Releases: pike00/drape
Releases · pike00/drape
Release list
v0.3.3 — Security dependency updates
Security
- Bumped
idnato 3.15, which patches CVE-2026-45409 (quadratic-time bypass of the CVE-2024-3651 mitigation) - Bumped
urllib3to 2.7.0, which addresses two advisories: decompression-bomb safeguard bypass (GHSA-mf9v-mfxr-j63j) and sensitive header stripping on redirect (GHSA-qccp-gfcp-xxvc)
Both are transitive dependencies pulled in via detect-secrets. No API or behavior changes.
Install
uv tool install drape==0.3.3v0.3.2 — Fix `drape --version` reporting
Fixed
drape --versionnow reads the installed package version viaimportlib.metadatainstead of a hardcoded string insrc/drape/__init__.py. Previously every release reported0.2.0. (22ade22)
No behavior change in masking, hook handling, or any public API. Patch release only.
v0.3.1 — Maintenance release
Install
uv tool install drape==0.3.1v0.2.0
Full Changelog: https://github.com/pike00/drape/commits/v0.2.0