Skip to content

Changelog

Version 0.1.38

  • Bump version number

Version 0.1.37

  • Add support for Python 3.14
  • Add basic semgrep checks

Version 0.1.36

  • Add missing "--proxy" CLI argument

Version 0.1.35

  • New config option and CLI argument to specify a web proxy for the download

Version 0.1.34

  • Added support for custom release URLs and version patterns to enable fetching from non-GitHub sources
    • Updated documentation with configuration examples
  • Added test coverage for custom release functionality

Version 0.1.33

  • Update package dependencies to fix security vulnerabilities
    • requests: upgraded to 2.33.1
      • Fixed credential leak via malicious .netrc URLs (CVE-2024-47081)
      • Fixed insecure temporary file reuse in extract_zipped_paths() (CVE-2026-25645)
    • urllib3: upgraded to 2.6.3
      • Fixed improper handling of highly compressed data in streaming API (CVE-2025-66471)
      • Fixed decompression-bomb bypass via HTTP redirects (CVE-2026-21441)
      • Fixed uncontrolled redirects in browser/Node.js environments (CVE-2025-50182)
      • Fixed unbounded decompression chain vulnerability (CVE-2025-66418)
      • Fixed redirects not disabled when retries are off (CVE-2025-50181)
  • Added "uv audit" in .pre-commit-config.yaml to always check for known vulnerabilities
  • Fixed some minor ruff checks

Version 0.1.32

  • Added missing config template to package.

Version 0.1.31

  • Added pre/post command prefix to run the command in a shell instead of simple command sequence.

Version 0.1.30

  • This is the first public release which provides the functions as described in the docs files.