Release Release v0.72.0 · semgrep/semgrep

Java: Add partial support for synchronized blocks in the dataflow IL (#4150)
Dataflow: Add partial support for await, yield, &, and other expressions
Field-definition-as-assignemnt equivalence that allows matching expression
patterns against field definitions. It is disabled by default but can be
enabled via rule options: with flddef_assign: true (#4187)
Arrows (a.k.a short lambdas) patterns used to match also regular function
definitions. This can now be disabled via rule options: with
arrow_is_function: false (#4187)
Javascript variable patterns using the 'var' keyword used to also
match variable declarations using 'let' or 'const'. This can now be
disabled via rule options: with let_is_var: false

Constant propagation: In a method call x.f(y), if x is a constant then
it will be recognized as such
Go: match correctly braces in composite literals for autofix (#4210)
Go: match correctly parens in cast for autofix (#3387)
Go: support ellipsis in return type parameters (#2746)
Scala: parse case object within blocks
Scala: parse typed patterns with variables that begin with an underscore:
case _x : Int => ...
Scala: parse unicode identifiers
semgrep-core accepts sh as an alias for bash
pattern-regex: Hexadecimal notation of Unicode code points is now
supported and assumes UTF-8 (#4240)
pattern-regex: Update documentation, specifying we use PCRE (#3974)
Scala: parse nullary constructors with no arguments in more positions
Scala: parse infix type operators with tuple arguments
Scala: parse nested comments
Scala: parse case class within blocks
metavariable-comparison: if a metavariable binds to a code variable that
is known to be constant, then we use that constant value in the comparison (#3727)
Expand ~ when resolving config paths

C# support is now GA
cli: Only suggest increasing stack size when semgrep-core segfaults
Semgrep now scans executable scripts whose shebang interpreter matches the
rule's language
CLI output no longer displays severity levels

Provide feedback