pypi semgrep 0.117.0
Release v0.117.0

latest releases: 1.67.0, 1.66.2, 1.66.1...
17 months ago

0.117.0 - 2022-10-12

Added

  • taint-mode: It is now possible to use pattern-propagators to propagate taint
    through higher-order iterators such as forEach in Java. For example:
      pattern-propagators:
        - pattern: $X.forEach(($Y) -> ...)
          from: $X
          to: $Y
    ``` (gh-5971)
    
    

Fixed

  • Scala: Fixed a bug where generators would not parse if newlines were present, in certain cases (pa-1902)
  • Fixed bug where nested dependencies in package-lock.json files were not detected (sc-247)
  • Removed Gradle as a separate supply chain ecosystem. Maven rules now work on Gradle projects (sc-256)
  • Lockfiles are no longer subject to size filtering during file targetting, so very large lockfiles can now generate unreachable findings (sc-293)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.