What's Changed

• fix(engine): drive healthchecks on-demand so up --wait works without systemd by @Jaro-c in #505
• chore(release): 1.1.1 by @Jaro-c in #507
• release: v1.1.1 by @Jaro-c in #508

Full Changelog: v1.1.0...v1.1.1

Contributors

• @Jaro-c

What's Changed

• fix: correct project name in NOTICE by @Jaro-c in #409
• fix(network): synthesize a default network for services with no networks: block by @Jaro-c in #421
• fix(restart): map deploy.restart_policy condition 'any' to 'always' by @Jaro-c in #422
• fix(quadlet): emit CPU resource limits via PodmanArgs by @Jaro-c in #423
• fix(quadlet): render long-form tmpfs mounts as Tmpfs= not Volume= by @Jaro-c in #424
• promote: drop-in fixes (default network, restart any→always, quadlet CPU/tmpfs, NOTICE) by @Jaro-c in #425
• feat(cli): add -t/--timeout to up/down/stop/restart by @Jaro-c in #426
• promote: -t/--timeout on up/down/stop/restart (#411) by @Jaro-c in #427
• feat(cli): exec flags -e/-u/-w/--privileged/-d/--index by @Jaro-c in #428
• promote: exec flags -e/-u/-w/--privileged/-d/--index (#413) by @Jaro-c in #429
• feat(cli): build flags --no-cache/--pull/--build-arg/-q by @Jaro-c in #430
• promote: build flags --no-cache/--pull/--build-arg/-q (#414) by @Jaro-c in #431
• feat(cli): output flags for ps and images (--format/-q, ps -a) by @Jaro-c in #432
• promote: ps/images output flags (#412) by @Jaro-c in #433
• fix(compose): warn on silently-ignored env_file.format and build.ssh by @Jaro-c in #434
• promote: warn on env_file.format / build.ssh (#416) by @Jaro-c in #435
• fix(parity): honor healthcheck start_period/interval in dependency wait by @Jaro-c in #436
• promote: healthcheck start_period/interval + naming doc (#418) by @Jaro-c in #437
• fix(quadlet): emit and warn on previously dropped/mis-emitted fields by @Jaro-c in #438
• feat(cli): up --scale and a scale subcommand for docker-compose parity by @Jaro-c in #439
• feat(engine): native libpod endpoints — version preflight, atomic restart, links diagnostic by @Jaro-c in #440
• feat(cli): create and ls commands for docker-compose parity by @Jaro-c in #441
• feat(cli): stats command for live resource usage by @Jaro-c in #442
• feat(cli): push command — completes the create/push/stats/ls set by @Jaro-c in #443
• feat(cli): logs --tail/--since/--until/--timestamps by @Jaro-c in #444
• feat(cli): down --remove-orphans and restart --no-deps by @Jaro-c in #445
• feat(cli): config --format/--services/--quiet by @Jaro-c in #446
• feat(cli): up --pull/--no-build/--quiet-pull by @Jaro-c in #447
• feat(cli): down --rmi and rm -v/--volumes by @Jaro-c in #448
• feat(cli): pull -q/--quiet and kill --remove-orphans by @Jaro-c in #449
• feat(cli): up --no-start by @Jaro-c in #451
• fix(engine): default healthcheck timeout/interval/retries by @Jaro-c in #452
• feat(cli): up --wait by @Jaro-c in #453
• build(deps): bump Glyndor/.github/.github/workflows/rust-supply-chain.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #454
• build(deps): bump Glyndor/.github/.github/workflows/main-guard.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #455
• build(deps): bump Glyndor/.github/.github/workflows/rust-debian.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #456
• build(deps): bump Glyndor/.github/.github/workflows/installer-contract.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #457
• build(deps): bump Glyndor/.github/.github/workflows/shell-ci.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #458
• build(deps): bump Glyndor/.github/.github/workflows/rust-audit.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #459
• build(deps): bump Glyndor/.github/.github/workflows/line-limit.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #460
• build(deps): bump Glyndor/.github/.github/workflows/dco.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #461
• build(deps): bump Glyndor/.github/.github/workflows/rust-ci.yml from 1.0.0 to 1.1.0 by @dependabot[bot] in #462
• promote: CLI parity batch + libpod-native endpoints + healthcheck defaults + CI pins by @Jaro-c in #463
• feat(cli): run flag parity — user/workdir/entrypoint/volume/publish/-i/--no-deps by @Jaro-c in #464
• feat(cli): pull --ignore-pull-failures/--include-deps/--policy by @Jaro-c in #465
• feat(cli): cp --index / -L--follow-link / -a--archive (+ extract dispatch module) by @Jaro-c in #466
• feat(cli): rm -s/--stop, port --index, start --wait/--wait-timeout by @Jaro-c in #467
• feat(cli): up --timestamps and -V/--renew-anon-volumes by @Jaro-c in #468
• feat(cli): volumes command to list a project's named volumes by @Jaro-c in #469
• fix(engine): block on libpod wait?condition instead of polling inspect (closes #420) by @Jaro-c in #470
• feat(cli): config --no-interpolate and --resolve-image-digests by @Jaro-c in #471
• feat(cli): wait, commit, export commands (+ extract Commands enum) by @Jaro-c in #472
• feat(cli): events and attach commands by @Jaro-c in #473
• promote: complete CLI parity epic (#410) + libpod wait?condition (#420) by @Jaro-c in #474
• build(deps): bump bytes from 1.11.1 to 1.12.0 by @dependabot[bot] in #476
• build(deps): bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in #475
• fix(engine): skip dependency readiness waits under up --no-deps by @Jaro-c in #488
• fix(compose): optional build context, lenient env_file format, primary build tag by @Jaro-c in #489
• fix(engine): drop-in parity for network_mode, selinux binds, link warnings by @Jaro-c in #491
• docs: complete command reference and destale man page/readme by @Jaro-c in #492
• ci+deps: pin release tooling and update webpki-roots/getrandom/syn by @Jaro-c in #493
• fix(cli): reject --index 0 and validate braced substitution variable names by @Jaro-c in #494
• test(engine): fix flaky shared alpine:latest image race by @Jaro-c in #495
• fix(quadlet): correct healthcheck, dependency, network_mode, install and privileged mappings by @Jaro-c in #496
• feat(compose): parse credential_spec, isolation, provider, use_api_socket and models by @Jaro-c in #497
• docs(compose): add doc comments to public compose schema types by @Jaro-c in #498
• fix(engine): libpod spec/response correctness by @Jaro-c in #490
• fix(engine): keep deploy.labels off containers and warn on multi-platform builds by @Jaro-c in #500
• chore(release): 1.1.0 by @Jaro-c in #501
• release: v1.1.0 by @Jaro-c in #502

