search

pixee / codemodder-python

Python implementation of the Codemodder framework
GNU Affero General Public License v3.0
38 stars 10 forks source link

Update semgrep requirement from <1.94,>=1.93 to >=1.93,<1.96 #904

Closed dependabot[bot] closed 4 weeks ago

dependabot[bot] commented 4 weeks ago

Updates the requirements on semgrep to permit the latest version.

Release notes

Sourced from semgrep's releases.

Release v1.95.0

1.95.0 - 2024-10-31

Changed

  • Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

  • osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
  • Fixed bug where semgrep would crash if --trace was passed (saf-tracing)
Changelog

Sourced from semgrep's changelog.

1.95.0 - 2024-10-31

Changed

  • Remove deprecated --enable-experimental-requirements flag. Functionality has been always enabled since Semgrep 1.93.0. (ssc-1903)

Fixed

  • osemgrep: Running osemgrep with the Pro Engine now correctly runs rules with proprietary languages (saf-1686)
  • Fixed bug where semgrep would crash if --trace was passed (saf-tracing)

1.94.0 - 2024-10-30

Fixed

  • pro: taint-mode: Semgrep should no longer confuse a return in a lambda with a return in its enclosing function.

    E.g. In the example below the return value of foo is NOT tainted:

    function foo() {
    bar(() => taint);
    return ok;
} (code-7657)

  • OCaml: matching will now recognized "local open" so that a pattern like Foo.bar ... will now correctly match code such as let open Foo in bar 1 or Foo.(bar 1) in addition to the classic Foo.bar 1. (local_open)

  • Project files lacking sufficient read permissions are now skipped gracefully by semgrep. (saf-1598)

  • Semgrep will now print stderr and additional debugging info when semgrep-core exits with a fatal error code but still returns a json repsonse (finishes scanning) (saf-1672)

  • semgrep ci should parse correctly git logs to compute the set of contributors even if some authors have special characters in their names. (saf-1681)

1.93.0 - 2024-10-23

Added

... (truncated)

Commits
  • 4472baa chore: release version 1.95.0
  • e09d3e3semgrep/semgrep-proprietary#2533
  • f982784 fix(sca): lowercase python packages when parsing from rule (semgrep/semgrep-p...
  • 84bd900semgrep/semgrep-proprietary#2530
  • b3cd676 chore(sca): remove --enable-experimental-requirements flag (semgrep/semgrep...
  • fadc8f1 fix(osemgrep): enable proprietary parsers in osemgrep-pro (semgrep/semgrep-pr...
  • bf1847c chore(dep-resolution): update interfaces for new manifest kinds (semgrep/semg...
  • 33f320esemgrep/semgrep-proprietary#2527
  • 459dd34semgrep/semgrep-proprietary#2524
  • d48d887semgrep/semgrep-proprietary#2523
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 4 weeks ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

dependabot[bot] commented 4 weeks ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.