1.4.1

Revert "Update dependency setuptools to v72" (#756)

Revert "Update dependency setuptools to v72 (#752)"

This reverts commit f1073926ef3c412c1d8a0c954394e7c60caa4349.

1.4.0

What's Changed

New

• Prevent multiple SARIF inputs from the same tool by @drdavella in #742
• report semgrep findings and fix findings assertions by @clavedeluna in #739
• Semgrep sql by @clavedeluna in #741
• Up security dependency by @clavedeluna in #751

Fixed

• Use import call modifier pattern for url-sandbox by @drdavella in #750

Full Changelog: 1.3.1...1.4.0

1.3.1

What's Changed

• Fixed a bug with line matching in xml transformer by @andrecsilva in #737
• Update dependency semgrep to >=1.81,<1.82 by @renovate in #740

Full Changelog: 1.3.0...1.3.1

1.3.0

What's Changed

• Enable downstream extensibility of UseDefusedXML codemod by @drdavella in #735
• All places when a Change() is created should report findings by @clavedeluna in #734
• Added line only matching option to XMLTransformer by @andrecsilva in #733
• Enable customizable call modifier logic by @drdavella in #736

Full Changelog: 1.2.0...1.3.0

1.2.0

What's Changed

• Update dependency setuptools to v71 by @renovate in #718
• Update dependency semgrep to >=1.80,<1.81 by @renovate in #720
• Update pre-commit hooks by @github-actions in #721
• Update openai requirement from <1.36,>=1.35 to >=1.35,<1.37 by @dependabot in #727
• Update pre-commit hooks by @github-actions in #725
• Regex Transformer by @clavedeluna in #729

Full Changelog: 1.1.2...1.2.0

1.1.2

What's Changed

• tmpdir should always be type Path by @clavedeluna in #716
• allow testing api to check for min changes by @clavedeluna in #717

Full Changelog: 1.1.1...1.1.2

1.1.1

What's Changed

• do not raise ValueError if no resource by @clavedeluna in #715
• Update pre-commit hooks by @github-actions in #714

Full Changelog: 1.1.0...1.1.1

1.1.0

What's Changed

• semgrep django set secure cookie codemod by @clavedeluna in #709
• Semgrep harden pyyaml by @clavedeluna in #710
• New RSA key size transformer and semgrep codemod by @clavedeluna in #711
• Handle detection of SARIFs that have UTF-8 BOMs by @drdavella in #713

Full Changelog: 1.0.0...1.1.0

1.0.0

What's Changed

This release introduces two backwards-incompatible changes:

• Core "pixee" codemods can no longer be requested by name alone
• Some Sonar codemods no longer encode the Sonar rule ID in the codemod name

The codemod API has been mature for quite some time and It seemed as good a time as any to officially bump to v1.0.0 🎉

New

• first semgrep sarif codemod for jinja autoescape by @clavedeluna in #687
• Deprecate requesting codemods by name by @clavedeluna in #699
• Semgrep jwt decode verify by @clavedeluna in #696
• Semgrep defused xml codemod by @clavedeluna in #705
• remove -ID from sonar codemod n by @clavedeluna in #704
• Semgrep subprocess shell False codemod by @clavedeluna in #706

Full Changelog: 0.106.4...1.0.0

0.106.4

What's Changed

• Update diff line number change calculation by @clavedeluna in #670

Full Changelog: 0.106.3...0.106.4