pypi semgrep 1.16.0
Release v1.16.0

latest releases: 1.96.0, 1.95.0, 1.94.0...
19 months ago

1.16.0 - 2023-03-30

Added

  • Kotlin: Added support for typed metavariables. You can write a pattern like:
    ($X : String)
    to find all instances of expressions with type String. (pa-2648)
  • Scala: Semgrep can now parse programs that contain quoted expressions, context
    parameter clauses using using, and soft modifiers like inline and open. (pa-2672)
  • Scala: Can now parse programs containing matches on types, such as:
    type t = K match {
    case Int => String
    } (pa-2673)
  • Parsing rules can take multiple seconds at the start of a scan.
    When running in an interactive terminal with more than 500 rules,
    Semgrep will show a progress bar for this step. (rule-progress)

Changed

  • Supply Chain scans will now understand maven_dep_tree.txt files
    that are made of multiple smaller maven_dep_tree.txt files concatenated with cat. (maven-dep-forest)
  • Findings of a scan are now printed with section headers per group for the following categories:
    Code Blocking, Code Non-blocking, Supply Chain Reachable, Supply Chain Unreachable findings. (results-headings)
  • Switched to using go.mod files to read go dependencies for Semgrep Supply Chain, instead of go.sum files (sc-gomod)

Fixed

  • Clojure: parse 'foo/bar' as two separate tokens, so one can use
    metavariable in it and get '$X/bar' to match 'foo/bar' (gh-7311)
  • HTML/XML: support attribute as pattern (e.g., foo="true") (gh-7344)
  • Improved significantly the time to parse big rulesets such as p/default
    from 20s to a few seconds by parsing patterns lazily and by
    not using /tmp to parse those patterns. (pa-2597)
  • Pipfiles with a line comment or inline comment will now parse correctly. (sc-664)

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.