Added
- Bash/Dockerfile: Add support for named ellipses such as in
echo $...ARGS(#4887) - Constant propagation for static constants in php (#5022)
Changed
- When running a baseline scan on a shallow-cloned git repository,
Semgrep still needs enough git history available
to reach the branch-off point between the baseline and current branch.
Previously, Semgrep would try to gradually fetch more and more commits
up to a thousand commits of history,
before giving up and just fetching all commits from the remote git server.
Now, Semgrep will keep trying smaller batches until up to a million commits.
This change should reduce runtimes on large baseline scans on very large repositories. - Semgrep-core now logs the rule and file affected by a memory warning.
- Improved error messages from semgrep-core (#5013)
- Small changes to text output (#5008)
- Various exit codes changed so that exit code 1 is only for blocking findings (#5039)
- Subcommand is sent as part of user agent (#5051)
Fixed
- Lockfiles scanning now respects .semgrepignore
- Workaround for git safe.directory change in github action (#5044)
- When a baseline scan diff showed that a path changed a symlink a proper file,
Semgrep used incorrectly skip that path. This is now fixed. - Dockerfile support: handle image aliases correctly (#4881)
- TS: Fixed matching of parameters with type annotations. E.g., it is now possible
to match({ params }: Request) => { }with({$VAR} : $REQ) => {...}. (#5004)