Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update semgrep requirement from <1.66,>=1.50 to >=1.50,<1.67 #398

Merged
merged 1 commit into from
Mar 20, 2024
Merged

Update semgrep requirement from <1.66,>=1.50 to >=1.50,<1.67 #398

merged 1 commit into from
Mar 20, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 20, 2024

Updates the requirements on semgrep to permit the latest version.

Release notes

Sourced from semgrep's releases.

Release v1.66.0

1.66.0 - 2024-03-19

Added

  • Added information about interfile pre-processing to --max-memory help. (gh-9932)
  • We've implemented basic support for the yield keyword in Python. The Pro engine now detects taint findings from taint sources returned by the yield keyword. (saf-281)

Changed

  • osemgrep --remote will no longer clone into a tmp folder, but instead the CWD (cdx-remote)

  • [IMPORTANT] Inter-file differential scanning is now enabled for all Pro users.

    Inter-file differential scanning is now enabled for all Pro users. While it may take longer than intra-file differential scanning, which is the current default for pro users, it offers deeper analysis of dataflow paths compared to intra-file differential scanning. Additionally, it is significantly faster than non-differential inter-file scanning, with scan times reduced to approximately 1/10 of the non-differential inter-file scan. Users who enable the pro engine and engage in differential PR scans on GitHub or GitLab may experience the impact of this update. If needed, users can revert to the previous intra-file differential scan behavior by configuring the --no-interfile-diff-scan command-line option. (saf-268)

Fixed

  • The official semgrep docker image does not contain anymore the bash, jq, and curl utilities, to reduce its attack surface. (saf-861)
Changelog

Sourced from semgrep's changelog.

1.66.0 - 2024-03-19

Added

  • Added information about interfile pre-processing to --max-memory help. (gh-9932)
  • We've implemented basic support for the yield keyword in Python. The Pro engine now detects taint findings from taint sources returned by the yield keyword. (saf-281)

Changed

  • osemgrep --remote will no longer clone into a tmp folder, but instead the CWD (cdx-remote)

  • [IMPORTANT] Inter-file differential scanning is now enabled for all Pro users.

    Inter-file differential scanning is now enabled for all Pro users. While it may take longer than intra-file differential scanning, which is the current default for pro users, it offers deeper analysis of dataflow paths compared to intra-file differential scanning. Additionally, it is significantly faster than non-differential inter-file scanning, with scan times reduced to approximately 1/10 of the non-differential inter-file scan. Users who enable the pro engine and engage in differential PR scans on GitHub or GitLab may experience the impact of this update. If needed, users can revert to the previous intra-file differential scan behavior by configuring the --no-interfile-diff-scan command-line option. (saf-268)

Fixed

  • The official semgrep docker image does not contain anymore the bash, jq, and curl utilities, to reduce its attack surface. (saf-861)

1.65.0 - 2024-03-11

Changed

  • Removed the extract-mode rules experimental feature. (extract_mode)

1.64.0 - 2024-03-07

Changed

... (truncated)

Commits
  • b1e7f16 chore: Bump version to 1.66.0
  • 8be675e Centralize slack failure notifications in semgrep.libsonnet (#9965)
  • a55c5fa Cron - update semgrep-rules (#9953)
  • 1b27f94 fix: Cleanup unused functionality in remote code (#9942)
  • c7d2925 fix(secrets): validator rules should only respect validation state actions (#...
  • ae53115 Migrate parsing stats cron from circleCI to GHA (#9958)
  • a6d65b1 cleanup: extract Eval_il_partial.ml out of Dataflow_svalue (#9957)
  • 09fd037 cleanup: extract new Eval_generic_partial.ml from Constant_prop (#9956)
  • ad2cf47 Enable inter-file diff scan for all users (#9869)
  • 798678e reduce number of docker tags pushed in tests.jsonnet (#9954)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Update semgrep requirement from <1.66,>=1.50 to >=1.50,<1.67
9ee4c1f 
Updates the requirements on [semgrep](https://github.com/returntocorp/semgrep) to permit the latest version.
- [Release notes](https://github.com/returntocorp/semgrep/releases)
- [Changelog](https://github.com/semgrep/semgrep/blob/develop/CHANGELOG.md)
- [Commits](semgrep/semgrep@v1.50.0...v1.66.0)

---
updated-dependencies:
- dependency-name: semgrep
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from drdavella as a code owner March 20, 2024 06:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 20, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Mar 20, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@drdavella drdavella added this pull request to the merge queue Mar 20, 2024
Merged via the queue into main with commit ac186a3 Mar 20, 2024
13 checks passed
@drdavella drdavella deleted the dependabot/pip/semgrep-gte-1.50-and-lt-1.67 branch March 20, 2024 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drdavella drdavella drdavella approved these changes

@andrecsilva andrecsilva Awaiting requested review from andrecsilva andrecsilva is a code owner

@clavedeluna clavedeluna Awaiting requested review from clavedeluna clavedeluna is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@drdavella