Version 0.8.1

• Heuristics employed when detecting python files without extensions (#23)
• Added --help and -h to show usage info (#23)

Thanks to @bulletmark for bringing it to my attention.

Version 0.8.0

Now detecting even more language features.

• Detecting self-documenting f-strings (3.8)
• Detecting continue in try-finally block (3.8)
• Detecting modular inverse pow(.., -y, ..) (3.8)
• Detecting asynchronous comprehensions (3.6)
• Detecting asynchronous generators (3.6 -> 3.7)
• Detecting await in comprehensions (3.6 -> 3.7)
• Detecting infix matrix multiplication @ (3.5)
• Detecting dict comprehensions (#22, 2.7, 3.0)
• Detecting exception context cause (3.3)
• Detecting yield from expressions (#21, 3.3)
• Detecting builtin bytes class from type usage
• Added 17 rules
• Introduced verbosity level 4 which currently displays user-defined symbols being ignored
• Removed unused code
• Improved test coverage
• General code improvements

Thanks to @ozturkberkay for reporting issues regarding dict comprehensions and yield from expressions.

Version 0.7.0

• Detect position-only parameters (3.8, PEP 570)
• Detect named expressions (3.8, PEP 572)
• Detect builtin classes from type usages (str, unicode, dict, set, frozenset, int, float, long). This allows detection of "hello".isascii() as str.isascii, for instance, which enables a new set of rules
• 188 new rules added
• Print range of unique versions required by the analysed code via --versions:

  % ./vermin.py -q --versions vermin
  Minimum required versions: 2.7, 3.0
  Version range:             2.0, 2.5, 2.7, 3.0
  

• Analysis Exclusion in two ways:
  • # novermin and # novm:

  import ssl
  tls_version = ssl.PROTOCOL_TLSv1
  if hasattr(ssl, "PROTOCOL_TLS"):  # novermin
    tls_version = ssl.PROTOCOL_TLS

  • --exclude <symbol name> and --exclude-file <file name>:

  [--exclude <name>] ...
        Exclude full names, like 'email.parser.FeedParser', from analysis. Useful to
        ignore conditional logic that can trigger incompatible results. It's more fine
        grained than lax mode.
  
        Examples:
          Exclude 'foo.bar.baz' module/member: --exclude 'foo.bar.baz'
          Exclude 'foo' kwarg:                 --exclude 'somemodule.func(foo)'
          Exclude 'bar' codecs error handler:  --exclude 'ceh=bar'
          Exclude 'baz' codecs encoding:       --exclude 'ce=baz'
  
  [--exclude-file <file name>] ...
        Exclude full names like --exclude but from a specified file instead. Each line
        constitues an exclusion with the same format as with --exclude.
  

• Analysis now also visits all attributes, and arguments and keywords of functions for better rule-checking coverage

Thanks to @chickenbit (#20) for getting me on track for detecting and adding new rules for builtin types.

Version 0.6.3

• Changed wording when no results were triggered to be less confusing by showing "~2" and/or "~3" when it isn't known that it won't work with py2 or py3. Before it would just show nothing in verbose mode for such files. (#19, thanks @hwine)
• Added results interpretation to usage info and README to better inform what "~2", "!2", and so on, means.
• Showing non-lax tip if no rules were triggered to try more thorough analysis.
• Corrected version-combining for bytesv3 (b'test') by not showing "~2, 3.0" but "!2, 3.0" since if bytesv3 was triggered it is on py3 and otherwise, on py2, type(b'test') = <type 'str'>.

Version 0.6.2

A new lax mode has been implemented via argument -l. The analysis engine traverses the abstract syntax trees of all the Python files supplied, but it cannot evaluate any of the code (due to potential unexpected side-effects) in order to know which conditional branches will be taken at runtime. The lax mode will skip all if, ternarys, for, while, try, and boolean operations. Note that it isn't a perfect solution. (Thanks to @vikahl for bringing it to my attention again)

Function annotations were incorrectly stating that it required Python 3.5 but they are available from 3.0. (Thanks to @csernazs for noticing it). Note that variable annotations still require 3.6.

Hidden files and folders (starting with ".") will now be skipped by default because they aren't normally something expected to be included in the scan. The --hidden argument can be used to include them like before. (Thanks to @mgedmin for the great suggestion)

Two other rules were corrected to require (2.4, 3) instead of 3.1:

• base64.encodestring
• base64.decodestring

Version 0.6.1

Thanks to @ngtvspc, it was spotted (#14) that the path detection order wasn't deterministic, i.e. the order would vary on occasion. That got fixed so the results are always the same for each successive scan.

Additionally, early Python 3.8.0b1 support has been implemented.

Version 0.6.0

• Reached 1000 rules in total!
• 128 new rules:
  • 4 modules
  • 85 classes/functions/constants
  • 34 kwargs
  • 2 array typecodes
  • 3 codecs error handler names
  • 20 codecs encodings
• New detections:
  • array typecodes, like 'Q' in array.array('Q', [1, 2, 3])
  • codecs error handler names, like 'namereplace' in:

    from codecs import encode
    encode('å', 'ascii', 'namereplace')  #  b'\\N{LATIN SMALL LETTER A WITH RING ABOVE}'

    The arguments of following functions/classes are inspected: codecs.encode, codecs.decode, codecs.open, codecs.EncodedFile, codecs.iterencode, codecs.iterdecode, codecs.IncrementalEncoder, codecs.IncrementalDecoder, codecs.StreamWriter, codecs.StreamReader, codecs.StreamReaderWriter, codecs.StreamRecorder
  • codecs encodings, like 'koi8_t' in:

    import codecs
    codecs.getdecoder(encoding='koi8_t')

    The arguments of the following functions/classes are inspected: codecs.encode, codecs.decode, codecs.lookup, codecs.getencoder, codecs.getdecoder, codecs.getincrementalencoder, codecs.getincrementaldecoder, codecs.getreader, codecs.getwriter, codecs.open, codecs.EncodedFile, codecs.iterencode, codecs.iterdecode

Version 0.5.0

• 59 new rules:
  • 3 modules
  • 55 classes/functions/constants
  • 1 kwargs
• Detection of coroutines (async and await)
• Upgraded urllib3 to version 1.24.2 due to security vulnerability
• PyPi: Changed development status from beta to production/stable

Version 0.4.11

Due to a security vulnerability in PyYAML <=3.13, it has been updated to 4.2b1.

Version 0.4.10

Vermin now also takes .pyw files into account, thanks to @gousaiyang 👍