0.97.0 - 2022-06-08
Added
- Dataflow: XML elements (e.g. JSX elements) have now a basic translation to the
Dataflow IL, meaning that dataflow analysis (constant propagation, taint tracking)
can now operate inside these elements (#5115) - Java: you can now use a metavariable in a package directive (#5420),
for example,package $X, which is useful to bind the package
name and use it in the error message.
Fixed
- The output of
semgrep cishould be clear it is exiting with error code 0
when there are findings but none of them being blockers - Java: support for Sealed classes and Text Blocks via tree-sitter-java
(#3787, #4644) - The JUnit XML output should serialize the failure messages as a single
string instead of a python list of strings. - Typescript: update to latest tree-sitter-typescript, with support
for 'abstract' modifier in more places - Scala: stop parsing parenthesized expressions as unary tuples
yarn.lockfiles with no depenencies, and with dependencies that lack URLs, now parse- Scala: fixed bug where typed patterns inside classes caused an exception during name resolution
- metavariable-regex: patterns are now unanchored as specified by the
documentation (#4807) - When a logged in CI scan encounters a Git failure,
we now print a helpful error message instead of a traceback.