by: Ryan Ahearn <[email protected]>

Include all responses in get_control_response

Signed-off-by: Ryan Ahearn <[email protected]>

Signed-off-by: Ryan Ahearn <[email protected]> (0520515)

fix: updates mkdocs.yml to ignore anchors on relative paths (#1828)

Signed-off-by: Jennifer Power <[email protected]> (0a6eb71)

Unknown

Merge pull request #1837 from oscal-compass/develop

chore: trestle patch release (8f6bd29)

Assets 6

Releases: oscal-compass/compliance-trestle

v3.10.4

v3.10.4 (2025-12-02)

Bug Fixes

Uh oh!

v3.10.3

v3.10.3 (2025-12-02)

Bug Fixes

Uh oh!

v3.10.2

v3.10.2 (2025-12-02)

Bug Fixes

Uh oh!

v3.10.1

v3.10.1 (2025-12-01)

Bug Fixes

Uh oh!

v3.10.0

v3.10.0 (2025-12-01)

Bug Fixes

Features

Uh oh!

v3.9.3

v3.9.3 (2025-10-23)

Bug Fixes

Uh oh!

v3.9.2

v3.9.2 (2025-09-10)

Bug Fixes

Chores

Continuous Integration

Documentation

Uh oh!

v3.9.1

v3.9.1 (2025-07-07)

Build

Chore

Ci

Documentation

Fix

Unknown

Uh oh!

v3.9.0

v3.9.0 (2025-04-30)

Build

Chore

Ci

Documentation

Feature

Fix

Unknown

Uh oh!

v3.8.1

v3.8.1 (2025-03-25)

Build

Chore

Documentation

Fix

Unknown

Uh oh!