Releases: pixee/codemodder-python
Releases · pixee/codemodder-python
1.4.1
1.4.0
What's Changed
New
- Prevent multiple SARIF inputs from the same tool by @drdavella in #742
- report semgrep findings and fix findings assertions by @clavedeluna in #739
- Semgrep sql by @clavedeluna in #741
- Up security dependency by @clavedeluna in #751
Fixed
- Use import call modifier pattern for url-sandbox by @drdavella in #750
Full Changelog: 1.3.1...1.4.0
1.3.1
What's Changed
- Fixed a bug with line matching in xml transformer by @andrecsilva in #737
- Update dependency semgrep to >=1.81,<1.82 by @renovate in #740
Full Changelog: 1.3.0...1.3.1
1.3.0
What's Changed
- Enable downstream extensibility of UseDefusedXML codemod by @drdavella in #735
- All places when a Change() is created should report findings by @clavedeluna in #734
- Added line only matching option to XMLTransformer by @andrecsilva in #733
- Enable customizable call modifier logic by @drdavella in #736
Full Changelog: 1.2.0...1.3.0
1.2.0
What's Changed
- Update dependency setuptools to v71 by @renovate in #718
- Update dependency semgrep to >=1.80,<1.81 by @renovate in #720
- Update pre-commit hooks by @github-actions in #721
- Update openai requirement from <1.36,>=1.35 to >=1.35,<1.37 by @dependabot in #727
- Update pre-commit hooks by @github-actions in #725
- Regex Transformer by @clavedeluna in #729
Full Changelog: 1.1.2...1.2.0
1.1.2
What's Changed
- tmpdir should always be type Path by @clavedeluna in #716
- allow testing api to check for min changes by @clavedeluna in #717
Full Changelog: 1.1.1...1.1.2
1.1.1
What's Changed
- do not raise ValueError if no resource by @clavedeluna in #715
- Update pre-commit hooks by @github-actions in #714
Full Changelog: 1.1.0...1.1.1
1.1.0
What's Changed
- semgrep django set secure cookie codemod by @clavedeluna in #709
- Semgrep harden pyyaml by @clavedeluna in #710
- New RSA key size transformer and semgrep codemod by @clavedeluna in #711
- Handle detection of SARIFs that have UTF-8 BOMs by @drdavella in #713
Full Changelog: 1.0.0...1.1.0
1.0.0
What's Changed
This release introduces two backwards-incompatible changes:
- Core "pixee" codemods can no longer be requested by name alone
- Some Sonar codemods no longer encode the Sonar rule ID in the codemod name
The codemod API has been mature for quite some time and It seemed as good a time as any to officially bump to v1.0.0 🎉
New
- first semgrep sarif codemod for jinja autoescape by @clavedeluna in #687
- Deprecate requesting codemods by name by @clavedeluna in #699
- Semgrep jwt decode verify by @clavedeluna in #696
- Semgrep defused xml codemod by @clavedeluna in #705
- remove -ID from sonar codemod n by @clavedeluna in #704
- Semgrep subprocess shell False codemod by @clavedeluna in #706
Full Changelog: 0.106.4...1.0.0
0.106.4
What's Changed
- Update diff line number change calculation by @clavedeluna in #670
Full Changelog: 0.106.3...0.106.4