semgrep 0.50.0

Release v0.50.0

on Python PyPI

Added

• JS/TS: Infer global constants even if the const qualifier is missing (#2978)
• PHP: Resolve names and infer global constants in the same way as for Python

Fixed

• Empty yaml files do not crash
• Autofix does not insert newline characters for patterns from semgrep.live (#3045)
• Autofix printout is grouped with its own finding rather than the one below it (#3046)
• Do not assign constant values to assigned variables (#2805)
• A --time flag instead of --json-time which shows a summary of the
  timing information when invoked with normal output and adds a time field
  to the json output when --json is also present

Changed

• .git/ directories are ignored when scanning
• External Python API (semgrep_main.invoke_semgrep) now takes an
  optional OutputSettings argument for controlling output
• OutputSettings.json_time has moved to OutputSettings.output_time,
  this and many other OutputSettings arguments have been made optional

Removed

• --debugging-json flag in favor of --json + --debug
• --json-time flag in favor of --json + --time