Skip to content

v0.18.2

Choose a tag to compare

View all tags
@rustyconover rustyconover released this 21 May 18:43
· 32 commits to main since this release
v0.18.2
78876dc

What's changed

Maintenance release: dependency security patches and CI runtime upgrades. No library API or behavior changes.

Security (Dependabot)

  • Bump idna 3.11 → 3.15 — fixes a bypass of the CVE-2024-3651 fix where specially crafted inputs to idna.encode() could slip through.
  • Bump pymdown-extensions 10.21.2 → 10.21.3 — fixes a regression in pymdownx.snippets that reintroduced a sibling-prefix path-traversal bypass despite restrict_base_path.

CI / workflows

  • Upgrade GitHub Actions to Node 24-compatible runtimes: actions/checkout@v5, astral-sh/setup-uv@v6, actions/attest-build-provenance@v4.

🤖 Generated with Claude Code

Assets 2
Loading