pypi semgrep 0.89.0
Release v0.89.0

latest releases: 1.96.0, 1.95.0, 1.94.0...
2 years ago

Added

  • Bash/Dockerfile: Add support for named ellipses such as in
    echo $...ARGS (#4887)
  • Constant propagation for static constants in php (#5022)

Changed

  • When running a baseline scan on a shallow-cloned git repository,
    Semgrep still needs enough git history available
    to reach the branch-off point between the baseline and current branch.
    Previously, Semgrep would try to gradually fetch more and more commits
    up to a thousand commits of history,
    before giving up and just fetching all commits from the remote git server.
    Now, Semgrep will keep trying smaller batches until up to a million commits.
    This change should reduce runtimes on large baseline scans on very large repositories.
  • Semgrep-core now logs the rule and file affected by a memory warning.
  • Improved error messages from semgrep-core (#5013)
  • Small changes to text output (#5008)
  • Various exit codes changed so that exit code 1 is only for blocking findings (#5039)
  • Subcommand is sent as part of user agent (#5051)

Fixed

  • Lockfiles scanning now respects .semgrepignore
  • Workaround for git safe.directory change in github action (#5044)
  • When a baseline scan diff showed that a path changed a symlink a proper file,
    Semgrep used incorrectly skip that path. This is now fixed.
  • Dockerfile support: handle image aliases correctly (#4881)
  • TS: Fixed matching of parameters with type annotations. E.g., it is now possible
    to match ({ params }: Request) => { } with ({$VAR} : $REQ) => {...}. (#5004)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.