Skip to content

v0.3.1

Choose a tag to compare

@github-actions github-actions released this 07 Jul 22:38

Changelog v0.3.1

All notable changes to kprun are documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[0.3.1] - 2026-07-07

Fixed

  • Security: block dangerous env var families by prefix (LD_*, DYLD_*,
    GIT_*, BASH_FUNC_*) in addition to exact-match blocklist, preventing
    injection of critical environment variables during kprun run (#49)
  • Security: resolve CodeQL code scanning alerts to eliminate potential
    security issues (#48)
  • kprun init now uses Argon2id with 64 MiB KDF parameters for improved vault
    security (#46)

Changed

  • Documentation clarified that Superpowers workflow skills (brainstorming,
    writing-plans, executing-plans) are invoked manually, not automatically
    chained (#47)

Full commit list
  • fix(security): block dangerous env var families by prefix (#49)
  • fix(security): resolve CodeQL code scanning alerts (#48)
  • fix(core): create vaults with Argon2id 64 MiB KDF (#46)
  • docs(claude): note manual superpowers workflow invocation (#47)
  • chore(deps): bump keyring from 4.1.2 to 4.1.4 (#45)
  • chore(deps): bump rand from 0.10.1 to 0.10.2 (#44)
  • chore(deps): bump keepass from 0.13.11 to 0.13.14 (#43)
  • chore(deps): bump taiki-e/install-action from 2.82.6 to 2.82.9 (#42)
  • chore(deps): bump dorny/paths-filter from 4.0.1 to 4.0.2 (#41)