Textattack

Big Improvements
- Add tons of (over 70!) pre-trained models (192, see [Model Zoo page!](https://github.com/QData/TextAttack/tree/master/textattack/models))
- Data augmentation integrated into training! (195, thanks jakegrigsby)
- Allow for maximization goal functions (151, thanks uvafan )

New Attacks
- Add the Improved Genetic Algorithm (183, thanks sherlockyyc!)
- Add BAE and BERT-Attack attack recipes (160)
- Add PWWS attack (168, thanks jakegrigsby)
- Add typo-based attack from Pruthi et al. (191, thanks jakegrigsby )
- Easy Data Augmentation augmentation recipe (168, thanks jakegrigsby)
- Add input reduction attack from Feng et al. (161, thanks uvafan)

Smaller Improvements
- more accurate attack recipes for BAE and TextFooler (199)
- important fixes to model training code (186, thanks so much jind11!!)
- abstract classes, better string representations when printing attacks to console (202)
- genetic algorithm improvements (160, thanks jinyongyoo )
- fixes to parallel attacks (164, thanks jinyongyoo )
- datasets to test out T5 on seq2seq attacks (176)

Bug Fixes
- correctly print attack perturbed words in color, even when words are deleted & inserted (200)
- fix `print_step` bug with `alzantot` recipe (195, thanks heytitle for reporting!)
- fix some annoying issues with dependency versioning

> **Backwards compatibility note:** `python -m textattack <args>` is renamed to `python -m textattack attack <args>`. Or, better yet, `textattack attack <args>`!
Big improvements
- add `textattack` command (132)
- add `textattack augment`, `textattack eval`, `textattack attack`, `textattack list` (132)
- add `textattack train`, `textattack peek-dataset`, and lots of infrastructure for training models (139)
- Move all datasets to [`nlp`](https://github.com/huggingface/nlp/) format; temporarily remove non-NLP datasets (AGNews, English->German translation) (#134)

Smaller improvements
- Better output formatted -- show labels ("Positive", "Entailment") and confidence score (91%) in output (142)
- add `MaxLengthModification` constraint that prevents modifications beyond tokenizer max_length (143)
- Add `pytest` tests and code formatting with `black`; run tests on Python 3.6, 3.7, 3.8 with Travis CI (127, 136)
- Update NLTK part-of-speech constraint and support part-of-speech tagging with FLAIR instead (135)
- add `BERTScore` constrained based on ["BERTScore: Evaluating Text Generation with BERT" (Zhang et al, 2019)](https://arxiv.org/abs/1904.09675) (#146)
- make logging to file optional (145)
- Updates to `Checkpoint` class; track attack results in a worklist; attack resume fixes (128, 141)
- Silence Weights & Biases warning message when not being used (130)
- Optionally point all cache directories to a universal cache directory, `TA_CACHE_DIR` (150)

Bug fixes
- Fix a bug that can be encountered when resuming attacks from checkpoints (149)
- Fix a bug in Greedy word-importance-ranking deletion (152)
- Documentation updates and fixes (153)

big changes:
- load [`transformers`](https://github.com/huggingface/transformers/) models from the command-line using the `--model-from-huggingface` option
- load [`nlp`](https://github.com/huggingface/nlp) datasets from the command-line using the `--dataset-from-nlp` option
- command-line support for custom attacks, models, and datasets: `--attack-from-file`, `--model-from-file`, `--dataset-from-file`
- implement attack recipe for [TextBugger](https://arxiv.org/abs/1812.05271) attack
- add WordDeletion transformation

small changes:
- support white-box transformations via the command-line
- allow Greedy-WIR to rank things in order of ascending importance
- use fast tokenizers behind the scenes
- fix some bugs with the attack `Checkpoint` class
- some abbreviated syntax (`textattack.shared.utils.get_logger() -> textattack.shared.logger`, `textattack.shared.utils.get_device() -> textattack.shared.utils.device`)
- substantially decrease overall `TokenizedText` memory usage

- Major documentation restructure ([check it out](https://textattack.readthedocs.io/en/latest/))
- Some refactoring and variable renames to make it easier to jump right in and start working with TextAttack
- Introduction of `PreTransformationConstraints`: constraints now can be applied _before_ the transformation to prevent word modifications at certain indices. This abstraction allowed us to remove the notion of `modified_indices` from search methods, which paves the way for us to introduce attacks that insert or delete words and phrases, as opposed to simply swapping words.
- Separation of `Attack` and `SearchMethod`: search methods are now a parameter to the attack instead of different subclasses of `Attack`. This syntax fits better with our framework and enforces a clearer sense of separation between the responsibilities of the attack and those of the search method.
- Transformation and constraint compatibility: Constraints now ensure they're compatible with a specific transformation via a `check_compatibility` method
- Goal function scores are now normalized between 0 and 1: `UntargetedClassification` and `NonOverlappingOutput` now return scores between 0 and 1.
- Attack Checkpoints: Attacks can now save and resume their progress. This is really useful for running long, expensive attacks. `python-m textattack` supports new checkpoint-related arguments: `--checkpoint-interval` and `--checkpoint-dir`
- Weights & Biases: Log attack results to [Weights & Biases](https://www.wandb.com/) by adding the `--enable-wandb` flag