Changelog#

This page lists the major changes and contributions for each release of Coord2Region. We follow a structure inspired by MNE-Python to provide clear and concise update notes.

Current (Unreleased)#

Added#

Initial implementation of a release-based Changelog system (:pr:`#N/A`).

Changed#

Modernized repository configuration to satisfy sp-repo-review standards, including PEP 723/735, comprehensive Ruff linting, and Pytest enhancements (:pr:`34`).

Fixed#

Resolved Arbitrary File Write and XML injection in fonttools (CVE-2024-52233).
Resolved TOCTOU Symlink Vulnerability in filelock (CVE-2024-56334).
Resolved Prototype Pollution in js-yaml and lodash (NPM dependencies).
Resolved Denial of Service (DoS) vulnerability in pyasn1 (CVE-2024-53900) by updating to version 0.6.3.
Resolved Out-of-bounds write in Pillow.
Resolved Decompression-bomb safeguards bypass in urllib3.
Improved and relaxed version reporting tests for better robustness.

Security#

Added dependency version pins in pyproject.toml to ensure secure environments.
Updated GitHub Actions workflows to include necessary permissions, addressing code scanning alerts.
Bumped GitHub Actions dependencies to the latest versions.

Authors#

The following people contributed to this release:

Hamza Abdelhedi (Security remediations, changelog implementation)

Initial public release. - Support for +20 anatomical atlases. - Coordinate-to-region mapping via NiMARE/nilearn. - Integration with Neurosynth and NeuroQuery meta-analytic resources. - Interactive web-based configuration builder. - Reproducible pipeline for batch processing.