Skip to content

TaipanStack v0.4.1 Release Notes

TaipanStack v0.4.1 arrives as a rapid DevSecOps consolidation update. This patch closes arbitrary code loading vectors, trims legacy redundant complexity, and achieves 100% architectural coverage on the source modules following the massive v0.4.0 shift.

See documentation at: TaipanStack Dev Portal.

What's New & Fixed in v0.4.1

🛡️ Security / SAST Integrations

  • [High] Fixed Arbitrary unvalidated Module Imports (PR #365): Patched a dangerous SSRF & Code Execution vector via importlib.import_module. Re-aligned taipanstack.bridges._imports with hardened boundaries.
  • [High] Prevented PyJWT NotImplementedError Bypass (PR #359): Enhanced the internal JWT sanitizer suite ensuring that incomplete token schemas do not trigger a backend NotImplementedError unhanded crash.
  • [Medium] Hardened Cache (PR #350): Hardened the @cached decorator against Unhashable inputs to avoid Denial of Service and cache poisoning.
  • [SAST] Custom Semgrep Rules (PR #367): Added multiple .semgrep/taipanstack-rules.yml verifying strict return values, typing, and err() consumption across resilience modules.

⚡ Performance & Complexity

  • Core Result & Sanitizer Trimming (PR #375, #369, #360): Massively refactored and trimmed Cyclomatic Complexity inside http_bridge.py and sanitizers.py, discarding dead code in the core/optimizations.py. Tests observed around 15% throughput enhancement when iterating massive unwrap routines.
  • Pattern Matching Updates (PR #358): Modernized Result type unwrapping in taipanstack.core.result strictly utilizing structural pattern matching (match/case) instead of legacy boolean flows.

🧪 QA / Test Coverage

  • Absolute 100% Source Coverage (PR #362): Covered the remaining edge conditions from earlier patches. pytest now asserts complete 100% Branch and Line scope within all .py items nested inside src/.
  • Exception Handlers in Timeout (PR #366): Prevented Unhandled BaseExceptions propagated by timeout/worker threads to mask and disrupt pytest routines securely.
  • Docs Count Synced: Documentation metrics have been synced to currently 1184+ executing unit tests.

End of Duplication Sprawl

This version successfully suppressed over 20+ conflicting Automated/Duplicated Pull Requests proposing parallel variants to the same updates mentioned above. By choosing the cleanest path, we secured v0.4.1 with a cohesive, merge-conflict-free base that aligns strictly to the DevSecOps recommendations.