v0.6.0

• Breaking changes:
  • Changed FileLoader behavior to prevent access to parent directories and absolute paths as well as symlink traversal.
• Documentation:
  • Documented the threat model for FileLoader.

v0.5.0

This release improves the interpreter's resource accounting and error normalization. It is the result of a security review by Claude Fable 5 and Claude Opus 4.8. The sandbox boundary (no access to filesystem, network, or subprocesses and no introspection escape) was also reviewed. The review found no problems with it.

• Fixes:

  • Limited integer magnitude. Starlark integers are now capped at MAX_INT_BITS = 2^19 bits (approximately 158k decimal digits).
  • Large integers are now charged against the heap counter by bit length. float, bool, and None remain uncharged.
  • Narrowed the error handler for argument binding so a genuine internal TypeError raised inside a builtin is no longer mislabeled as an argument error.
  • Replaced leaked Python exceptions with EvalError:
    • Added a guarded for the %c string-format conversion: '%c' % 1114112 and oversized values now raise an EvalError instead of leaking a Python ValueError/OverflowError. This matches the chr() builtin.
    • Limited structural recursion in value comparison. Code like x == x, x in [x], and sorted([x, x]) on a deeply nested value constructed at runtime will now raise an EvalError instead of leaking a RecursionError.
    • Stringifying an oversized integer (via str, repr, %s, %d, or foo.format()) now raises an EvalError instead of leaking CPython's ValueError over int_max_str_digits.
    • Changed builtin dispatch to normalize unexpected Python exceptions to EvalError. Resource-limit exceptions still propagate as-is. MemoryError is deliberately re-raised because it is an error of the host environment.

• Documentation:

  • Documented the new limits in security/threat-model.md and the README.
  • Marked the two 2026-05-05 security reviews superseded. They predated resource limiting.

v0.4.0

• Features:
  • loader/FileLoader: Allowed Path objects as search paths. They already worked, but code didn't type-check.
  • Updated function parameters to types Sequence and Mapping instead list and dict.

v0.3.0

• Features:
  • Added new character and codepoint manipulation methods/functions: chr(), ord(), str.elem_ords(), str.codepoints(), and str.codepoint_ords().
  • REPL improvements:
    • Added support for evaluating statements.
    • Added readline integration.
• Fixes:
  • Fixed lexer exceptions on invalid integer formats (e.g., 0x).
  • Added a check to catch float value overflow.
• Integrated Hypothesis for property-based testing.
• Optimized zipapp size.