·
9 commits
to master
since this release
Immutable
release. Only release title and notes can be modified.
What's Changed
Security
- Expanded the unsafe modules blocklist with:
doctest,unittest, andtest(bbeeb0c + 21fa48a). Thanks to @Lyutoon for the report! (GHSA-pc6j-px3p-rrj4)_posixsubprocess,siteandatexit(e840861). Thanks to @reapermunky for the report! (GHSA-m6fh-58r7-x697)
General
- Add DoS protection against expansion attacks (Billion Laughs style) by @dguido in #211
- Add HuggingFace Hub direct scanning support by @dguido in #219
- Add graceful degradation and scan API for robust scanning by @dguido in #218
- Uncomment passing
test_legacy_pickletest by @thomas-chauchefoin-tob in #250 - Fix
check_pickleto seek to file start and use correct opcode count API by @thomas-chauchefoin-tob in #253 - Various https://github.com/dependabot updates (too many to list)
Full Changelog: v0.1.10...v0.1.11
Contributors
dguido, Lyutoon, and 2 other contributors