Skip to content

[SCB-Bot] Upgraded semgrep from 0.73.0 to 0.74.0 #828

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 22, 2021
Merged

[SCB-Bot] Upgraded semgrep from 0.73.0 to 0.74.0 #828

merged 1 commit into from
Nov 22, 2021

Conversation

secureCodeBoxBot
Copy link
Contributor

This is an automated Pull Request by the SCB-Bot. It upgrades semgrep from 0.73.0 to 0.74.0

@secureCodeBoxBot
Upgrading semgrep from 0.73.0 to 0.74.0
c433149 
Signed-off-by: secureCodeBoxBot <securecodebox@iteratec.com>
## Release changes :
### Added
 - Support for method chaining patterns in Python, Golang, Ruby,
 and C# (#4300), so all GA languages now have method chaining
 - Scala: translate infix operators to generic AST as method calls, 
 so `$X.map($F)` matches `xs map f`
 - PHP: support method patterns (#4262)
 
 ### Changed
 - Add `profiling_times` object in `--time --json` output for more fine
 grained visibility into slow parts of semgrep
 - Constant propagation: Any kind of Python string (raw, byte, or unicode) is 
 now evaluated to a string literal and can be matched by `"..."` (#3881)
 
 ### Fixed
 - Ruby: blocks are now represented with an extra function call in Generic so that
 both `f(...)` and `f($X)` correctly match `f(x)` in `f(x) { |n| puts n }` (#3880)
 - Apply generic filters excluding large files and binary files to
 'generic' and 'regex' targets as it was already done for the other
 languages.
 - Fix some Stack_overflow when using -filter_irrelevant_rules (#4305)
 - Dataflow: When a `switch` had no other statement following it, and the last
 statement of the `switch`'s `default` case was a statement, such as `throw`,
 that can exit the execution of the current function, this caused `break`
 statements within the `switch` to not be resolved during the construction of
 the CFG. This could led to e.g. constant propagation incorrectly flagging
 variables as constants. (#4265)
@secureCodeBoxBot secureCodeBoxBot added dependencies Pull requests that update a dependency file scanner Implement or update a security scanner labels Nov 20, 2021
@malexmave malexmave merged commit 41fd813 into main Nov 22, 2021
@malexmave malexmave deleted the dependencies/upgrading-semgrep-to-0.74.0 branch November 22, 2021 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@malexmave malexmave malexmave approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file scanner Implement or update a security scanner
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@secureCodeBoxBot @malexmave