Description:
This update for python-asteval fixes the following issues:
Update to 1.0.6:
* drop testing and support for Python3.8, add Python 3.13,
change document to reflect this.
* implement safe_getattr and safe_format functions; fix bugs
in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405,
CVE-2025-24359)
* make all procedure attributes private to curb access to AST
nodes, which can be exploited
* improvements to error messages, including use ast functions
to construct better error messages
* remove import of numpy.linalg, as documented
* update doc description for security advisory
Update to 1.0.5:
* more work on handling errors, including fixing #133 and
adding more comprehensive tests for #129 and #132
Update to 1.0.4:
* fix error handling that might result in null exception
Update to 1.0.3:
* functions ("Procedures") defined within asteval have a `
_signature()` method, now use in repr
* add support for deleting subscript
* nested symbol tables now have a Group() function
* update coverage config
* cleanups of exception handling : errors must now have an
exception
* several related fixes to suppress repeated exceptions: see GH
#132 and #129
* make non-boolean return values from comparison operators
behave like Python - not immediately testing as bool
- update to 1.0.2:
* fix NameError handling in expression code
* make exception messages more Python-like
- update to 1.0.1:
* security fixes, based on audit by Andrew Effenhauser, Ayman
Hammad, and Daniel Crowley, IBM X-Force Security Research
division
* remove numpy modules polynomial, fft, linalg by default for
security concerns
* disallow string.format(), improve security of f-string
evaluation
- update to 1.0.0:
* fix (again) nested list comprehension (Issues #127 and #126).
* add more testing of multiple list comprehensions.
* more complete support for Numpy 2, and removal of many Numpy
symbols that have been long deprecated.
* remove AST nodes deprecated in Python 3.8.
* clean up build files and outdated tests.
* fixes to codecov configuration.
* update docs.
- update to 0.9.33:
* fixes for multiple list comprehensions (addressing #126)
* add testing with optionally installed numpy_financial to CI
* test existence of all numpy imports to better safeguard
against missing functions (for safer numpy 2 transition)
* update rendered doc to include PDF and zipped HTML
- update to 0.9.32:
* add deprecations message for numpy functions to be removed in
numpy 2.0
* comparison operations use try/except for short-circuiting
instead of checking for numpy arrays (addressing #123)
* add Python 3.12 to testing
* move repository from "newville" to "lmfit" organization
* update doc theme, GitHub locations pointed to by docs, other
doc tweaks.
- Update to 0.9.31:
* cleanup numpy imports to avoid deprecated functions, add financial
functions from numpy_financial module, if installed.
* prefer 'user_symbols' when initializing Interpreter, but still support
'usersyms' argument. Will deprecate and remove eventually.
* add support of optional (off-by default) "nested symbol table".
* update tests to run most tests with symbol tables of dict and nested
group type.
* general code and testing cleanup.
* add config argument to Interpreter to more fully control which nodes are supported
* add support for import and importfrom -- off by default
* add support for with blocks
* add support for f-strings
* add support of set and dict comprehension
* fix bug with 'int**int' not returning a float.
- update to 0.9.29:
* bug fixes
- Update to 0.9.28
* add support for Python 3.11
* add support for multiple list comprehensions
* improve performance of making the initial symbol table,
and Interpreter creation, including better checking for index_tricks attributes
- update to 0.9.27:
* more cleanups
- update to 0.9.26:
* fix setup.py again
- update to 0.9.25:
* fixes import errors for Py3.6 and 3.7, setting version with
importlib_metadata.version if available.
* use setuptools_scm and importlib for version
* treat all __dunder__ attributes of all objects as inherently unsafe.
- Update to 0.9.22
* another important but small fix for Python 3.9
* Merge branch 'nested_interrupts_returns'
- Drop hard numpy requirement, don't test on python36
- update to 0.9.18
* drop python2
* few fixes