chore: release v2.6.1#167
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[2.6.1] - 2026-05-27
Added
fuzz/): 10 fuzz targets covering core library types and indicatorsfuzz_quote,fuzz_chart,fuzz_financials,fuzz_options,fuzz_edgar,fuzz_discovery— deserialization fuzzing for all major response typesfuzz_indicators_ohlcv,fuzz_indicators_series,fuzz_patterns,fuzz_atr— indicator computation fuzzing with arbitrary OHLCV inputsCONTRIBUTING.md: contribution guide covering bug reports, feature requests, dev setup, code style, and PR processChanged
Quote<F: Format>—Quote(and theFinancialData,DefaultKeyStatistics, andPricesub-structs) is now generic over a compile-timeFormattype parameter (Raw,Pretty, orBoth). Format selection moves from a runtime builder method to a type parameter at the call site:ticker.quote::<Raw>(),ticker.quote::<Pretty>(),ticker.quote::<Both>().BothtoRawfinance-query-deriveis now a direct (non-optional) dependency; thedataframefeature no longer re-enables itSECURITY.mdsupported version table:2.5.x→2.6.xSecurity
No publicly known run-time vulnerabilities with a CVE or RUSTSEC assignment were fixed in the library or its direct dependencies in this release. The following supply-chain and infrastructure hardening changes were made:
apt-get upgradeon every image build so OS-level packages (includinglibgnutls30,libkrb5support0,libgcrypt20) receive available security patches regardless of the pinned base image digestharden-runner→ v2.19.3,actions/checkout→ v6.0.2,docker/setup-buildx-action→ v3.12.0,actions/upload-artifact→ v6.0.0,codeql-action/upload-sarif→ v3.36.0,cargo-deny-action→ v2.0.19,rust-cache→ v2.9.1) sozizmorref-version-mismatch checks passonce_cellreplaced withstd::LazyLockfrom the standard library, removing the external dependency for lazy initializationpip install --require-hashesfromdocs/requirements.txt(generated withpip-compile --generate-hashes), closing a Scorecard Pinned-Dependencies finding