semgrep 0.62.0

Release v0.62.0

on Python PyPI

Added

• OCaml: support module aliasing, so looking for List.map will also
  find code that renamed List as L via module L = List.
• Add help text to sarif formatter output if defined in metadata field.
• Update shortDescription in sarif formatter output if defined in metadata field.
• Add tags as defined in metadata field in addition to the existing tags.

Fixed

• core: Fix parsing of numeric literals in rule files
• Java: fix the range and autofix of Cast expressions (#3669)
• Generic mode scanner no longer tries to open submodule folders as files (#3701)
• pattern-regex with completely empty files (#3705)
• --sarif exit code with suppressed findings (#3680)
• Fixed fatal errors when a pattern results in a large number of matches
• Better error message when rule contains empty pattern

Changed

• Add backtrace to fatal errors reported by semgrep-core
• Report errors during rule evaluation to the user
• When anded with other patterns, pattern: $X will not be evaluated on its own, but will look at the context and find $X within the metavariables bound, which should be significantly faster