pypi semgrep 1.122.0
Release v1.122.0
on Python PyPI

latest releases: 1.135.0, 1.134.0, 1.133.0...
3 months ago

1.122.0 - 2025-05-14

Added

  • Adds support for the UV package manager in Supply Chain scans. (SC-1900)

Fixed

  • pro: Fixed inter-file naming bug affecting Go's struct-methods that could result
    in false negatives.

    Previously, adding a pattern-inside like 

    func ($THING $TYPE) $FUNC(...) $R { ... }

    to a taint rule could cause some findings to incorrectly stop being reported. (code-7767)

  • PRO: Fixed the issue with type matching when a type has a type parameter, e.g., matching the pattern std::vector<$T> with the code std::vector<int> v in C++. (code-8443)

  • Make Nuget dependency child parsing case insensitive (sc-2355)

  • Fixed bug where direct dev depenencies were not marked as direct when parsing package-lock.json projects. (sc-dev)

Check out latest releases or
releases around semgrep 1.122.0

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications