惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News: Ask HN
Hacker News: Ask HN
IT之家
IT之家
S
SegmentFault 最新的问题
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
J
Java Code Geeks
博客园 - 聂微东
雷峰网
雷峰网
阮一峰的网络日志
阮一峰的网络日志
The Cloudflare Blog
博客园_首页
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 【当耐特】
腾讯CDC
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
宝玉的分享
宝玉的分享
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
NISL@THU
NISL@THU
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
L
LINUX DO - 热门话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
F
Fortinet All Blogs
博客园 - Franky
L
Lohrmann on Cybersecurity
S
Secure Thoughts
量子位
V
Vulnerabilities – Threatpost
Last Week in AI
Last Week in AI
博客园 - 叶小钗
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
I
InfoQ
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog

Blog - Astral

Vulnerability and malware checks in uv Open source security at Astral Astral to join OpenAI Ruff v0.15.0 ty: An extremely fast Python type checker and language server Python 3.14 Ruff v0.13.0 Astral OSS Fund: One Year Later pyx: a Python-native package registry, now in Beta An experimental, variant-enabled build of uv uv security advisory: ZIP payload obfuscation Ruff v0.12.0 Ruff v0.10.0 Ruff v0.9.0 A new home for python-build-standalone Ruff v0.8.0 Ruff v0.7.0 uv: Unified Python packaging Ruff v0.6.0 Announcing the Astral OSS Fund Ruff v0.5.0 Ruff v0.4.5: Ruff's language server is now written in Rust Ruff v0.4.0: a hand-written recursive descent parser for Python Ruff v0.3.0 uv: Python packaging in Rust Ruff v0.2.0 Ruff v0.1.8 Ruff v0.1.5 The Ruff Formatter: An extremely fast, Black-compatible Python formatter Ruff v0.1.0 Ruff v0.0.285 Ruff v0.0.283 Ruff v0.0.281 Ruff v0.0.278 Ruff v0.0.276 Announcing Astral, the company behind Ruff
Ruff v0.0.292
zanie@astral · 2023-10-05 · via Blog - Astral

Ruff v.0.0.292 is out now with full support for Python 3.12. Install it from PyPI, or your package manager of choice:

pip install --upgrade ruff

As a reminder: Ruff is an extremely fast Python linter, written in Rust. Ruff can be used to replace Flake8 (plus dozens of plugins), isort, pydocstyle, pyupgrade, and more, all while executing tens or hundreds of times faster than any individual tool.

View the full changelog on GitHub, or read on for the highlights.

Support for PEP 701 #

Python 3.12 was released on October 2nd. We've been preparing for this release for quite some time; for example, we previously announced support for PEP 695 which added new syntax for type declarations. In this release, we're excited to announce support for PEP 701 which provides a formalized grammar for f-strings.

The new grammar lifts many of the restrictions previously imposed on f-strings, as showcased in the following examples, all of which were invalid in earlier versions of Python.

Reuse of enclosing quotes:

f"text { data["key"] } text"

Arbitrary nesting of f-strings:

Note: CPython limits the depth of nested f-strings to 150, and the depth of expression nesting in f-string format specifiers to 2.

# This is fine...
f"{x:{1:{1}}}"

# ...but this isn't.
f"{x:{1:{1:{1}}}}"
# SyntaxError: f-string: expressions nested too deeply

None of the above restrictions are enforced by Ruff.

Multi-line expressions and comments:

f"Some random words {", ".join(
    "alpha"  # first word
    "beta"   # second word
)}"

Backslashes and unicode characters:

f"Some random words: {"\\n".join(words)}"
f"Alpha: \\N{GREEK SMALL LETTER ALPHA}"

For more information, refer to PEP 701 and the 3.12 release notes. You can play around with the above examples on the Ruff Playground.

PEP 701 rule changes #

Support for PEP 701 required updating some of Ruff's existing lint rules.

The following rules were updated to detect violations within f-string expressions:

For example, given the following snippet:

f"outer f-string contains placeholder -> {f"inner one doesn't"}"

Ruff will now detect an F541 violation (f-string without any placeholders) on the inner f-string:

$ ruff check --select=F541 --show-source example.py
example.py:1:43: F541 [*] f-string without any placeholders
  |
1 | f"outer f-string contains placeholder -> {f"inner one doesn't"}"
  |                                           ^^^^^^^^^^^^^^^^^^^^ F541
  |
  = help: Remove extraneous `f` prefix

Found 1 error.
[*] 1 potentially fixable with the --fix option.

The flake8-quotes rules are unique in the sense that the diagnostics for nested f-strings should only be reported and fixed if the target-version is 3.12 or later. Currently, only the avoidable-escaped-quote (Q003) rule has been updated to support this while bad-quotes-inline-string (Q000) and bad-quotes-multiline-string (Q001) will only report for the outermost quotes. This will be updated in a coming release.

PEP 701 support was contributed by @dhruvmanila.

Rule change: line-too-long (E501) #

The line-too-long (E501) rule now ignores trailing pragma comments (like # type: ignore and # noqa) when computing line length. This is similar to flake8-bugbear's methodology for detecting overlong lines, and ensures that adding pragmas like # noqa does not introduce further lint errors.

See #7692 for more details.

New rule: print-empty-string (FURB105) #

What does it do? #

Checks for print calls with an empty string as the only positional argument.

Why does it matter? #

Prefer calling print without any positional arguments, which is equivalent and more concise.

For example, in the following snippet an empty string is passed to print:

The "" can be omitted with the same effect:

Derived from refurb.

Contributed by @tjkuson.

New rule: implicit-cwd (FURB177) #

What does it do? #

Checks for current-directory lookups using Path().resolve().

Why does it matter? #

When looking up the current directory, prefer Path.cwd() over Path().resolve(), as Path.cwd() is more explicit in its intent.

For example, in the following snippet an empty path is resolved:

Instead, you should use use the explicit working directory method:

Derived from refurb.

Contributed by @danparizher.

New rule: weak-cryptographic-key (S505) #

What does it do? #

Checks for uses of cryptographic keys with vulnerable key sizes.

Why does it matter? #

Small keys are easily breakable. For DSA and RSA, keys should be at least 2048 bits long. For EC, keys should be at least 224 bits long.

For example, in the following snippet the key size is only 512:

from cryptography.hazmat.primitives.asymmetric import dsa, ec

dsa.generate_private_key(key_size=512)
ec.generate_private_key(curve=ec.SECT163K1)

Instead, a larger key size such as 4096 should be used:

from cryptography.hazmat.primitives.asymmetric import dsa, ec

dsa.generate_private_key(key_size=4096)
ec.generate_private_key(curve=ec.SECP384R1)

Derived from flake8-bandit.

Contributed by @mkniewallner.