Skip to content

Releases: SonarSource/sonar-python

SonarPython 3.8.0.8883

15 Nov 16:04
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.8.0.8883
30629fb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.8.0.8883 
    Release Notes - SonarPython - Version 3.8

Bug

  • [SONARPY-898] - Avoid failing on older SonarLint
  • [SONARPY-925] - Project Python version should be set to `MAX_SUPPORTED_VERSION` when setting 'sonar.python.version=3.11 or more'
  • [SONARPY-931] - Fix parse error: assignment expression within subscription
  • [SONARPY-932] - Fix parse error: decorators can be any valid expression
  • [SONARPY-933] - Fix parse error: lambda parameter list can have a trailing comma

New Feature

  • [SONARPY-908] - Basic support of match / case statement
  • [SONARPY-914] - Match / case statement: support sequence patterns
  • [SONARPY-915] - Match / case statement: support mapping patterns
  • [SONARPY-916] - Match / case statement: support class patterns
  • [SONARPY-917] - Match / case statement: support wildcard and group patterns
  • [SONARPY-918] - Match / case statement: as patterns
  • [SONARPY-919] - Match / case statement: OR patterns
  • [SONARPY-924] - Add Python 3.10 to supported versions
  • [SONARPY-929] - Match / case statement: support value patterns
  • [SONARPY-934] - Support syntax highlighting for match / case keyword

False-Positive

  • [SONARPY-909] - S5953 (Undefined symbols) Avoid FP with names bound in match/case statements
  • [SONARPY-913] - S1854 (DeadStore): take into account statements inside match / case
Assets 2

SonarPython 3.7.0.8753

05 Nov 15:19
@karim-ouerghemmi-sonarsource karim-ouerghemmi-sonarsource
3.7.0.8753
e2b05ef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.7.0.8753

Bug

  • [SONARPY-860] - Parse error on `with` statements with parens

New Feature

  • [SONARPY-882] - Rule S5850: Alternatives in regular expressions should be grouped when used with anchors
  • [SONARPY-883] - Rule S6019 Reluctant quantifiers in regular expressions should be followed by an expression that can't match the empty string
  • [SONARPY-884] - Rule S6035 Single-character alternations in regular expressions should be replaced with character classes
  • [SONARPY-885] - Rule S5996 Regex boundaries should not be used in a way that can never be matched
  • [SONARPY-886] - Rule S5855 Regex alternatives should not be redundant
  • [SONARPY-887] - Extend existing RegexParser to parse Python regular expressions
  • [SONARPY-888] - Rule S5868 Unicode Grapheme Clusters should be avoided inside regex character classes
  • [SONARPY-889] - Rule S5869 Character classes in regular expressions should not contain the same character twice
  • [SONARPY-891] - Rule S5857 Character classes should be preferred over reluctant quantifiers in regular expressions
  • [SONARPY-892] - Rule S6002 Regex lookahead assertions should not be contradictory
  • [SONARPY-893] - Rule S5843 Regular expressions should not be too complicated
  • [SONARPY-894] - Rule S5842 Regex repetition pattern's body should not match the empty String
  • [SONARPY-895] - Rule S5361 "str.replace" should be preferred to "re.sub"
  • [SONARPY-923] - Analyze regex in variables whose values we can infer

Task

  • [SONARPY-911] - Provide global regex flags to the parser
Assets 2

SonarPython 3.6.0.8488

23 Jul 15:44
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.6.0.8488
d52bd3c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.6.0.8488 
    Release Notes - SonarPython - Version 3.6

New Feature

  • [SONARPY-631] - Add a python version parameter and raise a warning when it is not set
  • [SONARPY-867] - Use serialized "annoy" library from TypeShed
  • [SONARPY-870] - Use serialized version of TypeShed core modules (builtins and its dependencies)

Improvement

  • [SONARPY-881] - Support medium-size projects accurate analysis in SonarLint

Documentation

  • [SONARPY-861] - Show "custom rules" documentation only in SonarQube
  • [SONARPY-875] - Fix broken links in embedded documentation
Assets 2

