semgrep 0.109.0

Release v0.109.0

on Python PyPI

0.109.0 - 2022-08-11

Changed

• semgrep ci now defaults to fail open and will always exit with exit code 0, which is equivalent to passing --suppress-errors.
  To disable this behavior, you can pass --no-suppress-errors and semgrep will behave as it did previously, surfacing any exit codes that may result. (app-1951)

Fixed

• taint-mode: Taint traces (--dataflow-traces) should no longer report "strange"
  intermediate variables when there are record accesses involved. This happened e.g.
  if foo was a tainted record and the code accessed some of its fields as in
  foo.bar.baz. This was related to the use of auxiliary variables in the Dataflow IL.
  These variables got tainted, but they had real tokens attached corresponding to the
  dot . operator. Now we do not include these variables in the taint trace. (pa-1672)

Infra/Release Changes

• GHA runner-image macos-10.15 is deprecated and will be unsupported by 30AUG2022. We've tested and can upgrade to macos-12 to avoid issues with brownouts or end of support. (devop-586)