Full Changelog: v1.0.0...v1.1.0

Contributors

• @dependabot
• @Jaro-c

What's Changed

• fix(quadlet): emit memory and apparmor via PodmanArgs, warn on dropped semantics by @Jaro-c in #396
• fix(compose): pull_policy mapping, absolute include paths, gpus translation, restart serialization by @Jaro-c in #397
• fix(engine): reject remote socket schemes, surface parsed errors on streaming endpoints by @Jaro-c in #398
• refactor(api): stabilize the public library surface for 1.0.0 by @Jaro-c in #399
• fix(security): staging TOCTOU + XDG check, ulimit validation, Quadlet secret sanitization by @Jaro-c in #400
• ci(release): sign NOTICES.html via the venv, guard releases to main, podman>=5.0 by @Jaro-c in #401
• docs: DOCKER_HOST, watch actions, man auto-version, SECURITY.md, library diagnostics by @Jaro-c in #402
• test: fix a parallel-test env-var race and cover include secret/config merge by @Jaro-c in #403
• feat(cli): accept a service filter on pull by @Jaro-c in #405
• release: v1.0.0 by @Jaro-c in #406
• release: v1.0.0 by @Jaro-c in #407

Full Changelog: v0.24.1...v1.0.0

Contributors

• @Jaro-c

What's Changed

• chore: fill copyright owner in LICENSE by @Jaro-c in #354
• chore: use tabs in about.toml and split the editorconfig TOML stanza by @Jaro-c in #357
• refactor: split quadlet/mod.rs and compose/mod.rs under the 500-line limit by @Jaro-c in #358
• test(engine): deterministic coverage for depends_on health/completion gating by @Jaro-c in #360
• chore: consume shared reusable workflows by @Jaro-c in #361
• chore: consume shared reusable workflows by @Jaro-c in #362
• chore: consume rust-debian and installer-contract reusables by @Jaro-c in #363
• chore: consume rust-debian and installer-contract reusables by @Jaro-c in #364
• chore: pin reusable workflows to .github v1.0.0 by @Jaro-c in #365
• chore: pin reusable workflows to .github v1.0.0 by @Jaro-c in #366
• chore: enforce the file-size limit via line-limit reusable by @Jaro-c in #367
• chore: enforce the file-size limit via line-limit reusable by @Jaro-c in #368
• test(compose): cover remaining unmapped build/secret/config diagnostics branches by @Jaro-c in #370
• build(deps): bump cryptography to 48.0.1 (vulnerable OpenSSL in wheels) by @Jaro-c in #372
• release: promote develop to main by @Jaro-c in #373
• fix: drop-in runtime parity — relative file sources, idempotent up, service-name DNS, quadlet Exec by @Jaro-c in #378
• release: v0.24.1 by @Jaro-c in #379
• release: v0.24.1 by @Jaro-c in #380
• ci(release): fix macOS signing after the cryptography pin by @Jaro-c in #382
• release: v0.24.1 (macOS signing fix) by @Jaro-c in #383
• ci(release): isolate signing deps in a venv by @Jaro-c in #385
• release: v0.24.1 (venv signing fix) by @Jaro-c in #386

