Releases: SonarSource/sonar-python
SonarPython 4.14.0.14263
Release notes - SonarPython - 4.14
False Negative
SONARPY-1579 Fix FN on S6437 when library stubs are missing
New Feature
SONARPY-1553 Rule S4507: Add support for GraphQL endpoints with GraphiQL (interactive GraphQL) enabled
SONARPY-1555 Rule S6785: GraphQL queries should not be vulnerable to Denial of Service attacks
Task
SONARPY-1590 Update java protobuf version to 3.25.1
Improvement
SONARPY-1569 [S6779] Highlight on the line that actually contains the Flask secret
SONARPY-1582 Add SonarLintCache component and make it accessible to custom rules via the caching APIs
SONARPY-1583 Add sonarProduct() API to PythonInputFileContext
SonarPython 4.13.0.14130
Release notes - SonarPython - 4.13
Bug
SONARPY-1247 Fix inconsistencies in test rule results when test dirs are configured
SONARPY-1574 Correctly infer types in case of annotated assignments
False-Positive
SONARPY-1010 Fix FP on S5607, S5864, S2159, S5644, S3862 when using mocks
SONARPY-1166 Avoid FPs when variables are used inside 'pandas.DataFrame.query' expression argument
SONARPY-1251 Fix FP on S1940 Inverted boolean checks when comparing Sets
SONARPY-1252 S5886 (FunctionReturnTypeCheck) should consider type aliases
SONARPY-1256 Fix FP on S5886 when Iterator is an ambiguous symbol
SONARPY-1562 Fix FP on S139 when the comment is a Flake8 pragma comment
SONARPY-1563 Fix FPs on S1172 when the parameter is intentionally unused
SONARPY-1568 S6542 should not raise an issue on overrides and overloads
False Negative
SONARPY-1570 [S5332] Fix FN when calls are made to `http.server.HTTPServer.server_bind(self)` from within inherited classes.
Improvement
SONARPY-1556 Parameters should properly support union type as declared type
SONARPY-1558 Support declared types of class fields
SonarPython 4.12.0.13917
Release notes - SonarPython - 4.12
False Negative
SONARPY-1434 Rule S5122: Add support for flask_cors 2
New Feature
SONARPY-834 Support type inference at module level
SONARPY-1535 Rule S4830: Add support for HTTPX
SONARPY-1537 Rule S4830: Add support for aiohttp
SONARPY-1545 Rule S5659: Add support for python-jose
SONARPY-1546 Rule S2092: Add support for FastAPI
SONARPY-1547 Rule S3330: Add support for FastAPI
SonarPython 4.11.0.13826
Release notes - SonarPython - 4.11
New Feature
SONARPY-1468 Rule S6779: Flask secret keys should not be disclosed
SONARPY-1474 Rule S6781: JWT secret keys should not be disclosed
SONARPY-1498 [S6786] Python GraphQL introspection should be disabled
False Negative
SONARPY-1461 S4507: Add support for Flask applications
SONARPY-1475 [S5332] Support `http.server.HTTPServer` and subclasses
SONARPY-1478 Rule S5547: Add support for ssl module
SONARPY-1552 Rule S5332: Raise an issue on `server_bind` calls.
4.10.0.13725
Release notes - SonarPython - 4.10
Bug
SONARPY-1533 Fix Ruff report import to use the correct column and row location
False-Positive
SONARPY-1521 S4143: Fix FP when there is different collections value assignment for same key
SONARPY-1524 S3827: Fix FP when value is referenced in type alias
SONARPY-1525 S5953: fix FP when using generic types for parameters and return type hints
SONARPY-1530 S5806: Fix FN and FP regarding the Ellipsis and the ellipsis type.
SONARPY-1536 S6735: Fix false positive when left_on or right_on is specified for pandas.merge
New Feature
SONARPY-1484 Support type parameter syntax for classes
SONARPY-1486 Support generic type alias declaration syntax
SONARPY-1493 Support lexing of PEP701 f-strings
SONARPY-1494 Support grammar of PEP701 f-strings
SONARPY-1509 Rule S6799: f-strings should not be nested too deeply
SONARPY-1510 Rule S6792: Generic classes should be defined using the type parameter syntax
SONARPY-1511 Rule S6794: Type aliases should be declared with a "type" statement
SONARPY-1512 Rule S6796: Generic functions should be defined using the type parameter syntax
Improvement
SONARPY-1515 Support function and class type parameters for Symbol table
SONARPY-1529 Standardise rule message formatting across rules implemented in MMF-3335 and MMF-3336.
