1.0.7

Performance fixes for problems introduced by security fixes in 1.0.5 / 1.0.6

1.0.6

Tiny bugfix release.
Fixes:

• unable to pass unhashable items as kwargs introduced by security fixes in 1.0.5 this morning.

1.0.5

Fixes Security issues with "dangerous" modules & functions leaking through as attributes of other names, see:

Fixes CVE-2026-32640

GHSA-44vg-5wv2-h2hg

Breaking Change:

• Modules & Submodules now are not directly usable as names or as attributes of other items, if you still need this functionality, then use the new ModuleWrapper, or subclass SimpleEval to bypass it.

1.0.3 - support python 3.14 pre-release

• Spelling fixes in documentation, docstrings & tests (thanks @kurtmckee !)
• Fix support for 3.14 (deprecated features actually being removed, so getattr use was incorrect).

1.0.2 - packaging tweak

No functional changes - but release with the pip version removed from requirements.

1.0.1

Update the packaging / build after the 1.0.0 release.

No new features since 1.0.0

See the 1.0.0 release notes for details.

1.0.0

What's new in this release?

• Fix a sandbox escape via generators and _frame methods.
• Supporting dictionary comprehensions
• A custom exception rather than KeyError when names not found
• Dropping support for old python versions - if you need pre 3.9, then you can use an older version
• Various cleanups & tidying warnings, deprecation warnings etc.

---

So 1.0 as a 'this is the way it works'. It's been basically stable for years now, I've just never called it that - hopefully now this draws a line in what's possible without breaking changes.

---

There's lots of ideas to make it better - but that's better as a new 2.x branch with allowing a few breaking changes (mostly for security).

0.9.13

Description

• Better handling of empty strings passed as input.
• Fix the shift safe number issue from 0.9.12
• More minor pylint / etc fixes / cleanups (general code quality)
• separate .parse from #115
• Allow setting up completely empty {} operators / functions ( #75 via #123 )
• Add extra bit-ops from #87
• Add @daxamin to contributors ?
• Version bump stuff.
• other readme tweaks
• star expressions, eg x = {"a": 1, "b": 2, **c}

0.9.12

KInd of hoping this is the last 0.9 release, and I find time to stablize as 1.0, and start the 2.0 work some time soon...

Changelog:

• Remove Cyclic references (memory leak)
• Add left & right shift operations (<< and >>)
• Switch to GH actions & CodeCov.io for CI tests
• Add extra contributors details
• Reformat w/ Black + isort, and have linting of those in CI