search

GSSTRhythmGame2021 / DataAcquisition

0 stars 2 forks source link

Bump semgrep from 0.76.2 to 0.112.1 #123

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps semgrep from 0.76.2 to 0.112.1.

Release notes

Sourced from semgrep's releases.

Release v0.112.1

0.112.1 - 2022-09-08

Fixed

  • Fixed a regression introduced with the previous release, involving a bug with pattern-inside. (gh-6059)

Release v0.112.0

0.112.0 - 2022-09-07

Added

  • JS/TS: Allow standalone switch cases as patterns (e.g. case 5: ...) (pa-1788)
  • Symbolic propagation: Added propagation of all variables which are assigned to a single time. This will affect global variables and class attributes, in particular. (pa-1821)

Changed

  • Use new semgrep-app endpoint that combines the two POST requests to upload findings and ignored findings into one POST request. (app-1446)

Fixed

  • Update git url parser to support optional "org" after hostname. Example: https://some.enterprise.scm/myorg/owner/repo. (app-2202)
  • Fix an incorrect autofix application when the fix includes Python f strings (gh-2995)
  • Fix matching and autofix with bare tuples in Python array accesses (e.g. x[1, 2]) (gh-3387)
  • Ruby: A pattern of the form /.../ can now match any regexp, including regexp templates such as /hello #{name}/. (gh-5147)
  • Fix parsing of Java constructors with privacy modifiers as patterns, e.g. the pattern public Foo() { } (gh-5558)
  • Java: correctly parse class literal patterns (gh-6002)
  • Solidity: correctly parse try statements (gh-6031)
  • Python: Now support match statements (pa-1739)
  • Fixed bug in constant propagation that caused incorrect constants to be inferred in the presence of subtraction. (pa-1846)

Release v0.111.1

0.111.1 - 2022-08-23

Changed

  • Previously, the following error message appears when metrics are not uploaded within the set timeout timeframe:

    Error in send: HTTPSConnectionPool(host='metrics.semgrep.dev', port=443): Read timed out. (read timeout=3)

... (truncated)

Changelog

Sourced from semgrep's changelog.

0.112.1 - 2022-09-08

Fixed

  • Fixed a regression introduced with the previous release, involving a bug with pattern-inside. (gh-6059)

0.112.0 - 2022-09-07

Added

  • JS/TS: Allow standalone switch cases as patterns (e.g. case 5: ...) (pa-1788)
  • Symbolic propagation: Added propagation of all variables which are assigned to a single time. This will affect global variables and class attributes, in particular. (pa-1821)

Changed

  • Use new semgrep-app endpoint that combines the two POST requests to upload findings and ignored findings into one POST request. (app-1446)

Fixed

  • Update git url parser to support optional "org" after hostname. Example: https://some.enterprise.scm/myorg/owner/repo. (app-2202)
  • Fix an incorrect autofix application when the fix includes Python f strings (gh-2995)
  • Fix matching and autofix with bare tuples in Python array accesses (e.g. x[1, 2]) (gh-3387)
  • Ruby: A pattern of the form /.../ can now match any regexp, including regexp templates such as /hello #{name}/. (gh-5147)
  • Fix parsing of Java constructors with privacy modifiers as patterns, e.g. the pattern public Foo() { } (gh-5558)
  • Java: correctly parse class literal patterns (gh-6002)
  • Solidity: correctly parse try statements (gh-6031)
  • Python: Now support match statements (pa-1739)
  • Fixed bug in constant propagation that caused incorrect constants to be inferred in the presence of subtraction. (pa-1846)

0.111.1 - 2022-08-23

Changed

  • Previously, the following error message appears when metrics are not uploaded within the set timeout timeframe:

    Error in send: HTTPSConnectionPool(host='metrics.semgrep.dev', port=443): Read timed out. (read timeout=3)

    As this causes users confusion when running the CLI, the log level of the message is reduced to appear for development and debugging purposes only. Note that metrics are still successfully uploaded, but the success status is not sent in time for the curent timeout set. (app-1398)

Fixed

  • taint-mode: Fixed the translation from Generic to IL for expressions like "some string".concat(x). Previously, when x was tainted, the concat expression was not recognized as tainted and this caused false negatives. (pa-1787)

0.111.0 - 2022-08-22

Added

... (truncated)

Commits
  • 6de8a76 chore: Bump version to 0.112.1
  • 3a6c03c fix!: fix regression related to inside patterns (#6061)
  • c9be5d3 Merge pull request #6057 from returntocorp/release-0.112.0
  • 6eec609 chore: Bump version to 0.112.0
  • 7f42547 Use latest pfff with new let* in Common.ml (#6054)
  • 8a6b86f Remove unnecessary dependency on the semgrep_core library, for now (#6039)
  • b83e7a3 Allow backend sending rules as json instead of yaml string (#6038)
  • 0d13bf2 Only import jsonnet when necessary (#6048)
  • a726acf refactoring: cleanup Parse_rule.ml (#6047)
  • d191308 use the semgrep ci bot instead of PAT for E2E checks (#6032)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)