Version 1.6.0 - Python 3.12 support

Outdated Python 2.x execution support of Vermin has been removed. (#200)
But 2.x detections still function as before!

• Python 3.12 support and 120 new rules (#204)
  • 104 classes/functions/constants members etc.
  • 16 kwargs
  • Detect type alias statement type X = SomeType (PEP-695)
• No longer require that the number of targets match requirements in relation to --violations mode (@brenns10, #234, #230)
• Fix overriding config exclusion regexes from other instance (#237)
• Added zoneinfo backport (!2, 3.6, #196)
• Add more project boundaries (#201)
  • Perforce Helix Core: .p4root
  • Pijul: .pijul
• Correct a typo in CONTRIBUTING.md (@felixonmars , #214)
• Fixed execution of ps script (#209)
• Semgrep improvements (#206)
• Semgrep fixes (#208)
• [actions] SAST with Semgrep (#205)
• Security fixes (#227)

v1.5.2

Note: Vermin 1.6 will end support for running via py2.7

1.5.2:

• Union types (X | Y) detection turned into opt-in feature (#176 fixes #103)
  • See the caveats section for more information.
• Added missing rules and fixed some existing ones (#155 fixes #144)
  • Added 120 new rules
    • 31 modules
    • 68 members
    • 21 kwargs
  • Fixed 17 rules
  • Thanks to @cpAdm for reporting the rules issues!
• Fixed error reporting that broke parsable format (#156 fixes #150)
• Fixed reported versions for built-in type() (#172 fixes #171)
• Visit keyword values if not excluded/ignored (#173 fixes #168)
• Union types detection also considers attributes (#174 fixes #159)
• Improved usage section of README (#175 fixes #158)
• Fixed a typo in the --help documentation (#169, @Eutropios)
• [actions] Don't test using EOL Python 3.6 (#134)
• Security (does not affect Vermin in production, only deps for CI testing and analysis)
  • Upgrade certifi to 2022.12.07 (#135, GHSA-43fp-rhv2-5gv8)
  • Update GitPython to 3.1.30 (#157, GHSA-hcpj-qp55-gfph)

1.5.1:

• Make typing.NamedTuple a Python 3.5 feature (#126, @pyrco)
• Fix coveralls via forks (#127)

1.5.0:

• Python 3.11 support (#124)
  • Added 124 rules specific to Python 3.11
  • Detect except* (PEP-654)
  • Updated list of built-in generic annotation types
• More stringent rules for detecting union types (#108 fixes #103)
• Don't visit returns annotations if not evaluating annotations (#110 fixes #109)
• typing_extensions backport and versioned backports support (#111 fixes #100)
• Added --exclude-regex and --no-make-paths-absolute to exclude specific file paths (#115, @cosmicexplorer)
• Plurality method of results messages with overridability
• General project tweaks
  • Don't test using end-of-life Python versions (3.4 and 3.5)
  • Added security policy and vulnerability report template
  • Added CODEOWNERS file
  • Added CONTRIBUTING file
  • Added OpenSSF best practices emblem to README
  • Check GitHub Actions and Pip deps every sunday via dependabot
  • Check CodeQL on PRs and Sundays. Not when pushing to master because PRs are required and otherwise it'll run two times: once for the PR and again when the accepted PR is merged to master.

v1.5.1

Note: Vermin 1.6 will end support for py2.7

1.5.1:

• Make typing.NamedTuple a Python 3.5 feature (#126, @pyrco)
• Fix coveralls via forks (#127)

1.5.0:

• Python 3.11 support (#124)
  • Added 124 rules specific to Python 3.11
  • Detect except* (PEP-654)
  • Updated list of built-in generic annotation types
• More stringent rules for detecting union types (#108 fixes #103)
• Don't visit returns annotations if not evaluating annotations (#110 fixes #109)
• typing_extensions backport and versioned backports support (#111 fixes #100)
• Added --exclude-regex and --no-make-paths-absolute to exclude specific file paths (#115, @cosmicexplorer)
• Plurality method of results messages with overridability
• General project tweaks
  • Don't test using end-of-life Python versions (3.4 and 3.5)
  • Added security policy and vulnerability report template
  • Added CODEOWNERS file
  • Added CONTRIBUTING file
  • Added OpenSSF best practices emblem to README
  • Check GitHub Actions and Pip deps every sunday via dependabot
  • Check CodeQL on PRs and Sundays. Not when pushing to master because PRs are required and otherwise it'll run two times: once for the PR and again when the accepted PR is merged to master.

Version 1.5.0 - Python 3.11 support

Note: Vermin 1.6 will end support for py2.7

• Python 3.11 support (#124)
  • Added 124 rules specific to Python 3.11
  • Detect except* (PEP-654)
  • Updated list of built-in generic annotation types
• More stringent rules for detecting union types (#108 fixes #103)
• Don't visit returns annotations if not evaluating annotations (#110 fixes #109)
• typing_extensions backport and versioned backports support (#111 fixes #100)
• Added --exclude-regex and --no-make-paths-absolute to exclude specific file paths (#115, @cosmicexplorer)
• Plurality method of results messages with overridability
• General project tweaks
  • Don't test using end-of-life Python versions (3.4 and 3.5)
  • Added security policy and vulnerability report template
  • Added CODEOWNERS file
  • Added CONTRIBUTING file
  • Added OpenSSF best practices emblem to README
  • Check GitHub Actions and Pip deps every sunday via dependabot
  • Check CodeQL on PRs and Sundays. Not when pushing to master because PRs are required and otherwise it'll run two times: once for the PR and again when the accepted PR is merged to master.

Version 1.4.2

1.4.2:

• Show tip for assignments with type annotations (AnnAssign) if annotations are disabled:

  Tips:
  - Generic or literal annotations might be in use. If so, try using: --eval-annotations
    But check the caveat section: https://github.com/netromdk/vermin#caveats
  

1.4.1:

• Fixed union types detection when either are None, like def foo(n: int | None):

1.4.0:

• Removed deprecated lax mode entirely
• Vermin 1.6 will end support for py2.7
• An actual quiet --quiet mode
• --violations can be used with --quiet such that nothing is shown except rule violations (#85)
• Added violations aliases --lint and --no-lint
• Detect with statements grouped with parentheses (py3.9, #84)
• Show tip when generic/literal annotations might be in use (#84)
• Add support for pre-commit by @loganswartz (#81)
• Handle async with similarly to with
• async for is py3.5 instead of py3.6
• Restructured tips display for better readability
• Lazy parsing of source code when needed outside the Python parser
• Don't throw away duplicates when visiting nodes (--dump)

Full Changelog: https://github.com/netromdk/vermin/compare/v1.4.0..v1.4.2

Version 1.4.1

1.4.1:

• Fixed union types detection when either are None, like def foo(n: int | None):

1.4.0:

• Removed deprecated lax mode entirely
• Vermin 1.6 will end support for py2.7
• An actual quiet --quiet mode
• --violations can be used with --quiet such that nothing is shown except rule violations (#85)
• Added violations aliases --lint and --no-lint
• Detect with statements grouped with parentheses (py3.9, #84)
• Show tip when generic/literal annotations might be in use (#84)
• Add support for pre-commit by @loganswartz (#81)
• Handle async with similarly to with
• async for is py3.5 instead of py3.6
• Restructured tips display for better readability
• Lazy parsing of source code when needed outside the Python parser
• Don't throw away duplicates when visiting nodes (--dump)

Full Changelog: https://github.com/netromdk/vermin/compare/v1.4.0..v1.4.1

Version 1.4.0

• Removed deprecated lax mode entirely
• Vermin 1.6 will end support for py2.7
• An actual quiet --quiet mode
• --violations can be used with --quiet such that nothing is shown except rule violations (#85)
• Added violations aliases --lint and --no-lint
• Detect with statements grouped with parentheses (py3.9, #84)
• Show tip when generic/literal annotations might be in use (#84)
• Add support for pre-commit by @loganswartz (#81)
• Handle async with similarly to with
• async for is py3.5 instead of py3.6
• Restructured tips display for better readability
• Lazy parsing of source code when needed outside the Python parser
• Don't throw away duplicates when visiting nodes (--dump)

Full Changelog: v1.3.3...v1.4.0

Version 1.3.3

1.3.3:

• mock backport was added (#80)

1.3.2:

• super() without arguments requires v3+

1.3.1:

• Don't suppress test errors for Python 2.7, 3.4, and 3.5 with GitHub Actions
• Added kwargs rules specific to the change from v2 to v3
• With inconclusivity when using --violations and --target exit code is 0 (#79)
• Yield note when not enough evidence to conclude minimum versions
• Scan top-level folders in all cases. The recent implementation of --no-symlink-folders didn't scan top-level folders - or input folders. That's a problem if the input folder is /tmp which is a symlink to /private/tmp on macOS, for instance. Cases such as that will now be handled correctly.
• Added and fixed rules (mostly 3.10 related) (#78)

1.3.0:

• Python 3.10 support
  • Added 134 rules specific to Python 3.10
  • Structural pattern matching (PEP-0634)
  • Support optional length-checking of zip (PEP-0618)
  • Union types written as X | Y (PEP-0604)
  • Detect mapping attribute of dict views (bpo-40890)
  • Additionally testing and analyzing using Python 3.10 with GitHub Actions
• Optionally exclude parsing comments for 30-40%+ speedup. The --no-parse-comments argument or parse_comments = no config setting, can be used to disable it.
• Not scanning symlinks to folders can incur huge speedups for certain projects, especially if they
  point inside a project's hierarchy. These symlinks can be included in analysis via the --scan-symlink-folders argument or scan_symlink_folders = yes config setting.

Deprecations

• Lax mode has been deprecated in favor of specific analysis exclusions. Will be removed in v. 1.4.

Version 1.3.2

1.3.2:

• super() without arguments requires v3+

1.3.1:

• Don't suppress test errors for Python 2.7, 3.4, and 3.5 with GitHub Actions
• Added kwargs rules specific to the change from v2 to v3
• With inconclusivity when using --violations and --target exit code is 0 (#79)
• Yield note when not enough evidence to conclude minimum versions
• Scan top-level folders in all cases. The recent implementation of --no-symlink-folders didn't scan top-level folders - or input folders. That's a problem if the input folder is /tmp which is a symlink to /private/tmp on macOS, for instance. Cases such as that will now be handled correctly.
• Added and fixed rules (mostly 3.10 related) (#78)

1.3.0:

• Python 3.10 support
  • Added 134 rules specific to Python 3.10
  • Structural pattern matching (PEP-0634)
  • Support optional length-checking of zip (PEP-0618)
  • Union types written as X | Y (PEP-0604)
  • Detect mapping attribute of dict views (bpo-40890)
  • Additionally testing and analyzing using Python 3.10 with GitHub Actions
• Optionally exclude parsing comments for 30-40%+ speedup. The --no-parse-comments argument or parse_comments = no config setting, can be used to disable it.
• Not scanning symlinks to folders can incur huge speedups for certain projects, especially if they
  point inside a project's hierarchy. These symlinks can be included in analysis via the --scan-symlink-folders argument or scan_symlink_folders = yes config setting.

Deprecations

• Lax mode has been deprecated in favor of specific analysis exclusions. Will be removed in v. 1.4.

Version 1.3.1

1.3.1:

• Don't suppress test errors for Python 2.7, 3.4, and 3.5 with GitHub Actions
• Added kwargs rules specific to the change from v2 to v3
• With inconclusivity when using --violations and --target exit code is 0 (#79)
• Yield note when not enough evidence to conclude minimum versions
• Scan top-level folders in all cases. The recent implementation of --no-symlink-folders didn't scan top-level folders - or input folders. That's a problem if the input folder is /tmp which is a symlink to /private/tmp on macOS, for instance. Cases such as that will now be handled correctly.
• Added and fixed rules (mostly 3.10 related) (#78)

1.3.0:

• Python 3.10 support
  • Added 134 rules specific to Python 3.10
  • Structural pattern matching (PEP-0634)
  • Support optional length-checking of zip (PEP-0618)
  • Union types written as X | Y (PEP-0604)
  • Detect mapping attribute of dict views (bpo-40890)
  • Additionally testing and analyzing using Python 3.10 with GitHub Actions
• Optionally exclude parsing comments for 30-40%+ speedup. The --no-parse-comments argument or parse_comments = no config setting, can be used to disable it.
• Not scanning symlinks to folders can incur huge speedups for certain projects, especially if they
  point inside a project's hierarchy. These symlinks can be included in analysis via the --scan-symlink-folders argument or scan_symlink_folders = yes config setting.

Deprecations

• Lax mode has been deprecated in favor of specific analysis exclusions. Will be removed in v. 1.4.

Full Changelog: v1.2.2...v1.3.1