Added
- Keep track of and report rule parse time in addition to file parse time
- v0 of opt-in anonymous aggregate metrics
Fixed
- JS/TS: allow the deep expression operator <... ...> in expression
statement position, for example:
$ARG = [$V];
...
<... $O[$ARG] ...>; // this works now
- PHP arrays with dots inside parse
- Propagate constants in nested lvalues such as
yinx[y] - C# experimental support
Changed
- Show log messages from semgrep-core when running semgrep with
--debug. - By default, targets larger than 1 MB are now excluded from semgrep
scans. New option--max-target-bytes 0restores the old behavior. - Report relative path instead of absolute when using
--time