semgrep 0.82.0

Release v0.82.0

on Python PyPI

0.82.0 - 02-08-2022

Added

• Experimental baseline scanning. Run with --baseline-commit GIT_COMMIT to only
  show findings that currently exist but did not exist in GIT_COMMIT

Changed

• Performance: send all rules directly to semgrep-core instead of invoking semgrep-core
• Scans now report a breakdown of how many target paths were skipped for what reason.
  • --verbose mode will list all skipped paths along with the reason they were skipped
• Performance: send all rules directly to semgrep-core instead of invoking semgrep-core
  for each rule, reducing the overhead significantly. Other changes resulting from this:
  Sarif output now includes all rules run. Error messages use full path of rules.
  Progress bar reports by file instead of by rule
• Required minimum version of python to run semgrep now 3.7 instead of EOL 3.6
• Bloom filter optimization now considers import module file names, thus
  speeding up matching of patterns like import { $X } from 'foo'
• Indentation is now removed from matches to conserve horizontal space

Fixed

• Typescript: Patterns E as T will be matched correctly. E.g. previously
  a pattern like v as $T would match v but not v as any, now it
  correctly matches v as any but not v. (#4515)
• Highlighting has been restored for matching code fragments within a finding