Added
- JS/TS: Infer global constants even if the
const
qualifier is missing (#2978) - PHP: Resolve names and infer global constants in the same way as for Python
Fixed
- Empty yaml files do not crash
- Autofix does not insert newline characters for patterns from semgrep.live (#3045)
- Autofix printout is grouped with its own finding rather than the one below it (#3046)
- Do not assign constant values to assigned variables (#2805)
- A
--time
flag instead of--json-time
which shows a summary of the
timing information when invoked with normal output and adds a time field
to the json output when--json
is also present
Changed
- .git/ directories are ignored when scanning
- External Python API (
semgrep_main.invoke_semgrep
) now takes an
optionalOutputSettings
argument for controlling output OutputSettings.json_time
has moved toOutputSettings.output_time
,
this and many otherOutputSettings
arguments have been made optional
Removed
--debugging-json
flag in favor of--json
+--debug
--json-time
flag in favor of--json
+--time