Bump version to 6.3.1 (#41)

* Bump version in package.json and lock file to 6.3.1

Add mkdocs documentation build to playground deployment workflow (#39)

* Add mkdocs documentation build to deploy-playground workflow

Bump version to 6.2.0 (#20)

* Update version to 6.2.0 in package.json and package-lock.json

Update project version to 6.1.0 (#13)

* Update project version to 6.1.0

Enables array completion with bracket notation (#9)

* Added tests the auto completion should adhere to

# Conflicts:
#	test/language-service/language-service.ts

* Array completion working

* Formatted

* Reverted spacing between braces

* Fixed properly with linter fix instead

* Raised package version

* Update lock file

---------

Co-authored-by: Melvin van Bree <m.vanbree@pro-fa.com>
Co-authored-by: Sander Toonen <s.toonen@pro-fa.com>

Prepare release version 6 (#8)

Co-authored-by: Sander Toonen <s.toonen@pro-fa.com>

Security fix for CVE-2025-12735, CVE-2025-13204, and member function …

…bypass (#6)

* Initial plan

* Add security protections for CVE-2025-12735, CVE-2025-13204, and Issue silentmatt#289

- Block arbitrary function calls passed via evaluation context
- Block prototype pollution via __proto__, prototype, constructor access
- Block member function call bypass vulnerability
- Allow inline-defined functions (IFUNDEF) as they are safe
- Allow registered functions in parser.functions
- Allow safe Math functions (sin, cos, sqrt, etc.)
- Update tests to use secure function registration pattern
- Add comprehensive security test suite

Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

* Fix code review issues: add validateAllowedFunction to IFUNCALL, use counter-based keys for inline functions

- Add validateAllowedFunction check in IFUNCALL handler to prevent bypassing security
- Use monotonically increasing counter for inline function keys instead of user-controlled names
- Prevent collision attacks on inline function registration

Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

* Update tests to use secure function registration pattern and add BREAKING_CHANGES.md

- Update remaining 2 tests in operators-logical.ts to register functions in parser.functions
- Add comprehensive BREAKING_CHANGES.md documenting security changes and migration guide

Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

* Fix TypeScript type error in security test

Change empty function to return number to satisfy Value type constraint

Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

* Bump version to 5.0.0 for breaking changes per semantic versioning

- Update package.json version from 4.2.0 to 5.0.0
- Update BREAKING_CHANGES.md to reference version 5.0.0
- Update package-lock.json accordingly

Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Sander-Toonen <5106372+Sander-Toonen@users.noreply.github.com>

Add auto-completion

Added language server and expression playground sample

Add string manipulation functions