Changelog¶
Changelog¶
All notable changes to this project will be documented in this file.
0.1.6 (2026-05-19)¶
Bug Fixes¶
- cover untested branches in data_sheet_validator, sheet_builder, data_sheet, validator (#137) (6f3234d)
- pin urllib3 >=2.7.0 to resolve CVE-2026-44431 and CVE-2026-44432 (#141) (5374e00)
- validate custom formulas after placeholder substitution (#131) (c1dd130)
0.1.5 (2026-05-11)¶
Bug Fixes¶
- sanitize text labels to prevent Excel formula injection (#116) (2d2108d)
- use li.format instead of hardcoded/heuristic format in model builders (#119) (d48ffb7)
0.1.4 (2026-04-13)¶
Bug Fixes¶
- auto-fix CI failures (attempt 1) (9fbae21)
- lint data_sheet.py and update docs for write_data_sheet/write_sumifs_pivot (9785252)
- quote data_sheet references in SUMIFS formulas (924a814)
- remove duplicate apply_history_col_style call in apply_data_cell_style (#92) (182ea55)
Documentation¶
[Unreleased]¶
Features¶
- refactor data sheet builders to spec-driven architecture:
DataSheetDef/SumifsPivotDefspec dataclasses,build_data_sheet/build_sumifs_pivotbuilder functions, input validation with formula injection guards, config-driven alternating row styling (#88)
Bug Fixes¶
- single-quote
data_sheetreferences in SUMIFS formulas so names containing spaces produce valid Excel syntax (e.g.'My Data'!$AO:$AO); also annotateDataSheetDef.number_formatsasMapping[int, str]and narrowSumifsPivotDef.col_dim_valuestotuple[str | int | float, ...](#89)
Chores¶
- track CVE-2026-4539 (pygments 2.19.2 ReDoS in
AdlLexer) inSECURITY.md; no upstream fix available at audit time, low severity, not reachable from project code (#68)
0.1.3 (2026-04-05)¶
Bug Fixes¶
- add HYPERLINK and RTD to formula injection blocklist (#53) (13b2b50)
- auto-fix CI failures (attempt 1) (5abe174)
- block INDIRECT, ENCODEURL, and UNC paths in formula injection filter (#72) (79f6aeb)
- pin requests >=2.33.0 to resolve CVE-2026-25645 (#67) (73b87af)
- pin requests >=2.33.0 to resolve CVE-2026-25645 (predictable temp (abb1807)
- propagate ValueError from generate_periods in describe command (#78) (d666ac4)
- resolve merge conflicts with main (PR #79 refactoring) (d4c31b1)
Documentation¶
- sync documentation with codebase (d243529)
- sync documentation with codebase (6c91c08)
- sync documentation with codebase changes (077d624)
- sync documentation with codebase changes (1b654b9)
0.1.2 (2026-03-20)¶
Bug Fixes¶
- merge main, fix DRY violation, and update docs for formula injection (8347faa)
- reject dangerous patterns in custom Excel formulas (5786891)
- reject dangerous patterns in custom Excel formulas (78d64c0), closes #28
0.1.1 (2026-03-17)¶
Bug Fixes¶
- regenerate pixi.lock in release-please PR (30bab7d)
- regenerate pixi.lock in release-please PR (f883e54)
- replace assert with ExcelModelError in model sheet builders (#6) (58dba01)
Documentation¶
- add docs link, badges, and financial modeling input section (d5a7af2)
- add docs link, badges, and financial modeling input section (fcd2ded)
- sync documentation with codebase (dca4d0d)
- sync documentation with codebase changes (ce4a78c)
[0.1.0] - 2026-03-12¶
Added¶
- Initial release
- 5 model types: P&L, DCF, Budget vs Actuals, Scenario Analysis, Cross-entity Comparison
- 21 formula types including growth_projected, pct_of_revenue, sum_of_rows, discounted_pv, terminal_value, custom
- YAML-driven model specs with strictyaml schema validation
- Named range registration for all assumptions and drivers
- Scenario analysis with per-scenario assumption/driver overrides
- Drivers concept: separate operational levers from structural assumptions
- Multi-format input data loading (CSV, Excel, Parquet, JSON, YAML, Markdown)
- Click CLI with build, validate, and describe commands
- Bundled default style config with deep-merge user overrides
- Period generation: annual, quarterly, monthly, auto-detect
- Conditional formatting for variance rows
- Data validation on assumptions sheets
- Property-based testing with hypothesis
- 191 tests, all passing