Added
- Parsing JSX (JavaScript React) files is now supported as a beta feature!
In this release, you need to target .jsx files one by one explicitly to have them be scanned.
We're planning to scan all .jsx files in targeted directories in our next release - We now bundle a json-schema spec for rules YAML syntax.
Changed
- Our custom-made rules YAML validator has been replaced with a jsonschema standard one.
This results in more reliable and comprehensive error messages
to help you get back on track when bumping into validation issues. - Calling
semgrep --validatenow includes more information,
such as the number of rules validation ran on.
Fixed
- Fixed a bug where multiple assignment,
also known as tuple unpacking assignment in Python,
such asa, b = foo,
could be misinterpreted by semgrep. - Fixed a bug that would cause a crash when trying to get debug steps output as JSON.
.mlyand.mllfiles are no longer targeted implicitly by OCaml scans.- Fixed the
--skip-unknown-extensionsflag skipping files even with recognized extensions. - Fixed JavaScript conditionals without braces,
such asif (true) return;,
not being matched by patterns such asif (true) { return; }.