pypi semgrep 1.164.0
Release v1.164.0
on Python PyPI

8 hours ago

1.164.0 - 2026-05-26

### Added

  • Dart: typed metavariables ($X as T) and metavariable-type,
    metavariable binding inside string interpolations, and function-definition
    patterns that match Dart function definitions. (gh-11678)

### Changed

  • The default memory limit for Pro interfile scans on Linux now adapts to the container's cgroup memory limit (90% of it) instead of the previous fixed 5 GiB, with an 8 GiB fallback when no cgroup limit is detected. (ENGINE-2568)
  • Lower the glibc contraint from >=2.35 to >=2.34, allowing users on distros
    that ship glibc 2.34 (e.g RHEL 9 & AL2023) to install the semgrep wheel. (gh-11622)

### Fixed

  • Baseline diff scans (semgrep ci and --baseline-commit) no longer treat every finding on a file as newly introduced when rule(s) failed during the baseline run.

    Per-rule failures (for example a timeout for a single rule) on baseline analysis now hide only that rule's matches on that file from the "new vs baseline" comparison.
    Other rules on the same file are still taken in comparison for the "new vs baseline" comparison.

    Per-file, rule-independent failures now hide all findings on that file from the "new vs baseline" comparison. (LANG-515)

  • Fixed a yarn.lock parse error on Yarn Berry entries written
    in YAML explicit-key form. Affected lockfiles previously failed to parse. (SC-3479)

  • The (beta) SBT resolver with --allow-local-builds now correctly identifies dependencies as part of the Maven ecosystem. (SC-3522)

  • Fix --sarif-output and --sarif causing nosemgrep-suppressed findings to be reported in CLI scan output and to block scans. Suppressed findings are now correctly excluded from terminal text output, the scan-summary count, and the CLI's exit code. (engine-1824)

  • Fixed a bug that could cause unreliable target filtering in parallel scans. (gh-6313)

  • Dart: improved parser fidelity for Dart 3 grammar features and routed
    pattern parsing for statements beginning with await, rethrow, and other
    statement keywords. Eliminates a large class of PartialParsing errors on
    real-world pub.dev packages. (gh-11678)

### Infra/Release Changes

  • pro: macOS: Fixed dynamic library lookup for semgrep-core-proprietary so the binary works when semgrep install-semgrep-pro is invoked, and semgrep is installed via Homebrew. (pro-binary-homebrew)
  • Pro: Added optional <case>.named_ast.expect golden files for tests/intrafile/maturity/ fixtures, exercised by Unit_maturity_named_asts. (LANG-287)
Check out latest releases or
releases around semgrep 1.164.0

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications