Skip to content

Latest commit

 

History

History
118 lines (91 loc) · 5.95 KB

CHANGELOG.md

File metadata and controls

118 lines (91 loc) · 5.95 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Changed

  • Support usedforsecurity=False parameter to hashlib constructors (#39)

[0.12.0] - 2021-10-27

Added

  • Support for Python 3.10
  • Support for Flake8 4 (#36)

Removed

  • Support for Python 2.7 (#3)

[0.11.0] - 2020-10-30

Added

  • Support for Python 3.9 (#32)

Fixed

  • False positive for DUO107 when xml.etree.ElementTree.{Element,SubElement} used (#28)
  • False positive for DUO116 when shell=False used (#31)

Removed

  • Support for Python 3.5

[0.10.3] - 2020-03-09

Fixed

  • False positive for DUO138 when expressions aren't backtrackable (#14)

[0.10.2] - 2020-02-19

Changed

  • Cache namespace results and minimize kwarg checks by grouping similar rules - ~500% speed up (#18)
  • Only run linters that are selected - speed up depends on number of linters seleted (#19)

Fixed

  • The --print-dlint-linters flag on Windows (#17)

[0.10.1] - 2020-01-21

Fixed

  • Crash in DUO138 when malformed regular expression (#15)

[0.10.0] - 2020-01-21

Added

  • DUO137: lint for insecure itsdangerous kwarg usage (#36)
  • DUO138: lint for regular expression catastrophic backtracking in re module (#41)

Fixed

  • False positive for DUO137 when kwarg missing (#39)

[0.9.2] - 2019-11-21

Fixed

  • False negative with arbitrary depth from import alias in bad module attribute (#32)
  • False negative with arbitrary depth from import wildcard in bad module attribute (#33)

[0.9.1] - 2019-11-06

Fixed

  • False positive with input as variable name (#31)

[0.9.0] - 2019-10-13

Added

  • DUO116: rule for subprocess.run (#24)
  • The --print-dlint-linters command-line flag to print all Dlint linters (#26)
  • DUO136: lint for insecure xmlsec usage (#27)

Changed

  • Visitor strategy to minimize node visits - ~25% speed up (#28)

Fixed

  • False negative with nested imports in bad module attribute (#30)

Removed

  • dlint.linters.helpers.bad_kwarg_use: use of attribute_name in favor of fully specified module_path (#19)
  • dlint.tree: use of kwarg_attribute in favor of kwarg_module_path (#21)
  • dlint.linters.helpers.bad_name_attribute_use: use of attribute list in favor of fully specified module path (#20)

[0.8.0] - 2019-09-18

Added

  • Support for Python 3.8 (#12)
  • DUO134: lint for insecure cryptography usage (#6)
  • DUO135: lint for insecure defusedxml usage (#5)

Deprecated

  • dlint.linters.helpers.bad_kwarg_use: use of attribute_name in favor of fully specified module_path (#19)
  • dlint.tree: use of kwarg_attribute in favor of kwarg_module_path (#21)
  • dlint.linters.helpers.bad_name_attribute_use: use of attribute list in favor of fully specified module path (#20)

Fixed

  • False negative when deep imports are not fully specified in bad module attribute (#1)
  • False negative - consider async functions in bad name attribute (7bd249e)
  • False negative in various import scenarios when using attribute_name in bad kwarg (#19)
  • False negative in various import scenarios when using kwarg_attribute in bad kwarg (#21)
  • False negative in various import scenarios when using attribute list in bad name attribute (#20)

[0.7.0] - 2019-08-24

Added

  • DUO133: lint for pycrypto usage (#7)

Fixed

  • False positive when bad builtin is overwritten by import (#16)
  • False negative when bad module attribute uses import alias (#2)
  • False positive when bad module attribute not imported (#14)

[0.6.0] - 2019-08-12

Added

  • Support for Python 3.5 and 3.7 (#9)
  • DUO131: lint for disabling urllib3 warnings
  • DUO132: lint for disabling urllib3 HTTPS certification verification

Removed

  • FormatStringLinter, previously DUO104, as it was a disabled expirement (#15)

[0.5.0] - 2019-07-17

Added

  • Initial public release of Dlint