pypi semgrep 1.39.0
Release v1.39.0
on Python PyPI

latest releases: 1.90.0, 1.89.0, 1.88.0...
13 months ago

1.39.0 - 2023-09-07

Added

  • Matching: Qualified names written as patterns can now match valid instances of
    identifiers which lie underneath a wildcard import. For instance, in Python,
    we could write the pattern A.B.C.x, and match the usage in the program 
    from A.B import *

foo(C.x)
``` (pa-1006)
  • Ruby: Replaced old Ruby parser with the latest tree-sitter ruby parser,
    meaning that there could be small edge cases of differences in how
    Semgrep matches Ruby programs. (pa-3017)

Fixed

  • Request retry logic now includes 504's (gh-8629)

  • The error message for skipped rules due to incompatible min-version or
    max-version constraints now makes sense. (gh-8634)

  • When metavariable-type cannot be evaluated then it defauls to "false", that is,
    it filters out the range. Therefore e.g. this rule: 

        patterns:
      - pattern: private int $X;
      - metavariable-type:
          metavariable: $Y
          type: int

    now will produce no matches because $Y is not bound to anything. (pa-3027)

  • Julia: using and import now match separately, instead of before, where
    if you wrote using $X, you would also match to imports. (pa-3028)

  • Diagnostics from a full scan through Semgrep LS no longer disappear when file is opened (pa-3046)

Check out latest releases or
releases around semgrep 1.39.0

Don't miss a new semgrep release

NewReleases is sending notifications on new releases.

Get notifications