0.117.0 - 2022-10-12
Added
- taint-mode: It is now possible to use
pattern-propagators
to propagate taint
through higher-order iterators such asforEach
in Java. For example:pattern-propagators: - pattern: $X.forEach(($Y) -> ...) from: $X to: $Y ``` (gh-5971)
Changed
- Change default behavior of Travis CI configurations. If a user manually sets their environment variables (i.e. SEMGREP_REPO_NAME, SEMGREP_REPO_URL, SEMGREP_BRANCH, SEMGREP_JOB_URL, SEMGREP_COMMIT, SEMGREP_PR_ID), use it before falling back on autodetection.
Fixed
- Scala: Fixed a bug where generators would not parse if newlines were present, in certain cases (pa-1902)
- Fixed bug where nested dependencies in package-lock.json files were not detected (sc-247)
- Removed Gradle as a separate supply chain ecosystem. Maven rules now work on Gradle projects (sc-256)
- Lockfiles are no longer subject to size filtering during file targetting, so very large lockfiles can now generate unreachable findings (sc-293)