Vermin

Latest version: v1.6.0

Safety actively analyzes 688944 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 9

1.6.0

**Outdated Python 2.x execution support of Vermin has been removed. (https://github.com/netromdk/vermin/pull/200)
But 2.x detections still function as before!**

* Python 3.12 support and 120 new rules (https://github.com/netromdk/vermin/pull/204)
* 104 classes/functions/constants members etc.
* 16 kwargs
* Detect type alias statement `type X = SomeType` ([PEP-695](https://peps.python.org/pep-0695/))
* No longer require that the number of targets match requirements in relation to `--violations` mode (brenns10, https://github.com/netromdk/vermin/pull/234, https://github.com/netromdk/vermin/issues/230)
* Fix overriding config exclusion regexes from other instance (https://github.com/netromdk/vermin/pull/237)
* Added `zoneinfo` backport (!2, 3.6, https://github.com/netromdk/vermin/pull/196)
* Add more project boundaries (https://github.com/netromdk/vermin/pull/201)
* Perforce Helix Core: `.p4root`
* Pijul: `.pijul`
* Correct a typo in `CONTRIBUTING.md` (felixonmars , https://github.com/netromdk/vermin/pull/214)
* Fixed execution of ps script (https://github.com/netromdk/vermin/pull/209)
* Semgrep improvements (https://github.com/netromdk/vermin/pull/206)
* Semgrep fixes (https://github.com/netromdk/vermin/pull/208)
* [actions] SAST with Semgrep (https://github.com/netromdk/vermin/pull/205)
* Security fixes (https://github.com/netromdk/vermin/pull/227)

1.5.2

* **Union types (`X | Y`) detection turned into opt-in feature** (176 fixes 103)
* See the [caveats section](https://github.com/netromdk/vermin#caveats) for more information.
* Added missing rules and fixed some existing ones (155 fixes 144)
* Added 120 new rules
* 31 modules
* 68 members
* 21 kwargs
* Fixed 17 rules
* Thanks to cpAdm for reporting the rules issues!
* Fixed error reporting that broke parsable format (156 fixes 150)
* Fixed reported versions for built-in `type()` (172 fixes 171)
* Visit keyword values if not excluded/ignored (173 fixes 168)
* Union types detection also considers attributes (174 fixes 159)
* Improved usage section of README (175 fixes 158)
* Fixed a typo in the `--help` documentation (169, Eutropios)
* [actions] Don't test using EOL Python 3.6 (134)
* Security (_does not affect Vermin in production, only deps for CI testing and analysis_)
* Upgrade certifi to 2022.12.07 (135, GHSA-43fp-rhv2-5gv8)
* Update GitPython to 3.1.30 (157, GHSA-hcpj-qp55-gfph)

1.5.1

Not secure
* Make `typing.NamedTuple` a Python 3.5 feature (126, pyrco)
* Fix coveralls via forks (127)

1.5.0

Not secure
**Note: Vermin 1.6 will end support for py2.7**

* Python 3.11 support (124)
* Added 124 rules specific to Python 3.11
* Detect `except*` ([PEP-654](https://peps.python.org/pep-0654/))
* Updated list of built-in generic annotation types
* More stringent rules for detecting union types (108 fixes 103)
* Don't visit `returns` annotations if not evaluating annotations (110 fixes 109)
* `typing_extensions` backport and versioned backports support (111 fixes 100)
* Added `--exclude-regex` and `--no-make-paths-absolute` to exclude specific file paths (115, cosmicexplorer)
* Plurality method of results messages with overridability
* General project tweaks
* Don't test using end-of-life Python versions (3.4 and 3.5)
* Added [security policy](https://github.com/netromdk/vermin/blob/master/SECURITY.md) and vulnerability report template
* Added [`CODEOWNERS`](https://github.com/netromdk/vermin/blob/master/.github/CODEOWNERS) file
* Added [`CONTRIBUTING`](https://github.com/netromdk/vermin/blob/master/CONTRIBUTING.md) file
* Added OpenSSF best practices emblem to README
* Check GitHub Actions and Pip deps every sunday via dependabot
* Check CodeQL on PRs and Sundays. Not when pushing to master because PRs are required and otherwise it'll run two times: once for the PR and again when the accepted PR is merged to master.

1.4.2

Not secure
- Show tip for assignments with type annotations (`AnnAssign`) if annotations are disabled:

Tips:
- Generic or literal annotations might be in use. If so, try using: --eval-annotations
But check the caveat section: https://github.com/netromdk/vermin#caveats

1.4.1

Not secure
- Fixed union types detection when either are `None`, like `def foo(n: int | None):`

Page 1 of 9

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.