SonarPython 3.5.0.8244

26 May 07:40
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.5.0.8244
7992d2a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.5.0.8244 
    Release Notes - SonarPython - Version 3.5

Sub-task

  • [SONARPY-851] - Introduce PythonIndexer to wrap Project Symbol Table
  • [SONARPY-852] - Declare PythonIndexer as SonarLint component with module scope

New Feature

  • [SONARPY-845] - Create and persist project symbols in SonarLint analyses
  • [SONARPY-847] - Activate Project Symbol Table in SonarLint only for small/medium projects
  • [SONARPY-848] - Update project-level symbols when a file is changed in SonarLint
  • [SONARPY-857] - Add cross-file secondary location for SonarLint

Task

False-Positive

  • [SONARPY-859] - Fix FP on S2325 for decorated methods
Assets 2

SonarPython 3.4.1.8066

29 Apr 15:28
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8066
22139ec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1.8066 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Assets 2

SonarPython 3.4.1.8063

29 Apr 14:46
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8063
510f24f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1.8063 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Assets 2

SonarPython 3.4.1

29 Apr 12:16
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.1.8056
e488dbd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4.1 
    Release Notes - SonarPython - Version 3.4.1

Task

  • [SONARPY-843] - Update dependencies to latest version when possible
Assets 2

SonarPython 3.4

24 Mar 10:20
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.4.0.7980
ed304c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.4 
    Release Notes - SonarPython - Version 3.4

Improvement

  • [SONARPY-839] - Upgrade Apache commons-io dependency to 2.8
Assets 2

sonar-python 3.3

01 Mar 12:22
@guillaume-dequenne-sonarsource guillaume-dequenne-sonarsource
3.3.0.7945
d4d2e37
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
sonar-python 3.3 
    Release Notes - SonarPython - Version 3.3

New Feature

  • [SONARPY-825] - Rule S2257: Using non-standard cryptographic algorithms is security-sensitive
  • [SONARPY-826] - Rule S2612: Setting loose POSIX file permissions is security-sensitive
  • [SONARPY-828] - Rule S3329: Cipher Block Chaining IV's should be random and unique
  • [SONARPY-829] - Rule S5659: JWT should be signed and verified with strong cipher algorithms
  • [SONARPY-831] - Rule S3752: Allowing both safe and unsafe HTTP methods is security-sensitive

Improvement

Assets 2

SonarPython 3.2

01 Feb 13:21
@andrea-guarino-sonarsource andrea-guarino-sonarsource
3.2.0.7856
d0e59d3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
SonarPython 3.2 
    Release Notes - SonarPython - Version 3.2

Bug

  • [SONARPY-799] - Avoid StackOverflow Error in presence of loop in class inheritance
  • [SONARPY-827] - Rule S5780 (DictionaryDuplicateKeyCheck) should not fail when comparing hex long integers

New Feature

  • [SONARPY-791] - S4790 should support "cryptography.hazmat.primitives.hashes"
  • [SONARPY-818] - Parser should allow decorators to be any valid expression
  • [SONARPY-819] - Update Typeshed to support Python 3.9
  • [SONARPY-820] - Type inference: standard collections as generics
  • [SONARPY-822] - Type inference: support typing.Annotated

Task

  • [SONARPY-798] - S4784 should be deprecated because it's too noisy
  • [SONARPY-821] - Update license file headers

False-Positive

  • [SONARPY-704] - Rule S4790 should raise only for weak hashs
  • [SONARPY-814] - RSPEC-1481 (UnusedLocalVars) should not raise on annotated assignments without RHS
  • [SONARPY-815] - RSPEC-1481 (UnusedLocalVars) should not raise on vars used inside f-strings containing conditional expressions
  • [SONARPY-816] - S1720 should not raise on empty __init__.py
  • [SONARPY-817] - InsufficientLineCoverage shouldn't raise issues on empty __init__.py
  • [SONARPY-823] - RSPEC-5607 should not report on Python 3.9 dict union operator
Assets 2