This file contains change logs for v0.81.0 and earlier.
See GitHub Releases for the most up-to-date change logs.
- New codemod:
fix-async-task-instantiation
- Remove unused fields from
CodemodCollectionAPI - Fix edge case in
sql-parameterizationto remove empty string variable from query
- Accept Sonar security JSON for detection (#223)
- New
BaseCodemodAPI (#213) - New codemod:
fix-assert-tuple - New codemod:
fix-empty-sequence-comparison - New codemod:
lazy-logging - New codemod:
remove-assertion-in-pytest-raises - New codemod:
str-concat-in-sequence-literals - Handle
httpxinrequests-verifycodemod (#243)
- Handle multiple blocks in
fix-file-resource-leak
- Respect
#noqaannotations forsubprocess-shell-falsecodemod (#259) - Additional checks to prevent false positives in
flask-json-content-type(#257)
- Avoid incorrect changes in
requests-timeoutcodemod (#256) - Enable
fix-mutable-paramscodemod to correctly handle single-statement functions (#255)
- Add
diffSidefield to change entries in CodeTF
- Additional test directory patterns to ignore
- Fix
secure-randomcodemod: ignorerandom.SystemRandom
- Fix path inclusion behavior
remove-debug-breakpointcodemodcombine-startswith-endswithcodemodreplace-flask-send-filecodemodfix-deprecated-logging-warncodemodflask-enable-csrf-protectioncodemod- Update
harden-pyyamlto fix custom loader classes that inherit unsafe loaders
- Add proper inclusion/exclusion filter to codemods that were missing it
use-set-literalcodemodremove-module-globalcodemodsubprocess-shell-falsecodemod- Better formatting for dependency updates to
setup.py - Add expression propagation to
literal-or-new-object-identity
- Fix regression in dependency manager: do not re-add existing dependency
literal-or-new-object-identitycodemodremove-future-importscodemodadd-requests-timeoutcodemodexception-without-raisecodemod- Better heuristic for detecting which dependency files to update
- Add detailed description to CodeTF about dependency update (or failure)
flask-json-response-typecodemod- Support for
Popeninsandbox-process-creation
- Update example in
url-sandboxdocumentation
fix-deprecated-abstractpropertycodemod- Add inequality support to
numpy-nan-equality - Add
--sonar-issues-jsonCLI flag for compatibility - Make
--outputCLI flag optional to align with spec - Implement
use-walrus-ifcodemod without semgrep - Exclude
order-importsandunused-importsby default - Better description for
remove-unnecessary-f-str
- Better handling of edge cases in
use-walrus-if
django-json-response-typecodemoddjango-receiver-on-topcodemodnumpy-nan-equalitycodemodfix-file-resource-leakcodemod- Add support for
aiohttp2_jinjatoenable-jinja2-autoescape - Implement
--describeCLI flag
- Update email alias
- Do not modify body of abstract methods for
fix-mutable-params - Preserve
Optionaltype annotation if present infix-mutable-params
- Handle updates to
requirements.txtfiles without trailing newlines
- Ignore hardcoded URLs for detecting
url-sandbox
use-generatorcodemod- Move extra dependencies to
pyproject.toml
sql-parametrizationcodemod- Updates to package metadata for release to PyPI
- Generate CodeTF even when no files/codemods match
- Preserve custom loaders with
harden-pyyaml
- Optimization: initial scan with semgrep to filter potential results
- Work around bug in
difflibfor producting CodeTF diffs
- Updates to internal release process
- Fixed import alias case for
harden-pyyaml,secure-tempfile, andupgrade-sslcontext-minimum-version - Handle missing terminating newline in dependency manager