1.0.8

Fixes and improvements:

• fix bug (#146) so that return from a Procedure does not interrupt the calling code block
• remove numpy.memmap from default methods
• add discussion of numpy functions/objects that can open files
• add support and tests for lambda expressions
• add default permissions to github actions
• update README, doc, remove cruft

1.0.7

• return in while, for, and with blocks in functions properly signal an immediate exit of the function. (fixes #141)
• fix augassign to retain line numbers for exceptions properly. (#140)
• make sure that "unsafe_modules" should not be accessed even if imported and exposed by other modules
• cleanup unused nodes
• tweaks and fixes to docs
• drop testing with Python 3.9
• add testing for Python 3.14
• update pyproject.toml from the endless churn from PyPA, to move the location and formatting for the LICENSE, to continue compliance with the endless churn from PyPA.

1.0.6

• drop testing and support for Python3.8, add Python 3.13, change document to reflect this.
• implement safe_getattr and safe_format functions; fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage
• make all procedure attributes private to curb access to AST nodes, which can be exploited
• improvements to error messages, including use ast functions to construct better error messages
• remove import of numpy.linalg, as documented
• update doc description for security advisory

Special thanks to @SteakEnthusiast for the security-related fixes

1.0.5

bugfix:

• more work on handling errors, including fixing #133 and adding more comprehensive tests for #129 and #132

1.0.4

bugfix:

• fix error handling that might result in null exception

1.0.3

bug fixes, a few feature enhancements:

• functions ("Procedures") defined within asteval have a _signature() method, now use in repr
• add support for deleting subscript
• nested symbol tables now have a Group() function
• update coverage config
• cleanups of exception handling : errors must now have an exception
• several related fixes to suppress repeated exceptions: see GH #132 and #129
• make non-boolean return values from comparison operators behave like Python - not immediately testing as bool

1.0.2

bug fixes:

• fix NameError handling in expression code
• make exception messages more Python-like

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

• remove numpy modules polynomial, fft, linalg by default for security concerns
• disallow string.format(), improve security of f-string evaluation

1.0.0

Asteval 1.0.0

Asteval has been fairly mature for a while, with major improvements since version 0.9.29 over the past year or so making it feel like it has reached a point where the features and API are stable enough to call version 1.0.0.

Changes compared to 0.9.33:

• fix (again) nested list comprehension (Issues #127 and #126).
• add more testing of multiple list comprehensions.
• more complete support for Numpy 2, and removal of many Numpy symbols that have been long deprecated.
• remove AST nodes deprecated in Python 3.8.
• clean up build files and outdated tests.
• fixes to codecov configuration.
• update docs.

0.9.33

Fixes:

• fixes for multiple list comprehensions (addressing #126)
• add testing with optionally installed numpy_financial to CI
• test existence of all numpy imports to better safeguard against missing functions (for safer numpy 2 transition)
• update rendered doc to include PDF and zipped HTML