What's Changed

Breaking changes

Drop Python 3.9 support, minimum is now 3.10 and we started supporting 3.14 (#175)
CLI exit codes now follow ClamAV conventions: 0 for clean, 1 for unsafe, 2 for error (#216)
Malformed pickles raise InterpretationError instead of ValueError (#207)
We added many new modules to the unsafe imports blocklist (#210, #215, #217, #233, #236), while trying to reduce false positives on builtins (#206)

Fixed a generic bypass via OBJ (GHSA-mxhj-88fx-4pcv)
- Fixed in #235. Thank you @yash2998chhabria!
Expanded the blocklist of unsafe imports with various modules (GHSA-mhc9-48gj-9gp3)
- Fixed in #236. Thank you @yash2998chhabria!
Expanded the blocklist to catch outbound network connections (GHSA-83pf-v6qq-pwmr)
- Fixed in #233. Thank you @NucleiAv!
Integrate recent PickleScan bypasses into unsafe imports detection (#210)
Expand dangerous imports blocklist for better coverage (#215)
Expand ML-specific unsafe import detection (#217)
Add safe builtins allowlist to prevent false positives (#206)
Fix cyclic AST recursion DoS (issue #196) (#213)

Add AGENTS.md with vulnerability reporting guidelines (#234)
Add 7z archive support for model scanning (#220)
Implement EXT1, EXT2, and EXT4 pickle opcode support (#172)
Fix ast.Import handling in unsafe_imports and MLAllowlist (#209)
Fix ValueError crash on malformed pickle files (issue #188) (#207)
Migrate to ty type checker and fix type errors (#208)
Bump minimum numpy to 2.2.6 (#201)
Migrate tests to use BytesIO and temporary paths (#181)
Address Zip slips in tests (#204)
Fix flaky random ZIP creation in TestPolyglotModule (#179)
Various @dependabot[bot] updates (#197, #199, #200, #202, #203, #214, #222, #223, #224, #225, #227, #228, #229, #230, #232)