chore(deps): update dependency semgrep to v1.118.0 #5126
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
requested review from
nvuillam,
echoix,
bdovaz and
Kurt-von-Laven
as code owners
🦙 MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ API | spectral | 1 | 0 | 0 | 1.76s | |
| bash-exec | 6 | 1 | 0 | 0.01s | ||
| ✅ BASH | shellcheck | 6 | 0 | 0 | 0.13s | |
| ✅ BASH | shfmt | 6 | 0 | 0 | 0 | 0.56s |
| ✅ COPYPASTE | jscpd | yes | no | no | 3.23s | |
| ✅ DOCKERFILE | hadolint | 129 | 0 | 0 | 29.28s | |
| ✅ JSON | jsonlint | 20 | 0 | 0 | 0.2s | |
| ✅ JSON | v8r | 22 | 0 | 0 | 15.68s | |
| markdownlint | 267 | 0 | 302 | 0 | 21.67s | |
| ✅ MARKDOWN | markdown-table-formatter | 267 | 0 | 0 | 0 | 171.31s |
| bandit | 215 | 66 | 0 | 3.04s | ||
| ✅ PYTHON | black | 215 | 0 | 0 | 0 | 5.11s |
| ✅ PYTHON | flake8 | 215 | 0 | 0 | 2.03s | |
| ✅ PYTHON | isort | 215 | 0 | 0 | 0 | 1.38s |
| ✅ PYTHON | mypy | 215 | 0 | 0 | 12.77s | |
| ✅ PYTHON | pylint | 215 | 0 | 0 | 22.74s | |
| ✅ PYTHON | ruff | 215 | 0 | 0 | 0 | 0.7s |
| ✅ REPOSITORY | checkov | yes | no | no | 35.67s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.8s | |
| grype | yes | 27 | no | 29.53s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 9.51s | |
| ✅ REPOSITORY | syft | yes | no | no | 1.79s | |
| ✅ REPOSITORY | trivy | yes | no | no | 11.22s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.62s | |
| trufflehog | yes | 1 | no | 58.26s | ||
| ✅ SPELL | cspell | 718 | 0 | 0 | 13.15s | |
| lychee | 349 | 30 | 0 | 39.42s | ||
| ✅ XML | xmllint | 3 | 0 | 0 | 0 | 1.16s |
| ✅ YAML | prettier | 160 | 0 | 0 | 0 | 3.54s |
| ✅ YAML | v8r | 103 | 0 | 0 | 22.87s | |
| ✅ YAML | yamllint | 161 | 0 | 0 | 2.85s |
See detailed report in MegaLinter reports
renovate
bot
force-pushed
the
renovate/semgrep-1.x
branch
from
e67dde2 to
1a8292a
Compare
renovate
bot
force-pushed
the
renovate/semgrep-1.x
branch
from
1a8292a to
ee49fee
Compare
renovate
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.116.0->1.118.0Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
returntocorp/semgrep (semgrep)
v1.118.0Compare Source
Fixed
Pro: Failure to parse a
package.jsonfile when analysing JavaScript orTypeScript is no longer a fatal error. (code-8227)
taint-mode: Fixed bug in taint "auto-cleaning" where we automatically clean the
LHS of an assigmnet if the RHS is clean, provided that the LHS is not subject to
any "side-effects". In some cases, this could cause the taint analysis to timeout.
Some combinations of rules and repos will see a major perf improvement, in other
cases it may not be noticeable. (code-8288)
In a Semgrep rule's
metadatasection, two fields may provide URLs:source: populated dynamically by the Semgrep registry serving the rule, it's a URL thatoffers information about the rule.
source-rule-url: optional string, a URL for the source of inspiration for the rule.The SARIF format supports only one URL under the field
helpUri.Previously, Semgrep populated the SARIF
helpUrifield only withmetadata.source.This fix is to use
metadata.sourceif available, otherwise falling back tometadata.source-rule-url.Contributed by @candrews. (gh-10891)
v1.117.0Compare Source
Added
that start with
./. For example, the pattern./*.pyshould be written as/*.pyto have the desired effect of excluding the.pyfileslocated in the same directory as the
.semgrepignorefile containingthe pattern.
To minimize surprises for users switching to Semgrepignore v2,
we'll be interpreting automatically
./*.pyas/*.pyfor the timebeing so as to match the legacy Semgrepignore v1 behavior. Users should not
rely on this since it doesn't comply with the Gitignore/Semgrepignore
standard and will be removed in the future. (tolerate-semgrepignore-v1-dotslash)
Semgrepignore v2 by default. This brings the behavior of the Semgrepignore file
exclusions closer to Git and
.gitignorefiles. There can nowbe multiple
.semgrepignorefiles in the project. The.semgrepignorefilein the current folder is no longer consulted unless it in the project.
Negated patterns are now supported such as
!scanme.pyas with Gitignore.Some bugs were fixed. (use-semgrepignore-v2)
Changed
Fixed
*and?to match file names with a leading period. This matches the behavior of Gitignore and Semgrepignore v1. (semgrepignore-dotfiles)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.