v0.3.1
Changelog v0.3.1
All notable changes to kprun are documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[0.3.1] - 2026-07-07
Fixed
- Security: block dangerous env var families by prefix (
LD_*,DYLD_*,
GIT_*,BASH_FUNC_*) in addition to exact-match blocklist, preventing
injection of critical environment variables duringkprun run(#49) - Security: resolve CodeQL code scanning alerts to eliminate potential
security issues (#48) kprun initnow uses Argon2id with 64 MiB KDF parameters for improved vault
security (#46)
Changed
- Documentation clarified that Superpowers workflow skills (
brainstorming,
writing-plans,executing-plans) are invoked manually, not automatically
chained (#47)
Full commit list
- fix(security): block dangerous env var families by prefix (#49)
- fix(security): resolve CodeQL code scanning alerts (#48)
- fix(core): create vaults with Argon2id 64 MiB KDF (#46)
- docs(claude): note manual superpowers workflow invocation (#47)
- chore(deps): bump keyring from 4.1.2 to 4.1.4 (#45)
- chore(deps): bump rand from 0.10.1 to 0.10.2 (#44)
- chore(deps): bump keepass from 0.13.11 to 0.13.14 (#43)
- chore(deps): bump taiki-e/install-action from 2.82.6 to 2.82.9 (#42)
- chore(deps): bump dorny/paths-filter from 4.0.1 to 4.0.2 (#41)