Added
- Added new metavariable-pattern operator (available only via --optimizations), thanks to Kai Zhong for the feature request (#3257).
Fixed
- Scala: parse correctly symbol literals and interpolated strings containing double dollars (#3271)
- Dataflow: Analyze foreach body even if we do not handle the pattern yet (#3155)
- Python: support ellipsis in try-except (#3233)
- Fall back to no optimizations when using unsupported features: pattern-where-python, taint rules, and
--debugging-json
(#3265) - Handle regexp parse errors gracefully when using optimizations (#3266)
- Support equivalences when using optimizations (#3259)
- PHP: Support ellipsis in include/require and echo (#3191, #3245)
- PHP: Prefer expression patterns over statement patterns (#3191)
- C#: Support unsafe block syntax (#3283)
Changed
- Run rules in semgrep-core (rather than patterns) by default (aka optimizations all)