Full Changelog: v0.24.0...v0.24.1

Contributors

• @Jaro-c

What's Changed

• fix(engine): bound file-borne resource exhaustion (DoS caps) by @Jaro-c in #345
• fix(engine): cp/watch untrusted-content write safety by @Jaro-c in #346
• fix(engine): fail-closed correctness (hook exit, config-hash, quadlet) by @Jaro-c in #347
• fix(secrets): reject colon-injection in file: binds + validate names by @Jaro-c in #348
• fix(update): harden self-update temp write + fetch order by @Jaro-c in #349
• ci: gate releases on cargo-audit, pin SBOM generators by @Jaro-c in #350
• release: v0.24.0 by @Jaro-c in #351
• release: v0.24.0 — pre-launch security hardening by @Jaro-c in #352

Full Changelog: v0.23.0...v0.24.0

Contributors

• @Jaro-c

What's Changed

• docs: add a terminal demo GIF to the README by @Jaro-c in #312
• docs: promote README demo GIF to main by @Jaro-c in #313
• fix(installer): verify keyring signature and remove insecure bypass by @Jaro-c in #323
• fix(compose): drop-in parity for include, extends, networks, profiles by @Jaro-c in #324
• fix(quadlet): faithful export of users, secrets, external resources, SELinux by @Jaro-c in #325
• fix(engine): warn on rootless-ineffective resource controls by @Jaro-c in #326
• test(engine): cover zip-slip guard, deterministic lock-contention test by @Jaro-c in #327
• docs: security model, independent + air-gapped verification, man SECURITY by @Jaro-c in #329
• ci: air-gapped deb build, SBOM, license attribution, DCO enforcement by @Jaro-c in #328
• feat(cli): hidden command aliases and blank-line-framed help by @Jaro-c in #330
• release: government-readiness remediation (34 findings) by @Jaro-c in #331
• refactor(engine): native libpod secret injection for inline secrets/configs by @Jaro-c in #332
• docs: switch install URLs to per-OS //install/{unix,windows,apt} by @Jaro-c in #334
• release: v0.23.0 by @Jaro-c in #335
• release: v0.23.0 — native libpod secret injection by @Jaro-c in #336
• ci(release): fix SBOM mv self-collision by @Jaro-c in #337
• release: v0.23.0 (SBOM publish fix) by @Jaro-c in #338

Full Changelog: v0.22.2...v0.23.0

Contributors

• @Jaro-c

What's Changed

• test: cover the self-update HTTP transport-error paths by @Jaro-c in #308
• chore: bump version to 0.22.2 by @Jaro-c in #310
• release: v0.22.2 by @Jaro-c in #311

Full Changelog: v0.22.1...v0.22.2

Contributors

• @Jaro-c

What's Changed

• refactor: rename fsutil to filesystem and split diagnostics by @Jaro-c in #303
• test: cover update metadata-parse and install failure paths by @Jaro-c in #304
• chore: bump version to 0.22.1 by @Jaro-c in #305
• release: v0.22.1 by @Jaro-c in #306

Full Changelog: v0.22.0...v0.22.1

Contributors

• @Jaro-c

What's Changed

• fix: honor drop-in compose semantics and warn on dropped keys by @Jaro-c in #295
• feat(quadlet): map the full first-class container key set by @Jaro-c in #296
• fix(libpod): target the Podman 5 API surface by @Jaro-c in #297
• test: cover the project-lock contention path and a secret-ref accessor by @Jaro-c in #299
• docs: sharpen comparison table, cross-link RUST_LOG, note arm64 .deb by @Jaro-c in #300
• fix(security): harden signing-key handling, read cap, and hex helper by @Jaro-c in #298
• chore: bump version to 0.22.0 by @Jaro-c in #301
• release: v0.22.0 by @Jaro-c in #302

Full Changelog: v0.21.1...v0.22.0

Contributors

• @Jaro-c

What's Changed

• fix: reject dangerous mode bits on native external secrets/configs by @Jaro-c in #273
• fix: cap the self-update release-metadata JSON read by @Jaro-c in #275
• docs: man-page BUGS section + Quadlet/completions feature bullets by @Jaro-c in #277
• chore: fix stale doc link, ASCII-ize a log string, cover shell in editorconfig by @Jaro-c in #280
• chore: bump version to 0.21.1 by @Jaro-c in #281
• release: v0.21.1 by @Jaro-c in #282

Full Changelog: v0.21.0...v0.21.1

Contributors

• @Jaro-c