microsoft/msticpy v3.0.1

v3.0.1

Repository: microsoft/msticpy

Tag: v3.0.1

Published: 2026-05-11T20:44:44Z

Prerelease: no

Release notes:

v3.0.1

Security

• Path traversal protection for archive extraction (tar-slip/zip-slip) — Added new centralized msticpy.common.archive_utils module that validates archive member paths before extraction, preventing malicious archives from writing files outside the intended directory. Applied to GeoIP database extraction (tar), Mordor dataset extraction (zip), and Sentinel query pack downloads (zip). (#889)

Bug Fixes

• NumPy 2.4 compatibility — Regenerated 23 pickle test/data files to eliminate VisibleDeprecationWarning from NumPy 2.4+ caused by legacy align=0 dtype parameters. (#890)
• IPython version constraint by Python version — Split IPython requirement to >=8.39.0 for Python 3.10 and >=9.13.0 for Python 3.11+, since IPython 9.x dropped Python 3.10 support. (#890)

Dependency Updates

Runtime

| Package | Old | New | |---------|-----|-----| | azure-kusto-data | >=4.4.0, =6.0.3, =7.23.1 | >=8.39.0 (py3.10) / >=9.13.0 (py3.11+) | | msal-extensions | >=0.3.0 | >=1.3.1 | | nest-asyncio | >=1.4.0 | >=1.6.0 | | packaging | >=24.0 | >=26.2 | | pygments | >=2.0.0 | >=2.20.0 | | requests | >=2.31.0 | >=2.33.1 | | typing-extensions | >=4.2.0 | >=4.15.0 | | urllib3 | >=1.23 | >=2.6.3 |

Development / CI

| Package | Old | New | |---------|-----|-----| | aiohttp | >=3.7.4 | >=3.13.5 | | bandit | >=1.7.0 | >=1.9.4 | | coverage | >=5.5 | >=7.13.5 | | ruff | >=0.6.6 | >=0.15.12 | | sphinx-rtd-theme | >=1.0.0 | >=3.1.0 |

Internal

• Applied Ruff 0.15.12 formatting to Sentinel provider modules, Azure Monitor driver, Cybereason driver, and outliers module (whitespace/style only).