SonarPython 4.9.0.13528
Release notes - SonarPython - 4.9
New Feature
SONARPY-1455 Rule S6741: The 'pandas.DataFrame.to_numpy()' method should be preferred to the 'pandas.DataFrame.values' attribute
SONARPY-1456 Rule S6734: inplace=True should not be used when modifying a Pandas DataFrame
SONARPY-1458 Rule S6742: pandas.pipe method should be preferred over long chains of instructions
SONARPY-1459 Rule S6735: When using pandas.merge or pandas.join, the parameters on, how and validate should be specified
SONARPY-1460 Rule S6740: dtype parameter should be provided when using pandas.read_csv or pandas.read_table
SONARPY-1495 Expand the scope of rule S6735 to calls to merge and join on the DataFrame object.
SonarPython 4.8.0.12420
Release notes - SonarPython - 4.8
New Feature
SONARPY-1443 Rule S6725: Equality checks should not be made against "numpy.nan"
SONARPY-1445 Rule S6709: Results that depend on random number generation should be reproducible
SONARPY-1446 Rule S6711: numpy.random.Generator should be preferred to numpy.random.RandomState
SONARPY-1447 Rule S6727: The abs_tol parameter should be provided when using math.isclose to compare values to 0
SONARPY-1448 Rule S6730: Deprecated NumPy aliases of built-in types should not be used
SONARPY-1449 Rule S1244: Floating point numbers should not be tested for equality
SONARPY-1462 Rule S6725: Add quick fix for equality checks against "np.nan"
False Negative
SONARPY-750 S1192 (StringLiteralDuplicationCheck) shouldn't exclude capitalized strings
SONARPY-1364 S2638 Argument number check should correctly detect tzname number of parameters
SONARPY-1368 Fix FNs on S5655 for calls to len
SONARPY-1370 S5655: Fix FN on math.acos calls
SONARPY-1375 Fix FN: S2638 should report on ambiguous symbols when no definition contract is respected
SONARPY-1452 S930: Fix FN on math.acos calls
Improvement
SONARPY-1348 Support type inference in presence of augmented assignments
SONARPY-1363 S2638 ChangeMethodContract: Should properly state the missing parameter name and not null.
SONARPY-1386 Avoid running Typeshed serializer tests when mvn has -DskipTests argument
SONARPY-1389 Fix parse error when an unpacking expression is used as subscript
SONARPY-1393 S6540: Avoid raising issues on args and kwargs
SONARPY-1436 Rule S6729: np.nonzero should be preferred over np.where when only the condition parameter is set.
SONARPY-1437 Rule S6714: Passing a list to np.array should be preferred over passing a generator.
SONARPY-1463 Rule S6725: Fix issue message to be imperative
SONARPY-1467 Rule S6729: Add quick fix to turn np.where into np.nonzero
SONARPY-1470 ReachingDefinitionAnalysis should work with annotated assignments
SonarPython 4.7.0.12181
Release notes - SonarPython - 4.7
False-Positive
SONARPY-1058 Rule S1313: Exclude local IPv4-mapped IPv6 address
SONARPY-1198 Fix FP on S930 due to outdated Typeshed stubs
SONARPY-1339 Fix FP on S5644 on ModuleType.__path__
SONARPY-1376 Fix FP on S5886 when the function is a context manager
SONARPY-1394 S6553: Avoid reporting when the "managed" flag is set to False
SONARPY-1416 Modify S6330: Default Queue encryption is now SSE-SQS
SONARPY-1419 FP on S6463 when using AWS `from_security_group_id` function
New Feature
SONARPY-1422 Add support for importing Ruff reports
Task
SONARPY-1423 Update sonar-plugin-api to latest version (10.1.0.809)
SONARPY-1424 Update sonar-analyzer-commons to latest version (2.6.0.1473)
SONARPY-1425 Update rules metadata
SONARPY-1428 Migrate from JUnit4 to JUnit5
SONARPY-1431 Update sonar-analyzer-commons to latest version (2.7.0.1482)
SonarPython 4.6.0.12071
Release notes - SonarPython - 4.6
Bug
SONARPY-1417 Serialize symbols for Python 3.11
New Feature
SONARPY-427 Rule S1128: Unnecessary imports should be removed
SONARPY-1402 Rule S6658: Special methods should have an expected return type
SONARPY-1404 Rule S5642: "in" and "not in" operators should be used on objects supporting them
SONARPY-1406 Rule S2876: "__iter__" should return an iterator
SONARPY-1410 Rule S6659: 'startsWith' or 'endsWith' methods should be used instead of string slicing in condition expressions
SONARPY-1411 Rule S6660: isinstance() should be preferred to direct type comparisons
SONARPY-1412 Rule S6661: Assignments of lambdas to variables should be replaced by function definitions.
SONARPY-1413 Rule S6662: Set members and dictionary keys should be hashable
SONARPY-1414 Rule S6663: Sequence indexes must have an __index__ method
SonarPython 4.5.0.11949
Release notes - SonarPython - 4.5
Documentation
SONARPY-1399 Migrate the description of 37 rules to the education format